Building and running custom enterprise backend applications in the cloud requires significant time, effort, and costs that go beyond just designing and developing features. Four main areas demand attention: development frameworks and tools, cloud infrastructure, DevOps, and security and compliance. In a typical project, these areas can consume 50% or more of total development resources. This overhead leaves less time for what matters most - implementing features that deliver direct value to the business and users.
This post will break down the key activities and costs in these four areas. We'll also examine how the ratio between these foundational elements and pure feature development often reaches an 80/20 split. Finally, we'll see how using a purpose-built development platform like Kalix can radically improve this ratio by abstracting away almost all of this undifferentiated overhead.
Development Frameworks and Tools
A significant effort in any custom development project involves selecting, integrating, learning, and maintaining the core frameworks and tools used to build the application. While mature open-source options exist for most development needs, projects still require expertise to make the right choices and customize the stack for their specific requirements.
Beyond core languages and frameworks, additional tools for logging, monitoring, testing, linting, and more must be identified, integrated, and maintained. Developer laptop setup and onboarding new team members onto the custom stack takes time. Build tooling with Make, Ant, Gradle, or Maven is required. The list goes on.
While developers may be eager to start coding features, a significant upfront tax is required to assemble and learn the development environment. This undifferentiated overhead consumes considerable time before reaching functional milestones that deliver business value. As requirements evolve, developers must also continuously update the stack and toolchain.
Care must be taken to avoid tool sprawl and complexity that slows developers down. However, the right tools can certainly improve quality and velocity if applied judiciously. The key is achieving the right balance between leveraging community tools and minimizing customization for your needs vs. costs.
Running backend applications in the cloud requires provisioning, securing, scaling, and continuously managing the underlying compute, network, storage, and other infrastructural resources. While cloud platforms like AWS, Azure, and Google Cloud provide on-demand access to these resources, configuring and operating them for custom applications still demands significant effort.
Cloud infrastructure must be provisioned to meet anticipated capacity and performance requirements. Compute, memory, networking, storage, and more must be sized and tuned for the expected workload. Appropriate redundancy and high-availability configurations should be implemented to avoid downtime. Scripting and automation tools like Terraform can help manage infrastructure as code.
Workloads and traffic patterns change over time, so auto-scaling groups, load balancers, and caching must be configured. Cloud infrastructure costs money when powered on, so unnecessary resources should be de-provisioned. Tagging resources and organizing them logically keeps things manageable as the infrastructure grows.
Monitoring tools must be implemented to track resource utilization, application performance, uptime, and issues. Logs and metrics require aggregation and analysis. Alerting and notifications must be established to resolve problems like overutilization or outages.
Maintaining secure cloud infrastructure also demands ongoing effort. Network security groups, access control policies, encryption, VPCs, and other tools should be applied to prevent breaches. Compliance requirements may dictate infrastructure safeguards: resources and access must be locked down to the principle of least privilege.
While cloud platforms provide building blocks, assembling, running, and operating them for custom applications adds sizable overhead beyond just writing application code. Careful planning, automation, and cloud architecture skills are required to tame cloud complexity.
Adopting DevOps practices is vital for achieving agility, quality, and reliability in modern application development. However, integrating continuous development, testing, deployment, and operations requires substantial effort, especially for custom-built applications.
A mature CI/CD pipeline needs to be built using tools like Jenkins, CircleCI, TravisCI, or GitHub Actions. Code must be checked out from source control, built, linting and tests executed, artifacts produced, and packages deployed to Dev, QA, and Prod environments. Infrastructure as code techniques help track changes.
Testing automation at unit, integration, and end-to-end levels requires framework expertise in tools like Selenium, Cypress, Jest, Mocha, and others. Test data and environments must be managed. Load and performance testing demands additional skills and overhead.
Monitoring application and infrastructure metrics, logs, traces, and health checks is crucial. Solutions like Datadog, New Relic, and AppDynamics involve instrumentation and customization. Dashboards and alerts must be configured to catch issues.
Coordinating deployments, rollbacks, and releases across environments require orchestration tools like Spinnaker or orchestration capabilities provided by platforms like Heroku and AWS. Automation reduces risks and repetitive manual efforts.
Mastering DevOps enables continuous delivery of value through incremental improvements. However, stitching together pipelines, integrations, environments, and processes for custom applications diverts significant time from building features. Standardizing patterns, playbooks, and tools can help overcome learning curves.
Leveraging cloud-native services and platform capabilities can offload much of this undifferentiated DevOps burden from application teams. Still, expertise and oversight are required to leverage these services effectively.
