IT considerations

As more and more printers branch out to become cross-media marketing hubs for their clients, their IT departments must evolve to take on the increasingly complex demands of Internet services. Likewise, as printers strive to bridge gaps between their front end and production workflows, mixing new and old technologies never fails to cause headaches. In this article I’ll lead you through some software industry philosophies on integration and platform hosting, provide some insights on the solution development process, and outline some platform security precautions.

Integration

Let it be known that the Government of Canada maintains over 14,400 separate software applications. Yes, 14,400! According to Statistics Canada’s count of the government workforce, this translates to one software system for about every fourteen government workers. What a mess! What I’m getting at is bureaucracy and noncompliant approaches to system design can create a mountain of redundancy. Each separate instance of a software application has different maintenance and monitoring requirements – in both human capital and infrastructure – and complex bridges are required whenever polar systems need to share data. The more application instances running, the costlier a network of systems becomes.

The most popular complaint I hear about technology at graphic communications companies is the lack of talking between systems. “We have one system for [this], one system for [that], and then we need to have someone in the office input the data from one to the other to close the loop.” Sound familiar? It’s a far too prevalent reality that can really cut into the bottom-line, and it creates headaches for the employees who have to deal with system shortcomings.

Data sharing via API

I think I can speak for most when I say we will avoid mind-numbing data entry at all costs – especially if it’s the manual rekeying of data when simple automation could do it automatically. Manual rekeying of data causes loss of profits, delays, and errors. Automation creates cost efficiencies, speeds up turnaround, and keeps data true to its original source with no errors or omissions. Furthermore, automation opens up more time in the day for your talent to do what they do best – and what they want to do: innovate.

In today’s ever connected world, an open data approach and a keen eye for integration possibilities is needed to thrive. APIs are commonly the answer to most technical challenges you can come across. APIs (application programming interfaces) are applications that deliver data from one system to another. At a high level, they are hidden portions of a web application programed to build digestible bits of data to be consumed by other systems. They are always running, waiting for other systems to make requests.

On a more technical level, API programs perform the following tasks:

1. Copy strings of data from a source application (a.k.a. data input)
2. Form groups of attributes and data into a common text format like JSON or XML (a.k.a. data objects)
3. Send data objects for the client system to interpret and display to the end-user (a.k.a. data output)

The most powerful part of APIs is the automation factor. An update to data in a source system can trigger an update to another automatically – no user action is required. This can happen either in real-time or at set intervals. With these building blocks a programmer can then form a bridging solution that seamlessly integrates two or more distinct systems.

Integration automation for the non-programmer

You don’t necessarily need to be a programmer to integrate systems. Nowadays we even have services available to automate the creation of automation software! Cloud-based integration services provide platforms for non-programmers to write their own integration scripts without having to write any code. Similar to SaaS (software as a service), these services are referred to as iPaaS: Integration Platform as a Service. Per the Gartner IT Glossary (http://www.gartner.com/), “iPaaS is a suite of cloud services enabling customers to develop, execute and govern integration flows. Under the cloud-based iPaaS integration model, customers drive the development and deployment of integrations without installing or managing any hardware or middleware.”

Some of the popular iPaaS services right now are Zapier (https://zapier.com), IFTTT (https://ifttt.com/), elastic.io, and cloudHQ (https://www.cloudhq.net/). These four are relatively consumer friendly; they offer tools to integrate a number of cloud services, like Google Apps, Salesforce.com, Dropbox, and BaseCamp. Clicking a few buttons and filling out some forms might be all you need to do to get yourself a timesaving API!

If you’re hoping to connect services beyond the ones mentioned above, you might be in luck with enterprise level iPaaS. Oracle (https://www.oracle.com/cloud/paas.html), Segment (https://segment.com/), and Talend (https://www.talend.com/) are among the leaders of this sector. They offer highly customizable solutions to hookup APIs at the internal database level, still without any coding required. Interested? Check out Oracle’s informative primer on the features of enterprise iPaaS platforms here: https://youtu.be/A00bQ6UqV20.

Looking to learn more about APIs in general? Check out this great mini course from Zapier: https://zapier.com/learn/apis/ – no programming experience required!

