The rapid pace of digital transformation has made it crucial for companies of all sizes and industries to become digital to meet customer needs and increase internal efficiencies. As traditional sectors—from healthcare to banking to energy—increasingly look like tech companies, they must adopt the same mindset and key processes as technology companies to maximize success.
One best practice that companies can borrow from mature software technology companies is the concept of Shift Left, where software testing for quality and performance is moved earlier in the process to increase speed to market and avoid costly bugs or issues before they are released.
Your IT organization can adapt to the Shift Left model by joining up security and product teams in the design phase, building connections between risk and R&D teams, and ensuring stronger customer feedback loops. While security priorities have created new sources of tension and process changes, companies starting on this journey should seek to circumvent them.
As CIOs know, there is often an adversarial relationship between engineers and security professionals. Engineers are under pressure to ship as much code and as fast as possible, while security and compliance professionals are under pressure to reduce risk and ensure quality. The result is often an inherent distrust between the developers and security teams, and relationships have been more along the lines of “frenemies.” To shift from frenemy to productive, positive collaborators, companies can form multidisciplinary teams that include representation from software developers, customer service professionals, security and compliance professionals, legal, marketing—and maybe even others—to work as a team throughout the entire process.
Developing software that builds in security and compliance features from the ground up and moving testing earlier in the process does not actually slow down the software development lifecycle (SDLC) when done right.
While speed to market will always be important, for some Fortune 1000 companies, there’s a line between being fast and being first. In highly regulated industries like financial services and healthcare, many companies may prefer not to be first because the risk of customer dissatisfaction, a security incident, or a fine for missing key regulations is too high. For example, telehealth is an increasingly mature offering, but it’s also complex. Healthcare organizations need to consider secure platforms, state and local regulations, privacy, and more when offering telehealth services.
To adapt to the shift left model, companies should consider several key steps:
First, they should form multidisciplinary teams that include representatives from software development, customer service, and security and compliance professionals. This can help foster a more collaborative process that achieves everyone’s goals.
Second, they should build in security and compliance features from the ground up, rather than treating them as something to be added later in the process. This can help ensure that the software is secure and compliant from the start, reducing the time and stress post-launch needed to fix bugs or weaknesses.
Third, they should move testing to earlier in the process, ideally starting in the design phase. This can help catch issues before they become more costly to fix.
The Shift Left model can help companies from traditional industries maximize their success and accelerate their digital transformation. By borrowing best practices from mature software technology companies, they can increase speed to market, avoid costly bugs or issues, and ensure that their software is secure and compliant from the start.
You can learn more about Shift Left best practices for IT organizations at WestMonroe.com/ShiftLeft.
Devops, Software Development