Tag Archives: business

How to create a realistic enterprise strategy for cloud computing

Cloud computing has commoditized IT infrastructure and allows companies of all sizes to be more agile and cost efficient, but heed this caution — it isn’t for everything.

In developing their strategy for cloud computing, enterprises need to keep in mind that there are applications that are terrible candidates for cloud, just as there are systems that lend themselves to the cloud. In any case, it’s worthwhile to take a look at what has value that public cloud services can bring to the enterprise, said David Linthicum, senior vice president at Cloud Technology Partners, during his Rethinking Enterprise Computing presentation at the Modern Infrastructure Decisions conference here this week.

"If you understand that this is just a platform change, it’s not so scary," he said. "We have all moved to new technology … with cloud; we are just using things we don’t own that sit on the open Internet."

In some cases, that is certainly a nerve-wracking proposition. But it makes sense in others. For example, retailers that need to scale up or down quickly or expand storage at low cost find the cloud to be a good option and should develop a strategy for cloud computing.

Many businesses use public cloud to extend their data center in that way; they add capacity or use the cloud as a backup data center, said Kris Bliesner, CEO of 2ndWatch, a Seattle-based Amazon Web Services integrator. "It can be a lot cheaper to store your archives in a cloud," he said. "[Cost] can get down to a penny a gig, which is much cheaper than tape."

Cloud has also become a good place for DevOps around the use of Platform as a Service. Also, large and highly expandable data systems work in the cloud, and cloud services make sense for new or small businesses, Linthicum said. "Most of Amazon’s business comes from small businesses," he said. "The $2 billion they made is all mom-and-pop shops that can’t afford their own IT."

Also, many companies use Software as a Service (SaaS) versions of enterprise apps, or their strategy for cloud computing is to use the cloud for high-performance computing on demand or Office automation apps, such as Office 365. Part of the appeal of SaaS is access to the latest software versions. "Being on O365 or a SaaS solution like that frees you up from the upgrade challenges," Bliesner said.

What not to put into the cloud
On the flip side, most legacy systems are poor cloud candidates, in part because they are tough to migrate to a public cloud. Systems that require a high degree of security or require a lot of regulatory control don’t belong in the cloud, either. "We use the cloud only for apps that we don’t have to worry about, security wise," said Ashish Patel, head of storage infrastructure for a financial asset management firm on the East Coast. "Things that are already public knowledge, we put in the cloud."

However, the fears around using cloud based systems typically are inaccurate, according to Linthicum. "If you think correctly about security in the cloud, it will probably be as secure as your on-premises systems," he said. "Just don’t do stupid things."

Enterprises with substandard network infrastructure shouldn’t move to the cloud either. In fact, in many cases, a move to the cloud would require a network infrastructure upgrade, Linthicum said. Very few people at the session, which had more than 100 attendees, indicated by a show of hands that they believe their network is ready for the cloud.

Also, companies shouldn’t put things into the public cloud that need to be tightly integrated with local systems and data.

And since the public cloud is a good way to circumvent infrastructure upgrade costs, enterprises that have recently made significant investments in hardware and software shouldn’t move to the cloud, Linthicum said. "If you have just made big investments, you have just eliminated the economic viability of the cloud," he said.

Building a strategy for cloud computing
Companies that want to begin their move to the cloud should put together an actionable, funded plan that includes realistic benefits and a five-year roadmap. "It is a long-term systemic change that requires support from the top," Linthicum said.

Everyone has their own approach, but there are some general guidelines. A cloud migration plan starts with understanding your business, your users and your technology. Then define your objectives while keeping security, governance and performance in mind, Linthicum said.

While many companies look to cloud as a way to reduce costs, the operational return on investment isn’t important; most of the money with cloud is made around the business agility it affords. "Business agility is the reason to leverage this technology," Linthicum said.

