Investors share how infrastructure as code is taking over DevOps

Infrastructure as code (IaC) has been gaining wider adoption among DevOps teams in recent years, but the complexities of data center configuration and management continue to create problems — and opportunities.

We surveyed top investors in IaC startups to find out more.

Overall, they see a lot of room for growth given all of the manual work still done by DevOps teams across organizations of all sizes.

However, IaC itself requires highly trained engineers to implement and manage within organizations, and there’s a shortage of software infrastructure engineers with IaC skills. This could favor IaC startups that are trying to offer complete solutions to customers.

At the same time, some large companies will continue to manage data centers internally and thus build out automation internally instead of with outside startups.

We spoke to:


Sheila Gulati, managing director, Tola Capital

Can infrastructure as code be the solution for the implementation and configuration of servers, similar to how cloud was the solution for physical servers? Which areas do you think IaC’s capability to set up any cloud resource will be most used?

The world of the modern cloud has shifted how we think about infrastructure altogether. We live in a multicloud and many-cloud world and these paradigms are redefining the modern cloud era. IaC can be used for any type of cloud workload or architecture, but it is a necessity for anyone building on the modern cloud. This is especially true for modern cloud architectures such as serverless applications, containerized applications running Kubernetes, AI/ML and more. Modern cloud architectures provide many benefits such as increased innovation, faster time to market, improved reliability and reduced costs. However, this has increased the burden of managing cloud infrastructure. The number of cloud services available is growing every year and modern architectures are composed of many loosely coupled, interdependent services and APIs. The result is that the number of cloud resources that people must manage is going up at a tremendous pace. The only way to manage this complexity is with IaC.

Today, we are seeing a new generation of IaC platforms that are designed from the ground up to meet the demands of the modern cloud. For example, Pulumi and its cloud engineering platform is helping infrastructure teams and developers tame cloud complexity by enabling them to write code in the languages that they know and love, and use software engineering practices to build, deploy and manage cloud infrastructure. In contrast to legacy IaC tools that use domain specific languages, modern IaC platforms give practitioners the full power of programming languages, which make it easier to manage the complex interdependencies of modern cloud applications. They allow developers to use existing software development tools, including IDEs, package managers and test frameworks, which enable them to build faster and reuse best practices, while testing more frequently.

Do you see IaC’s ability to streamline processes attracting startups in competitive sectors looking to get their product across the line first?

Yes. The companies in our portfolio who have embraced IaC and cloud engineering principles are also the ones most intent on rapid product development and streamlining their ability to bring new products to market faster. This requires investment in engineering talent, the platform and engineering practices.

It is important to take advantage of new cloud innovation to accelerate innovation and leverage IaC to more build products to efficiently meet customer needs. To support this it is critical for there to be partnership across providers within the IaC space to deliver the components that work together to support engineering teams.

Furthermore, we have seen teams that lean into more modern development platforms able to hire better developers more easily — a concern of every tech company today. The cultures that are more dev-forward and that are truly embracing the shift-left movement are where the best developers want to work!

Why are companies hesitant to adopt infrastructure as code? Can you outline the different ways IaC providers can market themselves to build their appeal?

IaC should be the obvious choice for any company that’s interested in delivering cloud applications at scale, reliably, and at high velocity. The concerns of the past are now obsolete. However, companies may hesitate to adopt it due to the cultural and process changes required, the risks of migrating an existing application, or they may not have the right skills on their team. In the past, we also had IaC platforms that required the use of domain-specific languages. All of this taken together can make the ramp to productivity seem steep.

IaC providers can market themselves by focusing on the tangible benefits they will provide to engineering teams as well as demonstrating the business value of adopting IaC so that stakeholders understand the value of making a change. Additionally, anything that can reduce the friction of onboarding like enabling developers to work in a language they already know will shorten the time to productivity and that is imperative. It is also important to enable discovery through the open source community,

Some companies offering IaC provide implementation and maintenance while others just provide the framework. Which model do you see being more successful?

Companies that provide the framework will be able to scale and grow more quickly. For something as critical and sensitive as managing infrastructure, it’s important to provide an open source framework that the community can review, contribute to and grow. Increasingly, purchasing decisions are made by practitioners and through grassroots adoption, so providing a framework that’s backed by a SaaS offering with high value features is critical. Having worked to grow developer communities for much of my career, I see the incredible virtuous cycle that companies have with their open source frameworks; we always tell our portfolio companies that building strong technical communities is the best investment!

