Bob Violino
Contributing writer

10 cloud development gotchas to watch out for

feature
Mar 25, 20249 mins
Cloud ComputingCloud SecuritySoftware Development

Cloud-based development has many advantages but some big downsides, too. Here are 10 reasons to think twice before developing, testing, or deploying your apps in the cloud.

Cloud gotchas. Person under umbrella in the rain.
Credit: egd/Shutterstock

The benefits of developing software in the cloud include increased flexibility and reliability, greater efficiency, and reduced costs. But cloud-based development also presents a host of challenges. Knowing what to watch out for is the first step to protecting your applications and development efforts. Here, are 10 pitfalls to consider before developing, testing, or deploying applications in the cloud.

10 reasons to think twice before developing in the cloud

  1. Performance and latency issues
  2. Cybersecurity and data protection threats
  3. Vendor lock-in
  4. Runaway costs
  5. Regulatory compliance requirements
  6. Compatibility and integration issues
  7. Scalability demands
  8. Distributed collaboration and communication
  9. Testing and deployment hurdles
  10. Developing for a global market

Performance and latency issues

While cloud services are generally reliable in terms of availability and performance, service outages or performance issues can impact development efforts.

“Unfortunately, cloud applications often suffer from performance issues because of factors like network congestion, shared resources in multi-tenant environments, and geographic distance between users and cloud data centers,” says Erik Gaston, CIO at endpoint security company Tanium.

To help remedy this, developers need to ensure that application code is optimized and leverage content delivery networks (CDNs) to cache content closer to end-users,” Gaston says.

Other ways to improve performance might include subscribing to low-latency cloud computing services such as edge computing, Gaston says. “Regardless, application performance goes way beyond just design and build when it comes to the cloud, and there are many factors to consider,” he says.

To help reduce latency, organizations can also consider using distributed cloud services across multiple data centers or regions, says Aleksa Krstic, CTO of Localizely, which provides a software-as-a-service (SaaS) translation platform.

Cybersecurity and data protection threats

As with virtually every aspect of IT, security and data privacy are key concerns for cloud development initiatives. These are particularly challenging given the growing variety and incidence of threats.

“Cloud development requires stringent security protocols to protect sensitive data and applications from unauthorized access and cyber threats,” says Prabhsharan Singh, a software developer with Clinicspots, a medical platform that connects facilities and doctors with patients.

“The shared, on-demand nature of cloud services adds layers of complexity to maintaining strong security practices,” Singh says.

Among the solutions to mitigate security risks are data encryption, implementing access control mechanisms, and regularly updating security protocols, Krstic says. “Additionally, thorough vetting of cloud service providers to ensure compliance with industry regulations is essential,” he says.

Because of the shared responsibility model of cloud computing, “organizations are typically responsible for application-level security, even when cloud providers secure the infrastructure,” says Matt Aird, CTO at Custom Neon, a retailer and manufacturer of custom-designed LED neon lights and signs.

“We address this by putting in place strict security procedures, performing frequent security audits, and keeping up with compliance guidelines,” Aird says.

Vendor lock-in

In general, the cloud offers unprecedented flexibility for organizations. But that doesn’t mean choices will be unlimited in the development and testing environment.

“The big concern is getting locked into a specific vendor and not being able to get out or migrate without breaking the bank,” Gaston says. “While this poses many challenges, it can be helped by adopting cloud-agnostic architectures and establishing clear standards whenever possible.”

A good example of this is employing containerization technologies such as Docker and Kubernetes, which make applications and workloads highly portable and environmentally agnostic, allowing them to migrate easily, Gaston says.

“Implementing proper cloud abstraction layers and adhering to standardized interfaces help mitigate the risk of vendor lock-in,” Krstic adds.

Runaway costs

Cloud services and usage can come with hidden costs, and software development and testing operations are no exception to this.

“When cloud first arrived on the scene, everyone thought that scaled multi-tenant environments equated directly to cost savings,” Gaston says. “Unfortunately this was not the case and still isn’t. As we have seen, cloud usage costs can quickly spiral out of control if contracts are not properly monitored and managed.”

Deploying resources inefficiently, poor usage estimations, and failing to manage resource allocation all directly impact the overrun of contracts and unexpected expenses, Gaston says. “To address this challenge, developers need to be very familiar with the financial aspects of developing and operating in the cloud,” he says.

This includes tracking resource usage with monitoring tools, implementing auto-scaling solutions, and periodically reviewing and optimizing configurations to keep costs under control.

The fact that the cloud is scalable can also make controlling expenses challenging. “Unexpected increases in usage could result in higher costs,” Aird says. “To guarantee we’re only paying for what we need, we optimize resource use, set up alarms for unexpected activities, and keep a careful eye on our usage.”

