MARCH 2022 • VOL. 2, ISSUE 57 • $9.95 • www.sdtimes.com
IFC_SDT054.qxp_Layout 1 11/17/21 11:09 AM Page 2
®
Instantly Search Terabytes
www.sdtimes.com EDITORIAL EDITOR-IN-CHIEF David Rubinstein drubinstein@d2emerge.com NEWS EDITOR Jenna Sargent jsargent@d2emerge.com MULTIMEDIA EDITOR
dtSearch’s document filters support: popular file types emails with multilevel attachments
Jakub Lewkowicz jlewkowicz@d2emerge.com SOCIAL MEDIA AND ONLINE EDITOR Katie Dee kdee@d2emerge.com
a wide variety of databases
ART DIRECTOR
web data
Mara Leonardi mleonardi@d2emerge.com CONTRIBUTING WRITERS
2YHU VHDUFK RSWLRQV LQFOXGLQJ efficient multithreaded search
Jacqueline Emigh, Elliot Luber, Caryn Eve Murray, George Tillmann CONTRIBUTING ANALYSTS Enderle Group, Gartner, IDC, Intellyx
HDV\ PXOWLFRORU KLW KLJKOLJKWLQJ forensics options like credit card search
CUSTOMER SERVICE SUBSCRIPTIONS subscriptions@d2emerge.com ADVERTISING TRAFFIC Mara Leonardi mleonardi@d2emerge.com
Developers: 6'.V IRU :LQGRZV /LQX[ PDF26
LIST SERVICES Jessica Carroll jcarroll@d2emerge.com
&URVV SODWIRUP $3,V FRYHU & -DYD and recent NET (through NET 6)
.
.
)$4V RQ IDFHWHG VHDUFK JUDQXODU GDWD FODVVLILFDWLRQ $]XUH $:6 DQG PRUH
REPRINTS reprints@d2emerge.com ACCOUNTING accounting@d2emerge.com
ADVERTISING SALES
Visit dtSearch.com for KXQGUHGV RI UHYLHZV DQG FDVH VWXGLHV IXOO\ IXQFWLRQDO HQWHUSULVH DQG developer evaluations
PUBLISHER David Lyman 978-465-2351 dlyman@d2emerge.com MARKETING AND DIGITAL MEDIA SPECIALIST Andrew Rockefeller arockefeller@d2emerge.com
The Smart Choice for Text Retrieval® since 1991
dtSearch.com 1-800-IT-FINDS
PRESIDENT & CEO David Lyman
D2 EMERGE LLC www.d2emerge.com
CHIEF OPERATING OFFICER David Rubinstein
003_SDT057.qxp_Layout 1 3/1/22 3:41 PM Page 3
Contents
VOLUME 2, ISSUE 57 • MARCH 2022
FEATURES
NEWS 4
News Watch
Projects, politics, and champions
13
Kotlin continues its rise
15
Codefresh software delivery platform now available
A project champion is focused on the project, while a mentor is focused on the project manager
15
Weaveworks acquires Magalix to secure Kubernetes
19
New study shows 20x increase in security scan cadence
COLUMNS page 6
29 GUEST VIEW by Li Kang Metric stores as data servicing layer
The power of AI in data integration 30 ANALYST VIEW by George Spafford Take an Agile approach to infrastructure
BUYERS GUIDE The benefits of low-code/no-code tools for professional developers
page 10
The technologies that will power the metaverse (one day)
page 21 page 16 Software Development Times (ISSN 1528-1965) is published 12 times per year by D2 Emerge LLC, 2 Roberts Lane, Newburyport, MA 01950. Periodicals postage paid at Plainview, NY, and additional offices. SD Times is a registered trademark of D2 Emerge LLC. All contents © 2022 D2 Emerge LLC. All rights reserved. The price of a one-year subscription is US$179 for subscribers in the U.S., $189 in Canada, $229 elsewhere. POSTMASTER: Send address changes to SD Times, 2 Roberts Lane, Newburyport, MA 01950. SD Times subscriber services may be reached at subscriptions@d2emerge.com.
004,5_SDT057.qxp_Layout 1 3/1/22 2:01 PM Page 4
4
SD Times
March 2022
www.sdtimes.com
NEWS WATCH Microsoft releases .NET 7 Preview 1 Microsoft has announced the next major milestone for the .NET platform with the release of the first preview of .NET 7. The language recently celebrated its 20th anniversary and according to Microsoft, this release “marks the first step forward towards the next 20 years of .NET.” This release will build off foundations laid in .NET 6, such as a unified set of base libraries, runtime, and SDK; a simplified development experience, and improved productivity for developers.
According to Microsoft, the major areas of focus for .NET 7 include: 1. Improved support for cloud native development 2. Tools that will enable developers to more easily upgrade their legacy projects 3. A simplified experience for working with containers Features included in .NET 7 Preview 1 include annotations to APIs to support nullability, JIT compiler optimizations, new APIs, and support for hot reload scenarios. .NET MAUI will also be a part of .NET 7. The company released .NET MAUI preview 13 earlier this week and is currently in the process of sup-
People on the move
n Tim Berglund has been announced as the VP of developer relations at StarTree. He will start in his new role in April and will work to deepen the company’s ties with the Apache Pinot community. He is known in the industry as a leading advocate for Apache Kafka, and started off as developer relations advisor when he first joined StarTree in September 2021. Previously he held roles at Confluent and DataStax. n CData Software has announced two new executive appointments: Manish Patel as chief product officer and Steven Close as chief information security officer. Patel has over 15 years of product management experience and previously served as CEO of Tier1 Financial Solutions and led product management at Valassis Digital and Ipreo. Close previously was a security executive at SolarWinds, and has worked on joint efforts with the FBI, Australia Cyber Crime, and Missing Kids. n Martha Jenson has joined Sauce Labs as its new chief people officer. In this role she will focus on scaling the company’s operations and culture. She previously established HR operations and people strategy at Ivalua, and has held roles at Facebook, Symantec, HP, VMware, and IBM, as well as having served as an Intelligence Analyst in the U.S. Air Force. n Pepperdata has announced that Maneesh Dhir is its new chief executive officer, replacing Ash Munshi, who will stay on as executive chairman of the board of directors. Dhir spent five years as managing director of Apple’s India business, where he helped grow the company revenue to over $1 billion in India, which was a 15x increase during his time there. He’s also served as chief product strategy officer at FICO and executive vice president at AOL International.
porting .NET MAUI in .NET 6. It expects to have a release candidate (RC) for that soon and will continue to ship RCs until it is ready for general availability. Once it is available in .NET 6, it will be included in .NET 7.
WSO2 releases Swan Lake update to Ballerina language The API management company WSO2 announced that its opensource programming language Ballerina’s Swan Lake release is now generally available. Ballerina is designed specifically for developers interacting with the cloud. It aims to simplify the process of being able to use, combine, and create network services. According to WSO2, it provides “bidirectional mapping of sequence diagrams and code.” This allows developers to switch between working with traditional code and low-code as needed. It also abstracts away a lot of complexity in developing cloud-native applications by providing a way to represent network interactions and streamlining functions related to data usage, configurations, and cloud deployments.
Jetpack Compose 1.1 UI toolkit adds touch target sizing The Android development team has announced the release of UI toolkit Jetpack Compose version 1.1. This release comes with several new features, such as improved focus handling, ImageVector caching, touch target sizing, and support for Android 12 stretch overscroll. Additionally, Compose 1.1 graduates several experimental APIs to stable as well as supports newer versions of Kotlin.
An image vector caching mechanism has been added to painterResource API in order to cache all instances of ImageVectors that are parsed with a certain resource id and theme. The cache will then be invalidated on configuration changes. With touch target sizing, Material components will expand their layout space in order to meet Material accessibility guidelines. This works to align Compose Material to the same behavior of Material Design Components and brings consistency to behavior when mixing Views and Compose. This feature also works to ensure that minimum requirements for touch target accessibility will be met when creating a UI using Compose Material components.
Kong Enterprise 2.7 released with 25% improved performance API company Kong announced the general availability of Kong Enterprise 2.7, which delivers 25% faster performance compared to previous versions, improved security, and streamlined workflows. Kong Enterprise is a service connectivity platform that enables organizations to secure, connect and orchestrate their APIs and services across cloud native, hybrid and on-premise environments. The new version achieved 52,250 transactions per second (TPS) maximum throughput with a 100% success rate (up from 40,625 TPS in 2021), performing 2,886% faster than Apigee X, which achieved 1,750 TPS maximum throughput with 100% success, according to Kong. Additional features include
004,5_SDT057.qxp_Layout 1 3/1/22 2:01 PM Page 5
www.sdtimes.com
Google Identity Services update makes it easier to implement authentication Last year, Google announced Google Identity Services (GIS), which is a set of APIs that consolidated several identity offerings from the company. Included in the GIS development kit are the Sign in with Google button and the authentication prompt One Tap. Now, Google is adding an authorization feature to GIS to bolster the offerings of the SDK and make it easy for developers to implement secure authentication into their apps. The new authentication library acts as a “one-stop-shop’ for authentication and authorization, according to the company. Authentication allows for new user sign ups and returning user sign ins, and authorization provides developers with access tokens to call Google APIs with a user’s consent. The SDK provides clear separation between these two functions in order to provide developers with greater control. Developers can make calls as two separate flows based on app needs.
the ability to bulk-apply policies to APIs and developers automatically, an OpenID Connect Configuration wizard for faster authentication setup, and support for new real-time and event-based use cases with Kafka and webhooks.
OpenSSF announces new project for improving supply chain security OpenSSF announced the Alpha-Omega Project to improve the security posture of open-source software by working together with software security experts. Microsoft and Google are supporting the project, which aims to improve global OSS supply chain security by working with project maintainers to systematically look for new, as-yet-undiscovered vulnerabilities in open source code with a $5 million investment.
The project is being split into two sides, Alpha and Omega. Alpha will work with the most critical open source projects to improve their security posture. The projects will include standalone projects and core ecosystem services that will be selected based on the work by the OpenSSF Securing Critical Projects working group. Omega will identify at least 10,000 widely deployed OSS projects where it can apply automated security analysis, scoring, and remediation guidance to their open source maintainer communities.
