Agile is a quick and flexible method used for software development. It is less a process and more a way of thinking collaboratively. It thrives in a team environment where typical departmental silos are replaced by team collaboration. Sound familiar? Heard it before? I'm sure you have in some way, shape or form. However, how does Agile work when your IT infrastructure is cloud-based? What are the business risks and considerations of adopting a cloud infrastructure?
Ironically, Agile's speed and flexibility introduces several business vulnerabilities when
Cloud challenges: Systemic vs. technical risk
Most of us understand technical or functional risk. It's a core concept for considering any IT approach. You have to consider the risk to your software and your business if the change doesn't work out. You essentially need a backup or fallback plan in case the new approach fails. Systemic risk is a term borrowed from the financial business world; it means the risk when interdependent and connected pieces fail, causing a cascading failure that takes down the entire financial market. In the software development world, it means you must consider and analyze the risks when you interconnect your software to another system not under your control. If one link fails, the chain fails. It's critical to your business to consider the systemic risk as a broader view of each functional or technical risk. New technology is also often necessary for business growth and vitality, but it's important to have an in-depth discussion about the risk and the need for a failover plan so your business handles the possible impact and can continue beyond it.
"Focus on your business and not just the latest technology initiatives," said Rob Silverstone, senior contractor at AOL (CIO, July 6, 2012). The software development business world is volatile and competitive; it's critical that you consider the full impact of taking on new technology.
Cloud challenges: Trust and data security
When you switch to using a cloud-based infrastructure, you're essentially counting on the Software as a Service (SaaS) vendor to secure its entire system. Remember to consider that you're sharing the database, so data security is a must. Take your SaaS vendor to task and have it document and demonstrate its security measures. Granted, you can go on reputation and trust your vendor, but it's much better to trust and then verify. It's your business that will take a large hit if a data breach occurs, so verify that your SaaS vendor secures both the applications and the database.
Agile is generally based on short time cycles or iterations. Often, the time it takes to identify risks both functional and systemic aren't there in general. However, it really needs to be done. You may consider protecting your business assets and using a professional security-testing firm to ensure that your SaaS vendor's system is as secure as it claims. It's better to know beforehand than after a failure or significant event occurs. Granted, it is money spent up front, but it may be that money that keeps your business in the black and thriving, rather than battling the fallout of a negative security or failure event. It simply warrants an involved discussion and investigation.
This was first published in August 2013