Under the Radar: Why are Security and Testing Still an Afterthought?

With breaches frequently making headlines, security is top of mind for every organization. So why, when it comes to software development, is security and testing often deprioritized?

security-software-testing

In the software development world, developers are faced with a breakneck release schedule and tasked to produce applications quicker than ever. Customer purchasing decisions are complex and change constantly, meanwhile online business shifts are forcing business owners to demand feature-rich mobile and web applications.

All of this is a result of the continuous goal of transforming businesses for them to survive in an ever-evolving and increasingly digital economy.

With this uptick in the need for the digital delivery of services, the added pressure on software delivery teams to get the product out the door as quickly as possible is causing them to rush or even miss out on two critical elements of the process – security and quality testing.

Under the Spotlight

Nowadays, many of us rely on software applications as part of our daily lives, be that in a business or personal capacity. Our interactions with mobile and web apps have become a window into the brand we are using and a means by which we rate them and how often we use them. Using an application that is slow, difficult to navigate or has a poor UI is frustrating and can cause users to swiftly move on to a more digitally competent rival.

Alongside functionality, the security of an application has never been under the spotlight as much as it is now. With data breaches and hacks from bad actors frequently making headlines, security is top of mind for every organization.

So why when it comes to software development, are these two crucial fields so often deprioritized?

Re-aligning the Silos

There are many reasons why security and quality testing are dismissed or overlooked in the software delivery process. The problem is not that they’re disregarded altogether, but they’re often worked on separately and not given the time they require.

The main reason, and the one businesses should be looking to address, is that software development teams work in silos. It’s very common for each team, be that the DevOps, Agile, quality or security team, to look at the product with a blinkered view and only focus on their own role or area before passing it on to the next team.

The issue with this way of working is that it’s inefficient. For example, the product could go through all the necessary processes and be signed off at every step, to then reach the security team who find a vulnerability, causing the product to be passed back and reworked before it can be signed off again. Consequently, the teams suffer unnecessary delays and the development lifecycle and ultimate delivery time to the customer are lengthened.

To avoid the same fate, software development teams need to break down the silos and start focusing on delivering value from the start of the lifecycle. The only way to do this effectively is to put an emphasis back on security and testing and include them as non-negotiable pillars of software development.

But how can they do that?

Enter Value Stream Management

One effective method for helping organizations to break down silos is by adopting the practice of value stream management (VSM). The concept of this practice is centered around creating a unified, collaborative approach that improves the value of each part of the development lifecycle. In other words, the ethos behind VSM is that if teams and products cannot communicate, it is difficult to build a great product.

VSM is a great way to bring different disciplines and departments together, offering the unique ability to integrate tool chains effectively, rather than leaving them siloed.

Organizations adopting VSM approaches have seen extraordinary business improvement across a wide range of industries with Gartner predicting that “by 2023, 70% of organizations will use Value Stream Management to improve flow in the DevOps pipeline.”

When it comes to security and testing, VSM provides the means to infuse the two fields, from development to delivery. Not only does this result in a more secure and better-quality product, but it also enables development teams to better understand the risk certain changes pose earlier on in the development process, giving them time to pause and scrutinize any change they deem risky rather than only assessing the final product.

The Future of Software Development

Although the efficiency and value of development can be enhanced through VSM, any gains achieved can be thwarted when security and quality are not included as a core focus. When the two are treated as follow-on activities, it is impossible to create a unified lifecycle and deliver the right product at the right time. The good news is that we are seeing a change in how customers structure their software development processes. Many are increasing the involvement of R&D teams in securing the products and quality assurance is being incorporated in R&D processes as well. Overall, we are already witnessing a shift left when it comes to security and testing but by adopting a VSM approach, development teams will be able to take this to a new level.

No matter where they sit within the software delivery process, with the world relying on so many software applications, security and testing need to be labeled as priorities, not afterthoughts or nice-to-haves.


SHARE

As General Manager of Security, Aviad Arviv brings more than 20 years of experience in global operations and business development to Digital.ai. He joined Digital.ai following its acquisition of Experitest, a leading provider of mobile and web application testing solutions, where he served as Chief Revenue Officer. During his career, Aviad has been instrumental in overseeing revenue growth in sectors including DevOps, Cyber Security, and Media. Previously, he held senior leadership roles at companies including NorthBit Cyber Security, where he served as COO, and Perion, where he was VP of Monetization.