Android Studio update introduces new Device Manager The Android development team has announced that the latest version of its IDE, Android Studio, is now available. Android Studio Bumblebee 2021.1.1, which is the code-
name for the release, improves functionality for building and deploying, profiling and inspection, and design. One new feature for building and deploying is the new Device Manager, which makes it easier to manage virtual and test devices. This new tool has both Virtual and Physical features. Virtual features include creating a new device, reviewing device details, and deleting a device. Physical features include pairing to a new device using ADB Wi-Fi to see details and inspecting a device’s file system using Device File Explore. In addition, the Android Gradle Plugin Upgrade Assistant, which helps developers keep their projects current with the latest version, now checks for and offers to update domainspecific languages (DSLs) to avoid developers using deprecated APIs in their apps. Other new features related to the build and deploy theme include a simplified flow for connecting devices over Wi-Fi for deployment using ADB, the ability to run instrumented tests using Gradle, nontransitive R classes are now turned on by default, the Emulator tool window is enabled by default, and updated support for Apple Silicon.
ShiftLeft CORE gets new vulnerability identification features Security company ShiftLeft today announced the new release of its ShiftLeft CORE platform with the Velocity Update that has new features for identifying and addressing potential vulnerabilities earlier in the software development life cycle. New features and capabili-
March 2022
SD Times
ties include the ability to perform code analysis for Kotlin apps for mobile development, which is an early-stage beta release, and Intelligent SCA for Python and Golang, which is also a beta release, that allows developers to identify attackable open-source vulnerabilities in their code. The release also includes workflow enhancements like improved build rules that allow for automatic detection and interception of attacker reachable open-source vulnerabilities, interactive remediation that enables developers to specify custom validation for the tool to recognize in scan results, enhanced vulnerability descriptions, branch selection, and richer data flow visualizations.
Microsoft gives sneak peek at C# 11 features In Microsoft’s Visual Studio 17.1, users will get a sneak peek at features coming to C# 11. These features will also be available in .NET SDK 6.0.200. A feature available in early preview is parameter null checking, which verifies at runtime if a null has been passed to code. This is separate from Nullable Reference Types (NRT), which identifies at design time if a null is possible. Another new addition to the language is the ability to allow newlines in holes in non-verbatim interpolated strings. Holes, or interpolation expressions, are contained inside curly braces and supply runtime values. Previously newlines were allowed in verbatim interpolated strings, but in non-verbatim strings escapes, like \r or \n, were required instead. z
5
006-8_SDT057.qxp_Layout 1 3/1/22 4:42 PM Page 6
6
SD Times
March 2022
www.sdtimes.com
BY GEORGE TILLMANN
A project champion is focused on the project, while a mentor is focused on the project manager
L
ike all U.S. presidents, Andrew Jackson had an official cabinet, confirmed by the Senate, in charge of the various government departments. However, Jackson tended to ignore the official cabinet members in favor of an informal group of advisors dubbed the “kitchen cabinet.” Since then, many U.S. presidents have relied more on an informal and unconfirmed
list of advisors for counsel and help in making decisions, than on the official cabinet secretaries. Titles can be misleading. Lobbyists soon learn that cozying up to the unofficial in-crowd is often more fruitful than courting official dignitaries. Corporations can be similarly led. Sometimes the power rests within the chain of command. In other organiza-
George Tillmann is a retired programmer, analyst, systems and programming manager, and CIO. This article is adapted from his book, Project Management Scholia: Recognizing and Avoiding Project Management’s Biggest Mistakes (Stockbridge Press, 2019). He can be reached at georgetillmann@gmx.com.
tions, the CEO might rely on an unofficial team of employees of various titles and positions, perhaps not even in the chain of command. It is these insiders who make or influence corporate decisions. What does this have to do with IT and project management? Well, put your project planning books aside. The critical decisions about your project might have been made months ago, before you were even assigned to the project, and kept private by a group of people you don’t know, sitting around a table in some unnamed conference
006-8_SDT057.qxp_Layout 1 3/1/22 4:42 PM Page 7
www.sdtimes.com
room you never heard of, who know little to nothing about IT. If you are a project manager, even the best project manager in the world, it is unlikely you will be sitting with that group anytime soon. Even the CIO might be a stranger to that assemblage. If your project is building an application to manage IT’s bowling scores, then you can skip this article. Even the project manager of a more corporate relevant though small and not revenue significant project might be able to breeze though the following pages. However, if your project is mission crit-
ical, meaning that it plays a major role in the success of your organization, then read on, because, know it or not, your project needs senior representation. Projects are like wolves, they are useful, but they also have people gunning for them. For whatever reasons, someone, somewhere, will be out to get your project. He might think it’s a waste of money; poorly led, planned, or executed; not needed by the business; or better alternatives are available. Whatever the rationale, he will do all he can to bring your project to a halt. Project naysayers are not evil people, just convinced that a mistake is being made and that they have a responsibility to point it out if not correct it. If the naysayer is a junior member of the organization, then there is probably no problem; however, if the project critic is a senior executive, then beware. Somewhere, around some bend or detour you have to take, the critic waits ready to spring on any perceived misstep or error. When will the ambush occur? Well, there are a few fairly predictable points. First sign of weakness. Drop the ball, or even bobble it, and you are in trouble. A slipped schedule, budget issues, a vendor not able to deliver what or when resources were promised, or staffing problems are all reasons the viability of the project could be questioned. Wrong place, wrong time. When a project kicks off, there is considerable enthusiasm and energy aimed at the undertaking. The project team is charged, users are thinking of how things will be when the systems is in, and managers everywhere are looking to bask in the credit they will take, deserved or not. But enthusiasm will wane. It doesn’t matter that the plan says that the project will not show tangible user results for 8 months, or that the users were told, time and again, that there is a deliverable desert between months one and seven. Sometime, after 3 or 4 months, with nothing end-user oriented to show for all the work besides bills, even the most ardent supporters experience the mid-project
March 2022
SD Times
blues and start to second-guess their decision. Now add in the naysayers whispering “I told you so” in their ears, and even the strongest supporters start “re-thinking the project.” There are two ways to avoid the midproject blues. First, keep the drought short. Try to have some user-focused deliverables that will keep the users happy as soon and as often as possible. Never go more than 6 months before some functionality is installed, and never more than 3 months without some kind of demo. Second, get a project champion. A project champion is a senior executive, usually from the business side of the organization, who has the respect of peers and the ears of the very top echelons. More specifically, the project champion either sits around that decision-making conference room table or routinely works with those who do. He or she knows what that body is thinking or can influence what they do. Moreover, this senior executive, who truly believes in the system and the benefits it will deliver to the company, is willing to forcefully campaign for the project. A good project champion will keep the true believers believing and the naysayers quiet, giving the project team the time it needs/deserves to build the application and deliver the goods. Project champions are worth their weight in gold. A good project champion can support a project in at least four ways. Represent the project at the highest corporate levels. As a member of the inner circle, the champion can either advocate for the project (budget, schedules, resources, etc.) at executive decision-making meetings or sometimes make the decisions unilaterally. Can commit corporate resources. The champion can directly make or, as an executive conduit, influence organizational binding resource decisions. Keep the firm focused on the endgame. If the champion is sufficiently senior in the organization, then he or she can cut through corporate red tape, thwart naysayer interference, and clear organizational obstacles. continued on page 8 >
7
006-8_SDT057.qxp_Layout 1 2/28/22 3:00 PM Page 8
8
SD Times
March 2022
www.sdtimes.com
Mentors and champions play different roles Mentor. A mentor is a senior and respected expert in one or more areas of the organization. He or she is knowledgeable, not just in the official procedures and processes of the organization, but also in the culture and unofficial — unwritten — rules of corporate engagement. There should be no line responsibility between mentor and mentee. Rather the relationship is informal and advisory. The objective is not to have a buddy, but rather someone who can advise the mentee on when he or she is doing something right or when they are on the wrong track. Mentors are not a cheerleading squad — call mom if constant encouragement is needed — they are there to listen to mentee questions and provide factual and practical advice. They are not there to intervene with the mentee’s managers to “fix things.” A good mentor will resist talking to the mentee’s boss, if at all possible, to avoid interfering in the employee-manager relationship or second guessing management decisions. Everyone in an organization should have a mentor. Some organization’s assign an offi-
< continued from page 7
Clear the decks for the project. The champion is not a member of the project team but rather an important resource to allow the team to do its job. Like a snowplow on a train, the champion clears the way for those who follow behind. Both Six Sigma (a set of process improvement techniques and rules) and the Project Management Institute (PMI) recognize the role and recommend that projects have a project champion. However, even the best project champions need the help of a project manager. A smart project manager will become quite familiar with the project champion and solicit his or her advice in dealing with, and presenting to, senior management. The champion can then float ideas with senior executives, identifying and clearing potential objections and obstacles, before the project team recommends them.
Do not confuse a project champion with a mentor Every project manager should have one or more mentors (official or unofficial)
cial mentor; others allow employees to pick their own. Even if there are official mentors, everyone should also have one or more unofficial mentors. Champion. The project champion is a senior member of the organization who takes a personal interest in the project. He or she regularly attends or is at least a guest at the highest level corporate governance meetings. The champion works closely with the senior executives in the organization (and is often their peer) and can represent and advocate for the project with senior executives. The champion often has the power to influence, if not modify, budgets and project plans, and commit organizational resources. The champion can speak for the organization at project meetings and reviews. The champion is an excellent audience for the project manager to practice meetings and presentations with senior users and project oversight groups. The champion can recommend strategies and tactics to improve communication and the likelihood of favorable outcomes. z
who can help them navigate corporate waters. Mentors provide staff with advice and insight regarding their corporate careers, focusing on individual performance and success. Mentors can help an employee with development and training choices, positioning for promotions, interacting with other staff, and more. A mentor’s focus is on the project manager’s career. The project champion’s focus is the project, not the project manager.
Finding a project champion Finding a project champion can be a challenging task. Luckily, a champion might have existed before the project even kicked off, and have played an instrumental role in its creation. However, some champions decide to take a back seat once the project is underway. This is unfortunate since the champion is often needed more after project kickoff than before. Job one for the project manager is keeping the project champion engaged during the entire project. Explain to a reticent champion the tasks and the challenges facing the project. This needs to be
one of the project managers best performances. If there was no pre-project champion, then the project manager’s options are limited. With the support of the IT organization, meet with likely candidates and convince them to take on the task. The project manager should learn all he or she can about those high level pre-project meetings. Who spoke up for the project and its budget? Who opposed it? Meet with the candidates and ask for their help. With some luck you might be pleasantly surprised.
