Posts Tagged ‘Process’

Agile Approach to Secure Collaboration Software

April 21, 2009

As a business software company, we need to take security very seriously. As an Internet services company, we also must be agile to survive. Agility in software development and security often conflicts with one and the other. Agility involves rapid iterative development of new functionality. Securing a system involves being rigorous about securing functions and data through detailed designs and reviews, which normally slows down an agile process. Agile methods come with several weaknesses from a security point of view:

  1. Lack of sufficient documentation for proper security reviews.
  2. Iterative life-cycle that makes is hard to determine when to conduct reviews.
  3. Re-factoring which means code can change radically in the middle of a development cycle.

In order to meet our objectives, we have defined our process based on Agile methodology (we use scrum), but with some augmentations to ensure we consider security throughout the process. This makes security part of our DNA, but also enables us to work in an agile and efficient way. We base our augmented process on an analysis by Beznosov & Kruchten[1], who analyzed the mismatch between Agile processes on one hand and processes for delivering secure software on the other.

Even though we strive to work according to an agile process, we do produce some specifications as part of the process. We normally create interaction designs and product requirements as a starting point for a sprint. Product requirements are short stories and if necessary a more comprehensive description of the functionality.

If the functionality is complex, we further create a engineering requirements document (ERD), which spells out the different trade-offs from an implementation and architecture point of view. An ERD may become obsolete as we continue iterating, but since ERDs are documented as wikis and discussions related to wikis, they tend to stay fairly updated. In particular, we keep the security aspects of the ERD updated. The important role of the ERD is to ensure that certain aspects such as security and scalability are considered closely as part of our iterative development process. It is also something that can be reviewed and be used as a basis for security reviews.

We have identified a few points in our process where we conduct reviews from a security perspective. We try to do things multiple times and our experience have shown that we get best results if we conduct the review after initial PRD (during ERD, if it is needed) and at the end of the sprint. Philosophically, I compare this to the end-to-end argument in distributed systems design, which argues that certain checks are best done high in the communication stack.

Finally, we have a security gate keeper in the project. The gate keeper has the role of continuously challenging designs and implementations from a security perspective. This role has been particularly useful for us.

The following table summarize our augmentation of agile processes to ensure we develop secure enterprise software:

Aspect Problem Our Approach
Documentation Lack of appropriate documentation to understand security problem and approach. We scope requirements before a sprint to identify security requirements. If complex functionality, we create a living (wiki) document called ERD that is the central point for all important design and architecture decisions, in particular security. It is central point in the sense that some aspects are described in related discussions and files, rather than the wiki itself.
Life-cycle In agile processes it is difficult to find the right time to inject security reviews etc. We have a role in the project called the security gate keeper. (The Scrum Wizard)
Re-factoring Code can change radically several times during the course of a sprint. We apply the end-to-end argument in software engineering context. We review when first version of ERD is produces, and at the end of a sprint. In between we allow re-factoring.

I am sure other software companies deal with this in other ways and would be interested in hearing more about how you approach it?

[1] Beznosov, Konstantin & Kruchten, Phillipe. “Towards Agile Security Assurance,” 47–54. Proceedings of the 2004 Workshop on New Security Paradigms. White Point Beach Resort, Nova Scotia, Canada, September 20-23, 2004. New York, NY: Association for Computing Machinery, 2005.

Tags:, ,
Posted in Enterprise, GroupSwim, Technology | Leave a Comment »

The Killer App That Is Killing Us

May 28, 2008

Email changed the world for business and consumer alike. Imagine it; a cheap and easy way to communicate with each other without using voicemail, fax, or the post office. While a boon for business communication, email has significant flaws that we continue to live with today. So, what’s wrong with email?

  • Limited ways to prioritize what deserves reading or replying – can be overwhelming
  • Search on most email clients is terrible – can’t find what you need
  • Knowledge in emails limited to people participating directly – no good for future team members
  • Used to collaborate – something it was never intended or designed to do

There are ways dodge these problems, but they require installing additional tools and using clever processes. This is fine for people with the time and knowledge, but most don’t have either.

The unfortunate truth is email is the lowest common denominator for business communication, and it isn’t likely to go away anytime soon. You would be hard pressed to name any mid-sized to large business or enterprise that doesn’t significantly rely on email. Other forms of communication are beginning to emerge like RSS, context specific messaging systems like LinkedIn or Facebook, text messages, Twitter, etc.. However, email is here to stay for the foreseeable future.

So what do you do about it? For one, come to grips with this “fact” and build product and process to take advantage of it. For example, one of our design assumptions is what we build must be accessible through email. We have customers who rely on email and always will. We prefer they come directly to the application, but a percentage of them won’t so we need to give them the tools to participate anyway.

From a process perspective, you need to take the information locked in emails and do “something” with the emails that contain meaningful information for the whole group. The few hours this exercise/process costs you on a regular basis will pay meaningful dividends in the future. There is really good stuff in emails. Unfortunately, it takes work to identify the good stuff, save it for others, and find it when you need it. How do you and your company use email these days? What works and what doesn’t?

Note: This a blog post I did for the Enterprise 2.0 Conference Blog that I’m cross posting.

Tags:, ,
Posted in Methodology, Strategy, Technology | Leave a Comment »