How can a startup trying to establish itself in the IaC space set itself apart from the competition? Do you see a single company consolidating market share in the long run?

Having been part of the cloud evolution, starting with the earliest days of Azure, I recognized that with the evolution of cloud architectures, there would be an impact to how applications are built, how teams work together and the role of the developer. Developers are playing an ever more critical and ever-expanding role in delivering code that takes advantage of the cloud world while dealing with the complexity at the moment of building the code. There are many aspects of shift left that require more and more from developers that encompasses both security and infrastructure considerations.

When we saw Pulumi for the first time, we were incredibly excited by the vision the founders had and the ways Pulumi made IaC more accessible by supporting general purpose languages and the way they brought together the work of infrastructure teams, developers and security teams. They have also taken an approach that is squarely focused on the developers. We see the most innovative engineering teams from the likes of Snowflake, Lemonade and Mercedes-Benz adopting Pulumi.

Pulumi’s cloud engineering platform enables any company to employ standard software engineering practices and tools uniformly across infrastructure, application development and security teams to tame the complexity of delivering and managing modern cloud applications.

Interestingly, the recent Stack Overflow Developer Survey showed that developers with knowledge of Pulumi get paid the most of anyone surveyed, at $109,800, with Terraform, Docker and Git trailing by a wide margin. I think one takeaway is that cloud engineering, and Pulumi, represent a massive opportunity for developers who want to immediately improve their financial positions and career trajectories.

The market demand for cloud is growing and will only continue to increase because almost every company will be running cloud applications eventually. In addition, companies have different requirements and needs with regards to how they manage their cloud infrastructure. Thus, there is room for several players in this space in the long run without a single company consolidating market share.

Help TechCrunch find the best software consultants for startups.

Provide a recommendation in this quick survey and we’ll share the results with everybody.

S. Somasegar, managing director, Madrona Venture Group

Can infrastructure as code be the solution for the implementation and configuration of servers, similar to how cloud was the solution for physical servers? Which areas do you think IaC’s capability to set up any cloud resource will be most used?

Yes, we are excited about infrastructure as code, as it brings the full lifecycle of cloud infrastructure and servers under the control of software. Server automation and configuration management are problems that can be solved by IaC. The modern cloud is unique in that all aspects of infrastructure management are now behind internet-accessible, and highly programmable, REST APIs. What IaC delivers is a consistent programming model and resource model that can be programmed in code. This lets us apply standard software engineering practices to cloud applications and infrastructure, a practice increasingly called “cloud engineering.”

With cloud computing, there is a growing number of infrastructure components of an application that need to be released to production continuously and scaled up/down frequently. Think multiple microservices deployed in multiple environments for a geographically distributed application … While IaC can simplify the implementation of compute significantly, storage, networking, monitoring, security and software deployments/updates are other areas IaC can be used to provision and manage cloud resources. Over the past multiple decades, we have seen the rise of programming languages, frameworks and great tools to tame complexity for applications. We are now seeing IaC take that same approach to taming the complexity of the modern cloud.

Do you see IaC’s ability to streamline processes attracting startups in competitive sectors looking to get their product across the line first?

Absolutely, yes. What we see is that the fastest-moving startups and innovative companies that look to the cloud as a competitive advantage, are embracing IaC. They are often empowering developers to be in the drivers’ seat, with the infrastructure team playing a critical role in enabling the whole organization to move faster but still have confidence when it comes to security, compliance, cost and reliability. By adopting IaC, startups can reduce errors, improve infrastructure consistency and increase the speed of their deployments. In competitive sectors, being able to deliver stable environments rapidly and at scale will not only help startups get their product across the line first but also allow them to iterate quickly based on customer feedback.

Why are companies hesitant to adopt infrastructure as code? Can you outline the different ways IaC providers can market themselves to build their appeal?

Given the impact software has had across the board, most companies are now looking to adopt IaC. We don’t see much hesitation these days. What we do see is teams struggling with how “forward thinking” to be — how much to empower developers, how to enforce security and IT standards, how to ensure best practices are followed, and how to stay on top of costs.
IaC providers can broaden their appeal by helping customers with these end-to-end challenges — having an IaC point solution is one thing, but having an end-to-end solution to adopting cloud engineering at scale is another. IaC providers can take a bottom-up approach and target the end user, i.e., engineers. They can always put more emphasis on marketing content that showcases how easy it is to learn their platform through sample code, tutorials, articles and demo videos. Highlighting the time saved while creating and managing cloud resources with real-life examples and case studies should boost their appeal.

