Cloud Foundry And The PaaS You’re Already Running

Following my previous Forbes articles about the resurgence of PaaS and the adoption of Kubernetes, I ran into Abby Kearns, executive director of Cloud Foundry Foundation, who was kind enough to read them. We exchanged some ideas about PaaS, Kubernetes, and the recent wave of acquisitions in the Cloud space. [Note: as a Forbes contributor, I do not have any commercial relationship with the Foundation or its staff.]

For those of you who don’t know, Cloud Foundry encompasses multiple open source projects, the primary one being an open source cloud application platform built with container-based architecture and housed within the Cloud Foundry Foundation, which is backed by the likes of Cisco, Dell DELL +NaN% EMC EMC +0%Google GOOGL +0.07% and others. It has commercial distributions which are offered by Pivotal, IBM and others (Ben Kepes has a great post on the tension between open-source CF and the distributions, on his blog). Cloud Foundry runs on BOSH, a technology that was originally (and almost presciently, you could say) designed to manage large distributed systems, and as such was container-ready back in 2010.

Abby Kearns, Executive Director of the Cloud Foundry FoundationCLOUD FOUNDRY FOUNDATION

Cloud Foundry announced support for Kubernetes in its Container Runtime project in late 2017, alongside its original non-Kubernetes-based Application Runtime. In October of this year it doubled down with Eirini, a project that combines Kubernetes as the container scheduler with Application Runtime; and CF Containerization, which packages BOSH releases into containers for deployment into Kubernetes.

Broadly, Abby and I talked through three themes, as detailed below:

Everyone is already running a PaaS

I’ve written in my post about PaaS how the advent of ‘unstructured-PaaS’ offerings such as Kubernetes has contributed to the resurgence of this category, but implied in my article was the assumption that PaaS is still a choice. Abby presented a different view: it’s not so much about the runtime as it is about the ops, and, by and large, the total stack is the same as what is offered in a proper PaaS .

An operations team will have logging, monitoring, autoscaling, security, network management and a host of other capabilities around the deployment of an application; the relevant question is how much of that they’re putting together themselves (whether these bits are homegrown, open source, or commercial software), and conversely how much is being supplied from one coherent solution (again, homegrown, open source, or commercial). Whether you’re giving the keys to Pivotal, Google, or Red HatRHT +0.02%; internalizing engineering and operations costs but using CF and BOSH to manage your RBAC, security and other ops tasks; or putting together a mosaic of focused solutions—the end result is operationally the same as a PaaS. In the end, we agreed, digital transformation is about coming to terms with the complexity of your required IT stack, and optimizing the ownership and cost model—all of which are tough architecture and business choices .

Cloud mega-deals: this is not the empire striking back

Redpoint venture capitalist and tech-blogger extraordinaire Tomas Tunguz recently showed how open source acquisitions took up three of the top five slots for 2018 tech acquisitions (the SAP- Qualtrics deal has since nudged the Mulesoft deal down a bit). Since then, we’ve also had VMwareVMW +0.57% buying Kubernetes services firm Heptio, founded by luminaries Joe Beda and Craig McLuckie. As a Christmas-dinner summary for your less-techie friends and family, you could say that Microsoft bought its way back into the developer limelight, IBM armed itself with (arguably) the most robust commercial Kubernetes-based platform, and VMware went for the most-skilled Kubernetes services company.

Abby commented that in her view, what we are witnessing is large technology companies looking to M&A around open source technology to solve a common problem: how to quickly obtain the innovation and agility that their enterprise customers are demanding, while not being disrupted by new, cloud-native technologies. The open source angle is just a testimony to its huge importance in this cloudy world, and the Cloud Foundry Foundation expects that these recent deals will mark the start, not the end, of the Kubernetes consolidation wave.