Source: http://searchcloudcomputing.techtarget.com/news/2240181341/How-to-create-a-realistic-enterprise-strategy-for-cloud-computing

Did you like this? Share it:

Where Does Security Stand On Mobile Cloud Computing?

mobile-cloud

Arguably, security is still one most significant concerns of Cloud customers. As more and more businesses continue to transition their mainstream Cloud-based I.T operations on Mobile-ready applications, it has opened the lid for security vulnerabilities in organizations.

Although, the adoption of Cloud and Mobile computing is getting bigger, with the majority of organizations and enterprises adopting this trend, it is, still, of immense importance for the general public to understand the consequences of any cyber-attack, as well as plan ahead to out-maneuver any such incidents.

The Verdict

Although, organizations seem to be quite concerned about the impeding security threats in the background of Mobile Cloud Computing, they fear such incidents may incur via non-sanctioned Mobile apps used by the I.T departments at organizations. But there are other factors besides the role that I.T can play here. Reckless actions by employees, as well as involuntary decisions by a Cloud Service Provider, can also damage an organization’s reputation, in spite of the many security control points in place. The Cloud and the Mobile can seriously affect organizations if not played on with caution.

In the U.K alone, financial losses from cyber -attacks has been estimated to be £27bn a year. With such high figures, corporate brands, business leaders, and entrepreneurs need to address this issue with extreme urgency, and put measures in place in order to be able to respond quickly and swiftly.

While facts draw a scarier picture of Mobile Cloud Computing environment, there have been many happily-ever-afters. By nature, the Cloud is no Oliver Twist. It is easier to adopt the Cloud, and with Mobile First strategies making successful rounds, the two had to offer something beyond independent solutions. The consonant relationship between the Cloud and the Mobile is an ode to that idea. However, the ease that Mobile adoption of Cloud offers to organizations, makes it one appealing prospect for them. Various organizations are now planning to move up their usage of Mobile-ready Cloud applications. Still, seventy percent of such businesses admit that they use applications that are sanctioned by their own I.T departments. This was found out via a survey of two hundred I.T business professionals on the adoption and relying security issues of Mobile-ready Cloud applications, and was conducted by OneLogic and FlyingPenguin.

The Present Era

We are all indulged in Cloud Computing today in one way or other, without even realizing it. For emails, messaging, online gaming and social networking and even for online tax forms, transactions, credit card payments and what not, this all has been a revolution that now has made “Mobility” a synonym with “Cloud”. However, this is only just beginning.

It is also known that usage of Cloud applications is carried out from nearly 80 percent of the smart phones, 71 percent of tablets and again 80 percent through non-organizational computers. Apart from hacks, data interceptions, it is high time for such masses to cite concerns regarding identity theft, governance or complexity.

Various companies do admit that their employees share credentials with co-workers for various Cloud ready apps through smart phones, and they experience employees being able to log in even after leaving the premises.

We know that the future is going to be held by virtual reins, all accessible through smart handheld devices. It is essential for organizations to inhibit the usage of unsanctioned apps and restrict the sharing of valuable credentials via Smartphones quickly.

It is no secret that organizations need to improve the security for their Cloud apps -not to mention, eliminating the usage of Cloud apps without their consent- and find solutions that are flexible and allow the on-premise addition of more Cloud apps.

The Solution

With constantly emerging new security threats, certain companies have also evolved their methodology in dealing with these risks. Now it is all about “digital hygiene” and according to research most of the companies are now employing a full time security teams. In the past, only 43% of businesses had adequate security measures. However, now more companies are heading to re-examine Cloud security in a more systematic way. However, many organizations still implement such security policies after an incident or because of a new regulation.

These days, many smart organizations are pursuing a rather three-dimensional approach in securing their Cloud architecture from breaches. Previously, businesses felt that only installing technical devices would suffice their security needs but they ended up being by passed all at once. However, now the key to security is diversified by 25% being the technical aspects, 50% being the internal organizational aspects and the rest being regulatory and legal. Here, utilization of various VPN services may also shine in securing your Cloud architectures when it is accessed via Mobiles, tablets etc. The high level encryptions that VPN provides are ideal to safeguard data transition via Mobile phones.  This 3d security protocol is what businesses need to rely on.

