Digital transformation: the security risks
Digital transformation: the security risks 150 150 Tom Kington

For many businesses digital transformation means making desktop systems mobile and adopting initiatives that make it easier for staff to work such as single sign-on (SSO).

There’s no doubt that giving staff and customers access to your applications whenever they need them improves productivity and drives engagement. But at what cost?

The benefits of digital transformation often sell themselves. And as much as we love the opportunity to build innovative digital solutions, it is prudent to outline the risks of technology that promises to help you work better.

Mobile apps and the promise to work on the go

Offline capability is the key here: the ability to work seamlessly with or without an internet connection. Staff on the move won’t necessarily have connectivity all the time but they need to retrieve and update data from central systems. The bonus is doing all this from any device. That way your business also saves money on hardware costs.

HTML5 drives offline app development

One of the ways to achieve true remote working is to build a web-based application using HTML5. Your app will be device-independent and feature the ability to push and pull data automatically as soon as an internet connection becomes available.

Although HTML5 technology is ground breaking in the area of mobile technology, there is risk to security. Systems that are web-based need robust security measures to mitigate against cyber-attacks.

This is because data has to be stored locally to make your apps work on any hardware. The data remains stored on the device being used to access the app until it can be transferred back to your central system. The challenge is that currently there is no standard way to encrypt locally stored data. And this puts your data at risk.

A way around the issue would be to develop native Android, iOS or Windows apps dedicated to one platform. However this will almost certainly incur a hardware cost as tablets or smartphones will need to be supplied to your workforce.

The risks of single sign-on authentication

People love SSO because it saves time. Users don’t have to remember different passwords for different systems. The IT team love it because it reduces the burden of resetting passwords all the time. And with pre-populated profile information also available, SSO really delivers a good experience.

The challenge for an SSO deployment is user behaviour; especially when combined with access to data on the move. If users leave their browser unattended all apps using that sign on, are exposed. Staff need to be educated to lock devices and set up pass codes.

Furthermore, SSO solutions generally assume the user’s email account is secure. So password reset links will be sent to it. This means that any compromise of the email account could risk compromising the SSO account and all accompanying applications.

Overcoming the security implications of SSO

Alongside educating users, there are technology developments that reduce the risk of data breaches associated with SSO.

One example is Microsoft’s cloud-based software. It facilitates central management of SSO applications as well as the devices being used by your staff. iOS and Android now provide the ability to encrypt data when devices are locked so that private information, remains private. The encryption key is either the users’ pass code or thumb print, further improving security.

For many businesses the benefits of digital transformation can far outweigh the risks. To discuss your technology challenges, get in touch with us today.

How to integrate UI and UX into software development
How to integrate UI and UX into software development 150 150 dan.macduff

How to integrate UI and UX into software development

09/10/2015

UI and UX Integration.jpg

Anyone that’s been involved in a software development project will know that they are the sum of many parts. When those parts come together, beautiful things happen; your systems are not only meeting your business needs but users enjoy using them.

In order to achieve this goal, increasingly you need to be deploying multi-disciplinary teams that include User Interface (UI) and User Experience (UX) designers (read about the difference here). The extent to which UI and UX is integrated into software development projects varies from company to company. In some cases education is required to ensure you retain UI UX throughout the software development life cycle.

The importance of UI and UX in the software development life cycle

Despite how thorough the design specs and requirements gathering, there are usually unforeseen events which either limit the functionality of your system or require additional features to be added. Progressing with changes during the development without involving the UI and UX experts could lead to disjointed end solutions with an inconsistent look and poor usability.

5 tips for integrating UI UX into your software development methodology

1. A consultative approach

From writing design specs through to development and testing, the UI and UX team will be advocating the needs of the user which can sometimes be lost after the initial stages of development if the UI/UX contract ends here. Maintaining UI/UX skills on a consultative basis can work well here to ensure that any changes are kept in line with the original design spec as well as the system requirements.

2. Concepts and prototyping

UI/UX experts are skilled at dissecting complex information into visually appealing and usable designs. Their solutions are best brought to life by prototyping elements of the system or drawing up concepts which can be used by developers and also be subject to early testing, particularly in agile projects.

3. Cultivate a culture of transparency

It is important that developers understand the UI/UX thinking and that UI/UX can understand the developer’s constraints. Developers need to know the challenges faced by the users and designers need to make sure they are thinking of clever ways to overcome any technical obstacles. Open communication and regular discussion is key to producing the best outcome for all stakeholders.

4. Integrated testing and quality assurance

In theory your testing team should be able to write their test scrips by referencing the original specification documents. Thorough requirements gathering including user surveys and persona analysis by the UI and UX team should result in testing being better aligned to business and user needs.

