Skip to content
  • Blog
  • Events
  • Help
  • Careers
  • Contact
New Signature
  • About
      • Company

        Cognizant Microsoft Business Group is dedicated to changing the way businesses innovate, transform and run based on a unique cloud operating model. You will now be redirected to our new microsite to learn more.

        View Company

      • Awards

        As a company, we are regularly recognized within the IT industry as well as the communities we serve.

        View All Awards
      • News

        Read the most up-to-date corporate announcements, Microsoft technology updates, innovative business solutions and learn more about how the Cognizant Microsoft Business Group can take your business even farther.

        View News

      • Partners

        New Signature works with a number of outstanding technology companies to deliver the best experiences to our customers.

        View Partners
      • Leadership

        Cognizant Microsoft Business Group’s executive team is comprised of innovative leaders with proven experience and deep industry expertise. You will now be redirected to our new microsite to learn more.

        View Leadership

      • Industries

        Our solutions are tailored to empower organizations across a wide range
        of industries.

        View Industry Experience
    Close
  • Solutions
      • Intelligent Enterprise
        Solutions

        Going Digital
        Unleash cloud capability, deliver change and compete at speed with a Microsoft digital operating model, enabling you to work more efficiently as you transform your IT environment. Learn More

      • Featured Solution

        Secure Cloud
        In a world of constant threat, ensuring that your underlying cloud platform is protected is the first step on your organization’s journey towards a secure, compliant operating environment. Learn More
      • Intelligent Workplace
        Solutions

      • Secure Workplace

        Work Anywhere

        Endpoint Health

        Identity Health

        Teamwork Support



        VIEW WORKPLACE SOLUTIONS
      • Intelligent Cloud
        Solutions

      • App Factory

        Azure Accelerator

        Azure Launchpad

        Azure Launchpad for DevOps

        Application Health

        Platform Health

        VIEW ClOUD SOLUTIONS
    Close
  • Services
      • Begin your journey towards becoming a digital business with GO, our unique end-to-end framework based on the Microsoft Cloud Adoption Framework.

        GO DIGITAL OPERATING MODEL
      • Intelligent Enterprise

      • Consulting

        We go beyond just technology to help your organization understand how digital can help you uniquely differentiate and better serve your employees and customers.

        VIEW ENTERPRISE SERVICES
      • Intelligent Workplace

        • Identity

          Identity is your new first-line-of-defense. It’s vital to your users and clients that your identity platform is properly configured and secured.

          Endpoint

          Whether your devices are on-premises or remote, personal or business-owned, we can ensure they are properly managed and protected.

          Teamwork

          Today’s workforce is collaborating than ever before.  We can empower your current teams with tomorrow’s progressive technologies.

          VIEW WORKPLACE SERVICES
        • Intelligent Cloud

          • Platform

            The cloud is no longer some future-state. It’s the here and now. Adopting a cloud-first platform is one of the best ways to maintain a future-proofed competitive advantage.

            Applications

            We build cloud-native apps and modernize legacy systems with the power of Azure to give your organization a competitive edge.

            Data

            We can help your organization create secure, scalable data platforms to deliver simpler and more sophisticated insights to your business.

            VIEW CLOUD SERVICES
        Close
      • Client Stories
          • Case Studies

            Browse a comprehensive list of companies who have created successful partnerships and experienced transformative solutions with New Signature.

            View All Case Studies

          • Featured Case Study TalkTalk Modern Workplace

            New Signature worked with TalkTalk to define a new Modern Workplace solution based on Microsoft 365, which kept the user firmly at the center of the transformation.
            View Case Study

          • Testimonials

            We love transforming our customers businesses, take a look at what they have to say about New Signature.

            View Testimonials

          • Featured Testimonial Davis Construction

            With New Signature’s help, Davis was able to take a progressive step forward by migrating their private branch exchange (PBX) phone system to a Voice of Internet Protocol (VoIP) system.
            View Testimonial

        Close
      • Explore
          • Guides & Ebooks

            Dive deeper into education with your team by leveraging our expert-developed guides and eBooks.

            View All Guides & Ebooks

          • Infographics

            Rich with statistics and information, our infographics are great tools for quick but insightful learning.

            View All Infographics
          • Podcast: Office Explorers

            Join Kat and Rob monthly as they chat with New Signature experts and explore the world of O365.

            Listen to Podcasts

          • Videos

            Visit our videos stream to access recorded webinars, service information and to learn more about us.

            WATCH ALL VIDEOS
          • Flyers

            Searching for information about our services? Our flyers are a great takeaway for all those details.

            VIEW ALL FLYERS

          • Featured Stream

            Learn more about the tooling and expertise required to unlock productivity and mobilize your teams.

