Businesses today are struggling with digital transformation. Accelerating this transformation comes in with a risk of developing sub-standard products and processes — or compromising security. The modern software factory is a way to achieve this transformation.
Digital Creed spoke to Stephen Miles, CTO, APJ, CA Technologies to understand the right approach. Stephen (and CA Technologies) have helped many organisations around the world in their transformation journeys. To achieve that, CA Technologies devised a concept called Software Factory. Stephen told us about the five dimensions that are constituents of the modern software factory.
Software Factory – Dimension #1: Move away from traditional tooling to a technology platform
The first dimension is we need to move away from traditional tooling to more of a technology platform. Why do I say that? Because today we spend a disproportionate amount of money investing in tools; those tools are typically deployed at the backend of a process. We conceive a great idea around the new line of business. We build it. We construct the applicational service; we bring it to market and then we think: Oh! By the way, we need to go out and tender for some tools because we need to automate it, secure it, provide monitoring around the work, or what have you. And then it’s typically brought in at the end of the process. The tooling for the last 20 years has been about informing, reporting, augmenting, or just simply making IT more efficient. But in the modern era we need to see a complete change. Tooling needs to be replaced by technology. Those technology platforms need to be built in a lot. Why? Because they’re absolutely crucial to the process of iterating with your customer. Customer experience is no longer about — here’s my app, I hope I’m delivering it well. I hope you’ll like it. By the way the lights in the operation centers suggest that all this is being delivered well. That’s a very crude expression of customer experience. Customer experience is about: I’m delivering you an application or service, but I want to iterate with you as often and as frequently as I can, to make sure that what I’m delivering is actually what you want on a continuous basis. And if it’s not, I need to know what changes you need. I need to understand that. I need to instantiate that back into my applications and software in a quick as possible timeframe. Iteration cannot take place without technology platforms. Technology platforms give you insights which even to the customer expose things that you may not be aware of. I can deliver an applicational service to you. You will give me a subjective view on how you feel about it. But insights will give you a rich perspective about how it’s really being used, where the customer spent most of his time, the parts he liked or he didn’t like.
So, if we get the technology platforms in earlier we’ll be to fuel the iteration. We need to make sure that we’re delivering the right applications and services. That’s the first dimension of change.
Software Factory – Dimension #2: Move to more modern architectures
The second dimension of change is – we need to move to more modern architectures. Today’s applications are built on monolithic and tier architectures, by and large. They’re great, they’re reliable; we understand them. Developers are comfortable in building them. No one will ever go show off building a core monolithic application. They’re reliable, robust, but the problem with them is they’re difficult to change. And so, you’ll read a lot in the press about containerisation and cloud native and micro services, and composable architectures. It’s just simply the breaking down of the application logic into a more distributed composable independent architecture. The benefit to all organisations is, if there’s a piece of logic you don’t like that needs to be changed or replaced, you can do it without disrupting the rest of the application. Whereas on a core application, if I need to change the payment gateway, I don’t need to wait until there’s a maintenance window available to do it, number one; secondly I need to check there’s no dependencies on other applications or services. So, it never gets done. So, modernising architectures is crucial. Again, if I’m iterating with my customer and he feeds back that I need to make some changes to the business logic in the application I’m providing him, if I haven’t moved to modern architecture I can’t instantiate that change; so again another dimension of customer experience.
Software Factory – Dimension #3: Think differently about Innovation
The third dimension is then thinking about innovation a little differently. Here’s where I want to go with innovation. You pick up the newspaper (and read that) everybody is doing hackathons; it’s seemingly the most fashionable thing to do these days. The problem with them is their events. We get together, with developers and partners; we get some cool technology, you know put together in a couple of days, some great ideas. Then the event ends and everyone goes home and nothing happens to those applications or very little happens over there. Why? Because companies struggle to take those great ideas, industrialise them, get them into the hands of the people who really matter, their customers. It’s right to refine them and then get them to market, in terms of a viable relevant business service. So, innovation needs to change. We need to make innovation a continual. I’d like to call it continuous innovation. Creating sandboxes that enable developers both within your company, your partners, third parties, to work together 24/7/365 days a year. And then, once you create these cool ideas, industrialise the process and get it into the hands of your customers in the fastest possible time. As rapid innovation is a crucial pillar of the modern software factory.