Project champion: a resource, not a friend Every project manager needs to remember that the project champion represents the organization and the project and not the project manager. For example, a champion might decide that the current project manager is the wrong person to lead the project and needs to be replaced. Both the champion and the project manager need to jointly understand the champion’s goals and responsibilities and the potential consequences of both. z
Full Page Ads_SDT057.qxp_Layout 1 2/25/22 9:39 AM Page 9
Collaborative Modeling
Keeping People Connected ®
®
®
®
®
Application Lifecycle Management | Jazz | Jira | Confluence | Team Foundation Server | Wrike | ServiceNow ®
Autodesk | Bugzilla
sparxsystems.com
TM
®
®
®
| Salesforce | SharePoint | Polarion | Dropbox
TM
| *Other Enterprise Architect Models
Modeling and Design Tools for Changing Worlds
®
010-12_SDT057.qxp_Layout 1 2/28/22 2:58 PM Page 10
10
W
SD Times
March 2022
www.sdtimes.com
hile the amount of data in the world is infinite, our attention span is not. That’s why AI is becoming a valuable tool for data integration to create concise analysis from data and to make it more accessible to everyone throughout an organization. According to SnapLogic’s Ultimate Guide to Data Integration, AI and ML capabilities are increasingly being built into data integration platforms to significantly improve integrator productivity and time to value. Companies are also making sure that no data slips through the cracks. They realize that they have to be more sensitive and careful with user data in the wake of large data breaches and resulting regulations that followed. They can rely on AI and ML capabilities to identify what data should be masked or anonymized, and also discern what is useful and what isn’t. AI is able to do this automatically to help ensure compliance with HIPAA, GDPR, and other regulations. The process of adding AI to analyze and transform massive data sets into intelligent data insight is often referred to as data intelligence, according to an article by data analytics platform provider OmniSci.
Five components of intelligence There are five major components of data-driven intelligence, including descriptive data, prescriptive data, diagnostic data, decisive data, and predictive data. Applying AI to these areas helps with understanding data, developing alternative knowledge, resolving issues, and analyzing historical data to predict future trends. “AI is being used across multiple functions in data integration, but I would say it is being used most effectively in providing intelligence about data, automating the collection and curation of metadata, so that organizations can gain control over highly distributed, diverse, and dynamic modern data environments,” said Stewart Bond, the research director of IDC’s Data Integration and Intelligence service. Data intelligence is effective at gathering the data from various sources,
BY JAKUB LEWKOWICZ
which is often necessary within a company’s data integration initiatives, and then it creates a uniform identity model across the data sources. This intelligence can leverage business, technical, relational, and behavioral metadata to provide transparency of data profiles, classification, quality, location, lineage, and context. “To take an example from our world at LinearB: to effectively integrate data from disparate dev systems such as Git or Jira, one needs to be able to map the identities such as developer usernames between these systems. That’s a great
task for some ML models. As more systems are involved, the problem gets tougher but you have more data to assist your AI/ML to solve it,” said Yishai Beeri, the CTO at LinearB. Organizations that are looking to infuse AI into their data integration are primarily looking at three things: how to minimize human effort, reduce complexity, and cost optimization, according to Robert Thanaraj, senior principal analyst who is part of the data management team at Gartner. “Number one, I’m looking at improved productivity of users, the
010-12_SDT057.qxp_Layout 1 2/28/22 2:59 PM Page 11
www.sdtimes.com
March 2022
SD Times
than reactive fashion. The company would continually write 15 petabytes of data to over 250,000 devices in people’s homes every month and AI was used for both predicting when a device would go offline and to detect malicious devices. “Since a device could go offline at any time for any reason, our system had to detect which data was becoming endangered,” Willoughby explained. “If it was in trouble, that data would be queued up to be repaired and placed elsewhere. The idea was that if we could predict a device would go offline soon by observing patterns of other devices we’d stop sending data to it, so we could save on repair costs.” Also, since the company had no control over what people could do to their devices, they needed to have protections in place beyond encryption to see anomalies in a device’s behavior. “ML is perfect for this because it can average out the “normal” behavior and easily determine a bad actor,” Willoughby said. LinearB’s Beeri said another common example of AI weeding out bad data is in detecting and ignoring Git work done by scripts and bots.
AI can address many of the common data integration challenges
technical experts, citizen developers, or business users. Secondly, if complexities are solved, it opens up for business users to carry out integration tasks almost without any support from a central IT team, or your integration specialist, such as a data engineer,” Thanaraj said. “Lastly, ask yourself, can we get rid of any duplicated copies of data? Can we recommend an alternative source for good quality trusted data? Those are the kind of the typical benefits that enterprises are looking to prototype and then to experiment with integrating AI into data integration.”
AI is being used to improve data quality AI is now not only turning out to be pivotal in business use cases, but it can also quickly solve problems that have to do with data quality. Specifically, AI is making it possible to achieve improved consistency of data and allows for improved master data management, according to Chandra Ambadipudi, senior vice president at EXL, a provider of data services. Dan Willoughby, a principal engineer at Crowdstorage, described how his company used AI/ML to tackle data quality problems in a proactive rather
The introduction of AI and ML to data integration is still a relatively new phenomenon, but companies are realizing that handling data integration tasks manually is proving especially difficult. One of the challenges is the absence of intelligence about the data when handled manually. According to the Data Culture Survey that IDC ran in December 2020, 50% of the respondents said they felt there was too much data available and they couldn’t find the signal for the noise, and the other 50% said there wasn’t enough data to help them make data-driven decisions, which is the outcome of data integration and analytics. “If you don’t know where the best data is related to the problem you are trying to solve, what that data means, where it came from, how clean or dirty continued on page 12 >
11
010-12_SDT057.qxp_Layout 1 2/28/22 2:59 PM Page 12
12
SD Times
March 2022
www.sdtimes.com
< continued from page 11
it is — it can be difficult to integrate and use in analytical pipelines,” IDC’s Bond said. “Manual methods of harvesting and maintaining intelligence about data are no longer effective. Many still use spreadsheets and Wikis and other forms of documentation that cannot be kept up to date with the speed at which data is moved, consumed, and changed.” As for getting started with AI and ML in data integration, companies should see if the solutions fit the requirements of their work, Bond added. And many of these industries with the greatest need for data intelligence include cybersecurity, finance, health, insurance, and law enforcement. Companies should look at how data intelligence factors into the solution, whether it is part of the vendor’s platform, or whether the technology supports integration with data intelligence solutions. “As organizations try to understand how data integration and intelligence tasks are automated, they should understand what is truly AI-driven and what is rules-driven,” Bond said. “Rules require maintenance, AI requires training. If you have too many rules, maintenance is difficult.” Gartner’s Thanaraj recommends embarking on the data fabric design, which utilizes continuous analytics over existing, discoverable, and inferenced metadata assets. This model can support the design, deployment, and utilization of integrated and reusable data across all environments, including hybrid and multi-cloud platforms. This method leverages both human and machine capabilities and continuously identifies and connects data from disparate applications to discover unique, business-relevant relationships between the available data points. It uses Knowledge Graph technologies that are built on top of a solid data integration backbone. It also uses recommendation engines, orchestration of AI, and data capabilities, primarily driven with metadata. “Metadata will be a game-changer of the future, and AI will take advantage of the metadata,” Thanaraj said. z
How does the introduction of AI/ML affect the data engineering role AI and ML will vastly improve the speed at which data integration is handled, but the role of data engineering is constantly in demand and even more so to work with AI in an augmented way. AI can help in making recommendations about the best way to join multiple data sets together, the best sequence of operations on the data, or the best ways to parse data within fields and standardize output, according to IDC’s Bond. “If we consider data quality work, people will shift from writing rules for identifying and cleansing data to training machines on whether or not anomalies that are detected are really data quality issues, or if it represents valid data,” Bond said. “If we consider data classification efforts for governance and business context, again the person becomes the supervisor of the machine — training the machine about what are the correct associations or classifications, and what are not correct assumptions made by the machine.” The AI capabilities will help people working on data integration with the mundane tasks, which both frees them up to do more important work and helps them avoid burnout when dealing with data, a common problem today. “It takes easily between 18 to 24 months before data engineers are fully productive and then in another year or so, they are burnt out because of lack of automation,” Thanaraj said. “So one of the key things I recommend to data and analytics leaders is you should create a social structure where you’re celebrating automation.” Data engineers can’t do everything by themselves, and this has resulted in various roles that specialize in various aspects of handling data. In a blog post, IDC listed these roles as data integration specialists that blend data for analytics and reporting or data architects who bridge business and technology with contextual, logical and physical data models and dictionaries. On top of that, there are data stewards, DataOps managers, and business analysts, and data scientists. “Data engineers are our critical role for any enterprise to succeed today. And it is in the hands of data engineers, you’re going to build these automation capabilities at the end of the day,” Thanaraj said. “The AI bots or AI engines are going to do the core repetitive scanning for filing, classifying, and standardizing all these tasks with data.” On top of that, you need business experts and domain experts to be validating whether the data is being used the right way and to have the final say. As a result, AI and ML are then learning from these human decisions. “This is why humans become the number one custodians; the ones who monitor and avoid any deviation of models done by AI,” Thanaraj said. z
013_SDT057.qxp_Layout 1 2/28/22 2:58 PM Page 13
www.sdtimes.com
March 2022
SD Times
Kotlin continues its rise Kotlin is a modern programming language that can be used to write applications in the Java Virtual Machine (JVM), the web, and, perhaps most significantly, Android. Significant because in 2019, Google announced that Kotlin was the preferred language for writing Android apps. Currently, the majority of Android developers — 60% — are using Kotlin. Among developers overall, Kotlin stands at about 8% usage among developers, while Java has about 35%, according to 2021 data from Statista. Despite low usage in comparison to Java, developers tend to love Kotlin
BY JENNA SARGENT that all the core constructs are concise, so you don’t have to repeat stuff.” Cornwall explained that in comparison, in Java, a lot of boilerplate code is required to get things to work properly. Cornwall says that the Java compiler “isn’t particularly intelligent,” which means it doesn’t always know what to do based on the code you give it. For example, with null type assignment, in Java you might have a variable and assign null to it and then try to do something with that, while Kotlin is null safe so variables can’t hold null values.