5. Consider agile techniques

UI/UX professionals are critical in the agile software development process. You should consider using aspects of the agile methodology which promotes involving both designers and developers at every stage of the development. This should ensure that the system is being checked against the original wireframes and prototypes to build a well-design user interface that truly engages users.

To achieve the best results from your software project, creating multidisciplinary teams is a must. For further help or to integrate our UI/UX team in your next project, why not talk to us today.

Why write good software documentation: five key benefits
Why write good software documentation: five key benefits 150 150 dan.macduff

Why write good software documentation: five key benefits

When you get something new, do you ever have that eureka moment of not realising what you’ve been missing out on? It feels good, right? And that’s exactly how our clients feel when we help them document their systems.

Often clients approach us because they need help supporting a complex bespoke system or want to make changes to it but their developers don’t understand the underlying structure or code. They may also want to integrate new software but fear the old system will break. System documentation is what holds the key to overcoming all of these challenges.

5 important reasons to have good system documentation

1. Anyone can understand your software

Although common programming languages are used for software developments it is often the case that individual developers will create lines of code with narrative. This narrative will not always make sense to others which can time for future developers to decipher. Clear and concise system documentation provides a single source of truth for developers

2. Flexibility for future development

The system being documented means you are not tied to the original developer or supplier if future developments or enhancements to the system are required. Well documented systems will also save time and reduce errors in future if you need to integrate with other business applications.

3. Understand the compatibility of your IT systems

Often when a system is developed it will have specific requirements for compatibility whether this be in terms of access device or server technology. These requirements can sometimes change over time so it’s important that you are aware of the systems compatibility – not knowing could mean a move to a new server that the system won’t work on.

4. Retaining control of your IT

Without documentation you could be at the mercy of the supplier or developer that originally built the system. Clear documentation means you retain control. At any stage in the future or even during the development process itself, another supplier can take over.

5. It’s full cycle

System documentation is critical throughout the software development life cycle. Thorough documentation should exist from architecture and design to the technical aspects and source code to user processes and procedures. That way you’ll always know why the system was developed and how.

If you’re concerned about the health of your system documentation or want to check that it will sustain your future plans, get in touch with us today.

Four options for managing legacy systems – the pros and cons
Four options for managing legacy systems – the pros and cons 150 150 dan.macduff

There will come a point, in most IT departments, where legacy systems will become a nuisance. But this can be resolved with a bit of guidance.

In fact, all it takes is an evaluation of how complex your IT environment really is, and from here, you will be able to determine which of the following solutions is most fitting. We take a look at the pros and cons of each solution so you can measure how this will fit into your department.

1. Decommission the system

Although it is rare, a legacy system won’t always be required due to structural changes such as an acquisition. Decommissioning the system is therefore an option.

Pros

  • Decommissioning the system can be done with minimal cost and resources.

Cons

  • Before going ahead with this, it is imperative that firstly nothing relies on the system.
  • A restoration plan must be put into place, to account for mistakes in the assessment process.
  • Training may be required to ensure that everyone involved fully understands the process and reasons behind the decommission.

2. Re-write in a new technology

Although it can be an intimidating task to instigate a re-write, for most situations the pros will outweigh the cons:

Pros

  • Opportunity to highlight and correct problems.
  • Freedom to add new features which would further build on your competitive advantage (which weren’t previously possible due to design issues or lack of knowledge).
  • Convenience of a modern technology, making it easier and more cost effective to support and maintain.

Cons

  • A large investment which will require tight budget control.
  • User training will be required to use the new system.
  • Staff resources will need utilising for effective project management.

3. Migrate to a packaged application

A reassessment of your business requirements may establish that a packaged solution could adequately meet your needs. Here are the arguments for this solution:

Pros

  • Less work will be involved and the system should be well supported.
  • The legacy system will be completely removed.
  • You will benefit from future package upgrades.

Cons

  • You may have to adjust business processes to suitably accommodate the system.
  • Scalability may be restricted.
  • Integration with other systems could be difficult.
  • You won’t own the Intellectual Property Rights (IPR) preventing further development and the opportunity to potentially sell the systems to other businesses as an alternative revenue stream.

4. Maintain the existing system for the foreseeable future

Should your system be likely to be decommissioned in the near future, this could be an ideal solution. Here’s why:

Pros

  • No or limited expenditure involved.
  • If the evaluation doesn’t highlight any glaring issues the risks are minimal as nothing will change during the interim period.

Cons

  • In-house skills to maintain the system may be limited, putting the business at risk.
  • If business needs change or the timescales for decommissioning the system are extended, the system may fail to meet requirements.

Talk to us to discover how we can help you overcome the issues of legacy systems.