Afterwards, businesses also need to encourage training sessions for their employees to make them aware of underlying security threats and vulnerabilities. Organizations also need to manufacture stern I.T security rules, where they would be able to set parameters that could not be bypassed by human resource. Security management here, also need to be in complete coordination with their general management, and they must also remember to consistently update their existing security procedures.

Conclusion

There is no doubt that Mobile Cloud computing is not without any risks. However, with scrutiny and effort taken by the companies involved in this profitable prospect, these risks are addressable and manageable. Once such issues are solved, and companies empower themselves with the three legged security methodology, there I.T processes are sure to go smooth, in so doing, providing numerous benefits to the company.

Source: http://www.cloudtweaks.com/2013/04/where-does-security-stand-on-mobile-cloud-computing/

Did you like this? Share it:

10 Questions to Ask When Hiring a Mobile App Developer

10 Questions to Ask When Hiring a Mobile App Developer

If your company doesn’t have a mobile app yet, you could be missing out on a golden opportunity to tap into new revenue streams. Smartphones and tablets are where today’s consumers live. The majority of the 120 million smartphone owners in the U.S. use a shopping or retail app at least once a month, according to a recent Nielsen report. Yours could be one of them.

If you’d like a mobile app that lets customers buy your products — or simply access products reviews, videos or coupons — you’ll need to hire an experienced developer you trust to custom build it.

Here are 10 key questions to ask mobile app developers to help you choose the right one for the job:

1.Where can I find examples of mobile apps you’ve developed?
Qualified candidates should be eager to provide you with a list of apps they are personally responsible for creating — or at least played a major role in developing — complete with links to each in Apple’s iOS App Store, BlackBerry App World or Google Play, Google’s Android app store.

"That way you can begin to gauge whether or not they have the skills, experience and vision to produce the type of mobile app you’re looking for," says Chad Mureta, CEO of App Empire, a San Francisco-based app development firm, and author of App Empire: Make Money, Have a Life, and Let Technology Work for You (Wiley, 2012).

2. May I have a list of your current and past clients?
Unlike reading movie credits, there’s typically no way to tell who actually developed an app. This is why speaking directly with candidates’ current and former clients can be essential to verifying that the developers actually created the apps they claim to have worked on, Mureta says.

Checking references also gives you an opportunity to ask how reliable, responsive and results-oriented candidates are. For example, you might ask whether they delivered on deadline and within budget, and how well they work under pressure.

Candidates sometimes only offer references who have a favorable opinion of them, says Farhan Thawar, vice president of engineering at Xtreme Labs, an Ontario, Canada-based mobile strategy and product development firm. He suggests visiting a candidate’s LinkedIn profile to see if you have any professional colleagues or former co-workers in common. If you do, contact your mutual connections and ask them about their impression of the candidate’s experience, capabilities and work ethic.

3. What kind of smartphone do you use?
This question can provide insight into how passionate and knowledgeable a candidate is about specific mobile platforms, Thawar says. "If you’re telling me that you can build an app for an iPhone, then you should have an iPhone, you should be playing with the apps that you are building and also playing with other people’s apps on a very regular basis." The same goes for Android and BlackBerry.

4. How can my app make money?
If your primary goal is to generate revenue with your app, the developer needs to know exactly how to build in features that will allow you to make money. You could opt for a pay-per-download revenue model, charging, say, between 99 cents and $4.99, depending on how many features your app offers.

If you opt for a free app, be sure the candidate is well versed in how to integrate mobile display ads, in-app purchases or paid subscription services.

5. How will we communicate during the development process?
The quality of your app often depends on how clearly and often you communicate your app design and functionality requirements throughout the development process.