“Big service enterprises have a lot of existing code in Java, and that puts additional pressure for us to show that Kotlin works perfectly with all that code.” —Roman Elizarov, Kotlin Team Lead at JetBrains
more than Java. In Stack Overflow’s 2021 Developer Survey, which sorts languages based on whether they are loved or dreaded, Kotlin is tops. About 62% of respondents love Kotlin, and 38% dread it, compared to 47% loving Java and 53% dreading it. “I don’t see Java as increasing its market share on Android, for sure. Java, I think will be around for a long time on back-end servers, but it’s not going to do much on Android. The future for Android is Kotlin, in terms of native languages,” said Andrew Cornwall, senior analyst at Forrester. According to Roman Elizarov, Kotlin Team Lead at JetBrains, the company that created Kotlin, one reason that developers may love Kotlin is that it prevents them from having to rewrite boilerplate code. “They hate having to repeat themselves over and over or having to, in detail, explain the same thing over and over the compiler,” said Elizarov. “And so what developers like about Kotlin is
“Kotlin picks up on that and says, No, you’re not allowed to do that,” said Cornwall. A ccording to Android’s website, null safety is one of the features of Kotlin that lends itself to safer code, and apps that are 20% less likely to crash. “So Kotlin, along with Swift, are two of the newer languages that are for mobile development that are the languages that have learned from what went on before… I think both Swift and Kotlin have benefited from the fact that they were able to look at some of the mistakes that were made and solve some of those for developers, so developers didn’t have to worry about them,” Cornwall continued. Elizarov explained that when Google announced Kotlin as its recommendation language for Android development, they saw really rapid growth for the language. This growth has sort of stabilized now, as there are only so many Android developers and most of them are already using Kotlin.
A number of focus items on the language’s roadmap may help the language expand its reach even further. One item on the team’s roadmap is making sure there’s strong interoperability between Kotlin and existing Java code, since there are so many existing applications written in Java, especially at larger, more established companies. “We have to pay even more attention to top notch interoperability with Java code. Because usually those big service enterprises have a lot of existing code in Java, and that puts additional pressure for us to show that Kotlin works perfectly with all that code so all those people can adopt Kotlin in the most trouble-free way,” said Elizarov. Another thing the team is working on is multiplatform support. It is on track to have a beta ready this spring. “So that’s actually going beyond JVM, beyond server-side, and our first target is mobile development so that developers can write both Android and iOS applications in Kotlin and share the business logic between both mobile applications,” Elizarov said. According to Cornwall, another thing that will solidify Kotlin as a big player is just time and continued evolution of the language. It’s still an evolving language, which can cause some trouble for developers. “People are thinking about what will improve the language, make it easier to learn, make it easier to use; there’s a lot of community involvement, and people are coming up with suggestions. But that creates issues. That means that as a developer, you’re writing for something that is moving — it’s not standing still.” For example, Cornwall referenced the release of Kotlin 1.4, which introduced several breaking changes, which led to some unhappy developers when they had to rewrite their code to address those issues. “I think having Kotlin become more stable and settled is going to help it and it will definitely make developers happier,” said Cornwall. z
13
Full Page Ads_SDT057.qxp_Layout 1 2/24/22 3:55 PM Page 14
A
Event
Sponsored by
015_SDT057.qxp_Layout 1 3/1/22 2:16 PM Page 15
www.sdtimes.com
March 2022
SD Times
DEVOPS WATCH
Codefresh software delivery platform now available BY JAKUB LEWKOWICZ
Codefresh launched the Codefresh Software Delivery Platform (CSDP), which brings the Argo toolset, including Workflows, Events, CD, and Rollouts, into a single platform. Argo is an opensource project that Codefresh maintains that offers tools for running workflows and managing clusters in Kubernetes. “Enterprise-class tooling for Argo — built on GitOps best practices — enables faster software delivery and smoother, scalable DevOps automation, and this is crucial to our customers’ business success as it gives them a clear competitive edge in the marketplace,” said Raziel Tabib, the CEO and co-founder of Codefresh. “CSDP allows our customers to innovate more quickly and deploy software more frequently, reliably and confidently.” CSDP offers detailed deployment insights and analytics across environments and deployments through a centralized UI.
Deep historical insights into executions of workflows along with detailed feedback around troublesome runs, can be seen in the Codefresh SDP.
Other benefits include built-in pipeline speed optimizations, traceable image deployments, flexible resource sharing, and centrally managed versioning.
CSDP also provides access to security governance that directs all communication from clusters through firewall connections. and with “no need for ad hoc security permissions.” z
Weaveworks acquires Magalix to secure Kubernetes BY JAKUB LEWKOWICZ
Weaveworks acquired the policy-ascode startup Magalix to secure Kubernetes applications by integrating the solution into Weave GitOps. “Enterprise customers have made it clear that trusted application delivery is critical to the success of their increasingly complex cloud native platforms,” said Alexis Richardson, the CEO of Weaveworks. “With the acquisition of Magalix, Weaveworks introduces customizable policies, compliance capabilities and comprehensive risk visibility into GitOps workflows, ensuring only authorized applications are deployed and there are no nefarious activities.” The addition of Magalix’s policy engine will enable DevOps teams to apply consistent policies and best prac-
tices across multiple Kubernetes environments. These new developer guardrails will enable Weaveworks customers to bridge the gap between developers, DevOps and security teams. Also, Magalix’s KubeGuard agent detects and remediates runtime drifts. Magalix simplifies DevSecOps and enables cloud-native environments to be more secure by integrating directly into source, build, and deployment stages of the software lifecycle, according to Weaveworks. Customers will be able to use the same declarative approach as Kubernetes to scale their applications while maintaining regulatory requirements and security best practices with Magalix’s security capabilities.
“We are seeing an increase in customers who run a zero-trust security model turning to GitOps to bring DevOps to cloud-native application development and IT operations,” said Mohamed Ahmed, the founder and CEO of Magalix. “Similar to how DevOps disrupted infrastructure management, we believe that integrating security into GitOps pipelines brings considerable agility and speed, preventing errors and protecting against attacks that could shut down the entire platform. Imagine securing your platforms 100 times faster with very high confidence while evolving them. Weaveworks and Magalix share that joint mission to make it easy to innovate fast without jeopardizing security and stability.” z
15
016-18_SDT057.qxp_Layout 1 3/1/22 3:38 PM Page 16
16
SD Times
March 2022
www.sdtimes.com
ith all the talk of the metaverse over the past few months, you might think it’s already open for business. It seems that every day I’m fed an article through my Google News feed, my Twitter feed, or even just when I’m browsing Reddit. Despite all the hype around it, though, many people still aren’t clear on what the metaverse actually is. Despite Facebook’s rebranding itself as Meta, the company isn’t the one that came up with this idea. The term actually comes from Neal Stephenson’s 1992 science fiction novel “Snow Crash,” and the idea of a metaverse has been at the center of many other science fiction stories, such as “Ready Player One.” “I think that in general the metaverse is still a very early-stage concept. Even some of the large companies demonstrating Metaverse experience, to me, I feel it’s very rough today,” said Tony Zhao, CEO and co-founder of Agora, a provider of conversation technologies. “It’s not even close to what some of the movies are trying to present, like ‘Ready Player One.’ If you watch that movie, it’s more like another life, where you’re living in a totally virtual environment, but feeling like reality. This technology is still very far away from that.” Obviously, we’re not quite at the level of technology featured in those worlds, so what does a metaverse look like in our world? According to Gartner, a metaverse is “a collective virtual open space, created by the convergence of virtually enhanced physical and digital reality. It is physically persistent and provides enhanced immersive experiences.” On one extreme of this is the idea of putting on VR headsets to virtually join a work meeting or event, while at the other end of the spectrum, people are already participating in a metaverse of sorts when they log in to a MMORPG like “World of Warcraft.” Current implementations of the technology result in several tiny metaverses, but Gartner envisions them all converging. “Vendors are already building ways for users to replicate their lives in digital worlds,” said Marty Resnick, research vice president at Gartner. “From attending virtual classrooms to buying digital land and constructing virtual homes, these activities are currently being conducted in separate environments. Eventually, they will take place in a single environment — the metaverse — with multiple destinations across technolo-
W
BY JENNA SARGENT
016-18_SDT057.qxp_Layout 1 3/1/22 3:38 PM Page 17
gies and experiences.” Gartner predicts that by 2026, a quarter of people will spend at least one hour of their day in a metaverse for work, shopping, education, social media and/or entertainment purposes. According to Zhao, there are a number of efforts happening right now to create an environment for people working together in distributed environments to feel like they are working alongside coworkers. In education there are also efforts being made to create study rooms where students can virtually get together and study with peers.
Learn, explore, prepare This might be exciting for some to think about, but it’s important to stay grounded and keep in mind that the metaverse is still in early stages and will require a number of different technologies in order to function. Gartner says that since the metaverse is still at an early stage, companies should limit their investments in it at the moment, and instead prioritize learning, exploring, and preparing for it. “To understand the concepts of a Metaverse, think of it as the next version of the Internet, which started as individual bulletin boards and independent online destinations. Eventually these destinations became sites on a virtual shared space — similar to how a Metaverse will develop,” Gartner wrote in a post. Virtual reality is at the heart of many people’s visions for the metaverse, but there are many ways in which virtual reality will need to evolve to support this future. According to Zhao, one technology that will be crucial for the metaverse is support for real-time communication. “Everybody is talking about the metaverse right now, and there are a lot of different views or opinions around that,” said Zhao. “But one thing we see as a common factor in there is real-time experience, in which people should be able to interact in real time, within that metaverse.” In order to ensure a smooth experience, it’s important that you’re able to have a stable connection across all
March 2022
SD Times
17
Image: readyplayer.me
www.sdtimes.com
Considerations for metaverse developers and adopters The metaverse was a topic in Thoughtworks’ most recent installment of Looking Glass. In the report, the company details some of the things that developers should consider as they begin developing for the metaverse. According to Thoughtworks, developing for the metaverse will be different from developing web-based applications, since users will interact with the metaverse in a different way than they’ll interact with web-based applications. For example, the UI will be completely different, and a lot of interactions might be done with hand gestures, rather than tapping on a screen or pointing and clicking with a mouse. So, to meet users’ needs, developers will have to approach development from a different perspective. The different user experience will shape the way that developers approach working on the metaverse. For example, according to Thoughtworks, when developing for metaverse, emotional interactions must be considered as well. “People represent differently in virtual worlds, which can have moral and ethical implications,” Thoughtworks explained in its report. They also cautioned developers to prepare for a certain degree of vendor lock-in, but also recommended that they be open to change. “Embracing one platform may be the best solution for your organization now but not necessarily over the longer term, depending on how the ecosystem and your needs develop,” they wrote. Another thing to bear in mind is that the rollout of solutions will be constrained by the availability of certain capabilities and technologies. Finally, the metaverse will present several B2B opportunities for developers. For example, training, conferencing, gaming, and virtual worlds can be explored, but there are also a number of new and inventive ways to use the new technologies, such as intelligent, self-piloted drones in agriculture or rescue use cases. As early as next year businesses might “begin to understand that the expanding frontiers of interaction don’t just pave the way for richer customer experience but can actually drive business and process improvements, by pairing technology-based speed, scale and precision with human capabilities and ingenuity,” said Kate Linton, head of design at Thoughtworks. z
clients. The difficulty of this varies if you have four people interacting versus say 4,000, Zhao said. “It takes some work in the back end to make sure it’s both connected, but also, stable and in high quality for real-time traffic of the audio or video data, the virtual environment data,” said Zhao. Dealing with lag in normal settings on the internet, whether it be interacting with a website or playing a video game, is already annoying. But when in an immersive environment, a small amount of lag will take you completely out of the experience.
