Tag Archives: agile software development

Walk before you run with mobile innovation

Mobile innovation has disrupted entire business models in the consumer world. Now, IT teams are recognizing its potential in the corporate space—and by recognizing, we really mean mobile came, it saw, and it’s conquering. The problem for companies is building and executing long-term mobile strategies while dealing with short-term challenges. IT teams can often find themselves stuck in firefighting mode, dealing with the everyday maintenance and administrative issues required to keep an IT department functioning.

Almost seven in ten (69 percent) of the 1,400 respondents interviewed in Cisco’s 2015 Enterprise Mobility Survey believe mobile will have a greater effect throughout the next 10 years than the web had during the last 20. Even more of them (78 percent) consider mobility a strong strategic incentive for their organization’s success. The numbers are there—but laying strong mobile groundwork in your organization can get tricky, at first.

To firefight, or to innovate?

Legacy hardware has to be maintained, change management processes followed, software licences kept compliant, and budgets met. As Benoit Laclau, a partner in EY’s IT advisory practice, points out in the company’s DNA of the CIO report, “It’s very difficult to talk about value creation when the PCs in the call centre aren’t working, or the chief executive’s printer fails.”

Switching modes to concentrate on mobile innovation rather than firefighting involves first mastering the operational challenges facing the IT department and then engaging the rest of the business, according to EY’s report. Only then can the CIO understand where to add value within the organization and leverage mobility as a tool where it makes sense.

Focus on automation

Mastering the operational challenges in an IT department starts with the automation of time-consuming tasks. In many cases, scripting commands on an improvised basis creates automation silos. The goal is to move beyond this to the point where IT and business processes can be automated in an orchestrated way. IT departments can identify the most time-consuming tasks and use IT workflow automation tools to coordinate and execute them. Scripting tasks—think change management and system provisioning—into these systems can reduce time-waster tasks that introduce human error.

If you do it right, IT automation can lay the groundwork for a more service-based culture. IT service management platforms can string together automated tasks into longer processes that form the basis for user-facing services. One example might be supplying key IT services for new users, or decommissioning IT resources for employees leaving the company.

One possible outcome of a highly automated, service-based system is the creation of a self-service portal—enabling authorized users to provision their own services. An immature, manually-focused IT team would have to set up new email accounts, equip storage, and install applications for users on command. A mature, service-driven IT organization will enable users to do these things themselves, freeing up the IT team to focus on more strategic objectives (like introducing mobile applications).

An agile path to mobile development

IT departments embracing mobility as a platform for their business users will find the software development and deployment requirements of mobile different from those of desktop applications. Mobile users are used to constant application updates with new features to match their device’s capabilities. Enterprise mobile applications must constantly evolve to remain relevant to their users. This makes agile development a key characteristic in mobile projects.

In agile development, IT teams meet frequently with end-users to find out how their needs are evolving and to test their latest software builds. Release cycles are frequent, and development teams consistently listen to and act upon user feedback. Automation can also enhance agile development scenarios. To speed up release cycles while maintaining software quality, much of the grunt work associated with software development—including the staging of development, testing for software bugs, and deployment to production—can be automated. Heads up, design and development team: This allows you to focus on those important end-user conversations.

Bring in DevOps for mobile innovation

The need for mobility has led to the rise of DevOps as an operating model for development teams. Successful DevOps teams use cloud infrastructure—private or otherwise—to automate the workflow underpinning agile software development. When you can control infrastructure with code, guess what? It’s way easier to spin up a virtual development machine, automate the provisioning of a test server and the execution of those tests, and then finally deploy that software to a production server.

Making time for mobile innovation in the enterprise involves slicing away time-consuming tasks so your team can concentrate on the real challenge in mobile development: adding value. Once mundane tasks are cleared from the to-do list, IT teams can find business processes that can be transformed with mobile technology and use them to bring real competitive advantage to the company.

5 lightning-fast agile threat responses

In case you didn’t notice, we’re in the midst of an agile takeover. Organizations are sprinting toward fleet-footed management of the cloud and, yes, the entire IT infrastructure. Nigel Hedges is just one of many IT pros who believe agile is a broadly useful “set of methodologies and frameworks to get $h!t done quickly and efficiently.”

But what about agile threat response? By using evidence-based knowledge to combat existing or emerging threats, your IT team can respond and shut down these attacks faster than ever.