Does your app developer prefer to chat in person or via phone, Skype, instant message or email — and how often? Or does he or she prefer to interact with you using a popular project and task management system like 37signals’ Basecamp? How often will he or she provide you with status updates?

6. What kind of special features can you create?
Apps rarely grab consumers’ attention without truly innovative and useful features. Figure out the bells and whistles you’d like and then assess your developer’s capabilities. For example, can your candidate add 3-D gaming, social media sharing, GPS check-ins or product coupon elements to your app?

7. Who will own the mobile app?
Typically the individual or company paying for a mobile app will own the finished product, Mureta says. To be sure you own all the rights to the app you commissioned, you and the app developer should sign a written "copyright assignment" or "work made for hire" contract. The document should establish confidentiality and state that you own the app’s design, source code and all of its content.

8. How will you test my app?
Generally, the best way to test an app is simply to run it on the smartphone it will be used on. The candidate should provide a thorough explanation of how he or she conducts an extensive beta test to weed out any glitches. If bugs are found, how will the candidate fix them — and how quickly?

9. Will you submit my mobile app to app stores?
After you’ve approved the beta-tested version of your app, the last step is for the developer to submit it to an app store for approval to be sold there. App submission is often a long, multi-step process that your developer should already know how to successfully navigate.

10. What are your fees and payment terms?
Draft a written agreement specifying that you will pay the developer by the hour or with a flat fee. Most developers, like Mureta, ask for a one-time fee upfront. Others require a deposit at the beginning of a project, often for up to half of the estimated total cost, with the balance due when the app is completed.

The most basic mobile apps can start between $1,000 and $5,000, but you could end up spending many times more if you pay a developer by the hour. More complicated mobile apps, including ones that are database driven or involve 3-D gaming, can cost thousands more.

Source: http://www.entrepreneur.com/article/226270

Did you like this? Share it:

What’s so scary about test automation?

In every testing environment and QA lab today, management and engineers perform hundreds of thousands of repetitive actions and procedures when testing and validating components and infrastructures.  Ongoing proper execution of these actions is essential to ensure the quality of the network and products under test.

Unfortunately, when attempting to automate, most of these procedures are script-based and are difficult for others to reuse. So, every small change in an element or network layout may require editing of the script in multiple locations. When the question of automating these processes arises, more often than not test teams shy away from the subject.  “Once bitten, twice shy” equals reluctance regarding the possibility of creating user-friendly, cost-saving automated frameworks for even the most seasoned testing personnel.  Past problems could have been:

• self-developed automated systems that were so complicated that only the developing team could use them
• “automated” systems that relied heavily on “capture and replay” scripting that required tremendous effort for recording thousands of component-specific scripts.
• long automation projects that weren’t worth the development time expended instead of performing the actual testing work; and
• the overhead for adding and maintaining automation of new features grew over time until it was no longer worthwhile to continue to do so on top of the same framework

Despite these obstacles, there are ways to prevail over testing monstrosities and automate all or part of test procedures.

Conquer the fear
Through the development of basic building blocks that are repeatedly re-used to create test automation with little or no need for coding knowledge, test engineers can easily triumph over test automation horrors.  A simple “drag and drop” scenario enables test designers to design a logical flow chart and then manipulate actions without having to perform actual scripting.  Although the frameworks can be implemented differently, the below guidelines are commonly needed:

+ Test engineers must be able to build the automation on their own without involving code developers.

+ The time to automate testing of a new feature cannot be much greater than the manual testing time.

+ All the automated commands, parsing, reporting, etc. must be easily contained within re-usable and replaceable building blocks from which the automation process can be designed and built top-down.

This means that:
+ Changing a component or a small part of an existing layout will only require changing specific building blocks, not recreating the entire automation from scratch.

+ We can leverage the knowledge of our domain experts by letting others use their complex procedures packaged into simple building blocks.

+ The user interface should not vary regardless of vendor or component. All topologies, devices, interfaces, procedures, tests, regressions, results, reports and dashboards need to be supported within a single integrated platform.