Security and Compliance
Modern applications must be engineered for security and compliance with regulatory or internal governance policies. Addressing these requirements demands significant design, implementation, and testing efforts - especially for custom-built applications.
A security-first culture and secure development practices must be fostered through training, peer reviews, static analysis, and testing. Common vulnerabilities like injection attacks, broken authentication, sensitive data exposure, and others must be understood and mitigated in code.
User access controls, application firewalls, and DDoS protection may need implementation. Encryption for data at rest and in transit is essential. Platform, network, and machine security require hardening. Dependency scanning for open-source risks is prudent.
Compliance with regulations like HIPAA, PCI, and GDPR often necessitates data privacy and protection measures. Requirements like right to access, portability, and deletion must be supported. Data retention and geographic restrictions may apply.
Auditing and logging for security forensics and compliance reporting needs special handling. Certifications and attestations may be required. Business continuity and disaster recovery plans should be developed.
Conducting thorough security reviews, penetration testing, and compliance audits pulls resources away from feature development. However, these activities are essential to reduce risk, gain trust, and meet legal obligations. Partnering with security and compliance experts is recommended but increases costs.
For custom-developed applications, the burden of security and compliance rests heavily on the application team. While cloud platforms provide some guardrails, the ultimate responsibility lies with the development team to build, test, and operate applications securely and compliant with relevant regulations.
The 80/20 Ratio
When you add up the efforts required across development frameworks, cloud infrastructure, DevOps, and security described in the previous sections, they easily consume more than 50% of resources on typical custom application projects. More often, the ratio is closer to 80% infrastructure and process versus 20% core feature development.
This 80/20 ratio varies by team and project characteristics like scale, compliance needs, existing tooling, and development culture. However, the skew towards "undifferentiated heavy lifting" takes away from feature coding, which delivers direct value to customers.
Developers may prefer spending time on application logic rather than wrestling with configurations, infrastructure, pipelines, and audits. However, every project incurs these overhead costs before reaching functional milestones.
The 80/20 ratio also impacts velocity. Context switching between core development and these other activities slows down feature delivery cadences. Integrating and learning new tools is time-consuming. Technical debt accumulates when infrastructure and automation are neglected.
Think about what an ideal world would look like if you could flip the 80/20 ratio to 20/80 in favor of feature development. How might it impact your team's productivity, motivation, quality, and deployment speed?
While some overhead is inevitable, leveraging application development platforms and cloud services appropriately can help rebalance the ratio. Next, we'll explore how Kalix optimizes the 80/20 split for building modern cloud-native applications.
The Kalix Advantage
The Kalix SDK provides a lightweight, high-productivity framework for building cloud-native applications using proven tech like Akka and Kubernetes. The platform handles the boilerplate and complexity of integrating these technologies.
Kalix manages the provisioning, scaling, security, and operations of the foundational infrastructure required to run your services and data stores. Configuring instances, networking, load balancers, auto-scaling groups, and other undifferentiated tasks is unnecessary.
Turnkey compliance for HIPAA, GDPR, and other regulations is built-in through AWS, GCP, or Azure security controls, encryption, access controls, and auditing. Penetration testing and validation ensure that best practices are followed.
By leveraging Kalix, the ratio of time spent on undifferentiated vs. feature development is far lower compared to custom solutions. More resources can be allocated to designing, developing, and iterating on features directly delivering business value.
Kalix enables developers to focus on coding features that matter rather than building and running infrastructure. By codifying infrastructure best practices and DevOps workflows, productivity, quality, and velocity increase dramatically. Concerns about security, compliance, scaling, and availability are handled automatically.
By reducing the 80/20 skew through a purpose-built development platform, feature development efforts can be doubled or more on Kalix compared to traditional custom application development.
Building and running enterprise applications in the cloud involves significant overhead beyond just writing feature code. Development tools, cloud infrastructure, DevOps, and security/compliance demand substantial time, effort, and expertise.
Typically, these foundational elements consume 50% or more of resources on custom application projects. The ratio of infrastructure/process versus pure feature development often reaches an 80/20 split. This overhead slows down delivery velocity and reduces focus on core product value.
Platforms like Kalix reduce this undifferentiated heavy lifting through a curated stack, managed infrastructure, seamless CI/CD integration, and turnkey compliance. The development experience is optimized for productivity and performance.
By leveraging Kalix, the 80/20 ratio is rebalanced, so the majority of time can be spent designing, developing, and delivering features that matter most to the business and customers—velocity, quality, and customer satisfaction increase.
If you are building modern cloud-native applications, consider how Kalix can help optimize the 80/20 skew by abstracting away undifferentiated overhead. Focus your efforts on coding features that differentiate your product and deliver compelling value to your users.