The trick to ensure secure software engineering in the cloud

Vincent van Beek Head of Software Engineering and Distinguished Engineer

7 October 2022

The trick to ensure secure software engineering in the cloud

Software engineers are facing a dilemma. The IT and security landscape is becoming increasingly complex, but the time-to-market must keep getting faster and faster. To develop secure software that still meets the expectations of modern users, developers must focus on three principles: testing, testing and testing.

The call to increase the amount of testing carried out is nothing new – people have been lobbying for this test-driven development for around twenty years now. But this method is still not being widely implemented, even though the complexity of the modern IT landscape demands it. What’s more: test-driven development actually leads to time savings too.

The ideal pipeline

If you fail to test properly, errors in production environments are often discovered too late. This creates problems among customers, as well as high troubleshooting costs – especially when the errors made involve matters such as data integrity or security. A testing and deployment pipeline that includes testing at the right moments in time is therefore crucial, as many errors can then be rectified before each item is released. It all begins with a structured elaboration of requirements, followed by a development process involving several test phases: unit testing, integration testing and acceptance testing. Supplemented by detailed documentation, of course.

"By automating the process, you can produce thoroughly tested and secure software without having to spend five times as long working on a release."

Testing and saving time

A pipeline such as this can be set up with relatively little impact. By automating the process, you can produce thoroughly tested and secure software without having to spend five times as long working on a release. Consider code analytics, for example, which are used to validate the fact that variables have been named and written consistently, or that no blocks of code are being submitted that are too large or complex. You can even implement this as a type of autocorrect, to give developers the opportunity to make further corrections to their work before submitting it.

You can also save a tremendous amount of time by writing automated acceptance tests – preferably by means of behaviour-driven testing. This allows delivered features to be tested in an understandable manner. In other words, you describe the desired behaviour of the software in simple human language, which a tool then translates into an automated test. This very much represents the ideal pipeline, because the basis for that description is already in the process of being laid during the very first elaboration of requirements.

Towards future-proof code

Setting-up of a test-driven development pipeline pays for itself thousandfold. A good testing process makes the codebase more maintenance-friendly, so a codebase can be managed effectively in the long term too. That will become all the more important as you expand the codebase and need to address factors such as staff turnover, for example.

You will indeed need the right knowledge for this. After all, engineers need to know how they should write unit and acceptance tests and project managers should know how to set up the right development process. It is therefore a case of investing in things such as additional training or knowledge exchange, so that you can efficiently and effectively raise your software engineering to a higher, future-proof level – or it is a case of getting on board an experienced and reliable partner such as Solvinity, to receive support with tasks such as setting up a cloud-based CI/CD development environment, automation and monitoring security and compliance.