Some companies offering IaC provide implementation and maintenance while others just provide the framework. Which model do you see being more successful?

We believe those companies who take a holistic approach will be more successful. The cloud (native) ecosystem is already huge and growing fast, with hundreds of innovative technologies that all tap into the power of the cloud in new and exciting ways, so companies also need to look at embracing the ecosystem. Walled gardens with proprietary solutions and languages will not fare as well as those who embrace the community and work well with other expert companies in domains like cloud security, networking and the like.

Smaller organizations can benefit from an IaC solution that covers both implementation and maintenance and provides more automation for the engineering team so they can focus on application development. On the other hand, larger organizations with DevOps teams might prefer more customization and control over the management of the cloud resources and choose the framework option. Choosing a framework essentially allows the company to build more customization on top.

How can a startup trying to establish itself as a provider of IaC set itself apart from the competition? Do you see a single company consolidating market share in the long run?

The world of IaC is very different in 2021 than it was even a couple of years ago. We are seeing a shift in “power” from central IT to more distributed responsibilities amongst the business units responsible for delivering applications and customer-facing functionality. This means those who are empowering developers will fare better in the long term. We think that an approach like what Pulumi (one of our portfolio companies) is taking of tapping into the languages and entire ecosystems of developer tools and bringing that to the world of IaC both helps developers bring the cloud closer to their application architectures while also leveling up infrastructure teams. We strongly believe that this will foster a vibrant community of cloud engineering and really make building cloud software a whole lot easier, while also improving security and reliability.

Aaron Jacobson, partner, New Enterprise Associates

Can infrastructure as code be the solution for the implementation and configuration of servers, similar to how cloud was the solution for physical servers? Which areas do you think IaC’s capability to set up any cloud resource will be most used?

Yes — IaC is quickly becoming the default way of configuring cloud infrastructure. It enables the automation and consistency required to deliver high-quality, large-scale complex applications across multiple clouds, important to prevent lock-in. In particular, I expect IaC to be very useful for deploying and managing Kubernetes given how notoriously challenging the orchestration layer is to set up.

Do you see IaC’s ability to streamline processes attracting startups in competitive sectors looking to get their product across the line first?

Yes, a startup’s advantage (and survival!) depends on speed to market. IaC simplifies cloud infrastructure so a startup can focus on building a differentiated application. We have one of the largest active early-stage portfolios and anecdotally I’m seeing more companies leveraging Pulumi (a modern IaC solution where we are also an investor) from day one.

Why are companies hesitant to adopt infrastructure as code? Can you outline the different ways IaC providers can market themselves to build their appeal?

I think one of the biggest hesitancies to adopt IaC is cultural. IaC breaks down the barriers between ops and development teams, enabling them to work together more closely and become far more productive while also ensuring security. Yet many ops teams, especially in the Fortune 500, have been hesitant to relinquish control as the infrastructure gatekeeper for fear that giving too much autonomy to developers will cause them to run amok and cause security or performance issues. In addition these bigger orgs can be more conservative and want to see new technology like IaC more widely adopted before jumping in. To overcome these cultural obstacles, it’s important for IaC solutions to market their tightly coupled security policy and elegant state management as well as show concrete case studies of ROI achieved by blue-chip customers.

Some companies offering IaC provide implementation and maintenance while others just provide the framework. Which model do you see being more successful?

We believe companies that focus on the framework will be the most successful. However it is important for these companies to provide excellent documentation, education and support so that customers and partners can handle implementation and maintenance.

How can a startup trying to establish itself in the IaC space set itself apart from the competition? Do you see a single company consolidating market share in the long run?

It’s all about delighting developers. The best IaC solutions make developers lives easier without requiring significant additional time invested on their part. They also insert seamlessly into their workflows rather than requiring a change in behavior or toolchain. And they have first-class support for modern infrastructure like Kubernetes and serverless so developers can take full advantage of their capabilities. Developer delight is exactly what led us to back Pulumi. As seen in other software markets, we think it’s going to be a “winner take most” so one player will emerge as the leader but there will still be room for other differing solutions that cater to more niche segments.