Forming your team

Don’t stick with the status quo. Going by the motto “that’s just the way it is” will rarely win in the prospect of future business. IT teams need to be innovative, eager to integrate, and deliberate in their system design so as to create great, long-lasting software. From the get-go you need to have leaders who foster the approach of integration, open data, and extensibility. Hiring experienced and proven developers, business analysts, and product managers can go a long way in forming the success of your internal systems and your marketability to prospective clients. Consider the investment in your platforms and talent as a competitive advantage.

Platform

If you’re a printer looking to expand into online marketing services, there are significant considerations to be made with regards to application hosting and infrastructure. Onsite servers and development operations (DevOps) – although sometimes demanded by clients for data security or compliance reasons – present a number of challenges in today’s market. Internal platforms are quickly becoming a thing of the past, while software-as-a-service (SaaS) models are on the verge of becoming the de facto standard for platform hosting.

The last five years have seen an explosion of growth in cloud services. In my opinion, hosting on the cloud is a must in today’s online marketing space. Scalability, redundancy, security, and compatibility, among other DevOps considerations, can for the most part be better managed by cloud service providers. For small and medium sized businesses, where capital expense budgets are limited and business needs are unpredictable, the SaaS model makes a lot of sense. Although they may appear costlier in the medium to long term, their total cost of ownership over multiple product cycles is likely much less – not to mention the “future proofing” that goes along with a SaaS model.

Programmatic ad campaigns, “virality”, and widespread access to the Internet via smart devices are leading the shift to hosting in the cloud because of the potential for sudden spikes in traffic. In a sense, the concept of “scalability” is changing. While system designers previously had to decide on whether to build a robust system from the get-go or to build a system that would be alterable to fulfill future needs, now such a decision is not necessary; modern cloud platforms can be configured to scale automatically based on demand – within a matter of seconds. Services like AWS, Rackspace, and Google Cloud Platform provide agencies with reliable, SLA-backed platforms to develop, launch, host, and monitor robust web applications in lean environments with minimal effort required from a DevOps perspective.

Process

It goes without saying that executing a new application build, an update, or an integration requires detailed planning and analysis. Doing diligence with pre-work reduces the risks of going over budget, missing key requirements, and being short staffed. In this section I discuss some best practices in the software industry – many of which can be leveraged for IT projects in a graphic communications setting.

Requirements gathering and iterative analysis

All too often development projects lack a full requirements gathering phase. Timing expectations for delivery are usually yesterday and clients usually think they already have a solidified idea of what they need; because of these constraints teams are often too quick to jump right into execution. Requirements are the backbone of a software solution. They solve a problem or achieve an objective. Without a deliberate requirements gathering exercise, solutions face the risk of failing to deliver any real value. In this section, I discuss how to gather requirements effectively, and how to visit and revisit them throughout your solution development cycle.

Requirements gathering comes down to eliciting stakeholders needs, documenting them, and refining them. From a business perspective, it needs to be established what processes are inefficient and how can they be improved. Tactically, there are four types of interview questions to consider when eliciting stakeholder needs. They are as follows:

1. Open ended questions: Let the stakeholders explain their needs without interruption.
2. Closed questions: Narrow down answers to try and gain more facts.
3. Clarifying questions: Try to elicit examples and seek exceptions.
4. Confirming questions: Ensure both parties are in agreement with all of the information collected.

Using this process in the early stages of requirements gathering can go a long way in ironing out the details prior to the actual build of a system. But how do you know you have everything defined? Well defined requirements are NOT up for interpretation! Every stakeholder should have the same idea of what the final product will accomplish.

Moreover, formalizing the process your team takes to carry out a build ensures checks and balances are in place; process limits oversights. Here’s a summary of a typical solution development lifecycle:

1. Concept: Define the vision, scope, and cost benefit analysis of the solution.
2. Analysis: Define the specific functional and nonfunctional requirements, and decide on how you will know your solution is successful (i.e. the key metrics). This is very important!
3. Design: Create wireframes, UX designs, and back-end system architecture designs.
4. Develop: Set up the system environments, databases, and write the code.
5. Test: Use test cases to thoroughly test the solution against defects and user behaviour.