“And we’re talking about just a few milliseconds,” said Asaf Ezra, cofounder and CEO of Granulate, a workload optimization company. “You don’t have those hundreds of milliseconds that it will take you to go back to the back-end service somewhere far, which 5g is trying to alleviate. And once you’re there, you have your application, you have your computer and you need to return a response. The round-trip time end to end should be just at most, what we understand is around 50 milliseconds for people to see it as immecontinued on page 18 >
016-18_SDT057.qxp_Layout 1 3/1/22 3:38 PM Page 18
SD Times
March 2022
www.sdtimes.com
< continued from page 17
diate. Right now, if for example, we were to send a request to US-East on AWS, just a round-trip time would take about 100 If not 200 milliseconds.”
VR sets need to advance Visually, the resolution of current VR headsets and programs still has a way to go, according to Ezra. Currently, the resolution offered through a VR headset makes it difficult to read letters in text, he explained. “So if you expect people to be able to walk down the street and see advertisements on buildings based on wherever they seem to be, or augment data onto their screen … about the weather and stuff, I think we’re very far from that,” said Ezra. Current compute levels also can’t support a “Ready Player One”-type metaverse. Ezra gave the example of “World of Warcraft.” Instead of having millions of people playing at once, imagine if there were two billion people. All of a sudden you’d need to be calculating what each player sees on
What the current state of the metaverse could look like So given that the “Ready Player One” view of the metaverse is still a long way away, what sort of metaverse can we expect to be able to experience now, or in the near future? Ezra expects that perhaps large events can be experienced in VR with the current technology. For example, he can envision people experiencing sporting events or even concerts together in virtual reality. Users would be able to switch between different viewpoints of where to view the event from, rather than being constricted to whatever main camera is being broadcast.
their screen from their perspective, when each of those billions of people are doing different things. “So you’re not only talking about a much, much larger amount of compute, but also the transformations that you have to make to see it from everyone’s personal vision, that would take a huge leap forward in what we expect to see,” said Ezra. The current chip shortage is certainly playing a role in how these compute issues can be resolved. For example,
Inside the Meta Lab
Facebook, now called Meta, held an online event on Feb. 23 in which Mark Zuckerberg laid out his vision for how AI will be used in building the metaverse. During the event, he revealed a number of breakthroughs that the company has made. One is BuilderBot, which is a tool that allows voice commands to be used to generate or import things into a virtual world. The company is also working on a Universal Speech Translator that will provide speech-to-speech translation across all languages. Another speech technology that was highlighted is Project CAIRaoke, which is an AI model for talking with virtual assistants that will enable more fluid and natural conversations to take place. “We can imagine that in a few years, the technology from Project CAIRaoke will underlie next-generation interaction between people and devices. On devices like VR headsets and AR glasses, we expect this type of communication to eventually be the ubiquitous, seamless method for navigation and interaction, much as how touch screens replaced keypads on smartphones. Our current model is an important step forward, but we have more work to do to fully realize this vision. We are excited by both the progress we’ve made so far and the challenges ahead,” Meta wrote in a blog post explaining the technology. A new resource is also being made available to help people better understand how AI systems work by outlining the models
Facebook and Google are two companies currently pouring a lot of money into the metaverse and virtual reality, but that also requires specific hardware, which can be hard to obtain at the moment. Ezra expects that because of this, we’re at least a few years away from the place we need to be. Another area Ezra pointed out with the hardware is power consumption of the headsets themselves. This includes both battery life and power to cooling systems. z
that comprise an AI system and how they interact. The company also is launching an initiative to bring talent from underrepresented groups into AI. Through the AI Learning Alliance, coursework on machine learning topics will be made available. The coursework will be developed by professors at universities with large populations of students from underrepresented groups, Meta explained. And finally, it is releasing the open-source library TorchRec, which is used for building recommendation systems (RecSys) for PyTorch, and is used to provide personalization for several of Meta’s products. PyTorch started receiving a lot of feedback in mid-2020 that there wasn’t a large-scale recommender systems package in the PyTorch ecosystem, and as they worked to solve that gap, engineers at Facebook approached the community about contributing its library to PyTorch and building a community around it. “This seemed like a good idea that benefits researchers and companies across the RecSys domain. So, starting from Meta’s stack, we began modularizing and designing a fully-scalable codebase that is adaptable for diverse recommendation use-cases. Our goal was to extract the key building blocks from across Meta’s software stack to simultaneously enable creative exploration and scale. After nearly two years, a battery of benchmarks, migrations, and testing across Meta, we’re excited to finally embark on this journey together with the RecSys community,” Donny Greenberg, product manager for PyTorch; Colin Taylor, senior software engineer for Facebook AI; and Dmytro Ivchenko, software engineer at Facebook, wrote in a blog post. z
Image: Virbela
18
019_SDT057.qxp_Layout 1 2/28/22 2:58 PM Page 19
www.sdtimes.com
March 2022
SD Times
19
New study shows 20x increase in security scan cadence increase in the use of multiple security As security continues to shift left and scan types between 2018 and 2021, DevSecOps efforts expand, software with the majority of developers choossecurity best practices are rapidly evolv- ing to utilize a combination of static, ing. The State of Software Security dynamic, and SCA scans. The study Report conducted by the application security company Veracode, showed that on average, Median application was scanned less than once a month (only 10 percent of apps scanned more often than weekly) organizations are running scans on their apps 20 times more than they were just 10 years ago. With this, the report also 90 percent of apps scanned more than once a week (majority scanned three times a week) revealed that scan frequency has seen a dramatic increase, with developers now testing more than found that organizations that used both 17 new applications per quarter, more dynamic and static scanning were able than triple what was reported for the to remediate 50% of flaws 24 days faster on average. Add SCA scanning to same period a decade ago. “Part of this is due to the speed of that and it shaves off another 6 days. Veracode’s report also showed that innovation that has happened in the past few years. More and more software organizations that invest in hands-on is being written and organizations are security training early on have a strong realizing that there's a bit of exposure advantage over those that don’t. there. There's more customer data According to the study, companies with being put into those things and the this kind of training in place fixed flaws business is being driven by these appli- 35% faster than those without. The report also showed that in 2018, cations so it's important to make sure that they’re secure,” said Chris Eng, about 20% of apps were operating using multiple languages, but this number chief research officer at Veracode. Additionally, there has been a 31% dipped to just 5% in 2021. “The compoBY KATIE DEE
2
2010 2021
sition of applications has changed pretty significantly over the past few years, going from a lot more multi-language applications to that just kind of petering out a little bit, and it coincides with increasing developer interest in microservices so it was kind of cool to see that trend,” Eng said. Another section of the report focused heavily on the use of open-source libraries and thirdparty code and the way they are being leveraged by different organizations. It revealed that most of the code in Java applications comes from third parties, and Java continues to push further in that direction. It was also reported that .NET experienced an unexpected upward shift in the percentage of third-party code in its applications; this happened around the release of .NET 5 and resulted in a sharp increase in use of third-part code. Additionally, the report reinforced the findings of previous studies that stated that developers tend to stick to the libraries they know and love rather than bouncing around and refactoring their code base in order to switch to the newest or “most popular” libraries. z
Scanning cadence over time Manual
Dynamic
Static
SCA Agent
1k
S
100
10
1
0 2010
2015
2020
2010
2015
2020
2010
DATE OF FIRST SCAN
2015
2020
2018
2020
2022
Source: State of Software Security, Veracode, 2022
021-28_SDT057.qxp_Layout 1 3/1/22 4:30 PM Page 20
20
SD Times
March 2022
www.sdtimes.com
BY KATIE DEE
L
ow-code and no-code tooling has become increasingly popular among developers of differing skill levels; from citizen developers to professional development engineers, low-code and no-code solutions have a part to play in several different workflows. This brings up the question of how far developers can really go using this type of coding. According to Andrew Manby, head of product management at HCL Digital Solutions, low code can be used for anything from creating simple workflows to increase productivity, to building applications that work to address specific employee and business problems. “I think when you get to the level we’re operating at, its very much based on a challenge, a business opportunity, and also part of how people are thinking innovatively about becoming digital first,” Manby said. He went on to explain that, particularly during the COVID-19 pandemic, major organizations are utilizing low-code and nocode tooling to solve the problem of maintaining the business when people have no interest in going into a physical store anymore. According to Manby, regardless of the industry, the use cases for no-code and low-code tooling comes down to a fairly specific problem that needs solving. “We have a ferry company in Germany that we’re working with right now, and they wanted to replace their booking app, but once you start getting into what the business problem they are trying to solve is, you find that it's not about just buying that ticket, they want to build it into more an engaging experience,” he explained. These particular use cases are being successfully taken on by IT teams and professional developers utilizing low code or no code in order to save time and increase productivity. Paulo Rosado, CEO of OutSystems, explained that the level of sophistication provided by low code or no code is mainly determined by the platform or tool itself. He said, “Fundamentally,
The benefits of low-code/no-code tools for professional developers you can go from a small portal or workflow to building a claims processing system or the brand's mobile native application at the other end of the spectrum.” He went on to explain that today, no-code and low-code tools have become extremely advanced, going beyond just delivering functionality. According to Rosado, these types of tools bring the capability to support non-functional requirements as well, such as high scalability, high security, reliability, and several other key factors that used to require more advanced coding to accomplish. Charles Kendrick, CTO of Reify, said that the question is no longer ‘Can I build this with a low-code or no-code tool?’ but rather ‘How much of this can I build?’ “We've found that even for large, complex business applications — where a low-code platform would not normally be considered — as much as 70-80% of the application can be built
and maintained in Reify,” he said. "This means you can get the benefits of the low-code approach in every single project, not just the simpler ones.” Frank Zamani, president and CEO of Caspio, highlighted different aspects of no-code and low-code tools. According to Zamani, when this type of technology was first introduced, many professional developers felt somewhat intimidated by its potential and the ease of use that it offered. On the other side of this, there were developers who vastly underestimated these tools and did not believe that it was truly possible for them to create in-depth applications the right way. “I would say now, after educating the user base… I think two things have happened, on one hand they are taking these platforms more seriously and seeing that these are good for certain types of use case scenarios, and the other thing is that they’re realizing that these platforms are mostly doing the work
021-28_SDT057.qxp_Layout 1 3/1/22 4:30 PM Page 21
www.sdtimes.com
that a good developer does not even want to do,” Zamani explained. He compared the concept of having highly skilled developers doing the work that can be done with no-code or low-code tools to having a neurosurgeon water plants in a hospital just because they work there. All this to say that there are more pressing and demanding issues that these professional developers should be spending the majority of their time and resources on while no-code and low-code tools can take care of the mundane. Chandra Ranganathan, co-founder and CEO of Opsera, pointed out that low-code or no-code technology also makes it easier for organizations to roll out applications in a more holistic way, due to the increased ease of use and decrease in the time commitment. “Nocode development platforms can be extended beyond just creation of simple workflows to also accomplish the end-toend needs of software delivery,” he said.
