The trick to ensure secure software engineering in the cloud
Software engineers are facing a dilemma. The IT and security landscape is becoming increasingly complex, but the time-to-market must keep getting faster and faster. To develop secure software that still meets the expectations of modern users, developers must focus on three principles: testing, testing and testing.
The call to increase the amount of testing carried out is nothing new – people have been lobbying for this test-driven development for around twenty years now. But this method is still not being widely implemented, even though the complexity of the modern IT landscape demands it. What’s more: test-driven development actually leads to time savings too.
The ideal pipeline
If you fail to test properly, errors in production environments are often discovered too late. This creates problems among customers, as well as high troubleshooting costs – especially when the errors made involve matters such as data integrity or security. A testing and deployment pipeline that includes testing at the right moments in time is therefore crucial, as many errors can then be rectified before each item is released. It all begins with a structured elaboration of requirements, followed by a development process involving several test phases: unit testing, integration testing and acceptance testing. Supplemented by detailed documentation, of course.
Testing and saving time
A pipeline such as this can be set up with relatively little impact. By automating the process, you can produce thoroughly tested and secure software without having to spend five times as long working on a release. Consider code analytics, for example, which are used to validate the fact that variables have been named and written consistently, or that no blocks of code are being submitted that are too large or complex. You can even implement this as a type of autocorrect, to give developers the opportunity to make further corrections to their work before submitting it.
You can also save a tremendous amount of time by writing automated acceptance tests – preferably by means of behaviour-driven testing. This allows delivered features to be tested in an understandable manner. In other words, you describe the desired behaviour of the software in simple human language, which a tool then translates into an automated test. This very much represents the ideal pipeline, because the basis for that description is already in the process of being laid during the very first elaboration of requirements.
Towards future-proof code
Setting-up of a test-driven development pipeline pays for itself thousandfold. A good testing process makes the codebase more maintenance-friendly, so a codebase can be managed effectively in the long term too. That will become all the more important as you expand the codebase and need to address factors such as staff turnover, for example.
You will indeed need the right knowledge for this. After all, engineers need to know how they should write unit and acceptance tests and project managers should know how to set up the right development process. It is therefore a case of investing in things such as additional training or knowledge exchange, so that you can efficiently and effectively raise your software engineering to a higher, future-proof level – or it is a case of getting on board an experienced and reliable partner such as Solvinity, to receive support with tasks such as setting up a cloud-based CI/CD development environment, automation and monitoring security and compliance.
More about secure software engineering?
If you require advice about secure software engineering before then, contact us at info@solvinity.com or on +31 (0)20 364 36 00.
Other articles
More
The complexity of IT Regulations for municipalities
In addition to the daily challenge of managing a secure and efficient IT environment, municipalities face...
READ MORESecurity controls in hybrid cloud environments
A holistic approach to security controls, which considers all aspects of the IT environment, is crucial...
READ MOREThe state of cybersecurity in the financial sector in the Netherlands
Threats are becoming more sophisticated, regulations are tightening, and the pressure on IT professionals is increasing.