Software Factory – Dimension #4: Build an Ecosystem of value
The fourth capability that we need to think about then is the ecosystem. There are not enough developers in the world for us to go and selfishly bring that all in-house, build the best applications and bring them to market. The talent pool just isn’t big enough. Secondly, we’re never going to develop stuff fast enough because we’ve got our own set of issues; we’re a big company; we’re a big bank; we’ve been around for several years. We can’t necessarily move as fast as some of the smaller and nimble younger players. I’m thinking FinTechs and InsurTechs and PropTechs and MedTechs. I mean it’s just endless in terms of the people out there that can move faster than we (the bank) can.
(The banks are thinking) I see Mr. FinTech A and Mr. FinTech B and you know what, I know you want a piece of my action because you want my customer base. But hey, you need to operate on my terms. But it’s changed in just 18 months. I see FinTech now being selective about which bank they decide to work with, because they don’t need the banks. Banks need them just as much as the FinTechs need the banks, trust me. So some equilibrium’s taken place.
Now the banks are panicking because they’re worried that their legacy architectures and systems are too slow to run the same pace as the FinTechs. They’re trying to modernise their apps, do continuous innovation to put in technology platforms because they want to attract the ecosystem. A great example of a powerful ecosystem that draws business, is Amazon. Less than 27% of Amazon’s total assets are internally run and the rest are all partnerships. That’s a really powerful ecosystem of partnerships.
So, the key thing is for businesses to think about building an ecosystem of value, but thinking through the same time around things they want to let go off because they’re not particularly good with it.
Software Factory – Dimension #5: Trust & Safety
Fifth and final dimension then is trust. The dimension of trust in this new era changes because it’s no longer about perimeter base security; it’s about linking identity and access management to the individual. And not just the individual; the individual in a different device type. Having the dynamics to change that and govern that at the same time in a way which does not put the business at risk, number one. Point number two is, we’re now operating in a broader ecosystem of value because that’s our business model. That means a need to go from forty people who are privileged access users touching my system to suddenly thousands, and it’s a good thing. Because these people are co-creating, collaborating and building stuff with me, I need them to touch systems. But I need to be selective about what they’re touching where, how and when. I need to on-board them and off-board them, probably fairly transactionally, because I’ve got to govern and control my business. So privileged access user management becomes key in the new dynamic of the modern business and the digital era.
And last and by no means least, we need to think about safety. I talk about safety because when we’re building some applications in-house, we’re building more of them, we’re building in a more composable microservice style. We’re partnering with our ecosystem now to encourage third-party FinTechs from a bank or InsurTech from an insurance company, to come in and co-create and build applications with me.
They may be using open source components, which I have no idea from where they come. Our mashing up staff would maybe doing, because we’re doing things in a hurry, we may be potentially be introducing errors or issues in our code, and we get into the big, old, ugly world of vulnerabilities.
And so, as companies become more composite and more bimodal in terms of the way in which they organize themselves, they increase the risk of vulnerabilities. So, it’s important to do code scanning at a binary level, and to be able to do it on an end-to-end service context. And so, we talk a lot about safety because again a business is only trusted once. You could have the coolest application in the world but if you have unwittingly introduced some backdoors and some hacker gets in and pulls down the private confidential information, you’re in trouble. You get caught sharing by the way in the world of GDPR in Europe and its potentially heavy penalties on revenue, second defence is cessation of license.
These are the five dimensions of what constitutes the whole reason for being for our modern Software Factory.