Surviving the IT Perfect Storm

The economy, the complexity and pace of business, and an ongoing lack of resources have created a perfect storm for IT departments worldwide. As wave after wave of IT failures litter the press, there’s no question that the storm is here. In its wake, businesses are faltering, careers are shattering, and stockholders are left wondering “How could this happen … again?”
The key to preventing your business and career from landing on the rocks is the aggressive identification and elimination of risk. This document provides some tactics designed to identify risks across vast application portfolios and eliminate risk within critical business systems.
Red sky at morning, sailor take warning
With years of experience in exposing risks in IT systems, CAST provides a suite of offerings that yield the insight necessary to identify what can lead to high-profile production failures and cyberattacks. We also provide the remediation plans to eliminate the root cause of these issues.

Rapid Portfolio Analysis (RPA) creates transparency into vast application portfolios to identify risk. RPA derives measurements such as production failure potential and software complexity and maintainability. It also profiles portfolios to highlight short-term and long-term risks in critical systems.
CAST’s Application Intelligence Platform (AIP) provides a robust DNA-level analysis of individual enterprise systems with specific guidance for eliminating business risk caused by structural and technical quality issues. It does this either on applications you know are in trouble, or by using the insight delivered by RPA to create a prioritized list of applications to unleash AIP.

Highlight Latent System Risks
Rapid Portfolio Analysis (RPA) creates technical and business risk profiles based on automated analysis and insight to support application portfolio analysis, portfolio rationalization, or technical assessments.
RPA analyzes source code against a set of engineering rules and principles to identify potential production defects, maintenance or modification issues, and excessive complexity. These are some issues that contribute to potential failures and real business risks. RPA rounds out this assessment by generating software maintenance estimates of applications, as well as estimates of the technical debt.
A Dive Deep in to Critical Systems
Using highly sophisticated code analyzers and more than 1,000 rules based on engineering principles, AIP dives deep into an application from the largest modules down to individual methods, classes, and components. AIP analyzes and semantically understands source code, scripting, and interface languages across all layers of an application.
The resulting analysis identifies quality lapses in an application’s source code, and provides precise guidance on how to fix the problems. Additionally, AIP validates architecture, ensures adherence to frameworks, and automates sizing such as function points. Doing so provides a robust view of the systems size, complexity, and quality.
Measure the Business Impact of Quality
Through extensive research and industrial experience, CAST has identified five areas of structural software quality that most impact business risks and outcomes. Each of these five areas can be assessed by measuring numerous attributes of the software that can summarize structural software quality at a level that can be related to business value.
Navigate Risk with Actionable Insight
Identifying the root cause of system risk is only the first step. CAST assessment with AIP not only identifies these issues, it provides rationale as to which violations have been recorded and which are most critical. IT also creates action plans that lead technical teams in the remediation effort.
You Can’t Stay in the Harbor to Wait Out the Storm
As a leader, you need to ensure your team has the time and resources needed to root out and eliminate risks that can potentially damage the business. The key to effectively managing risks in an application portfolio is early detection of issues and the ability to quickly mitigate them.
With the detailed information provided by AIP in hand, application development executives and business leaders can map out and monitor aggressive remediation efforts that drive out system-level risk, resulting in more resilient and reliable applications.
Whether you need a macro-view of your portfolio risks or a micro-view of a specific application, CAST’s suite of assessment solutions can help. Contact your CAST representative now to learn how we can create the visibility needed to navigate through these troubled waters.

Getting SaaS-y about Technical Debt

I came across that old phrase, “Why buy the cow when you can get the milk for free?” the other day, in the context of marriage.  Why should people marry when they can just live together?  Well, you can imagine I came across a lot of opinions I won’t go into here.
An article by Naomi Bloom popped up, using the phrase in a technology context. She noted that vendors of traditional licensed/on-premise enterprise software had served themselves very well by forcing customers to buy both the apps as well as owning the data center and its operations, application management, upgrades, human resources, and more. This has provided traditional vendors considerable financial security and market power.
Clearly Defining the Cloud
Today’s multiple forms of cloud computing are changing all that, but we need to be careful of what passes for cloud computing, especially SaaS. Software marketers are rebranding all their products as SaaS, whether they really are or not, to take advantage of the latest ‘buzzword.’ Bloom notes that “true” SaaS must include four characteristics:

Software is made available to customers by the vendor on a subscription model;
The vendor hosts, operates, upgrades, manages and provides security for the software and all data;
The software architecture is multi-tenant, has a single code base and data structures, including metadata structures that are shared by all customers; and
The vendor pushes out new releases on a regular basis that are functionally rich and opt in.

Keep in mind that software can meet all these attributes and be “true” SaaS, but still be badly written, unprofitable, outdated or problematic in other ways. However, when well-architected, well-written and well-managed, true SaaS can provide many benefits, including improved economics, faster time-to-market, more frequent and lower-cost upgrades, greater value-added and/or new offerings, and improved agility.

SaaS Doesn’t Eliminate Technical Debt
One quality even true SaaS shares with traditional on-premise software is technical debt. Another benefit of the SaaS model not listed above is the continuous review of the software by multiple users, which can clue-in the vendor to issues with the code that impact performance.
There’s also a new generation of cloud-based portfolio risk analysis solutions that quantify the size and structural quality of applications, evaluate technical debt and offer information and insights that support investment decision-making. These solutions can provide continuous monitoring of the SaaS solution as well as risk and application analysis. Then, the vendor can implement a risk-based APM strategy faster, enabling better and safer decisions, portfolio modernization and transformation. It also profiles structural quality risk, complexity and size of any application to identify unexpected risks. Finally, it quantifies technical debt to proactively prevent software cost and risks from spiraling out of control.
If users think they are going to eliminate technical debt by moving to a SaaS model, their thinking is cloudy. But there are solutions to identify and help address technical debt for SaaS architectures that are just as robust as their on-premise counterparts.