A Question of Agility
about 2 years ago 0 Comments
There's no doubt these days which words most departments want to exhibit in their software development, and what vendors want associated with their products: agile and agility.
One of the most important current business projects in government IT in the UK is a project called Universal Credit. As its name implies, the plan by the Department of Work and Pensions (DWP) will replace replace dozens of benefits with a single Universal Credit. It is the Coalition Government's flagship welfare reform - and it's on something of a breakneck schedule if it is to be delivered as planned in 2013 .
One of the problems with government IT systems is that previously, long-term big business IT contracts have locked government in. 'Agile' is part of a totally new approach that emphasises adaptability and flexibility while retaining the benefits of scale and collaboration across government.
Its application in Universal Credit means that DWP users and stakeholders will see the incremental growth of the whole solution in regular 'show and tell' sessions with the system revised in line with their priorities. Under the traditional approach, real users would not have seen the product until May 2014 at which time priorities and technological options are likely to have shifted.
If you're interested in agile development, this blog might help
That is one example of agility. Another iteration of the same word - and mindset - relates to IT security. One vendor, the US company Sourcefire, has now coined the term 'agile security' , because that is what today's corporate approach to security must be to be able cope with issues like virtualisation, the consumerisation of corporate IT devices (i.e. business workers want their work devices to be as high spec as they have at home. They want a choice and if needs be, they'll bring or buy their own), getting to grips with cloud computing, and facing constantly changing threats.(A typical malware threat lasts just one day, and then it is replaced by another different one and then another and another. The threats are not static and unchanging)
As Sourcefire 's Field Marketing Manager for EMEA, Leon Ward, puts it, “Most of today’s security infrastructure is static — enforcing policies defined in advance in environments where IT infrastructure and business relationships are relatively static. This will simply not scale to effectively support an environment that is highly dynamic, multisourced and virtualised. We live in a world where surprises are the norm and we need solutions that are agile enough to learn and adapt to network changes, vulnerabilities and threats as they happen.
"Agile security is a concept or mindset that we would like to see adopted further up the management stack. The bad guys who produce threats don't stand still - and nor should organisations. Discovery technology will already enable us to see what has changed on the corporate network as business projects are developed. We know organisations are looking to be agile; we want their security agility to match their business agility."
Traditional security tools were not designed for rapidly shifting resources, users, applications, devices and systems – all of them are too common in most organisations. At the same time, today’s complex and unpredictable threats have been able to bypass traditional static security measures. An agile security approach tackles today’s threat environment by adopting a continuous process that integrates four essential elements which all inform and reinforce the entire process.
- See. Traditional security solutions are mostly blind to their environment and the threats they face. An agile approach provides clarity and vision, reflecting the reality of an environment, as it exists right now.
- Learn. Applies intelligence to data to improve understanding and decision-making.
- Adapt. Static approaches limit the ability to tailor protection. Agile security allows automatic evolution and modification of defenses in response to change.
- Act. Agile security provides decisive, flexible and automated responses to events.
If you'd like to know more about agile security, there is some more detail here
A move to agile development or agile security won't happen overnight. Both have implications for change control within organisations. Agile, in both contexts, requires a different mindset and it will feel uncomfortable to do at first. It's a bit like crossing your arms. If you cross them your normal way, it feels comfortable. Maybe too comfortable. Cross them differently, and it just won't feel quite right. The good news is that means you're probably doing it right.