According to Ranganathan, these needs include provisioning infrastructure, integrating toolchains, developing workflows and pipelines to build, test, secure, and deploy software, and also get unified and predictive insights. “Architecting and implementing nocode approaches holistically will ensure maximum value in terms of agility, security, and efficiency.” He went on to discuss the increasing complexity of digital transformation, multi-cloud, and SaaS first ecosystems, and the way that taking a no-code approach could be helpful in adapting because of this all encompassing method that can be easily achieved. “The right platform and a properly designed no-code development and orchestration approach can help address multiple use cases across organizations,” he said. “Product delivery across multi-cloud, mobile application deployments, or release automation for SaaS applications, and also provide flexibility for ‘low-code’ extensions or customizations for application specific needs.” Rosado also spoke about the role that low code plays in mobile development as well as edge computing. He said, “A lot of the applications that we deliver are mobile applications and we also have web applications that need to be operated at the edge that are delivered by low-code… one of our international customers, for instance, is the navy for a particular country and they run the platform in each one of the boats that they operate, and so that’s a case of edge computing.” Manby echoed Rosado, saying that there are people using mobile applications created with low-code technology to conduct processes as critical and complicated as inspections of oil rigs. Using an app built with low code, someone can complete the inspection while the person operating the rig can receive live incident recordings from them all in one centralized application. “This kind of inspection and reporting and field services is one of those pervasive things [that can be accomplished with low-code],” he said. Ranganathan explained that with
March 2022
SD Times
Buyers Guide low-code or no-code technologies, the process remains the same no matter where you deploy the application to. The no-code approach used for mobile applications should be the same as what the process used for deployment to data centers or cloud based applications looks like. Organizations should be looking to extend their capabilities, standards, architecture, and modules to enable them to deploy low-code applications in multiple different ways. “To implement an effective no-code approach, organizations have to consider how the solution fits into their existing or planned technology stack, (re)engineer processes to ensure seamless integration and collaboration across the SDLC functions and ensure buy-in and change management with the ultimate users,” Ranganathan said. Zamani emphasized that as long as the ultimate goal falls under the umbrella of what a low-code or nocode tool is good at, the deployment method shouldn’t have much of an impact. “If the use case scenario falls into one of these areas that Caspio is good at, then yes, but edge computing itself is a huge universe… It’s also a balance, in terms of how much makes sense to do in a no-code way, and what percentage of it should be done through coding,” he said. Manby explained that with the current state of no-code and low-code, there is virtually no limit to what it can do. Applications that used to require multiple development teams and extremely advanced coding can now be completed with much fewer resources while achieving the same quality in the end product. Manby pointed out that particular use cases for low-code vary drastically depending on the industry. “It’s just immense, and it really comes back to solving that specific business problem,” he said. However, when organizations are working with smaller tools, it becomes much more difficult to access the full breadth of what is possible. According continued on page 22 >
21
021-28_SDT057.qxp_Layout 1 3/1/22 4:30 PM Page 22
22
SD Times
March 2022
www.sdtimes.com
< continued from page 21
to Rosado, a key issue with smaller scale no-code or low-code tooling is the aspect of completing change requests. “It’s a challenge that we’ve seen in a lot of situations in the past 30 years with technologies like development productivity tools,” he said. He went on to explain that this is because of the aspect of the buildup of technical debt and the growth of software as it evolves with change requests. Despite this issue though, investing in no-code or low-code capabilities still proves to be an increasingly smart move. Manby said, “I think that the majority of the larger organizations have started to embrace low code… in a survey that we did with Forrester we found that over 80% of organizations surveyed had low-code as one of their top IT priorities. So I think if they don’t already have something in house which they’re piloting right now, then this certainly is a consideration for the next 18 months or three years to bring in house.” Rosado also discussed the ways that no code and low code can be especially helpful during the shortage of skilled developers that is currently being seen. “The talent shortage is so huge and the backlogs of things to do doesn’t stop,” he said. He went on to explain that no-code and low-code tools help fuel developer productivity, and ensure that more work can be done using less professional developers, which is extremely helpful when there's not many highly skilled developers to begin with. “It just makes pro developers more scalable and allows them to help more and deliver more with higher impact.” Zamani also discussed the role of no-code and low-code tools in the midst of this developer shortage. He said that these types of tools can be incredibly helpful, but it all comes down to the extent that customers are willing to adopt them. “This problem is not going away, this shortage of developers, if anything it’s only going to get worse… The need is growing and the supply is not as much so it will be a bigger issue as time goes on.” z
Heightened productivity with built-in security Andrew Manby, head of product management at HCL digital solutions, highlighted the aspect of security in low-code tools. He said, “We have a manufacturer in the CPG (consumer packaged goods) space… and in order for them to try and manage their production, they have to figure out where the areas of exposure are and building these new applications using low-code enables them to be more productive and efficient and be safer for that matter.” Safety and security are becoming increasingly important factors to consider. However, just because no-code and low-code tools bring a heightened level of ease, doesn’t mean they come with any increased risk of security vulnerabilities. According to Paulo Rosado, CEO of OutSystems, “If the low-code vendor puts the investment in the underlying platform, then these platforms can be more secure than traditional coding, and the reason for this is that in a lot of use cases, security practices are done at the level of the platform infrastructure.” He explained that the way for organizations to build security into low-code tools is to take a transpiler and compiler approach and translate it to cloud-native applications. Rosado said, “What we translate usually is fundamentally packed with high security-grade constructs, both in the code and in the infrastructure.” This prevents the developer from having to go back and check that all of the security requirements needed have been fulfilled. Chandra Ranganathan, co-founder and CEO of Opsera, also discussed the simplicity of integrating security into a no-code or low-code tool. He explained that the developer can insert security checks into their tooling wherever they think it is necessary, saving time in the long run by accounting for security in the development process. “Seamlessly integrating it into a workflow ensures security and ensures compliance while also improving collaboration and productivity,” he said. Manby reinforced this, saying that, if done right, applications created with lowcode tools are just as secure — if not more so — as applications that were developed with more complicated coding. “We fully integrate with those types of best practices and tools,” he said. “So, taking a full stack developer and teaching them how to use low-code, they feel very much at home, it’s not an alien environment, it's really about productivity… there’s no need to sacrifice [security].” Frank Zamani, president and CEO of Caspio, said that he believes that no-code and low-code tools have the power to make applications even more secure because the level of compliance is not determined by a specific developer. “An application built the traditional way is as good as the developer who wrote it, but inherently, it doesn't have any built-in security. It’s as good as how well the developer was trained, how much they thought about security, and also how well they slept the night before,” he explained. While he also pointed out that there is no such thing as the perfect tool, no-code and low-code tools usually have full teams dedicated to security and compliance. “This team’s only job is to stay up to date on the security issues that can arise and many other things that a single developer would have to think about, and have to code, and have to implement [themselves],” he said. Rosado also discussed the feedback loop that OutSystems has achieved due to the open-source nature of their code, and how it has helped to create even stronger security. He said, “The customer can look into everything that's generated and use their own tools to scan the code. Sometimes we have customers that are so sophisticated that they come to us and say that they have detected a non-compliance.” After receiving this feedback, it is simple to go back in and make the necessary changes to the code in order to make it security compliant. With this, organizations who were not even aware of the vulnerabilities in their own companies then become compliant as well. z
Full Page Ads_SDT057.qxp_Layout 1 3/1/22 6:25 PM Page 23
021-28_SDT057.qxp_Layout 1 3/1/22 4:31 PM Page 24
24
SD Times
March 2022
www.sdtimes.com
How these products help developers succeed with low code/no code tools Charles Kendrick, CTO, Reify, Isomorphic Software Reify offers all the usual services: consulting, support, training, etc. But what’s different about Reify is its Hybrid Development model. You can use Reify to build any part of an application, and in multiple places within a single larger application, and you can even extend an existing application with Reify-created screens. This is possible because Reify projects represent a self-contained set of screens and data access points that can be used anywhere. We never assume that a Reify project owns the whole screen. A complex application might consist of a hand-coded start screen that leads to a mix of Reify-created screens and hand-coded screens. Or, a Reify project might be used for a popup wizard, or for the contents of certain tabs but not others. This gives our users much more flexibility, and the ability to leverage low code in many more scenarios. We have seen many of our ‘competitors’ focus on hosting the web applications their customers build. We do this, but don’t see that as a differentiator. We are focused on accelerating the design, development and maintenance process. We want our customers to be successful, and support that by offering unlimited end-users, as opposed to penalizing them by charging perend-user fees. Typical low-code platforms allow you to build most of your application visually, then offer a limited set of “extension points” that may or may not meet your remaining needs. Often that results in you getting stuck. Your developers basically have to start again from scratch — outside of the low-code tool — to develop the capabilities you need. Andrew Manby, Head of Product Management, HCL Digital Solutions Businesses everywhere need to deliver exceptional ways to engage customers, partners, and employees — and transform systems and automate business-critical processes — into easy-to-use mobile apps and multi-channel experiences. Low code offers the opportunity to be more responsive and innovate and scale rapidly. Whether a company has one developer or teams of developers, low code powers developer productivity in several ways: • Build once deploy everywhere: Save time and resources by avoiding creating specific codes for different platforms • Integrations without limits: Seamlessly unlock existing data and bring together back-end systems, apps, and processes • Innovative interactions: Easily leverage “next gen” tech such as VR, AR,and chat into your apps All of which enables businesses to: • Build robust solutions in weeks instead of months • Achieve faster innovation and lower TCO • Focus on the next higher-value digital and operational opportunity With HCL Volt MX, customers saw the following benefits: • ROI in a year • Responded to the pandemic by building a health and safety app in 55 hours • Created localized apps in 30+ countries while achieving 50% savings in app dev costs
