The IaC landscape drama continues. If we thought everything would calm down following the Terraform license change, consequent forking of the project and establishing OpenTofu, and then the IBM acquisition of Hashicorp… well, think again.
While some pundits will claim —Terraform is DEAD— long live [ENTER FAVORITE IAC TOOL HERE], I think what is actually happening is quite a bit different and much more compelling. Recently, my co-organizer Eran Bibi was on a panel at Kubecon Paris on the “Evolution of IaC - On Open Source & Everything Else”, and I’d like to dig a little further on what I see unfolding.
We know we’ve been beating the “it’s not just IaC - it’s a whole world of cloud asset management too!” - for quite a while now. The exciting part is when we see major industry players validating our positions. Enter Pulumi into the cloud asset management arena. Welcome!
With their positioning as newly focused on automation, security and management, I’d like to posit that Pulumi’s redirection is evidence of a shift we’ll be seeing among many if not all IaC players in the near future. Cloud inventory, compliance, and remediation matter just as much as orchestration, and they’re all inherently connected.
The announcement isn't just news. It's an indicator of where our industry is headed, and it's an exciting direction. The future of IaC and cloud asset management is actually quite tightly coupled — and will likely change the way we think about future cloud operations at today’s cloud fleet scale.
Since creating it, Firefly continues to lead and educate on the cloud asset management category. Now, it’s clear that Firefly is setting a standard that more and more vendors are poised to follow as the ecosystem matures.
What the Pulumi Announcement Said — And What Its Implications Are
Is HashiCorp dead?
Pulumi recently announced a new vision for the business. According to the press release, Pulumi’s platform now includes three core products:
- Pulumi IaC, for infrastructure as code in any programming language
- Pulumi ESC, for security automation and secrets management
- Pulumi Insights, for visibility and an analytical view of cloud resources and assets
Only time will tell if the market is ripe for a new take from an established vendor, or for a Vault alternative, but Pulumi’s move underscores a few important truths we’ve known for a long time at Firefly:
Cloud asset management is making waves.
When a big player like Pulumi starts moving in this direction, it's like a huge billboard saying, "Hey, this cloud asset management thing? It's a big deal."
The value of IaC beyond provisioning is being recognized.
Infrastructure as code, and the codifying of cloud resources is a largely solved problem. We're now moving onto higher order problems, which is more than just deploying new infrastructure to actually managing what's already out there (like finally realizing you need to clean out your garage after years of just shoving new stuff in.)
Growing complexity is surfacing long-standing issues with traditional cloud tools.
This move substantiates what we've been preaching at Firefly — cloud environments are becoming increasingly more complex, the ecosystem saturated with tools, and cloud operations engineers overwhelmed by choice and understanding what will truly move the needle for them in reducing manual toil and cognitive load. With this complexity is an opportunity for innovators and fast movers to deliver better, more flexible cloud management tools.
What IaC Vendors Are Still Getting Wrong: And The Future of Cloud Asset Management
To know how to prepare for change and keep your teams agile in a quickly changing DevOps landscape, you need to recognize what you’re up against — and importantly, what you may be overlooking:
Multi-cloud environments are growing, and remain underserved
According to our 2024 State of Infrastructure as Code Report, today, 89% of organizations are using a multi-cloud approach. Thirty-six percent are even considering expanding their multi-cloud infrastructure. Over 50% of organizations have 10+ cloud accounts, while another quarter have over 100 cloud accounts, and 12% have over 500. That includes AWS, GCP, Azure, and others.
Still, IaC vendors today, despite Pulumi’s pivot indicating a positive shift in the right direction, are overlooking cloud practitioners’ multi-cloud reality and continuing to think about cloud asset management in silos, buckets, and languages. As companies continue to spread their assets across multiple clouds, tools that can manage resources across different providers will become crucial.
There’s an urgent need for an active, not reactive, approach to cloud governance
Just because you have governance-related insights accessible to you doesn’t guarantee that you’re able to act on them proactively and efficiently to take control of your cloud. That’s part of why cloud governance remains one of the top challenges, as well as one of the top objectives, of using IaC. True governance is about proactive cloud control and safeguarding, not passive insight gathering.
At Firefly, we consider governance at every stage. We often prevent issues before they happen. And when an incident does happen, we save you time by leaning on AI to automatically offer you the solution to quickly fix it.
So what does proactive governance look like?
- End-to-End (or Code-to-Cloud) Policy Enforcement: Implementing "code-to-cloud" governance, enforcing policies at every stage of the process: code, CICD, and cloud.
- Active Prevention: Implementing guardrails in place ahead of time, to catch violations before they happen. (Offered by both Pulumi and Firefly).
- Automated Remediation: Auto-remediation with Firefly comes in two forms. In active prevention, guardrails notifies the user of violations in code before it goes live. Then, it offers the remediation solution that fixes the violation in the code. The second form of auto-remediation offered is in the form of existing cloud resources. With Firefly, when you add policies, the solution shows you which resources violate which policies, and then offers you the right fix.
In 2024, any CI/CD can beat TACOS
When TACOS (Terraform Automation and Collaboration Software) first came onto the scene, they offered a compelling proposition, but now we recognize that they can also become a single point of failure for cloud teams. Today, TACOS’ relevance in the modern DevOps stack is increasingly being questioned, especially by organizations that already have robust CI/CD pipelines in place. The real focus should be on empowering your current platforms with the capabilities they need to handle IaC effectively. In short: we don’t need more tools, or more fragmentation. And with the death of TACOS, consolidation is how you truly simplify cloud management.
Pulumi's expanded offerings will integrate more seamlessly with existing CI/CD pipelines. Plus, the introduction of Pulumi ESC will enhance security practices within CI/CD pipelines, particularly in managing secrets and configurations. This will only serve to further the move away from TACOS.
What’s Next?
As we continue to see more (seismic) shifts, more players, and more innovation in the space, we’ll also see other changes in the market — the most notable being increasingly tight competition. Large and small players alike are looking to be the next Vault, the next Terraform, and by the looks of it, even the next Firefly.
May we continue to evolve toward the future of cloud everything management, and may the best cloud tools win.