+ Automation generates numerous data that must be easily aggregated from multiple tests, testers and stations and then filtered, grouped and tabulated according to test-specific requirements into a concise report.

Your ‘out of the box’ approach needs
For building successful test automation, we discussed the guidelines and now let’s define what we are looking for:

1. Usability.  This includes number of users, ease of training and how quickly it can be implemented

2. Maximum functionality.  Ability to support lab management, asset reservation and scheduling, device integration, topology definition and setup, automation development and execution, data collection aggregation and reporting and dashboards.

3. Flexibility and scalability.  Ease to upgrade and integrate new capabilities

4. Strength of the interface library.  The interfaces support all the device and application controls needed and can deal with steps that are not “out of the box.”

5. Vendor.  What is the vendor’s core business? Does the product have a roadmap, and how aligned is it with your requirements? What support can you expect? And perhaps the most important factor: What references of successful automation deployments does the vendor have?

In summary, test automation doesn’t have to be scary. Adopting the right approach can lead to great results.

Source: http://www.tmworld.com/electronics-blogs/test-voices/4410272/What-s-so-scary-about-test-automation–

Did you like this? Share it:

How to profitably develop mobile apps

Intel Developer Blog: Softtalkblog looks at how HTML5 can help increase market reach

Every now and then, I open the newspaper to discover another app and its inventor, who are both tipped for the top.

It’s always a joy to see independent developers getting exposure, and it carries that subtle lottery-like subtext: “It could be you!”. Sometimes the stories celebrate the mere creation of an app, but other times they report on an app that’s seen huge financial success. Who wouldn’t want a slice of that?

Obviously, there’s no golden formula to coming up with an app idea that resonates with everyone, but there are some ways you can maximise your profits, which is ultimately what counts. Turnover is vanity, profit is sanity, as the old saying goes.

It doesn’t matter how much money you bring in: it only matters how much is left at the end of the month, and that depends on how tightly you can control costs.

For most developers, whether working in an agency or self-employed, time is their biggest expense or opportunity cost. A lot of work goes in to creating an app, but that can be considered an investment, and can be recouped as the app is tweaked for use on different platforms.

There remains the cross-platform conundrum, the challenge of how you can profitably serve a market that remains fragmented across operating systems and devices. We can’t do much about the fragmentation, but we can do a lot about how we respond to it.

Software can only be sold to people who have compatible hardware, so one way to dramatically increase your market reach is to increase the number of devices your app runs on, and HTML5 can be a big help in this regard. It runs on almost any modern personal computing device, and with minor modifications and a browser wrapper, HTML5 apps can be put into app stores relatively easily.

HTML5 can help with tomorrow’s challenges too. When a new device or operating system comes to market, it represents a gamble for app developers. As it takes off, though, those who showed faith and migrated to the platform early are rewarded with huge sales.

We’ve seen it time and again on new platforms over the last five years or more. We don’t know what the next big platform will be, but we do know that anyone who has app code in HTML5 is likely to be in a stronger position to port it across, than someone who is locked in to code that is native to a particular device.

If you have code that’s currently written in Objective-C for iOS, you can migrate it to HTML5 for use on Android, Windows and other platforms using the free Intel HTML5 App Porter Tool Beta. It automates the conversion as far as possible, so you can focus on those aspects of your app that are more unique.

When creating new apps, developers should think about future-proofing their code from the start, and plan for an app to ultimately go across multiple platforms, including perhaps some that don’t yet exist.

It is possible to port apps by rewriting them, but it’s a slow process and most developers would rather not write the same app over and over again. Having HTML5 as a base at least means that there is a core that can be ported across relatively easily, even if some custom coding is required around the edges.

HTML5 helps you make more money in two ways: it opens up new markets, and it speeds up your cross-platform app development. It’s not ideal for every kind of application, but where it is a good fit, it should be the top choice for any developer that’s serious about making money. Find out more about HTML5 at the Intel Developer Zone.