Cloud Foundry will follow a different trajectory than OpenStack

If you’ve been around the cloud industry for several years, you might be tempted to think that the above consolidation will cause the likes of Cloud Foundry Foundation and the CNCF to diminish in importance or outright deflate, like OpenStack has over the past few years. As I mentioned in another article, in my opinion this has been (in the end) a good process for OpenStack, which is leaner and meaner (in a nice way) as a result. Not the same for Cloud Foundry Foundation, says Abby. This period may mirror a similar phase in 2014 when big vendors started buying up OpenStack companies as EMC did with Cloudscaling, Cisco with Metacloud, and many, many more—but Cloud Foundry has adapted to the Kubernetes wave in time, and its main partners are more closely aligned around its values and objectives.

Additional reasons, as I see it:

  • Cloud Foundry Foundation has been smarter about avoiding inflation in its ecosystem—both in terms of number of vendors with influence, and of actual dollars being invested through M&A activity.
  • BOSH being adaptable to pretty much all clouds-deployment models-platforms is a strategic technical asset.
  • The Foundation’s relentless focus on developer experience (rather than infrastructure), increases its options and avoids playing squarely in the public clouds’ game.

So, should we expect a Cloud Foundry serverless initiative next year? No choice but to wait and see.

(Originally posted on

Is Cloud Good for Humans? The Ethical Angle

I once subscribed to the YouTube channel of a guitar instructor who used a phrase that stuck with me: “practice doesn’t make perfect, practice makes permanent”. Doing something wrong more quickly, efficiently and consistently doesn’t necessarily improve the quality of the action ; sometimes, it could even make it worse, as bad practice becomes entrenched habit.

Technology is a facilitating tool, not evil or good in and of itself—it’s about taking whatever the intent (or the error) was into the real world more efficiently and effectively, for better or worse. Consider this effect in areas such as Cloud Computing (and related technologies): whether it’s a bug or an exploitable feature or vulnerability, I argue that even without malice the ethical stakes are uniquely high.


While ethics are as old as civilization itself, in the technology industry, I would argue that personal ethics are still very much an emerging topic. Consider a recent StackOverflow survey in which 80% of developers said they wanted to know what their code is used for—but 40% would not disqualify writing unethical code, and 80% did not feel ultimately responsible for their unethical code. (You can explore the psychological drivers for this in this great talk by Andrea Dobson.)

I am not referring to the obvious and very visible meta-discussions about things such as data privacy, anti-trust, the morality of machines or Yuval Noah Harari’s theory of Digital Dictatorships. I’ll even put corporate malice aside for now, so we can explore how Cloud can take our individual bad habits and errors to a global scale very, very quickly .

In the red corner: how can Cloud make things worse?


When your app is live in multiple cloud regions with five-9s availability, anything bad that is baked into it will scale accordingly. The glaringly obvious example of this from the past two years: political radicalisation and deliberate disinformation campaigns that took advantage of social media platforms to influence democratic elections and referendums. For a debrief, please contact the offices of Mssrs. Zuckerberg and Dorsey.


Speaking of Facebook FB -0.07%, remember “Move Fast and Break Things”? Speed (or ultimately, agility) is arguably the greatest benefit of using Cloud, as well as being a key tenet of agile methodologies. But that also means that mistakes in code can get into users’ hands within minutes. Indeed, the “Break Things” part of that sentence assumes you can “Move Fast” again to issue a fix, but even if you are as agile as Facebook, some damage is already done, and probably at scale.

If the system moves too fast, perhaps a useful approach for each of us to overcome our personal speed bias is the one developed by Nobel laureates Daniel Kahneman and Amos Tversky, and popularized in Kahneman’s book, “Thinking, Fast and Slow”. By engaging ‘System 2’, the more analytical side of our brains, we can focus on how we make decisions at least as much as we do on what gets decided.


Microservices architecture is great way to empower smaller teams to release independently, and drive software development in a much more dynamic way—resulting in more resilient apps. Consider, however, that if each small team only owns a small part of the picture, it might not feel responsible for any damage done at the end of the line. Philosopher and political theorist Hannah Arendt famously explored how breaking down evil into ‘digestible’ bits detaches contributors from feelings of blame, but even when we talk about honest mistakes, that principle can easily be applied to software development when we lose sight of our place in the bigger picture.

