Serverless: Changing the Face of Business Economics

By Sarah Guo and Jerry Chen

The world of software development has seen a lot of change over the past years. I have spent a lot of time thinking about serverless, a space that is still very nascent but represents a dramatic change in how applications could potentially run. In partnership with AWS, my partner Jerry Chen and I produced a whitepaper where we discussed the opportunities Greylock sees around serverless and the impact the technology has had at our portfolio companies, including Nextdoor and SkyHigh Networks.

Below is Greylock’s excerpt from the whitepaper, the full version can be read here. The technology is still in its early stages but I am excited about the promise of serverless and how it could change software development as we know it. Let me know if you have any thoughts and feedback to share — I can be reached on LinkedIn, Twitter and at sarah (at) greylock.com.

Serverless: Changing the Face of Business Economics — a Venture Capital and Startup Perspective

During the past five years, we have seen accelerating change in software architectures and development processes. Rising consumer expectations for constantly improving digital experiences and the continued growth of mobile drive the demand side. Supporting this sea change on the supply side is the availability of more flexible and economical public cloud services at every layer of the stack.

The increasing pace of change in software development requires organizations to restructure their efforts and split their applications into microservices in order to keep up. The more they can independently evolve parts of their increasingly complex systems at scale, and decouple their innovation (applications and user experience) from infrastructure management, the better positioned they will be to serve their customers.

The promise of serverless is that application developers will no longer have to provision and manage physical servers, operating systems, traditional infrastructure security, or the myriad of other functions. They will be able to consume the compute (or packaged functions) they want, in a more granular and flexible way, with the freedom to use the right language for the job. While we are early in this shift to serverless, we already see many of our forward-leading engineering organizations adopt this mentality, and we believe it represents a significant long-term opportunity for enterprises and the vendors that serve them.

Greylock Partners’ Serverless Investing Thesis

Although there is much promise and excitement around serverless, the ecosystem that supports these new, highly distributed architectures is nascent. Unlike Docker in the container world, there is no dominant standard yet. Tooling is still emerging. We believe the beginning of ecosystems like this is a promising investment opportunity.

We are especially interested in investing in companies that:

Help enterprises evolve their architecture to microservices and serverless. Enterprises manage a complex and shifting range of application environments (on-premises, multiple clouds). The first step is often to offload some parts of application delivery and resilience to services that enable modern architectures. Enterprise solutions include Avi Networks, API proxies like Kong, as well as OSS interservice meshes like Istio and LinkerD.

Enable better understanding of (and management of) highly distributed systems with varied end-user patterns. The shift to serverless (and to microservices) is not free. Independently evolving services, some of which your development organizations own, some of which are built and run by third parties, must work gracefully together in a tightly-directed concert under many different types of often unpredictable enduser load. This is no small feat, and we believe that understanding these systems will require new approaches beyond traditional unstructured logging and metrics. Structured, dynamically sampled logs, distributed tracing, iterative debugging in production, and proactive tools that draw more conclusions about when business is impacted and what component or build is correlated with a particular behavior change, will augment the tools we have today. Companies like LightStep and Honeycomb are already making strides in this area — but we think analytics of systems is going to get a lot smarter.

Support developers by making (everything) easier. We are interested in companies that try to give specific audiences a serverless experience for a small piece of the tech stack, out-of-the-box. Examples would include service marketplaces like RapidAPI, Netlify for front-end web developers, deployment services like Zeit, and Graphcool for working with databases. These companies don’t expect users to adopt serverless from the ground up — they simply use serverless principles to make something easier for developers.

Secure services and applications in a cloud-native way. Companies like SkyHigh and Obsidian help organizations move away from traditional host and network-oriented security models to more application, data and identity-centric models. More granular service (potentially even function-level) controls with usable and maintainable policy models still lie ahead.

In addition to looking for these opportunities related to the serverless ecosystem, Greylock Partners evaluates the technical architecture of companies we are looking to invest in. The way a product is architected is often difficult to change as a company grows, and can be a significant driver of cost at scale. More importantly, architecture is the basis for product velocity — one of the biggest differentiators a startup (or any company) has.

Below, we’ll look at how two of the startups in our portfolio are leveraging serverless technologies to innovate faster and better serve their customers. Nextdoor is the private social network for your neighborhood. Skyhigh, now part of McAfee, provides total control over all your data in the cloud, so you can confidently leverage the power of the cloud to accelerate your business.

