4 Things You Need to Know About Serverless Adoption

originally posted on stackery.io/blog

Making the move to serverless architecture? By accelerating app development time, serverless isn’t just a boon for business, it’s also a win for engineering teams.

Gartner explains: “Serverless architectures enable developers to focus on what they should be doing — writing code and optimizing application design — making way for business agility and digital experimentation.”

Making smart use of software delivery resources with serverless

With serverless driving efficiency and productivity, it’s no surprise adoption is taking off. In fact, according to the 2020 Coding Sans’ State of Serverless report, 75% of respondents use serverless today. And, nearly 50% of those who haven’t yet gone serverless are planning to do so in the next 12 months.

Source: State of Serverless report, Coding Sans, 2020 ALT TAG: 75% of orgs use serverless
Source: State of Serverless report, Coding Sans, 2020 ALT TAG: 75% of orgs use serverless

4 best practices to make the transition to serverless stress-free

As you lay out your serverless adoption roadmap, here are four best practices to help you tackle these steps — making your transition as productive and stress-free as possible:

  1. Embrace autonomy for your coders, but don’t isolate them.
  2. Embrace single-purpose functions, but avoid generic privileges.
  3. Embrace speedy development, but avoid hasty rollouts.
  4. Embrace third-party providers, but avoid unnecessary expenses.

Let’s explore these best practices in detail.

Best practice #1: Embrace autonomy for your coders, but don’t isolate them

How to adapt coder roles and responsibilities to optimize serverless production

  • Define all microservices and map the flow of data between them, so you can create specs to keep critical data safe if one of the services goes down.
  • Bring Ops in during planning and/or refactoring phases to jointly devise identity and access management (IAM) permissions and policies.
  • Promote hand-in-glove collaboration between front-end and back-end developers.
  • Reconvene the development team before launch and assign specific task forces during deployment. For example, you might delegate based on areas of expertise, such as function-as-a-service (FaaS), services, events, and infrastructure-as-code.

Best practice #2: Embrace single-purpose functions, but avoid generic privileges

Functions play a central role in serverless app design

Single-purpose functions are also smart from a security perspective. Keeping your code as compact as possible reduces its cyberattack surface. Here are some other recommendations to bolster serverless security:

  • Establish IAM for each function, restricting privileges to the minimal amount of access required.
  • Perform continuous scans on functions to check for vulnerabilities.
  • Schedule systematic reviews of functions — and revise as needed.

Best practice #3: Embrace speedy development, but avoid hasty rollouts

But, although the benefits are clear, exercising quality controls in a serverless architecture can be a bit tricky. It calls for a new approach.

Like containers, serverless architecture is spun upon immutable infrastructure, making it virtually impossible to stage or test before production. That means you have no choice but to test in production.

Testing in production

  • Build observability into your code, which helps you answer the question, “Is this app behaving as expected?” By incorporating rich instrumentation into your shipped code, you can collect real-time data from the app and pinpoint the root of issues.
  • Stage rollouts of new features to keep tabs as you scale deployment. For example, consider deploying to 10% of your user base, then gradually increasing while monitoring for errors along the way.
  • Scan for vulnerabilities daily. With thousands of vulnerabilities being discovered every year, it’s important to run continuous checks as part of the CI/CD pipeline.
  • Use metrics that map to the business. Rather than zeroing in on app performance, set KPIs based on the business goals that led you to develop the app in the first place.

Best practice #4: Embrace third-party providers, but avoid unnecessary expenses

The bottom line: Spend time researching your options and go with the provider that best supports your business goals.

Here are some questions to ask when evaluating serverless (i.e., cloud computing) providers:

  • Plan for today and tomorrow: Are they financially stable? Do they have proven success stories with deployments like the one you’re planning? What’s their roadmap for new features, integrations, and services? Do their values and vision align with yours?
  • Play it safe: Do they tell you where their data centers reside? Do they give you choice and control in terms of where your data is stored, processed, and managed? Are you clear how/when they use encryption for both data in transit and at rest? What happens if there’s a data loss or breach? How quickly will you be notified? Do their policies align with regulatory requirements?
  • Plot out the day-to-day: Do they have the range of managed services offerings you need? Can they back it up with technical know-how? Do their architectures and standards match your management preferences? What type of migration capabilities do they provide? How well do they complement your team’s skills? How will you manage environments (e.g., AWS accounts, Azure/GCP resource groups) and access controls for developers and operators (e.g., AWS SSO)?

Finally, routinely monitor third-party services and situations that may lead to vendor lock-in. Keeping an eye on this can help you avoid production hiccups while also curtailing unnecessary costs.

Adopt serverless best practices to help developers do their best work

Have questions about how you can empower your team to do their best work? Talk to us about implementing these practices. We’re always here to help with your serverless adoption plans.

Design, develop, and deliver secure modern applications. (https://www.stackery.io)