The concept and analysis phases listed above should usually have heavy stakeholder engagement. It’s up to the product manager or business analyst to gather as many requirements as possible, document them, and continually refine them throughout the project to ensure the final product is effective. This is called iterative analysis.

Iterative project management approach

Something you don’t want to do with a software development project is take the standard waterfall project management approach. Using waterfall, a project is front-loaded with analysis, design, and scheduling. It’s a linear flow that leaves little room for variation from original plans. An alternative, which better suits the nature of software development, is the tiered iterative approach. With this approach, components of a system are broken up; they’re defined, designed, coded, and tested at different points in time. There’s less overall risk using a concurrent schedule because the testing and refining of some components can happen earlier on, which can make it easier to change plans during a build due to market conditions or evolving needs.

Bug tracking

If your project workflow still revolves around e-mail and spreadsheets, you’re doing it wrong. Efficient development teams use project management systems to manage feature development, bug tracking, scheduling, time tracking, and code versioning. These systems encourage open communication, they help teams find trends, and they enforce traceability. My company uses JIRA, an issue tracking solution out of Australia. It’s a powerful suite that handles everything from custom task workflows to client account budgeting. It requires quite a bit of customization upfront, but it’s well worth it – I highly recommend it!

Quality assurance and automated testing

Testing is a crucial part of the solution development lifecycle. Buggy software has a number of possible implications: dissatisfied users, data loss, and data breach are some examples. Be sure to budget enough time to thoroughly test, and be sure the test from the perspective of an end-user without administrative privileges.

Thorough testing should also be completed after any updates are applied to a system to ensure new code doesn’t break any existing code. This is called regression testing. Whenever enhancements, patches or configuration changes are made, there should be a standard procedure for testing existing key functionality.

Yes, testing can take a long time. Thankfully, there are ways to automate certain types of testing. The most popular tool out there is Selenium. It’s an open source suite of tools used to automate web browsers. More specifically, it can be used to record actions taken in a browser, rerun those actions automatically, and generate a report of pass/fails with debugging information. Implementing an automated tester can be a huge time saver, can improve system reliability, and can remove dreaded and boring repetitive tasks no one enjoys doing.

Below is part of an example test simulating a user logging into a system. Each line has an action that has been recorded.

selenium.open("/BrewBizWeb/");

selenium.click("link=Mark’s automated testing link");

selenium.waitForPageToLoad("50000");

selenium.type("name=id", "mark");

selenium.type("name=Password", "corrigan");

selenium.click("name=login_button");

selenium.waitForPageToLoad("50000");

Data Security

Don’t get caught with your pants down! A lot of hard work goes into software development – why leave its security to chance? To conclude this article, I thought it would be important to outline some security considerations. Data security is the means of protecting data, such as content, user information, and proprietary code, from destructive forces and from the unwanted actions of unauthorized users. It should be your number one priority in any application. Clients place their trust in you and your systems. Safeguards need to be put in place to ensure there are no leaks. Although it can be tough to prioritize security when clients are focused on testing functionality from an end-user’s perspective, it’s a detrimental situation for both parties if you fall victim to an attack.

For your consideration, I’ll leave you with five precautions I’ve learned about in my work as a business analyst in the software industry:

1. Question all assumptions: Don’t leave anything to chance.
2. Permission testing: Ensure users roles and permissions are configured correctly by attempting to navigate or perform “illegal” actions on your application (i.e. test that groups of users aren’t able to access pages they shouldn’t be able to).
3. Data purging: Lingering data in retired systems should be purged. Just because you don’t use a system anymore internally, and if data from that system is still online, it’s still a risk. Reduce the risk by purging everything possible.
4. Simulate recovery situations: It’s not enough to set up a backup or recovery tool and carry on without testing that it would actually work if worse came to worse. You should attempt an emergency recovery situation, which might involve attempting to redeploy your application on another server, or attempting to recover a certain set of files or database tables.
5. Third party penetration testing: There are a number of firms that specialize in penetration testing. Essentially they employ professional hackers to purposely try to break into your system and expose weaknesses. Some tools are free (see http://www.rapid7.com/, for example), but you should consider a full professional test if there’s a lot at stake with your or your clients’ data.