Regulatory compliance requirements

The thing about working in the cloud is data might reside in any number of regions and countries, depending on where the cloud infrastructure is located. This can present compliance challenges for development operations, which need to ensure that applications hosted in the cloud comply with specific regulations and legal requirements.

“Choosing cloud service providers that offer built-in compliance certifications can provide assurance,” Krstic says. “Working closely with legal and compliance experts helps in understanding and adhering to the relevant regulations.”

Data stored in the cloud is subject to the laws of the country in which the data center resides, Singh says, and this can lead to legal complexities regarding data sovereignty and compliance with local regulations.

“Using data management policies and ensuring providers comply with relevant regulations is critical,” Singh says. “Employing hybrid or multi-cloud strategies can provide more control over where data is stored.”

Development teams should stay informed about regulatory changes and put in place any needed controls.

Compatibility and integration issues

Developing for the cloud can lead to compatibility issues, where software designed for cloud environments might not operate effectively in different cloud services due to differences in infrastructure and platform services, Singh says.

“This can necessitate additional development to ensure compatibility across multiple platforms,” Singh says.

Among the possible resolutions are to adopt containerization and use orchestration tools to help manage compatibility and ease deployment across various cloud services, Singh says.

Developers might also encounter integration complexities when working in the cloud. “Integrating cloud-based applications with existing on-premises systems poses a challenge, as it often requires dealing with legacy infrastructure and software,” Singh says. “Differences in technologies can lead to complex integration processes.”

One approach to addressing this challenge is to use middleware and API management tools to simplify the integration process, ensuring seamless communication between cloud and on-premise systems.

“It can be difficult to integrate cloud apps with current on-premise systems,” Aird says. “Our primary focus is developing modular apps that are driven by APIs, and we use middleware tech to enable smooth integration. Effectively managing and migrating data to the cloud can be difficult, especially when dealing with massive amounts of data. We make sure our staff is knowledgeable about cloud-native data management techniques, and we use data migration tools and services offered by cloud suppliers.”

Scalability demands

One of the biggest potential benefits of using cloud services is the ability to scale capacity up and down as needed. But development teams might face scalability issues as they create, test, and deploy software in the cloud, and they need to address these.

“In my experience, the most important thing is to architect for scale from the start by emphasizing loose coupling, independence of components, and a modular approach,” says Maria Opre, a cybersecurity expert and senior analyst at Earthweb, who has designed scalable systems for some of the largest cloud deployments.

“A microservices architecture following these principles has proven very effective,” Opre says. “Each discrete service can scale independently based on demand, and failures are isolated. This allows the software to smoothly scale both up and down automatically.”

It’s also a good practice to deploy immutable infrastructure and automation via containers and configuration management, Opre says. “Making infrastructure declarative and disposable removes friction from the scaling process,” she says.

It’s critical to monitor performance and usage effectively to proactively scale before bottlenecks appear, rather than reactively scaling after issues emerge, Opre says. “Taking a ‘scale out, not up’ mindset from the earliest phases of design has resulted in systems that can scale massively for clients,” she says.

Distributed collaboration and communication

The ability to effectively communicate and collaborate is essential for software development teams. How else are team members to know where things stand in the development process?

But facilitating effective collaboration among distributed development teams working in the cloud can be a challenge, says Phil Portman, CEO and founder of software company Textdrip.

Teams should adopt collaboration tools, implement agile methodologies, and encourage clear communication through regular stand-ups and documentation, Portman says.

Testing and deployment hurdles

While many of the potential pitfalls of the cloud affect development, testing and deployment of applications can present their own set of difficulties.

“Testing cloud-based systems can be challenging, especially if they are complex and distributed,” says Juan Nassif, solutions architect at IT services and consulting firm BairesDev. “Teams can use testing tools and processes to help them test their cloud-based systems. They can also use automation tools to help them automate their testing processes.”

Testing cloud applications requires a different approach than traditional software, due to the distributed nature of cloud services, Singh says. “Deployment may also be challenging when dealing with multiple environments and configurations,” he says.

Implementing continuous integration and continuous delivery (CI/CD) pipelines can streamline testing and deployment processes, and help maintain consistency across environments, Singh says.

Developing for a global market

Some teams might lack the expertise and/or resources to design cloud applications that are ready for the world market.

Though they may have responsibility for the worldwide success of their products, the designers, product managers, and technical staff who design cloud applications often lack the necessary resources or have little or no international experience,” says Rebecca Ray, director at CSA Research.

One solution is to collaborate with localization teams during various phases to ensure that product designs are world-ready, Ray says. These phases include ideation, prioritization of product requirements, and user interface design.

“There are always too many features and functions to fit into any cloud release, no matter how small the ask or how Agile the process,” Ray says.

“Localization leadership possesses the expertise to develop weighted criteria based on international use cases, local business practices, in-country regulatory environments, and diverse competitive landscapes.”