150 150 dan.macduff

MicrosoftNETBusinessBenefits- Aug 13.png

Microsoft began development of the .NET framework in the late 1990s to enable application development primarily for the Windows platform. Originally called Next Generation Windows Services (NGWS), the framework morphed into .NET when version 1.0 was released in late 2000. The current version, .NET 4.5 was launched in August 2012, just over five years after the previous major release of 3.5.

The decision of whether to upgrade your application is not an easy one. It is fair to say that the end user is unlikely to notice the difference between framework versions but the changes are noteworthy and could bring significant benefits to your application, and organisation as a whole.

.NET 3.5 to 4.5 – reasons to upgrade

The new features and updates in .NET 4.5 are vast but rather than launching into the technical world of BigIntegers, garbage collection and minification we are just going to focus on the overlying business benefits. However, if you would like to view an in-depth review of all the key features visit: http://msdn.microsoft.com/en-us/library/ms171868%28v=vs.110%29.aspx

Reason 1: .NET 4.5 gives better performance

Microsoft has added a number of features to improve performance. Those which we found most interesting are:

  • Better memory resources – the latest upgrade has improved the speed in which an application allocates and releases memory. Previously an application could become sluggish whilst ‘cleaning up’ the memory but this process has been separated from other aspects of the application to greatly enhance its performance.
  • Parallel computing – the latest version introduces a new programming tool called parallel computing which gives the application a great deal more capabilities to perform operations simultaneously, thus increasing performance.

Reason 2: .NET 4.5 is easier to develop and support

The updates and additional features in .NET 4.5 will simplify the process for your developers. Changes such as the introduction of web forms and MVC to jQuery will save time during the development process and the simplification of other aspects will enable the support team to fully understand the application quicker. As a result, less time should be required for both development and support.

Reason 3: .NET 4.5 provides improved security

There have been numerous changes to the security of .NET 4.5 which has ultimately improved security for the end user whilst also introducing new security methods which simplify the process for the developer.

Is it time to upgrade your .NET application?

As well as weighing up the benefits of the new features against the cost and time required to upgrade your application you must consider its longevity. For example, will your application be required for many years to come and likely require future development? If so, it could be worthwhile upgrading now while the application is more manageable.

If you anticipate a need for developing future Windows 8 applications the Windows Store may be of particular interest. The Windows Store provides a new opportunity to distribute and sell apps and there are many new development options in .NET 4.5 which will help your developers build compelling Windows Store Apps. The latest version of .NET also embraces HTML5 and CSS3 and has introduced many other improvements which further enhance app development.

In contrast, if you have applications which target Windows XP or Windows Server 2003 you will not want to upgrade because 4.5 does not support these operating systems.

Talk to us to discover how we can help you with your .NET applications.

Which is more secure – ASP.NET or PHP?
Which is more secure – ASP.NET or PHP? 150 150 Simon Hollingworth

The differences in the innate security of ASP.NET vs PHP come down to the scope of what functionality and features are provided by either technology. Fundamentally, the security of a web application is dependent upon the implementation, but the technology used to implement that website will impact the amount of effort required to write secure code.

Microsoft’s ASP.NET provides a full stack of technologies to enable developing a maintainable, performant and secure website. Each layer of this stack has been tested by Microsoft for security vulnerabilities and is deployed as a whole. When a security vulnerability is identified, in any layer of the ASP.NET stack, the fix can be deployed in the same manner, no matter where in the stack it occurs. Applications written using ASP.NET would typically use the facilities provided by the ASP.NET stack rather than bringing in third-party libraries to provide fundamental web application framework features.

PHP on the other hand is actually quite a low level website runtime, providing limited functionality to the developer for creating a website. One could make the argument that PHP is inherently more secure than ASP.NET due to the fact that it has fewer features and therefore a smaller attack surface. However, the comparison between ASP.NET and PHP is not an equal one.

Modern PHP websites would typically use a third-party framework to provide a maintainable structure to the site and to maintain developer productivity levels attached by other web technologies. So, one would typically compare developing with ASP.NET vs PHP/Zend or ASP.NET vs PHP/CakePHP. There are quite a few different frameworks that all target the same problem of writing maintainable websites in PHP (http://www.phpframeworks.com/ lists several popular frameworks). This is where the main security issue lies.

Not only is a PHP web application subject to vulnerabilities in the PHP runtime, but also from vulnerabilities in the third-party frameworks and libraries fundamental to creating a maintainable and secure site. These frameworks and libraries are often provided by multiple vendors which have differing capabilities to manage security vulnerabilities in their frameworks. While packaging PHP frameworks and libraries has improved in recent years, and several libraries are often packaged with various Linux distributions which ease deployment of security updates, a typical PHP site will use libraries from various sources. There will therefore always be additional complication when deploying security updates as compared to an ASP.NET based site.

Discover how Software Solved can help relieve the pressure on your IT department.