• Spun up 15 apps in less than a year to improve operations and manage assets Frank Zamani, Founder and CEO of Caspio Caspio was founded on the simple idea of empowering anyone to build powerful, secure and highly scalable web applications without writing a single line of code or procuring any IT infrastructure. Now, more than two decades later, the number of low-code developers is growing three times faster than the population of traditional developers worldwide. The requirement for companies to build applications at speed and scale has never been more essential. The global pandemic served as a clear turning point, exposing critical vulnerabilities virtually overnight. Caspio’s no-code platform democratizes the application development process by empowering more people to build the applications need to do their job better and faster — while freeing professional developers to focus on mission-critical IT projects. Caspio is the only no-code platform that provides a fully integrated cloud database, unlimited app users, unlimited app developers, standards-based extensibility and seamless deployment to any web property — all included as standard features in every plan. Try Caspio for free at caspio.com or request a free consultation ($250 value) at caspio.com/sdtimes. Chandra Ranganathan, co-founder and CEO of Opsera At Opsera (www.opsera.io), our vision is to democratize DevOps and empower software and DevOps engineers to deliver software faster, safer and smarter — by providing them with a continuous orchestration platform that maximizes tool choice, no-code automation and intelligence across the entire DevOps life cycle. Opsera’s no-code DevOps orchestration platform for Enterprises provides both Product and IT engineering and DevOps teams with the following game-changing capabilities to: • Instantly provision and integrate their choice of CI/CD tools, in their choice of cloud • Build scalable no-code pipelines in minutes (for SDLC, Infrastructure automation and SaaS applications releases), with inbuilt security, quality and approval gates • Get unified insights with actionable intelligence, real time logs and blueprints that help optimize troubleshooting, audit and compliance Opsera brings significant value to its customers and users who report the following key benefits: • An order of magnitude time and cost savings over “build it yourself”, freeing developers to focus on core products • Better governance of their CI/CD tools and pipelines, and much enhanced security and quality posture of their software delivery • Greater flexibility compared to “blackbox” solutions, and much better visibility and efficiencies across their DevOps ecosystem. continued on page 28 >
Full Page Ads_SDT057.qxp_Layout 1 2/25/22 9:36 AM Page 25
ĺ ! " ĺ -vrbo bv |_; omѴ moŊ1o7; rѴ- oul |_-| ruo b7;v - = ѴѴ bm|;]u-|;7 1Ѵo 7 7-|-0-v;ķ mѴblb|;7 -rr v;uvķ mѴblb|;7 -rr 7; ;Ѵor;uv -m7 v|-m7-u7vŊ0-v;7 ; |;mvb0bѴb| ĺ
Unlimited Users
m|;urubv;Ŋ!;-7
Deploy Anywhere
o Ѵblb|v om -rrѴb1-ঞom v;uv ou bm|;um-Ѵ -rr 7; ;Ѵor;uv
"1-Ѵ-0Ѵ; 1Ѵo 7 bm=u-v|u 1| u; u mmbm] om )" -m7 " ";u ;u
l0;7 -rrѴb1-ঞomv v;-lѴ;vvѴ om -m ;0 ruor;u|
Industry-Leading Security
!o0 v| m|;]u-ঞom rঞomv
Standards-Based
;;| v|ub1| v;1 ub| -m7 u;] Ѵ-|ou 1olrѴb-m1; u;t bu;l;m|v
v|olb ;ķ ; r-m7 -m7 bm|;]u-|; 0-v;7 om o u ; -1| m;;7v
|;m7 -rrv vbm] $ ķ ""ķ - -"1ubr|ķ " -m7 ! "$
;| v|-u|;7 b|_ - =u;; 1omv Ѵ|-ঞom ŐŪƑƔƏ -Ѵ ;ő -| 1-vrboĺ1olņv7ঞl;v
Full Page Ads_SDT057.qxp_Layout 1 2/24/22 3:49 PM Page 26
Make Ideas Real.
Low-code. All devices. No limits.
Visual, collaborative application development in the cloud.
With Reify’s Hybrid Development model, you can combine traditional IDE develepment with visual development, in any mix.
Product Managers Business Analysts Designers Developers
Developers [optional]
Use Reify low-code platform for every project, no jut the simple ones! • Modernize exting applications • Extend existing applications • Visually build new applications
Reify. This changes everything. GET STARTED @ Reify.com
021-28_SDT057.qxp_Layout 1 3/1/22 4:41 PM Page 27
www.sdtimes.com
March 2022
SD Times
27
A guide to Low-Code/No-Code platforms n AgilePoint NX is a low-code development platform that allows both developers and “citizen programmers” to easily implement and deploy cross-functional/ cross-organizational business apps into digital processes across multiple environments and cloud platforms. n Alpha Software offers the only unified mobile and web development and deployment platform with distinct “no-code” and “low-code” modes. The platform materially accelerates digital transformation by allowing line of business professionals to work in parallel with IT developers. n Altova’s MobileTogether provides developers with the tools needed to build complex mobile applications quickly and easily. With MobileTogether, developers can create apps without having to manually write code, without needing to sacrifice quality. n Appian’s platform allows teams to quickly build unified views of business information from across existing systems, and lets them create optimized processes that manage and interact with their data. Abandon the need for code with drag-anddrop, declarative, visual development for all aspects of app dev — UX design, process design, rules design, and more. n Boomi is a provider of cloud integration and workflow automation software. The Boomi unified platform includes Boomi Flow, low-code workflow automation with cloud native integration for building and deploying simple and sophisticated workflows to efficiently drive business. n K2 offers an established platform that excels across mobile, workflow, and data. K2’s core strength is support for building complex apps that incorporate mobile, workflow, and data. The company provides a data-modeling environment that allows developers to create virtual data views that bring multiple systems of record together into a single view. This allows developers to create an abstract view of the data. n Kintone: Teams can run, test and iterate on processes, and efficiently manage tasks with Kintone’s no-code workflow automation tool. The platform features branched
n
FEATURED PROVIDERS n
n Caspio: Caspio is the only no-code platform that provides a fully integrated cloud database, unlimited app users, unlimited app developers, standards-based extensibility and seamless deployment to any web property — all included as standard features in every plan. Running on AWS and SQL Server, Caspio delivers the enterprise security, performance and compliance capabilities required by IT departments and regulated industries. Try Caspio for free at caspio.com or request a free consultation ($250 value) at caspio.com/sdtimes. n HCL: HCL Volt MXis an industry-leading low-code platform that helps organizations build apps and create engaging experiences across all digital touchpoints — transforming your business and driving value — fast.With Volt MX, you can create web, native, and wearable apps on any platform — in just a few weeks — and integrate diverse and complex systems, and easily add innovative experiences such as VR and AR to engage users in new ways. Redefine power, speed,and efficiency with Volt MX.
n Opsera: Opsera empowers DevOps and Software engineers to deliver software faster, safer and smarter with the first “continuous orchestration platform for DevOps” that maximizes tool choice, no-code automation and actionable intelligence across the entire DevOps life cycle. Opsera’s no-code DevOps orchestration platform provides self-service toolchain provisioning and Integration, declarative pipelines for SDLC and SaaS use cases, and unified insights. Opsera significantly increases developer productivity, boosts release velocity and enhances security posture and compliance for software delivery. n OutSystems: OutSystems is a global leader in low-code application development that cuts complexity through automation, unlocks developer innovation through software integration, and creates high-performing and collaborative teams that are building the exact applications their business needs. Many of the world’s top brands use OutSystems to create business-critical apps that customers and employees love, to redesign their workplace processes, and to modernize their businesses. OutSystems customers are using the platform to improve lives and business through software. n Reify: Reify (from Isomorphic Software): Isomorphic Software is the global leader in high-end, web-based business applications. They develop, market, and support the Reify low-code platform, as well as the SmartClient &amp; Smart GWT HTML5/Ajax platform Reifyis based on. Their technology gives you all the productivity of a low-code approach,combined with all the power of an enterprise-grade web application platform. z workflows and trigger-based notifications with built-in collaboration at every step of the way. Teams can navigate databases quickly and easily, diving into their data with easy-to-use and quick-to-configure views, filters and reports. Developers can also take application customization and workflow automation to the next level with Kintone’s open APIs and JavaScript. n The Kony Platform delivers speed without compromise, accelerating development with reusable components and realtime collaboration tools to keep projects on track and team members aligned. A
rock-solid centralized code base powers all devices and operating systems, integrating with 100% of the native OS for true native experiences while streamlining support and minimizing maintenance. n Mendix is a low-code, high-productivity platform that enables enterprises to transform how they innovate and compete with applications. Building apps on Mendix is easy, fast and intuitive with the use of visual models, enabling a wide continuum of people, from developers to business analysts, to build robust applications withcontinued on page 28 >
021-28_SDT057.qxp_Layout 1 3/1/22 4:32 PM Page 28
28
SD Times
March 2022
www.sdtimes.com
Tools continue to rise in popularity John Bratincevic, an analyst at Forrester, said, “[No-code and low-code] are becoming first class options for software development in virtually every enterprise it seems, and in our last developer survey, 30% of professional developers say that they’re using one of those tools themselves.” He also discussed the market leaders for no-code and low-code tools, in terms of adoption. He said that the giants right now are most of the larger well known companies that have a good reputation in other areas and come with a good amount of notoriety. “The big companies where low-code is one part of the puzzle… they have a bunch of go-to-market paths and a bunch of entry points… which is kind of a big starting point for enterprises,” he said. According to Bratincevic, the adoption of no-code and low-code technology spans across nearly every industry, from finance to retail. “There’s definitely a move towards verticalization for some platforms, especially smaller ones as they kind of find their niche. So, a lot of people are starting to focus on under digitized industries… but it’s pretty broad, the tools themselves are broadly applicable,” he explained. When actually adopting no-code and low-code tools into an organization, Bratincevic said that the most common issue professional developers struggle with is finding a way to implement it into their toolchains and pipelines without causing any disruption. He said that this becomes highly ambiguous because there are several different avenues to tackle this problem. “How do they manage that? Should it have its own pipeline? Should it use the one they already have? Answering that question and understanding what the best answer is… the market doesn’t know exactly how to deal with it yet,” he said. Another challenge that developers have to overcome is governance. According to Bratincevic, no-code and low-code tools bring in more developers, whether professional or citizen, and more developers means more people have to be on the same page. This becomes especially challenging when several developers come from differing IT backgrounds. He also said that as these problems become more prominent, there is an ecosystem forming around them and their solutions. “The governance, and the culture change, and the framework, and how to integrate… the multifaceted question of how to do this at scale is just beginning to form,” said Bratincevic. z