Greylock Partners Portfolio Companies Spotlight

Nextdoor

At Nextdoor, data is the lifeblood of the organization. Whether influencing decisions on how to improve product features, fueling analysis of their users’ behavior, or monitoring the health of Nextdoor systems, the Nextdoor platform ingests, transforms, and analyzes massive volumes of data. Over three billion events per day are collected and delivered through Nextdoor’s data pipeline, which has recently been completely rebuilt in a serverless architecture.

Using AWS services including Amazon Kinesis, AWS Lambda, Amazon SNS, and Amazon S3, Nextdoor’s operations team was able to replace the legacy data pipeline based upon Apache Flume and custom ETL software. In so doing, the team improved reliability of the pipeline, reduced their maintenance overhead significantly, and improved delivery times of data to the Redshift-based data warehouse and S3-based Data Lake.

Apache Flume, which served them well for over four years and through daily volumes up to 1.5B events, had a number of operational challenges that led to reliability issues and even data loss in some cases. Nextdoor’s small operations team of only three engineers found themselves consumed with responding to CPU alerts, backed-up queues, and reports of lost or corrupted data. Tuning and configuring the pipeline was time consuming, and the pipeline wasn’t elastic enough to respond to surges or spikes of traffic.

As the team designed the new system, their goals were to minimize Nextdoor’s operational overhead, provide a scalable, elastic solution with minimal configuration, and ensure that they could meet our stated SLAs for data delivery times and data integrity.

Kinesis replaced Flume outright, relieving Nextdoor of the management overhead of operations. Kinesis scales well horizontally, offers a simple stream-based interface to data, and with Kinesis Firehose, provides an out-of-the-box solution for streaming data into AWS S3. Using SNS, the team was able to automatically trigger processing of incoming data records as they arrive, apply transformations by invoking Lambda functions written in Python, and deliver the modified records to S3 and ElasticSearch without operating any server instances themselves.

The net result was a marked improvement in reliability and speed of delivery. 99.95% of records processed through the Nextdoor data pipeline appear in their S3-based Data Lake in under 5 minutes. Kinesis provides a robust streaming solution that has eliminated data loss entirely. S3 provides a 99.999999999% durability guarantee for stored objects. By migrating to a serverless platform, Nextdoor can continue to operate their infrastructure efficiently and reliably with a very small team, freeing resources up to focus on deploying product enhancements for Nextdoor’s members.

Skyhigh Networks

Ever since Skyhigh launched its Skyhigh for IaaS product in Q1 CY 2017, the company has seen a steady increase in the number of large customers migrating their workloads to AWS for a variety of reasons, including business agility, costs, and risk mitigation. At the same time, customers are looking improve their security posture. Skyhigh continues to collaborate with customers to help them take advantage of the agility provided by AWS, while also providing the deep visibility and comprehensive protection of customer data and user activities so they can more confidently leverage cloud for their businesses.

To help customers achieve the goals mentioned above, Skyhigh uses AWS Lambda functions to empower DevSecOps to not just customize security configuration policies, but also help implement an auto-remediation workflow to resolve incidents. AWS Lambda helps Skyhigh to implement autodetection and auto-remediation workflows in near-real time for IaaS usage, and increasingly PaaS usage, where traditional approaches that require host agents or software instrumentation for security controls will not work.

Skyhigh’s security configuration monitoring feature allows customers to apply more than 50 policies, adhering to the CIS AWS Foundations Benchmark, in order to audit all AWS services in use. Customers can create a policy within Skyhigh to automatically check for any configuration changes by importing a Lambda function that checks for the custom rule specific to the needs of the DevSecOps team within an enterprise.

To illustrate this use case, one of Skyhigh’s enterprise customers, a large financial services firm, has a dedicated team writing hundreds (if not thousands) of Lambda functions in order to build custom rules to monitor configurations on all AWS services and applications deployed. This customer uses Skyhigh’s custom policy engine, powered using Lambda, to force Amazon S3 to serve content only if the request originates from a specific IP range and HTTPS/SSL is in use. DevSecOps has also created a Lambda P a g e | 12 function to deny accesses to AWS CloudTrail buckets for requests originating from outside the defined IP range and if the server-side encryption does not use AES 256 as the encryption scheme, apart from a number of other customized rules.

Skyhigh’s security capabilities, in conjunction with AWS Lambda, helps customers expedite their time-to market by standardizing on consistent policy enforcement and monitoring and also increases business agility by securely leveraging the AWS platform. The serverless compute ecosystem continues to grow, and the future holds great promise for cloud security applications to take advantage of the disruptive functionality and cost model of Lambda.