Source-code analytics: A faster path to the cloud

January 23, 2020

A blog post by David Sisk, Director, Deloitte Consulting LLP

Cloud computing offers clear benefits such as increased agility, reduced IT spend, increased uptime, and an expanded portfolio of technologies that make it a business imperative. However, the most common methods for cloud migration—lift-and-shift, or just rehosting (IaaS) applications—do not make them cloud native. Alternatively, rewriting applications to be cloud-native is an expensive proposition that few companies can afford. The disadvantages of each of these approaches can weaken the business case for moving to the cloud.

Current migration strategies often fall short

With lift-and-shift, legacy applications are moved to a cloud provider’s infrastructure with largely no changes to their original code. This strategy offers some cloud benefits such as flexibility, disaster recovery as a service, and potentially reduced infrastructure costs. However, other cloud benefits may be reduced or lost.

There are a number of reasons for the decreased performance but, primarily, it’s because former design principles—even those used as recently as five years ago—are not the same as modern, cloud-native design principles, even though they use many of the same technology components. As a result, when applications are moved wholesale to the cloud without refactoring, they won’t operate like cloud-native applications and won’t be as agile, scalable, and cost-efficient.

When lift-and-shift doesn’t work, the other end of the spectrum is a full rewrite of the applications—potentially millions of lines of code—to be cloud-native. With refactoring, organizations can reap the benefits of the cloud, but at a much higher relative cost—both in hard dollars and human resources.

To be sure, rewriting applications for the cloud is an effective solution for cloud migration—especially for companies that have deep technical and human resources. However, the effort to refactor a very large enterprise application portfolio is an enormous undertaking, and most companies cannot justify walking away from prior investments to go cloud-native for all their applications.

The solution: Source-code analytics

The good news is, there’s another option—an alternate path that can help companies scan the code in their applications to determine cloud “anti-patterns,” or instances of code that would hinder the ability of an application to function optimally in the cloud. It’s called source-code analytics and, if done effectively, it can decrease costs and radically accelerate time-to-value in cloud migrations.

Obviously, source-code analytics wouldn’t be practical as a manual process; it would be akin to looking for individual, unidentified clusters of sand on a beach. However, during the cloud-migration initiatives we’ve participated in at Deloitte, we’ve seen the potential inherent in source-code analytics, as well as the associated need for automation to make it a viable option. To answer that need, we’ve developed a tool that automates and significantly shortens the process of source-code analytics.

We call our tool Stormfury. It performs an automated scan of application source code to discover cloud anti-patterns across six key categories:

• Portability
• Performance
• Availability
• Code quality
• Vulnerability
• Scalability

The benefits

The scan—across all six categories mentioned above—can be completed in minutes, not days or weeks, as with a manual process. Hundreds, or thousands, of anti-pattern instances can be uncovered, and—unlike a messy manual effort—the scan is objective, consistent, and virtually error-free.

Once anti-patterns are identified in a code base, Stormfury explains each pattern, as well as the tasks needed to address it, and it calculates the effort needed for remediation—allowing technical architects to prioritize issues based on need and complexity. What’s more, Stormfury presents its findings in dashboards that provide insights, across multiple stakeholder constituencies, to accelerate value delivery.

But Stormfury is more than a one-time-use tool. It can be integrated into a company’s DevOps pipeline to serve to “guard-rail” developers to optimize code for new cloud-native applications. That way, future applications can be cloud-ready from the outset, enabling an even faster path to cloud value delivery.

The speed and accuracy with which automated source-code analytics can help companies identify and remediate issues in application code to optimize cloud performance can provide companies with a tremendous advantage in their cloud migration initiatives. Simply put, empirical data can give companies the ability to multiply the cloud’s tremendous power and potential to transform their business.

What’s next

This is the first of a two-part series. In the next post, we’ll talk more about the benefits of source-code analytics, and we’ll present some use cases that illustrate its benefits. We’ll also talk about the what the future of cloud migration looks like using automated source-code analytics.