Perhaps a mitigation here is to always know how your code fits into the big picture of the app, and stay close to your users, even if you are far-removed to the left.


In the long term, robots may or may not take some or all of our jobs. This might create a motivation for people to ‘stretch’ their morals in a vain effort to keep their jobs. In the short and medium term, the focus in Cloud and DevOps seems to be on abstraction, task automation and the creation of self-service experiences for developers. While this drives the industry forward professionally, a message of “you just focus on your code” implicitly encourages the removal of overall responsibility from each small part of the chain—as we’ve seen above, this can be a bad thing. Again, being conscious that you are delivering part of a whole, and caring about the outcome, can help.

In the blue corner: trends that can save us

Free and open source software

The Free Software Movement and the world of Open Source, which have revolutionized technology and technology-driven experiences, have always prioritized values such as transparency, accountability and responsibility. I have witnessed first hand how leaders of some of the largest and most influential projects and foundations act with these values in mind, knowing that ultimately, it is their community that is the source of whatever power they have. As open source continues to take over large swaths of the technology landscape, these values could help us drive personal ethics on the level of the single developer or operator.

Devops and digital transformation

If one side of the DevOps movement is about automation through tooling, then the other (and arguably the more important) side is about cultural change towards more collaboration, more observability and less silos. Instead of developers “throwing code over the wall” to a team they hardly ever talk to (except when something goes wrong), digital transformation (especially with regards to containers) strives to bring people together to a shared operational view of the world, and to ongoing, collaborative communication. If successful, this trend will do well to mitigate the risk of individuals shirking ethical responsibility by taking the maxim “focus on your code” too literally.

A related trend is “shift-left”, which caters to the rising power of developers by putting more responsibility and capabilities at the coding stage. Whether it’s tools to fix open source vulnerabilities such as Snyk’s, or concepts such as Gitops—if we can drive ethics at the developer level in the same manner, this could be good news when code get deployed in production.

Rising social awareness

Recent political activity in several western countries suggest a new wave of support amongst the younger generations for socially-minded and more inclusive policies. In the UK, for example, a July poll found that a majority of Conservative Party voters support higher taxes for better public services. Cloud computing and open source have similarly impacted corporate culture (Microsoft under Satya Nadella is a good example), and of immediate concern to C-suite execs in certain companies is quasi-unionized activity such as the Google GOOGL +0.07% walkout. As the battle for technical talent intensifies, we should expect this grassroots corporate social consciousness to grow. I’d wager that many employers will follow Google’s lead in adapting to their audience’s new expectations—and a key part of that will look at how personal ethics interact with technology at work.

Climate crisis

It bis likely that the biggest issue of our lifetimes is climate change, which has the potential to reduce or eradicate many species, including our own. As is the human condition, crisis is the best motivator for action. While some political leaders muddle about, backtrack on policy or pander to an uninformed political base or corporate interests, it sometimes comes down to individuals to drive actions in both the business and political arenas. I spoke to Anne Currie of consulting firm Container Solutions, who has written numerous posts and has delivered numerous talks with regards to ethics; she had a good example of a low-hanging fruit specifically for Cloud users.

“As companies move into Cloud we have a choice,” said Currie when we talked. “Do we use the sustainable options available from Google, Azure or a handful of AWS regions? Or do we use the far dirtier defaults like the US East coast? Thoughtless hosting is no longer ethically acceptable”.

Start with small steps

As a famous saying goes, “history is filled with examples of soldiers who carried out orders that were never given”. We can all do something to make sure Cloud is good for humans. These include:

  • Bring our personal values to work.
  • Take ownership of the whole lifecycle of the our work.
  • Express an active interest in, and form an opinion about, the ecosystem in which our code integrates.
  • Use our own initiative and conviction to effect positive change in the team, the company, the community.

(Originally posted on