Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

access icon free Agile risk management for multi-cloud software development

  • Author(s): Victor Muntés-Mulero 1 ; Oscar Ripolles 1 ; Smrati Gupta 2 ; Jacek Dominiak 3 ; Eric Willeke 2 ; Peter Matthews 4 ; Balázs Somosköi 5
    • View affiliations
  • Source: Volume 13, Issue 3, June 2019, p. 172 – 181
    DOI:  10.1049/iet-sen.2018.5295 , Print ISSN 1751-8806, Online ISSN 1751-8814
© The Institution of Engineering and Technology
Received 01/08/2018, Accepted 28/11/2018, Revised 25/10/2018, Published 11/12/2018

Industry in all sectors is experiencing a profound digital transformation that puts software at the core of their businesses. To react to continuously changing user requirements and dynamic markets, companies need to build robust workflows that allow them to increase their agility in order to remain competitive. This increasingly rapid transformation, especially in domains such as Internet of things or cloud computing, poses significant challenges to guarantee high-quality software, since dynamism and agile short-term planning reduce the ability to detect and manage risks. In this study, the authors describe the main challenges related to managing risk in agile software development, building on the experience of more than 20 agile coaches operating continuously for 15 years with hundreds of teams in industries in all sectors. They also propose a framework to manage risks that consider those challenges and supports collaboration, agility, and continuous development. An implementation of that framework is then described in a tool that handles risks and mitigation actions associated with the development of multi-cloud applications. The methodology and the tool have been validated by a team of evaluators that were asked to consider its use in developing an urban smart mobility service and an airline flight scheduling system.

Inspec keywords: software prototyping; scheduling; risk management; software development management; mobile computing; cloud computing; team working

Other keywords: high-quality software; robust workflows; continuously changing user requirements; managing risk; agile software development; agile coaches; cloud computing; profound digital transformation; businesses; continuous development; short-term planning; dynamic markets; agile risk management; increasingly rapid transformation; multicloud software development; multicloud applications

Subjects: Software engineering techniques; Internet software; Software management; Mobile, ubiquitous and pervasive computing