Applying the tenets of extreme programming and other flavours of agile software development can improve your data security—allowing you to react at the drop of a hat. In short, you’ll be able to stay one step ahead instead of one step behind security threats.

Wait—since when is agile infosec a thing?

There’s no shortage of threat intelligence, which Gartner defines as evidence-based knowledge that helps us make decisions. IT teams can rely on more real-time network alerts and insights from external vendors than ever before, but Gartner’s study revealed only 30 percent of companies currently apply real-time intelligence.

Organizations using agile management respond faster to changing customer needs. This can result in a spike in profitability as they quickly pivot and deliver. Agile tenants focus on delivering value fast and minimizing waste, which is why they’re useful for more than just software teams. Gaining the ability to spring into action in response to cyberthreats can make the difference between an isolated incident and a full-scale security disaster.

When you know you’re facing an actual threat as it occurs, your organization can contain the threat, protect classified data, and minimize your businesses’ risks. A few stressful minutes is better than learning months too late that a criminal organization gained entry undetected and stole all your data. Adopting tools from the agile methodology is a meaningful step toward a proactive security culture.

1. Get rapid feedback and rapid delivery

Rapidly delivering software features during development projects comes with serious advantages—specifically, protection from spending months developing an app the HR team can’t actually use for payroll processing. Delivering features quickly to gain feedback protects against failed development projects, and the same fast loops can protect you from epic security face-plants. WIRED‘s Thomas Goetz defines the idea of agile rapid feedback cycles with four distinct characteristics:

  1. Measurement
  2. Analysis
  3. Consideration of insights
  4. Recalibrating action

What does this mean in practice? Not spending the months after passing your PCI assessment working on other projects while your compliance falls apart. It also means exceeding the bare minimum requirements for once-daily log reviews and switching to intelligence tools that notify you when the bad guys come knocking at your door in real time.

2. Don’t stop defining risk

A few years ago, security expert Barry Kouns redefined data-related risk as the combination of the consequence of an event and the probability of the event. For the math nerds in the room, Kouns’s idea can be spelled out with simple multiplication: Impact x Threat x Vulnerability = Risk.

If your organization’s printers have limited built-in security, your risk of being negatively impacted by generic malware is likely high. On the other end of the spectrum, facing the business continuity risks you’d deal with if your cloud provider’s nationwide data centres experienced simultaneous failure is fairly low.

The agile method broke almost all the rules of waterfall software development. It introduced the crazy idea that project requirements can be changed after developers have already written code. The same rule-breaking idea about redefining risk at any time can revolutionize security. Chances are, you’ll think about vulnerabilities differently when risk is a printer in your mail room instead of a vague threat of “bad guys” or “evil hackers.”

3. Use rapid reassessment

It’s hard to ignore problems in an environment where agile’s done correctly. Whole-team collaboration usually requires daily stand-up meetings and retrospectives. With all that transparency, no one can really hide a mistake for long. The idea of whole-team honesty—when combined with the agile focus on aligning people and processes into action—results in a security environment where nothing gets forgotten.

In practice, rapid reassessment can take shape at your organization in a number of ways, including 15-minute daily stand-up meetings, where you track your security status against metrics. It could also equate to encouraging honest communication with your colleagues when security tasks are falling off your plate or making the brave—and important—case to your CIO when you need training. Most importantly, rapid reassessment prevents painful retrospectives about how you could have avoided a security incident.

4. Remove artificial barriers

There may be more of a barrier between parts of your IT team than you think. Few organizations conduct security testing during development, partly due to talent shortages—there’s an average of one application security expert for every 80 devs.

Removing artificial barriers between security and DevOps requires more than just communicating security findings and risks. You may need to beg your boss to hire another security tester. Integrating real-time security knowledge into your homegrown applications is an idea worth chasing.

5. Update your policy continuously

Depending on your compliance requirements, you may only be required to update your security policy once a year. A full-year, out-of-date security policy is your worst nightmare. You can suffer from policy-induced problems, ranging from no standardized procedures to loads of shadow IT.

Agile threat response means speed and, more importantly, action. As your team learns through active risk definition, you should put your findings into policy. Believe us, it’s a lot less painful than the alternative.

Anyone who tells you agile is a cure-all for every business problem is probably trying to sell you something. Tools—like rapid feedback cycles—can’t solve every problem you face, but they can translate data into action. Ultimately, that’s what you can control. You can’t get rid of every cybercriminal, but you can show up and commit to improvement.