Sri Pangulur, partner, Tribe Capital

Can infrastructure as code be the solution for the implementation and configuration of servers, similar to how the cloud was the solution for physical servers? Which areas do you think IaC’s capability to set up any cloud resource will be most used?

IaC tends to focus on the continuous management of cloud resources, but it is important to draw the distinction between commodity cloud infrastructure and application servers. IaC works great with stateful resources (databases, compute resources, load balancers and other resources that aren’t easy to recreate), but the stateless applications we run on the cloud are much easier to recreate without worrying about the previous state using CI/CD and the GitOps model.

With regards to cloud resources, IaC’s major advantage is the repeatability of environments, the ability to easily audit the change history of your infrastructure and maintaining separation of duties through CI/CD and pull requests.

Enterprises can additionally benefit from codifying cloud resource ownership and cost centers to streamline billing and governance within an organization.

Do you see IaC’s ability to streamline processes attracting startups in competitive sectors looking to get their product across the line first?

It depends on the product. I feel cloud services did that already. IaC helps to maintain and scale the infrastructure, not necessarily to speed up initial development and time to market. Many early-stage startups will try to spin up some resources with their cloud vendor’s UI and not immediately try IaC because it adds engineering overhead and requires a bit more sophistication.

Why are companies hesitant to adopt infrastructure as code? Can you outline the different ways IaC providers can market themselves to build their appeal?

It’s complicated, and it requires experts for small companies. For large companies, it’s a new paradigm and they are already entrenched in something else. Existing resources, especially with IaC implementations that make it hard to integrate with something that is not managed by the same tool. Even the most well-known IaC products can’t just be added to your existing infrastructure. The conversation is instead about migrating to IaC.

Another major aspect is that IaC products are always playing catch up when it comes to supporting newly released cloud resources. Even the large cloud providers’ own IaC products can take significant time to support certain resources or some of their parameters.

What could be helpful in terms of building appeal is having shared spec, vendor-neutral APIs. OpenTelemetry is a great example in the tracing world. Kubernetes CRD spec might be a closer example in the infra space. Tools like CrossPlane are attempting to give developers a single API to handle Kubernetes workloads and provision cloud infrastructure.

Some companies offering IaC provide implementation and maintenance while others just provide the framework. Which model do you see being more successful?

Well, everything starts with the framework. Without it, there is nothing. The appeal of Terraform has always been clear but before Terraform Cloud was introduced, there was always a big risk for companies using it because of its stateful nature and the risk of losing the state. With Terraform Cloud, knowing that HashiCorp employees are taking care of a customer’s Terraform state is a big relief for users.

How can a startup trying to establish itself in the IaC space set itself apart from the competition? Do you see a single company consolidating market share in the long run?

The issue with traditional IaC tools is that they don’t bring developers closer to infrastructure without requiring them to become experts in the resources they are configuring. Traditional IaC tools are more akin to configuration than code. Newcomers, like Pulumi, allow you to develop infrastructure in your language of choice but may also subject developers to application bugs as well as potentially misconfigured infrastructure.

The future of infrastructure management will likely abstract advanced configuration and bespoke software allowing organizations to easily provision best-practice infrastructure with a shallow understanding of the underlying infrastructure.

A single company consolidating the market will be difficult. Developers have language preferences and that is why we have seen products like Pulumi appear on the market and gain impressive traction. However, the current state of all IaC tools introduces negative engineering, low ROI engineering effort required to enable high ROI application development to begin. Developers prefer the rewarding high ROI work that the business values. For a company to consolidate the market, they will need to give developers easy access to infrastructure, without requiring them to wear the additional hat of an operations expert.

Teddie Wardi, managing director, Insight Partners

Can infrastructure as code be the solution for the implementation and configuration of servers, similar to how cloud was the solution for physical servers? Which areas do you think IaC’s capability to set up any cloud resource will be most used?

IaC is key to reducing the gap between engineering and operations. It’s been around for a while but is still one of the hot topics around DevOps. One of the key benefits is the ability to provision consistent environments across development, staging and production with little room for human induced errors. IaC is also critical to take harnessing the elastic nature of cloud resources by auto scaling with workloads. Docker containers and a microservices architecture are fundamental building blocks for harnessing IaC, but Docker also enables defining more complex composite applications with each specifying the environment and configuration they require.
Do you see IaC’s ability to streamline processes attracting startups in competitive sectors looking to get their product across the line first?