References

    1. 1)
      • 24. Moran, A.: ‘Applying agile risk management’ (Springer International Publishing, Cham, 2014), pp. 6185.
    2. 2)
      • 34. Mudumba, V., Lee, O.K.: ‘A new perspective on GDSD risk management: agile risk management’. 2010 Fifth IEEE Int. Conf. Global Software Engineering, August 2010, pp. 219227.
    3. 3)
      • 30. Ameller, D., Farré, C., Franch, X., et al: ‘Towards continuous software release planning’. In 2017 IEEE 24th Int. Conf. Software Analysis, Evolution and Reengineering (SANER), February 2017, pp. 402406.
    4. 4)
      • 49. Rios, E., Iturbe, E., Arrieta, L.O.–E., et al: ‘Towards self-protective multi-cloud applications – MUSA – a holistic framework to support the security-intelligent lifecycle management of multi-cloud applications’. CLOSER, 2015.
    5. 5)
      • 15. Alberts, C.J., Dorofee, A.: ‘Managing information security risks: the octave approach’ (Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 2002).
    6. 6)
      • 14. Karabacak, B., Sogukpinar, I.: ‘ISRAM: information security risk analysis method’, Comput. Secur., 2005, 24, (2), pp. 147159.
    7. 7)
      • 17. The STRIDE Threat Model. Available at https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx, accessed 09 May 2017.
    8. 8)
      • 36. Aslam, A., Ahmad, N., Saba, T., et al: ‘Decision support system for risk assessment and management strategies in distributed software development’, IEEE Access., 2017, 5, pp. 2034920373.
    9. 9)
      • 9. Boehm, B., Turner, R.: ‘Balancing agility and discipline: a guide for the perplexed’ (Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 2003).
    10. 10)
      • 43. OASIS: ‘Topology and orchestration specification for cloud applications (TOSCA)’. Available at https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=tosca, accessed October 2018.
    11. 11)
      • 1. McKendrick, J.: ‘Every company now a technology company: latest round of mergers and acquisitions confirms it’. Available at http://tinyurl.com/j6f7ub5, accessed October 2018.
    12. 12)
      • 28. Ståhl, D., Bosch, J.: ‘Modeling continuous integration practice differences in industry software development’, J. Syst. Softw., 2014, 87, pp. 4859.
    13. 13)
      • 27. Michlmayr, M., Fitzgerald, B., Stol, K.J.: ‘Why and how should open source projects adopt time-based releases?’, IEEE Softw., 2015, 32, (2), pp. 5563.
    14. 14)
      • 12. Wallmüller, E.: ‘Business continuity. Chapter risk management for IT and software projects’ (Springer-Verlag, New York, NY, USA, 2002), pp. 165178.
    15. 15)
      • 10. Paetsch, F., Eberlein, A., Maurer, F.: ‘Requirements engineering and agile software development’. 12th IEEE Int. Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, June 2003, pp. 308313.
    16. 16)
      • 16. Lund, M.S., Solhaug, B., Stølen, K.: ‘Model-driven risk analysis: the CORAS approach’ (Springer Science & Business Media, Berlin, Germany, 2010).
    17. 17)
      • 41. Zhou, D., Zhong, L., Wo, T., et al: ‘Cloudview: describe and maintain resource view in cloud’. 2010 IEEE Second Int. Conf. Cloud Computing Technology and Science, November 2010, pp. 151158.
    18. 18)
      • 33. Fitzgerald, B., Stol, K., O'Sullivan, R., et al: ‘Scaling agile methods to regulated environments: an industry case study’. Int. Conf. Software Engineering (ICSE ‘13), 2013, pp. 863872.
    19. 19)
      • 35. Shrivastava, S.V., Rathod, U.: ‘A risk management framework for distributed agile projects’, Inf. Softw. Technol., 2017, 85, pp. 115.
    20. 20)
      • 32. Fitzgerald, B., Hartnett, G., Conboy, K.: ‘Customising agile methods to software practices at Intel Shannon’, Eur. J. Inf. Syst., 2006, 15, (2), pp. 200213.
    21. 21)
      • 4. Northbridge: ‘2016 future of cloud computing study’. Available at https://www.slideshare.net/North_Bridge/2016-future-of-cloud-computing-study, accessed October 2018, 2016.
    22. 22)
      • 11. Medeiros, J., Vasconcelos, A., Goulão, M., et al: ‘An approach based on design practices to specify requirements in agile projects’. In 32nd ACM Symp. Applied Computing (SAC 2017), Marrakesh, Morocco, April 2017.
    23. 23)
      • 39. Baah, A.: ‘Agile quality assurance’ (Bookbaby, USA, 2017).
    24. 24)
      • 22. Domah, D., Mitropoulos, F.J.: ‘The NERV methodology: a lightweight process for addressing non-functional requirements in agile software development’. In SoutheastCon 2015, April 2015, pp. 17.
    25. 25)