            MODERN WORKPLACE
        Close
        Close
      Blog

      Entering the Cloud with Fresh Skepticism

      New Signature / Blog / Entering the Cloud with Fresh Skepticism
      May 4, 2018| New Signature

      One of the developers at a client recently pulled me aside to ask me a fairly simple question:

      Hey Cliff, how do we grant access to QA to do read-only queries in our Azure DB instance for testing?

      My natural response was of course a tilt of the head and

      Why?

      Creating cloud-first software is an excellent time to revisit you and your team’s approach to software development. Challenging ingrained, old, crusty practices and anti-patterns that exist in organizations that don’t have a place in cloud development can help your team more rapidly adopt modern best practices. The cloud affords us the ability to decide whether we want to spend our time managing server updates, whether we need to test all of our new third-party dependencies the cloud has enabled, and if we should allow access to all of the new resources that used to hang around in dusty servers sitting in corners.

      Take the opportunity with a new project to ask yourself and your team why you’re doing the things you’re doing. What are you actually trying to accomplish, and are those processes necessary?

      Two rows of racks of servers in the cloud
      The more servers you have to deal with the less time you have to get work done.

      Do we really need a server for that?

      Your team (or another team in your company) may be tempted to follow the same practices you’ve been using for development or operations for years. Simply putting a cloud spin on things will help, but it certainly won’t achieve the kind of agility, scalability, nor reliability that cloud-first development stories boast. Starting with running IIS on a Windows 2012 server in Azure certainly gets you the benefits of letting Microsoft pick up the tab on the physical hardware, but it’s only a start.

      Making the leap directly into Azure App Service can save you the costs and time associated with maintaining a full server of your own. This lets your team focus on what you’re actually trying to accomplish: ship a product. As much fun as installing security patches is I imagine your app release timeline would be better off not scheduling that kind of ongoing maintenance. Maybe put that time into unit tests instead?

      This guideline can extend to many more services than one might think. Azure of course covers the bases for most of the underlying systems your product needs to function, but there are a host of good tools out there that require an installation or maintenance. The last decade of cloud-first thinking has spawned many PaaS-oriented approaches of services that otherwise had to be installed on your own hardware. A quick google search for a subscription-based option instead of having to install it on a server somewhere could save your team the cost of a machine as well as licensing costs.

      Keeping an eye on the horizon is also a good bet. Azure is constantly adding new and interesting services that ease the burden of adopting more cloud-first practices.

      Hot air balloon with caption Dev and Test with Microsoft Azure
      The hot air balloon can only fit so much before it can’t get off the ground.

      Do we really need to test that?

      A common refrain I’ve recently acquired is “Don’t test someone else’s system unless you have a good reason to.” This covers third-party libraries, .NET framework libraries, operating system security, and a host of other things that one generally shouldn’t be actively concerned with when building a cloud-first application.

      With modern development practices you will inevitably be using third party libraries. It’s unavoidable in a world where I can install an entire web API framework with a handful of nuget packages. The best kind of third party libraries are the ones with tests included in their repo and a guarantee that all of the tests pass whenever they release something. Keeping an eye open for VSTS or AppVeyor badges on public Readme files is a good indicator that the team is at least trying. If the team is showing you their code works then trust that it does until you’re proven wrong.

      Your unit tests should focus on code that your team has control over. 100% code coverage is a waste of time, especially when you start testing methods that are simply calling into underlying framework code. Test to make sure your own logic works, not that a for loop runs 5 times when you give it 5 inputs.

      That said we’ve all encountered a third-party bug before. If your third party library updates aren’t reliable then by all means write acceptance tests. Trust until your trust is broken, then spend the time to write the appropriate tests to make sure you won’t get fooled again.

      Security is included with this. When using Azure PaaS offerings for the first time your security team might pipe up with questions about how often Microsoft updates the underlying VMs, or whether they should perform penetration testing on those systems. Microsoft has created an entire section of their website for those exact kind of questions. The Trust Center details the kind of certifications, audits, and other compliance documentation that Microsoft handles on their end so you don’t have to do it on your end.

      Make sure that you’re still testing your own systems to ensure they’re safe to use in the cloud. Just because it’s deploy to App Service doesn’t mean you can pass credit cards in plaintext. Running vulnerability scans against your API endpoints in the cloud is still a reasonable practice.

      An open padlock on a laptop keyboard
      Access is a dependency. Keep your dependencies to the minimum.

      Do we really need access for that?

      I really do like humans, they’re good at creating incredible things. Unfortunately they have an issue in that they don’t always do what they intend to do. Sometimes they run the wrong command. Sometimes they delete the wrong thing. Mistakes happen, that’s a fact of life. However if humans can’t touch the system at all then humans can’t make mistakes in those systems.