Yes, definitely. Oftentimes time to market can be a key advantage to startups seeking stronger brand recognition and positive signaling from key opinion leaders in markets. IaC can certainly act as the backbone of that deployment toolkit. Startups that have very solid DevOps practices can also benefit from a lower cost structure and higher-quality delivery.

Why are companies hesitant to adopt infrastructure as code? Can you outline the different ways IaC providers can market themselves to build their appeal?

One of the often-cited challenges with IaC is visibility. Things work very well with a single developer but with a larger team it can become a black box. There’s also a talent gap in finding engineers who are comfortable working with IaC and know how to apply proper patterns. IaC vendors can help bridge the gap by making their products simpler and lowering the bar for developer skills required.

Some companies offering IaC provide implementation and maintenance while others just provide the framework. Which model do you see being more successful?

I think in the long run the vendors that provide the tools for maintenance and visibility will be the most successful. Frameworks are of course useful, but enterprises are interested in automating time consuming and costly problems like policy drift and configuration changes. There’s a fine line to strike, of course, between offering products that help customers do this in an automated fashion and professional services organizations that maintain things manually. We are obviously more bullish on the former than the latter.

How can a startup trying to establish itself in the IaC space set itself apart from the competition? Do you see a single company consolidating market share in the long run?

We think startups in the space that sit at the intersection of context awareness and security of the DevOps pipeline will be most compelling. Cycode, a portfolio company of ours, is a great example of this and is architected with a policy engine and numerous remediation workflows. Cycode’s knowledge graph and scanners help detect IaC and cloud misconfigurations, source control misconfigurations, secrets and leaks detections, and critical code monitoring. In the long run we don’t think a single company will consolidate market share, but rather three to five vendors that will likely differentiate around price points for SMBs versus the enterprise or specific use cases.

Tim Tully, partner, Menlo Ventures

Can infrastructure as code be the solution for the implementation and configuration of servers, similar to how cloud was the solution for physical servers? Which areas do you think IaC’s capability to set up any cloud resource will be most used?

For sure, there’s no doubt about it. If you have ever used any cloud platform tools, they’re form heavy and excruciating from a usability standpoint due to the amount of important configuration options and dots-connecting that has to happen. Automating this will be faster and as we’ll see, more secure. This is due to the ability to inspect the safety of the configuration, but also the ability to avoid human errors.

Do you see IaC’s ability to streamline processes attracting startups in competitive sectors looking to get their product across the line first?

Absolutely. You have to remember that IaC is not simply about the act of configuring compute, storage and networking. There is far more to this than resource allocation. One of the opportunities IaC opens up is security as code or (SaC), whereby security can be configured in a declarative manner on top of the IaC. Companies like Oak9, which help provide security on top of IaC and help developers understand where security vulnerabilities exist in the configured resources in the CI/CD pipeline, will also provide developers with product velocity since they’ll be able to automate bot the infrastructure and security in an automated, declarative way.

Why are companies hesitant to adopt infrastructure as code? Can you outline the different ways IaC providers can market themselves to build their appeal?

There is certainly an aspect of inertia for developers at the companies avoiding IaC adoption. Engineers tend to like repeatable, reliable processes and ways of doing things. Without a massive enough carrot, it can be difficult to lure them into changing their ways. I do believe that IaC is a 50-pound carrot, and the devs will eventually come around to widespread adoption.

Some companies offering IaC provide implementation and maintenance while others just provide the framework. Which model do you see being more successful?

They’ll both be successful and eventually coalesce, in my opinion. It’s too hard to keep these separate and developers will demand that they show up in the same workflow. The company that does this will win.

How can a startup trying to establish itself in the IaC space set itself apart from the competition? Do you see a single company consolidating market share in the long run?

Two things come to mind. First is integrating the functions and features of different aspects of the IaC workflow into a single platform as much as possible. It’s important to remember that as a developer, oftentimes you’re stringing together a number of services to make the CI/CD pipeline work. The more you can collapse into single platforms or offerings, the easier you’re making developers’ lives. The second is usability. One of the dings on the CSPs is that the configuration flexibility and number of offerings are mind boggling. The IaC startup that can optimize the workflow and create an enjoyable experience for the developer is going to win out when the IaC functions finally get commoditized.