      • 8. Gupta, S., Muntes-Mulero, V., Matthews, P., et al: ‘Risk-driven framework for decision support in cloud service selection’. 2015 15th IEEE/ACM Int. Symp. Cluster, Cloud and Grid Computing (CCGrid), 2015, pp. 545554.
    26. 26)
      • 23. Farid, W.M.: ‘The normap methodology: lightweight engineering of non-functional requirements for agile processes’. In 2012 19th Asia-Pacific Software Engineering Conf., 2012, vol. 1.
    27. 27)
      • 20. Pasha, M., Qaiser, G., Pasha, U.: ‘A critical analysis of software risk management techniques in large scale systems’, IEEE Access., 2018, 6, pp. 1241212424.
    28. 28)
      • 6. Yan, Z., Zhang, P., Vasilakos, A.V.: ‘A survey on trust management for Internet of things’, J. Netw. Comput. Appl., 2014, 42, pp. 120134.
    29. 29)
      • 21. Ramos, F., Costa, A., Perkusich, M., et al: ‘A non-functional requirements recommendation system for scrum-based projects’. In 30th Int. Conf. Software Engineering & Knowledge Engineering (SEKE), 2018.
    30. 30)
      • 45. OWASP Risk Rating Methodology. Available at https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology, accessed 09 May 2018.
    31. 31)
      • 5. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union, L119, pp. 1–88, May 2016.
    32. 32)
      • 31. Ambler, S.: ‘When does (n't) agile modeling make sense’, 2001. Available at http://www.agilemodeling.com/essays/whenDoesAMWork.htm. accessed 06 May 2017.
    33. 33)
      • 40. Morán, D., Vaquero, L.M., Galán, F.: ‘Elastically ruling the cloud: specifying application's behavior in federated clouds’. 2011 IEEE Fourth Int. Conf. Cloud Computing, July 2011, pp. 8996.
    34. 34)
      • 38. Banerjee, A.: ‘Equivalence of risk: a mathematical approach’. Proc. 29th Int. System Safety Conf., Las Vegas, NV, 2011, pp. 812.
    35. 35)
      • 2. Mell, P., Grance, T.: ‘The NIST definition of cloud computing’, Natl. Inst. Stand. Technol., 2009, 53, (6), p. 50.
    36. 36)
      • 13. Rao, L.M., Firdose, S.: ‘Study of existing risk management models and prior research contribution’, Adarsh J. Inf. Technol., 2016, 4, (1), pp. 1020.
    37. 37)
      • 47. Security and privacy controls for federal information systems and organizations NIST special publication 800-53 revision 4’. Available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf, accessed October 2018.
    38. 38)
      • 42. Goncalves, G., Endo, P., Santos, M., et al: ‘Cloudml: an integrated language for resource, service and request description for d-clouds’. 2011 IEEE Third Int. Conf. Cloud Computing Technology and Science, November 2011, pp. 399406.
    39. 39)
      • 19. Howard, M., Lipner, S.: ‘The security development lifecycle’ (Microsoft Press, Redmond, WA, USA, 2006).
    40. 40)
      • 44. CAMEL: ‘Cloud application modelling and execution language’. Available at http://camel-dsl.org/, accessed October 2018.
    41. 41)
      • 46. The OWASP Top 10. Available at https://www.owasp.org/index.php/Category: OWASP_Top_Ten_Project, accessed 09 May 2018.
    42. 42)
      • 37. Merkow, M., Raghavan, L.: ‘An ecosystem for continuously secure application software’. RUGGED Software, CrossTalk, March/April 2011.
    43. 43)
      • 3. Gartner: ‘Gartner reveals top predictions for it organizations and users in 2018 and beyond’. Available at https://www.gartner.com/newsroom/id/3811367, accessed October 2018, 2017.
    44. 44)
      • 25. Moran, A.: ‘Agile risk management’ (Springer International Publishing, Berlin, Germany, 2014).
    45. 45)
      • 26. Feller, J., Fitzgerald, B., Hissam, S.A., et al (Eds.): ‘Perspectives on free and open source software’ (The MIT Press Ltd., Cambridge, 2005).
    46. 46)
      • 48. Cloud Security Alliance: ‘Cloud control matrix’. Available at https://cloudsecurityalliance.org/group/cloud-controls-matrix/, accessed October 2018.
    47. 47)
      • 29. Fitzgerald, B., Stol, K.-J.: ‘Continuous software engineering: a roadmap and agenda’, J. Syst. Softw., 2017, 123, pp. 176189.
    48. 48)
      • 18. OWASP Foundation: ‘Technical report’, 2013, accessed online 05 November 2013.
    49. 49)
      • 7. Omerovic, A.: ‘Supporting cloud service selection with a risk-driven cost-benefit analysis’. InCelesti, A., Leitner, P. (Eds.): ‘Advances in service-oriented and cloud computing’ (Cham Springer International Publishing, Switzerland, 2016), pp. 166174.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-sen.2018.5295
Loading

Related content

content/journals/10.1049/iet-sen.2018.5295
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address