The trick to ensure secure software engineering in the cloud
Software engineers are facing a dilemma. The IT and security landscape is becoming increasingly complex, but the time-to-market must keep getting faster and faster. To develop secure software that still meets the expectations of modern users, developers must focus on three principles: testing, testing and testing.
The call to increase the amount of testing carried out is nothing new – people have been lobbying for this test-driven development for around twenty years now. But this method is still not being widely implemented, even though the complexity of the modern IT landscape demands it. What’s more: test-driven development actually leads to time savings too.
The ideal pipeline
If you fail to test properly, errors in production environments are often discovered too late. This creates problems among customers, as well as high troubleshooting costs – especially when the errors made involve matters such as data integrity or security. A testing and deployment pipeline that includes testing at the right moments in time is therefore crucial, as many errors can then be rectified before each item is released. It all begins with a structured elaboration of requirements, followed by a development process involving several test phases: unit testing, integration testing and acceptance testing. Supplemented by detailed documentation, of course.
Testing and saving time
A pipeline such as this can be set up with relatively little impact. By automating the process, you can produce thoroughly tested and secure software without having to spend five times as long working on a release. Consider code analytics, for example, which are used to validate the fact that variables have been named and written consistently, or that no blocks of code are being submitted that are too large or complex. You can even implement this as a type of autocorrect, to give developers the opportunity to make further corrections to their work before submitting it.
You can also save a tremendous amount of time by writing automated acceptance tests – preferably by means of behaviour-driven testing. This allows delivered features to be tested in an understandable manner. In other words, you describe the desired behaviour of the software in simple human language, which a tool then translates into an automated test. This very much represents the ideal pipeline, because the basis for that description is already in the process of being laid during the very first elaboration of requirements.
Towards future-proof code
Setting-up of a test-driven development pipeline pays for itself thousandfold. A good testing process makes the codebase more maintenance-friendly, so a codebase can be managed effectively in the long term too. That will become all the more important as you expand the codebase and need to address factors such as staff turnover, for example.
You will indeed need the right knowledge for this. After all, engineers need to know how they should write unit and acceptance tests and project managers should know how to set up the right development process. It is therefore a case of investing in things such as additional training or knowledge exchange, so that you can efficiently and effectively raise your software engineering to a higher, future-proof level – or it is a case of getting on board an experienced and reliable partner such as Solvinity, to receive support with tasks such as setting up a cloud-based CI/CD development environment, automation and monitoring security and compliance.
More about secure software engineering?
If you require advice about secure software engineering before then, contact us at email@example.com or on +31 (0)20 364 36 00.
A safe transition to the public cloud, what should you keep in mind?
What should you keep in mind for a safe public cloud transition?
A safe haven for financial services in the Public Cloud
Cloud computing offers many advantages such as scalability and efficiency. Learn about the public cloud and...READ MORE
Is the cyber security of Dutch companies lagging behind?
Discover the caveats of our CTO, and former CISO, Marc Guardiola, on this interesting conclusion from...READ MORE