Source: http://www.develop-online.net/news/43561/How-to-profitably-develop-mobile-apps

Did you like this? Share it:

6 software and driver update utilities compared

The update situation in Windows is dire: Other than a few drivers and built-in Microsoft-only programs, there isn’t a whole lot that Windows Update actually keeps “up to date.” As a result, users are subject to all the reliability, performance and security issues associated with aging drivers and applications.

That’s where software and driver update tools come in. These utilities promise to keep your Windows PC, laptop or tablet up-to-date — automatically.

We tested four software update utilities and two driver update utilities and rated them on update detection and ease-of-use.

None of the products was perfect, but in our testing, UpdateStar Premium Edition and UpdateStar Drivers came out on top because of their massive database and well-structured user interface.

Software updating is a messUnless you’re part of a big enterprise infrastructure with PC lifecycle and patch management solutions, third-party software and driver updates are a messy business. Here’s why:

A lot of the larger software developers, such as Adobe, Google, Microsoft, etc. install their own update mechanisms along with their software. They’re either being run as startup items, background services or scheduled tasks.

And the number of background updaters grows with the number of programs installed. (According to UpdateStar, their average user runs 80 applications.) So you can expect to eventually be dealing with A LOT of updaters, each of which runs on its own schedule.

Despite keeping my system squeaky clean, I’m getting at least one notice per week. That’s happening either when I’m working (ugh, those annoying balloon-tips) or when I launch an application that’s not up-to-date.

While there’s not much of a performance hit, the more updaters you’ve got pinging your hardware, the less you’ll get out of your laptop’s (or tablet’s) battery.

And to make matters worse, these updaters aren’t even particularly reliable. While it’s certainly a good intention of some update tools to not constantly check for (and download) updates, this also means an increased risk. There will be a period of time — several hours up to a couple of days — when a fix isn’t available via the built-in updater.

All in all, relying on built-in updaters is a poor attempt at keeping your PC up-to-date. It’s time for a better approach.

The update utilities reviewed here will routinely scan your system for available updates, give you an at-a-glance view of all upcoming updates, and get you quickly to the downloads. But best of all, they’ll give you the ability to turn off all of the currently running individual update tools and just use one solution for all.

Source: http://www.itworld.com/software/347798/6-software-and-driver-update-utilities-compared

Did you like this? Share it:

To build trust in cloud engagements, ask these 3 questions

There’s a paradox at play here: The cloud is generally agreed to offer significant potential. Yet, some businesses are failing to tap into the huge opportunities offered by cloud computing due to a lack of trust.

In a  recent global survey of 360 businesses by Knowledge@Wharton and SAP, 67 percent cite “security breaches and data losses” as their main cloud computing concern. This concern with the cloud is similar to when the personal computer was introduced. Large companies resisted its deployment for a long time due to questions about security, costs and more. Deployment spread only after PCs started being purchased by CEOs, and IT organizations had to figure out a way to integrate them successfully.

Information is powerful weapon in the battle to eliminate cloud concerns.  The following are three questions business and IT leaders should ask before moving to the cloud:

1. What laws should govern my cloud computing technologies?  There is a complex legal regulatory environment surrounding cloud computing that both customers and providers need to consider. In the United States, there are industry-specific laws governing the cloud computing environment. In certain domains, such as medicine and banking, stringent legal and policy frameworks, not unreasonably, constrain the ways in which data may be treated.

For example, under the Health Insurance Portability and Accountability Act (HIPAA), there are three security safeguards required for compliance: administrative, physical and technical. The act establishes privacy and security standards for the use and disclosure of certain health information in electronic form and transaction standards for the exchange of health information. Additionally, the Gramm-Leach-Bliley Act (GLBA) requires financial institutions storing data in the cloud to annually notify each customer about the personal information they’ve collected, where that information is kept, how it is used and how it is protected.

