Skip to main content
March 25, 2015

Agile Adoption Is the Winning Choice for Secure Software Development

Agile Adoption Is the Winning Choice for Secure Software DevelopmentWhen it comes to product development today, Agile adoption is more important than ever. That's because Agile allows for the quick design of robust applications that are resilient to cyberattacks. In many cases, traditional waterfall development doesn't cut it, because it necessitates significant effort and numerous time-consuming steps. And since you don't typically get the opportunity to revisit phases in waterfall development, the method requires perfection the first time around — which can be nearly impossible. Agile adoption can help overcome these difficulties and speed up development phases.

Due to the rapid, dynamic nature of the threat landscape, security requirements can change quickly during a conventional development lifecycle; in some cases, that can require a complete application review. Secure Agile development revolutionizes the app development process by splitting it into small, objective tasks called "stories," which are driven by a subset of the requirements. Much of Agile's success within a firm depends on its ability to define those stories in a way that speeds up software design, allowing its system the flexibility to respond to changing requirements.

In an article from Techgoondu, Bryan Tan, regional vice president for Asia at Rally Software, discusses Agile development and the hurdles organizations in the Asia-Pacific region face in adopting it. Here's a closer look at the methodology, its struggles in the Asia-Pacific region and possible solutions for firms looking to embrace it in the future.

Secure Agile Development Methods

There are several secure Agile development methods that vary in scope and focus on different aspects of the software development lifecycle. Common secure Agile development methods include:

  • Agile modeling
  • Dynamic systems development method
  • Extreme programming
  • Feature-driven development
  • Lean software development
  • Kanban
  • Scrum
  • Scrumban

In some of these methods, the emphasis is on the actual framework of software development (e.g., Scrum); others, such as Kanban, are "more process oriented," says Tan. "Whichever method they choose, teams usually take two to four weeks to deliver an iteration of a working product. Then, they refine the product and come up with the next iteration."

Agile Adoption Hurdles

According to Tan, the biggest challenges for firms in the Asia-Pacific region include the fear of failure and a lack of coaches. "People are just too busy with their daily work to come out of their regular jobs and projects to help teams become Agile," he contends.

But there are other reasons why Agile adoption could be challenging, including size. For organizations that manage huge projects and involve large distributed teams, adopting applications designed to track the progress of numerous stories is crucial to success. Large-scale projects represent the majority of the activities conducted by many companies operating worldwide. To stay competitive, it's essential that these firms have the ability to quickly respond to changing requirements.

Beyond the realm of software development, Agile can represent a significant change of mentality for an entire company. Agile managers must empower their development teams so they can organize their own work and continually provide their firms with feedback.

A truly Agile organization will adopt the methodology in every department, from strategic planning, to marketing and even human resources. That approach could prove difficult for firms whose processes are based on strict rules and procedures; companies that struggle with Agile adoption will face problems — specifically in negotiating resources and budgets for Agile products — if they are not able to properly define and manage stories.

Ensuring Agile Success

Projects following a secure Agile development model are approached in a different way than many firms are accustomed to. Successfully adopting the methodology depends on several factors, including the project managers' abilities to improve communication and coordination among project participants.

Code refactoring, another principle of Agile software development, involves simplifying and clarifying existing code without changing the way it behaves. To be successful, Agile development teams must have the skills (and put in the effort) to maintain, extend and continually refactor code to maintain its overall integrity.

Agile firms must also be customer-oriented, meaning their projects actively involve customers. That enables firms to quickly and efficiently produce quality products that meet consumer needs, and it reinforces the relationship between customers and suppliers.

Agile is widely adopted in the United States (and elsewhere) by both private companies and government entities. Take, for example, the US Department of Defense (DoD), which is adopting Agile as part of its new program of "DoD IT Modernization." The DoD's efforts are supported by Dr. Jeff Sutherland, CEO of Scrum, Inc. and an inventor of the Scrum software development process.

The shift to secure Agile development requires hard work and commitment to be successful. But once a firm adopts a truly Agile mind-set, the benefits make that effort worthwhile.

Photo Source: Flickr

Pierluigi Paganini is Chief Information Security Officer at Bit4Id, Editor-in-Chief at "Cyber Defense Magazine," a member of the DarkReading Editorial team, and a regular contributor for major publications in the cyber security field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, and The Hacker News Magazine.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.