Products help developers with low code/no code < continued from page 24 Paulo Rosado, CEO of OutSystems OutSystems provides a visual, model-driven development and delivery platform to create enterprise-grade web, mobile, and cloud applications. For professional developers, this means removing some of the more tedious work of traditional development, including difficulties adapting and changing to new technologies and ongoing maintenance activities. With OutSystems, much of the setup and integration required on the backend is automated to ensure security and scale, while mitigating issues like legacy code and integrations. OutSystems handles the critical but undifferentiated tasks of development, by constantly updating with the latest cloud technologies, leveraging containers and Kubernetes to make sure development teams deliver world-class application architectures and moving fast to meet changing business needs with low risk. This is especially important as developers are expected to keep pace with unrelenting pressure for better and faster software and more scalable and secure apps. With all of this alongside integrated tools optimized for the entire app lifecycle, OutSystems frees up developer time to focus on creativity, innovation, and doing what they do best — building differentiated apps that solve challenges, capture market opportunities, and modernize their businesses. z
Low-Code/No-Code guide < continued from page 27 out the need for code. With model-driven development, business leaders and IT have a shared language to build applications rapidly. n Micro Focus: Service Management Automation X (SMAX) enables users to create IT and non-IT workflows and processbased apps in an entirely codeless manner, helping customers escape endless implementation cycles and increase time-to-value. Additionally, the intuitive, visual, lowcode/no-code interface of Micro Focus Robotic Process Automation (RPA) makes it possible for users to do all of their work on one screen. n Microsoft enables users to create custom business apps with its PowerApps solution. PowerApps features a drag-and-drop, citizen developer-focused solution designed to build apps with the Microsoft Common Data Service. PowerApps can be used with Microsoft Flow, the company’s automated workflow solution, for data integration. n Nintex helps enterprises automate, orchestrate, and optimize business processes. With the company’s intelligent process automation (IPA) solutions, IT pros and line of business employees rely on the Nintex Platform to turn their manual or paper-based processes into efficient automated workflows and to create digital forms, mobile apps, and more. n Oracle Autonomous Visual Builder Cloud accelerates development and hosting of engaging web and mobile applications with an intuitive browser-based visual development on the same enterprise-grade cloud platform powering Oracle SaaS Applications. Create business objects, add process automation, integrate external systems and, when needed, leverage standard JavaScript to create amazing apps faster. n Quickbase provides a no-code operational agility platform that enables organizations to improve operations through realtime insights and automation across complex processes and disparate systems. Our goal is to help companies achieve operational agility—to be more responsive to customers, more engaging to employees and as adaptable as possible to what’s next. Quickbase helps nearly 6,000 customers, including over 80% of the Fortune 50. Visit quickbase.com to learn more. z
029_SDT057.qxp_Layout 1 3/1/22 3:55 PM Page 29
www.sdtimes.com
March 2022
SD Times
Guest View BY LI KANG
Metric stores as data servicing layer I
n a single generation, we have witnessed the internet revolution, the cloud revolution and it can be said we’re in the middle of the data revolution. Data has always been critical, but today its sheer size, speed and utility is reaching dizzying new heights. Now that data applications and analytics are a permanent, essential, growing part of our work life we can’t get enough. And that’s a problem. A low-coding or no-coding data platform is going to be a critical component for data-driven decision making and daily business operations. By using a metrics store as the main servicing layer, data platforms enabled by NLP (Natural Language Processing) and AI algorithms can reduce or even eliminate the dependency on SQL for business users. While tremendous improvements have been made in the data engineering field, we still need to make the insight available to regular business users, not just power users. Power users understand the nuances of data well enough to successfully extract insight from it and typically accomplish this goal with SQL. But this model doesn’t scale for most other businesses. Can your end users — store managers, sales reps, marketers, clerks — have that level of SQL skills? Can they download any dataset, spin up a database, create the table joins and run SQL queries to get to the insight? Data platforms need to enable regular business users who don’t have deep SQL knowledge. That is the only way to get insight to everyone.
What does LC/NC mean for data platforms? Analytical data is typically stored in a data lake/house. End users have to figure out how to query these data platforms with some sort of query language like SQL or through Python scripts. To enable Citizen Analysts and Citizen Data Scientists, we need to reduce or eliminate this coding step and understand that they: l Don’t care about tables and columns l Only care about business information (sales volume, shipping cost, etc.) l Focus on business performance instead of arcane technical skills l Want information readily available when a ques-
tion is asked Instead of servicing data from a data platform, enterprises should be creating metrics stores where business metrics are defined and curated. End users can simply drag and drop these metrics into their tools such as Excel, BI dashboards, web applications, etc. In a metrics store, business metrics are defined, calculated, and stored in a central location overlayed with appropriate governance processes. End users can then define and derive metrics that matter to their daily tasks (eg. sales figures by product, year-over-year sales growth, profit margin). These are the data points that users want to know. So why not define them once, calculate them correctly, and give everyone access across the company?
Li Kang is vice president of North America operations at Kyligence.
Natural language to help users ask questions Instead of asking users to learn SQL, why not have them ask questions in plain English? With the advent of NLP technologies, we should expect today’s data platforms to understand the everyday language of everyday users. We should also expect the platform to push NLP capabilities one step further with context awareness. With AI built into today’s data platforms, it will become vastly quicker and easier to analyze data and metadata, cross-reference user behaviors, and optimize the way users get their questions answered. Today’s AI algorithms can even predict what questions users might ask and have the answers ready. AI can dramatically improve the user experience when they want to interact with their data. At the same time, AI in the data platform can also auto-optimize data storage to eliminate waste and reduce cost. Magic happens when the most exciting technologies of the day converge. In the data world, going from unrefined data to insight and intelligence has been a massive undertaking. But like data itself, creating intelligence, advantage and insight must be viewed from a certain distance. From that distance we can now see that problem can be solved by leveraging metric stores, NLP, and AI to enable a Low Code/No Code platform. z
Instead of asking users to learn SQL, why not have them ask questions in plain English?
29
030_SDT057-new.qxp_Layout 1 3/1/22 3:57 PM Page 30
30
SD Times
March 2022
www.sdtimes.com
Analyst View BY GEORGE SPAFFORD
Take an Agile approach to infrastructure George Spafford is a Research Vice President at Gartner, Inc. covering DevOps, DevSecOps and site reliability engineering (SRE).
I
nfrastructure and operations (I&O) leaders are under huge pressure to improve agility to accelerate product delivery and strengthen alignment between IT and the business. However, little guidance exists about what it means for I&O to become agile, as most existing literature around agile is aimed at development groups. Here is where the difference between becoming agile and “agile” as a methodology is key. What I&O leaders are actually being asked to do is to improve agility — the ability to respond to changes. They are not being asked to try to implement a particular agile development approach, such as Scrum or XP. In many ways, agile is not just a firmly codified methodology and set of practices; it is a mindset, and it can offer important lessons for I&O leaders. Here are four recommendations for I&O leaders to begin the journey towards improving infrastructure agility.
Start by having an I&O representative attend an App Dev sprint planning meeting.
Map customer journeys and improve communications
The goal of I&O is to provide capabilities — products, platforms or services — that optimize value, cost and risk for customers. That means I&O leaders must engage customers to better understand their needs and streamline communication with internal teams to ensure products reflect those needs. To do so, I&O teams can improve their understanding of the customer experience through customer journey mapping. Work with stakeholders and customers to map customers’ experiences with the products, platforms or services I&O provides, and identify areas where improvement is needed. Then, streamline the process of making these improvements by strengthening communications with the product team. Start by having an I&O representative attend an App Dev sprint planning meeting. This is a simple way to bridge the gap in how I&O and App Dev work and view each other.
Use a Kanban approach to streamline workflow Interruptions to the I&O team’s workflow increase the risk that results will not be delivered when needed. Kanban is an approach used in agile practices, which aims to enhance workflow by improv-
ing work visibility and putting rules in place to limit waiting and interruptions. Use the customer journey map as a starting point to understand typical I&O workflows and engage with the team to identify common interruptions. Then, design the initial Kanban board, keeping it as simple as possible. A typical Kanban board might flow from left to right and include: • Columns that reflect process states from proposal through post-delivery • Policies for each column/process state • Task cards (Kanban) that move across the board as tasks reach new stages of completion • Work-in-progress limits that identify and communicate interruptions or dependencies As teams become more comfortable with the Kanban process, enhance the board to make work more visible while improving throughput of the workflow. Capture benefits and market the value to increase adoption.
Tailor agile practices for I&O Part of an agile approach is optimizing the delivery of customer value relative to cost and risk. This means improving operational activities to reduce interruptions to higher-value planned work. I&O leaders must seek approaches to reduce the probability of, and impacts from, unplanned work. To reduce interruptions caused to planned work, improve monitoring, and enter incidents in a backlog for the I&O shift operations manager to filter and prioritize. Evolve change management practices to properly balance speed and risk. To counter constant change, I&O leaders must enable agility by enabling their organizations to continually learn and improve. All efforts should seek to optimize value, cost and risk on behalf of customers and prospective customers. Instill the foundations of learning and continual improvement, create opportunities for people to create, transfer, retain and unlearn knowledge. Implement metrics that help track progress that customers care about and speak with customers about how efforts will help them achieve their goals. In short, appeal to mutual success. Celebrate successes to reinforce changes. z Gartner analysts Daniel Betts, Hassan Ennaciri and Roger Williams contributed to this research.
LCNC Soon Ad.qxp_Layout 1 2/25/22 10:50 AM Page 12
REGISTER TODAY!
April 13, 2022
SOON G N I COM
Organizations requiring a faster digital transformation are turning to low-code development solutions, empowering IT and non-IT personnel to use drag-and-drop tooling to quickly create necessary business applications. Low-Code/No-Code Developer Day is designed to help organizations understand the use of low-code and no-code tools, where they are appropriate to use, and what they can deliver.
sdtimes.com/low-code-no-code-developer-day-2022
Premier Sponsor
A
Event
Executive Sponsors
SubscriptionAd_2018.qxp_Layout 1 1/28/22 10:56 AM Page 1
Discovery. Insight. Understanding. SD Times subscriptions are FREE!
SD Times offers in-depth features on the newest technologies, practices, and innovations affecting enterprise developers today — Containers, Microservices, DevOps, IoT, Artificial Intelligence, Machine Learning, Big Data and more. Find the latest news from software providers, industry consortia, open source projects and research institutions. Subscribe TODAY to keep up with everything happening in the ever-changing world of software development! Available in two formats — print or digital.
Sign up for FREE today at www.sdtimes.com.
