Secure your apps so they won’t let you down this holiday season
Each year the holiday season promises more app traffic than the one before, is your business ready?
Security breaches and software failures have made headlines throughout 2017; most recently, several airlines using the same check-in software saw major delays due to network issues, stranding thousands of customers at airports across the globe. With apps being one of the most vulnerable gateways for both security and performance issues, now is the time to start thinking about how to get ready for the holiday season. Salesforce predicts that this Black Friday will be the busiest digital shopping day in U.S. history, with a higher volume of transactions continuing well into December. So how can you prepare your apps to avoid lost revenue, broken trust and bad PR?
Companies must implement these strategies to battle the three most common challenges we see:
Challenge #1: Maintaining the User Experience
Regardless of the industry, customers expect up-to-date applications, an excellent user experience and seamless performance. This means you need to be able to develop and deliver apps with speed, quality and a compelling experience. With the demand of the holiday shopping season, companies will rely on an agile approach to help them sense and respond to change based on how their app is performing and how consumers are responding.
Solution: Pair an agile approach with DevOps
Delivering a quality user experience depends on more than just the quality of the application – it also relies on your ability to keep customers engaged with a compelling experience. A recent study by Accenture showed that once digital consumers leave, there is more than a 60 percent chance they are gone forever. This means you must keep them interested and engaged with each experience. That’s why it’s important to deliver innovations faster than competitors. DevOps, continuous delivery and continuous testing have all been proven to increase the pace you can deliver innovations to the market. Pairing an agile approach with DevOps can help you deliver apps much faster (but you also need to establish a continuous testing practice to ensure that you are adequately – and quickly – testing applications for performance, user experience and security).
Start with a focus on velocity, which will be the key to managing app updates and fixes. By choosing the most valuable, smallest pieces of work to implement agile planning and work sequencing, it is easier to quickly deliver to customers. Apply agile portfolio management to quickly adapt to change; evaluate the end-to-end cycle to update your apps to ensure that they are delivering new content and consumer value. Finally, it’s important to optimize app investments on an ongoing basis, which you can do by dynamically and intentionally reducing (or amplifying) your investments in key features and user value based on demand.
The advantage grows significantly when you combine an advanced DevOps practice with cloud-based tools and delivery models. A recent study from CA showed that organizations with a high level of commitment to both DevOps and cloud saw an 81 percent increase in overall software delivery performance. These same organizations were able to deliver software 90 percent faster, with a 69 percent increase in user experience.
Challenge #2: Seamless Continuous Delivery
Your ability to deliver quality software faster is dependent on your entire toolchain – one weak link can stand in the way of both time-to-market and quality. That’s why it is important to take a comprehensive approach to continuous delivery.
Solution: Test, Test, Test
Testing is not an event that happens at a single point in time; it should be woven throughout the entire software development lifecycle—starting in the requirement phase. Test cases can be automatically created, automatically initiated and occur at code check-in. This is the foundation of continuous testing. Our acquisitions of BlazeMeter and Veracode shows just how much we believe in this.
Doing App Security testing also can help find vulnerabilities that would be susceptible to a denial of service attack. If an app that your business is using to drive revenue is down because of a DDoS attack, it could be just as career-ending as a data breach.
In addition to testing, you should be proactively monitoring application performance management, infrastructure management service delivery and end user experience. To monitor digital experiences you need analytics provided by solutions such as CA Digital Experience Insights that allow you to see potential problems before they start affecting customer experience and get them resolved before they become an issue.
Also, by leveraging a solution like a synthetic monitoring tool, you can be certain your website is performing 24 hours a day, seven days a week – even when there are no real users on the system to help you find and fix issues before customers are affected. You can also replicate key transactions, like shopping cart checkouts, to be sure there are no issues that could cause delays or result in an outage.
Challenge #3: Controlling security risks and protecting data
The application economy has drastically changed the landscape of IT security. Cyber criminals take advantage of the holidays’ uptick in consumer data input (look at what happened to 1-800-Flowers customers last Valentine’s Day). Risk has to be controlled, but in such a way that your application performance strategy isn’t bogged down by security.
Solution: Automate, and lean into AI
Security should be automatic, so any authorizations to reduce fraud should be done automatically with minimal pain. This will make it easier to balance revenue growth with risk control.
Looking at user identity behavior when interacting with a business over time, you can get a baseline of known good behavior and hidden identity characteristics. If those deviate beyond a certain amount, then risk-adjust the trust previously granted (this may require a step-up authorization). If that occurs, and the step up fails, the business has the information to understand that the identity may be invalid or could be a stolen credential (whether users are notified or not is another issue). Additionally, using threat analytics with CA Privileged Access Management (CA PAM) will allow you to identify risky behavior from trusted users (or cyber attackers masquerading as trusted users) and will all you to block access from those trying to get into customer database/identity stores within the organization.
There are artificial intelligence tools that can learn and monitor shoppers’ behavioral patterns for anomalies and red flag that come with fraud. And when AI is paired with machine learning (which is already used FinTech), businesses can provide real-time protection and plans to mitigate fraudulent attempts and card holder and issuer risk.
Into the New Year
Some companies have already mastered their digital transformation, while others are just beginning the journey. But no matter where your business lies on the spectrum, there will always be new challenges to overcome that will require a comprehensive, effective suite of tools, so thinking beyond the holiday season is the key. It’s tough to future proof an app, so testing for vulnerabilities is like trying to predict the future. The vulnerabilities of today are known, but the ones of tomorrow are not. Threat analytics can help you determine behaviors that could be used to identify new types of attacks targeting new and unknown vulnerabilities.
As the world continues to become mobile-first, each year the holiday season promises more app traffic than the one before, so preparing your apps properly now will ensure your team’s fluency in best practices later—not to mention continued customer loyalty. It’s the one time you’ll want someone else make the headlines.