Approaching security for the cloud requires a master plan using the requirements from industry-specific laws. Understanding federal, international and state laws governing cloud computing will help companies ensure legal compliance and enable customers to gain confidence in cloud security.

2. How can I ensure my provider is complying with industry best practices?  Companies need to create a set of rules and policies that govern the terms and conditions for consuming cloud resources (the compute, storage, and network). This is called the orchestration layer. Without this orchestration layer, adherence to service-level agreements (SLAs) and the capability to manage the creation, activation, and ongoing support of all the resources is at risk.

Clear and well-defined SLAs are the best way to make sure governance can be integrated into the customer’s organization. Customers can include regular audits by 3rd party organizations in their contracts to ensure the provider complies with best practices and any legal obligations. Additionally, POC testing is mandatory: companies should go into deployment with no questions unanswered. Customers can also explore “try and buy” options and have “opt-out” languages in the contracts.

3. How can the cloud benefit my business today and in the future?  The Knowledge@Wharton/SAP survey shows 87 percent of businesses believe cloud computing will transform their business or industry, and 47 percent see cloud computing as a driver for innovation and differentiation. There are a number of reasons for considering a move to the cloud, but the most compelling is the ability to lower total cost of ownership and the flexibility it gives businesses to work on strategic initiatives.

Cloud implementation is much more straightforward than traditional software. There is a fixed fee, so companies know exactly how much they’re going to pay each month or year depending on the model. Cloud vendors usually price based on a per seat model. This allows companies to add or subtract users without additional infrastructure and staffing costs.

Another cost-benefit factor is the value of agility – the ability for businesses to quickly respond and make changes to meet dynamic circumstances. For example, if there is a business need for a new system, companies can simply provision the resources required from public cloud providers. This process is much easier than configuring and hosting hardware and software assets.

Source: http://www.zdnet.com/to-build-trust-in-cloud-engagements-ask-these-3-questions-7000012763/

Did you like this? Share it:

Automated applications deployment: DevOps, no matter what you call it

When it comes to automated applications deployment, is DevOps is a reality for most teams — or just a concept that gets a lot of attention?

There is a new understanding that one size does not fit all when it comes to the business of automated applications deployment. The historic context that puts the responsibility for change and release management in development or operations was in part a response to the needs of the business long ago and to the personalities of the players of the day.

Today many different forces are placing new demands on change and release management, which are stretching traditionally organized teams in a myriad of ways. There is pressure from the development team to reduce controls around code moving from development to unit testing, to user testing, to system testing, to staging. And there is pressure from the business side of the organization to reduce cycle times to keep pace with competitors. In addition, business is making demands around governance and auditing, asking for greater visibility, accountability and traceability.

Whether we call this DevOps or not, all of these things fall under the DevOps umbrella. Software change and release management all over the world has become increasingly important to how organizations conduct business.

Let’s look at the continuous delivery movement. This developer-driven trend automates the movement of code from stage-to-stage of the lifecycle. It automatically provisions the target platforms and requires little human intervention. We trade control and oversight for automation and standardization. The result is that code travels much further down the path to production before anyone intervenes with human checks and balances. This process is much more efficient than keeping developers and testers waiting for changes to move along the process.

How about the mythical "emergency" process? All organizations are experiencing our unplanned code changes — or patches — that are slipped in the at last minute as business demands. What was once about the rare need to remediate a broken technology is now the daily norm for business-critical changes. Unmanaged and unplanned, these kinds of changes will lead to chaos. That’s not something we associate with change and release management.

So, in today’s high velocity world, where revenue generating apps might undergo several "turns" of changes every month, there is a renewed focus on release management.