      Challenge why anyone should be able to stick their fingers in a production system. Even read-only access can be problematic. SELECT statements aren’t free, they take finite resources as well. Get a long enough running command and you might end up blocking writes or causing performance issues. Ask people requesting access if they really need to see the database directly.

      The rule of thumb we recommend to our clients is that an environment prior to staging (such as UAT for large teams, or just DEV for smaller ones) is the last environment people get write access to. Staging is the last environment anyone gets read access on. Nobody gets access to production. The cloud-first approach preaches infrastructure as code and ensuring that any changes to systems must happen by first checking those changes into source control. Combining those practices with a robust build and deploy system means any changes should happen automatically when the changes are checked in. If it’s so easy and simple to control your changes that way, why does anyone need to make changes directly in the environments at all?

      Going back to the request that started this discussion, what was the path forward if I had simply showed that dev the handful of buttons necessary to get access to run read-only queries against the Azure SQL instances? In their case the API they were building was just that, an API. The database it wrapped was not exposed to any other systems. No other application will ever have insight into the fact that the database exists, let alone what its schema or structure looks like. If QA had that access and started writing queries against the API to confirm test cases their code would now depend on the database format. This in turn reduces the flexibility of that schema to adapt to new challenges that may come later in time. By instead strictly adhering to the API boundary they can get tests while still maintaining separation of concerns.

      If you want to test an API, then test the API. The API doesn’t expose a database, so those tests don’t get to see the database. QA therefore doesn’t need read access, so QA doesn’t get read access.

      Same goes for developers. If developers want to troubleshoot a production issue they can work off of the snapshot debugger or a database clone. Nobody needs direct access to production when indirect access is more than sufficient (and far less error prone!).

      Access begets more access. If someone has read access they can easily press for more write access at some later date. If you start with the blanket statement of “nobody but the build server gets access” it’s a lot easier to maintain that. Remember that access is a dependency that you have to consider and maintain in the future.

      Nebbia is here to help!

      Need someone to help you ask ‘Why’? Nebbia is standing by to provide all of the devil’s advocate questions you could possibly want while we help your company explore and expand into the cloud.

      [contact-form-7 id=”201″ title=”Contact form”]

      Categories
      News, Tips and Tricks
      Contact New Signature

      Managed Services

      Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent fermentum, enim ac dignissim aliquet

      VIEW ALL MANAGED SERVICES

      Professional Services

      Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent fermentum, enim ac dignissim aliquet

      VIEW ALL PROFESSIONAL SERVICES

      New Signature

      About

      • Company
      • Awards
      • News
      • Leadership
      • Partners
      • Industries

      Solutions

      • Intelligent Enterprise Solutions
      • Intelligent Workplace Solutions
      • Intelligent Cloud Solutions

      Services

      • GO
      • Intelligent Enterprise
      • Intelligent Workplace
      • Intelligent Cloud

      Client Stories

      • Client Stories
      • Testimonials

      Explore

      • Guides & Ebooks
      • Podcasts
      • Flyers
      • Infographics
      • Videos
      Copyright © 2022 New Signature
      • Blog
      • Events
      • Careers
      • Help
      • Anti Slavery
      • Privacy Policy
      • Contact
      • About
        • Company
        • Awards
        • News
        • Leadership
        • Partners
        • Industries
      • Services
        • GO
        • Intelligent Enterprise
        • Intelligent Workplace
        • Intelligent Cloud
      • Client Stories
        • Case Studies
        • Testimonials
      • Technologies
      • Explore
        • Guides & Ebooks
        • Infographics
        • Podcast: Office Explorers
        • Videos
        • Flyers
      • Blog
      • Events
      • Careers
      • Contact
      • Search
      Cookie Settings
      New Signature uses "Required Cookies" to run our website, "Functional Cookies" used by third parties to personalise marketing, including social media features.

      Change your preferences by clicking the “Cookie Settings” link at the bottom of every page. Learn more about cookies in our Cookie Policy and our Privacy Policy. By clicking the “Accept Cookies” button below, you consent to our use of cookies.

      Please note that “Required Cookies” will be set regardless of your consent.
      Cookie SettingsAccept Cookies
      Privacy & Cookies Policy

      Privacy Overview

      This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
      Performance

      Performance Cookies provide Content Delivery Network assets that deliver faster site content delivery capabilities.

      Required

      These cookies are required mainly in order to deliver Multilanguage site capabilities.

      Functional

      Functional Cookies allow us to provided advanced media capabilities including videos, surveys and other multimedia capabilities.

      Disabling Functional cookies will block the playing of videos and other multimedia site components.

      Targeting

      Targeting Cookies are used to capture user information in order for New Signature to deliver better user experiences.

      Save & Accept