Accelerated software development brings with it particular advantages and disadvantages. On one hand, it increases the speed to market and allows for fast, frequent code releases, which trump slow, carefully planned ones that unleash a torrent of features at once. Continuous release cycles also allow teams to fine-tune software. With continuous updates, customers don’t have to wait for big releases that could take weeks or months.
Embracing failure without blame is also a key tenet of rapid acceleration. Teams grow faster this way, and management should embrace this culture change. Those who contribute to accidents can give detailed accounts of what happened without fear of repercussion, providing valuable learning opportunities for all involved.
However, when things are moving as quickly as rapid acceleration allows, outages, security vulnerabilities and bugs become bigger concerns. Mistakes can occur, potentially leading to security problems. The upside: Automation of tasks can actually reduce mistakes and thus remove potential security issues.
When development is rushed without security awareness, wrong software, unencrypted apps, or insecure apps could be installed; audits and compliances could fail; intellectual property or private customer data may be leaked. Security is essential to the success of any development project — make it a priority.
How to Accelerate Safely
Minimize security concerns associated with rapid acceleration by talking to all stakeholders involved. Everyone needs to be brought into the discussion. Members of the development team, along with operations and security, should analyze the existing system and vocalize their visions for the new one prior to closing gaps with tools, automation and testing.
To implement a rapid approach to software development while reducing the potential risks, consider these five steps:
* Automate everything. Your team must take time to identify bottlenecks (the delivery process, infrastructure, testing, etc.) and find methods to automate anything that doesn’t need to be completed manually.
Consider establishing a system for continuous deployment. This allows automatic deployment of every software update to production and delivery. Continuous integration should also be a priority so changes and code added to the pipeline are automatically isolated, tested, and reported on before automation tools integrate code into the code base. Automation not only reduces waste in the process, but it also produces a repeatable process and outcome, which are squarely in the wheelhouse of security’s desires.
* Be agile but not unrealistic. Instead of spending an exorbitant amount of time on planning, flesh out the requirements and begin the process. Start by designating people to stay ahead of development, keep the project on track, and ensure deliverables are completed on schedule. Through it all, keep operations — and your company — transparent.
If someone runs in with a high-priority request, the project manager or product owner can say, “No, we can’t finish that in this sprint, but we can add it to the backlog with a high-priority mark and work it into an upcoming sprint.” Agile programming is a pull model, not a push model. Management needs to understand how this works and support it.
Sign up for CIO Asia eNewsletters.