How to create secure and bug free software using customer-driven development
When using the Agile method, development is largely customer-driven. How do you ensure the success of such a project? Here are some tips on how to develop secure, bug free software.
Customer-driven product development is a popular concept in the software world, especially for organizations employing an Agile development methodology. Getting end users or customers engaged as early as possible in the design and development process offers a variety of benefits:
- The solution delivers only what is needed, avoiding unnecessary complexity and the development of irrelevant features.
- There is less rework during later stages since user requirements and expectations are well-defined up front.
- The software product can be shipped faster at a lower cost.
- The final product is likely to be a good fit, delivering maximum ROI.
- Customers adopt the product more quickly and thoroughly since they feel a greater sense of ownership.
These principles hold true for software developed for the marketplace and for custom software created for businesses and enterprise clients. Here are some key areas of discussion that development firms must have with their customers to ensure a successful project.
Defining the scope—and keeping it tight
It's a good idea to go slim on the initial build and focus on doing the right thing rather than on doing everything.Chad King, Ayoka Systems
Business clients often come to the table with little or no idea of what they need built. Chad King at Ayoka Systems in the Dallas area said this isn't a bad thing. "Clients need a good understanding of the problem—they don't need to think too much about the solution." It's the software development firm's role to walk the client through the process of defining that solution—and it's often easier if the client isn't already strongly attached to a particular concept. During the initial discovery phase, the focus is on helping the client understand how to budget appropriately and have a realistic idea of what it's going to take to accomplish their goals. Once the stage is set with proper expectations, it's time to start brainstorming what the solution could look like.
Chad indicated that smart customer-driven design is incremental, beginning with the essentials. "It's a good idea to go slim on the initial build and focus on doing the right thing rather than on doing everything. As the project progresses, the customer will dictate the direction—and it's not always what you thought it would be." Sticking with the 'must-haves' at the start means developers spend less time and effort on bells and whistles that may fail to impress the client. The emphasis is squarely on using technology to solve the business problem.
Determining an acceptable level of security risk
Denim Group CTO, Dan Cornell, directed attention to the issue of virtualization and cloud computing in app development. The cost-savings and other benefits of these solutions make them a no-brainer for many organizations. But there's also a potential downside. "It's important to understand from a risk assessment standpoint the risks that we are exposed to as we move applications to shared infrastructure, consuming or pushing data into cloud services. The decision is made automatically in the support of achieving certain functionality, but there's no thought given to: 'What is this cloud service going to do with my data?' or, 'Do I really trust the data that's coming in from this cloud service?'"
One indirect impact of the popularity of cloud computing is the way it allows organizations to evaluate their overall level of security compared to the market in general. According to Cornell, "Vendors of cloud-based security services have started to gather data across their client set that provides an interesting window into the state of security for everyone. With such reporting from providers, organizations can start to benchmark themselves and ask, 'Is what I'm doing normal? Is my success rate normal?' This type of benchmarking data is valuable for organizations to determine the appropriate level of investment in that area." When a business knows that most competitors are taking serious steps to secure their applications and data, it provides additional incentive to do the same.
Mobile is a must, but it's not everything
As with every new technology, some businesses lag behind and some over-adopt. Mobile app development is no different. King offered his opinion on the topic of mobilizing applications for business purposes. "Mobile capability should be part of tech strategy. But that doesn't mean making the whole solution mobile. It needs to fit how people are using it."
For an app that is used to make decisions based on real-time data, connecting to a solid backend with a reliable syncing mechanism is critical. For enabling 'work-anywhere' capability, designing an app that resides at least partially on the user's device is important. Again, these are vital topics for discussion when the application is first being designed.
Putting software development in perspective
With any aspect of app development, talking to the right subset of customers is essential. According to Chad, "One of the problems that can lead to dissatisfaction with the end result is having too few or too strong voices in the room. It's best to interview a variety of people to get a good feel for what's really important." It's never possible to satisfy everyone. But a 360 degree view of user expectations goes a long way toward ensuring an acceptable result.
It's also important to get team buy-in for an optimal outcome. For King, the most inspiring projects are those that open up a new line of business for the client. "Reducing redundancy, saving money, and streamlining processes is fine, but what about the bigger purpose? Savings are finite, growth is exponential. What I love best is being a part of developing custom software that helps build a company." When the development firm building the software is as excited about the project as the customer is, this is a recipe for success.
How do you manage application security risks? Let us know.