Source: http://searchsoftwarequality.techtarget.com/answer/Automated-applications-deployment-DevOps-no-matter-what-you-call-it

Did you like this? Share it:

Cloud Computing And Banking Security

Individuals which still worry about cloud security, are those that fall under the financial institution category like banks, brokers, lenders and the like. They do not trust third party cloud computing providers and vendors, at least not with their most sensitive information and data. They might use cloud computing for some things like websites and applications that they think they can risk security with, but they would never consider parting with direct access of their financial and other similar data.

The biggest reason behind this is simpler than most would imagine as it has something to do with numbers and probability, thought they probably would not admit it is something as basic as that and would rather cite some technical issue like migration and data integrity. Those are valid points, but they are not truly even problems. With ease and security of data migration through cloning and inter-server data transfers with services like Cloud Velocity, migration is truly a no pain no worry process. The real reason as I have said is the probability of a successful attack. Government systems and financial data systems are under attack multiple times a day, and a sizeable majority of these fail at the first lines of defense. The probability of a successful attack is always real, and this probability of success increases as the number of attempts increases.

When data systems reside behind closed and secret doors, very few people will be able to access it, never mind knowing about it. However, the moment that data resides in the cloud, a sign bearing the words “Step right! Take your chance to earn millions of dollars!” goes up as well; it is inherently an invite to all attackers of all skill levels to at least try. Inevitably the success of an unscrupulous individual/s will prevail. A basic analogy would be to keeping a jar of cookies on a high table when there are a lot of kids around as opposed to keeping it out of reach and out of sight inside the cupboard.

In this case, it’s not a matter of technology but a matter of probability. No matter how advanced your security measures are men can open locks that are made by other men, it is best to keep those that try to a minimum.

Source: http://www.cloudtweaks.com/2013/02/cloud-computing-and-banking-security/

Did you like this? Share it:

Software Testing is not a commodity!

Stick in software testing long enough, and you will see enough ideas come and go to be able to sort out the ones that look promising to work, and the ones that you just hope will go away soon enough so that no manager will pay any of her attention to it. There have been quite a few in the history of software testing, and from my experience the worst things started to happen every time when someone tried to replace a skilled tester with some piece of automation – whether that particular automation was a tool-based approach or some sort of scripted testing approach.

Why do we test software?

If we were able to write software right the first time, there would be clearly no need to test it. Unfortunately we humans are way from perfect. Take for example the book I wrote mostly through 2011. 200 pages, lots of reviewing, production planning, and stuff happening in the end. And still, while reviewing the German translation, I spotted a problem in the book – clearly visible at face value. I had spend at least 2 weeks after work to go through the book once more, and get everything right. Yet, I failed to see this obvious problem.

The problem lies in our second-order ignorance: the things we don’t know that we don’t know them. These are the things of good hope, and prayers that it will work. Murphy’s Law also has a role to play here.

The very act of software testing then becomes to find out as much information about our unawareness as possible. This includes not only exercising the product, but also finding out new things about the product. Skilled testers learn more about the product and the product domain and the development team over the course of the whole product lifecycle.

Why do we repeat tests?

But how come we focus on regressions to often in our industry? It has to do with first-order ignorance. A regression problem is a bug that gets introduced a second time, although it already had been fixed in the meantime. Since we were already fully aware of the problem, the bug is no longer something that we don’t that we don’t know it. It has become something that we know now, but we don’t know whether we will know it still tomorrow. That’s why we introduce a regression check for tomorrow, so that it will remind us about the problem that we tried to avoid at this time.

Read that sentence again. Yes, it’s speculation. We speculate that we might break the software tomorrow again. With this speculation comes a whole lot of costs. We have opportunity costs for doing the test, for automating it, and with every run, we have the opportunity cost of analyzing the result (if we have to).

We wouldn’t need this if we were able to realize that a regression bug introduced in our software is an opportunity to learn what is not working in our current process that caused that bug to re-occur. Every regression bug discovered should be an invitation to start a root cause analysis and fix the underlying problem rather than deal with the symptoms.

Source: http://www.shino.de/2013/02/04/software-testing-is-not-a-commodity/

Did you like this? Share it: