Spring just started, so in time for an attempt at predicting the future (it has just started to use a cliché). Together with a few colleagues we brainstormed about what we think is important. After that I created the post below. In short: software development processes, local and public clouds and security. Minor disclaimer: this is my own view.
Software development processes
Continuous is the word. Continuous integration, development and deployment. Software should not be production ready, software should be used in production. That’s also the main idea behind the lean startup movement: release something viable as soon as possible, so you can get feedback, but not just at (lean) startups, at any enterprise. More and more organizations finally realize the extremely long time it takes between idea and actual realization is wasteful all the way.
With that regard, fixed price, fixed scope projects, fixed time are out. Creating elaborate specifications consisting of long documents by management consultancy companies and then creating software based on those documents by the cheapest bidder. Fixed price has never worked, will never work and it won’t be to long for even the government to realize that. Or at least the people that don’t retire. But as many organizations can’t handle truly agile development yet, we may see the rise of fixed price, fixed time projects with a single goal rather than a fixed set of requirements. That requires both customer and vendor communicate openly with each-other, in word and in person. So traditional contract based tenders (aanbestedingen in Dutch) don’t work here. Fortunately, they’re are good alternatives, agile and lean contracts are worth an entire blog posting if not a book.
The cloud is hip. Not everyone agrees on the definition, but one I use in this posting is using resources of connected computers, and getting billed only for usage. When everyone can use those connected computers, you’re on the public cloud and you not only have to trust Amazon, Google, Rackspace or Microsoft or other vendor thats maintaining those computers, you’ll also have to trust the government where the actual hardware is located. For this reason, most of these vendors have the option to have your data and software be hosted only in specific regions (like US, Europe, Switzerland).
Better then trusting a vendor, is to host your own local cloud. Multiple solutions exist for that too: Redhat, VMWare (Spring) and various other companies provide cloud solutions that you can install on your own data-center. Many organizations see the benefit of that, so lots of organizations will want to have they’re own cloud.
Local cloud means your application just uses up capacity on demand of your entire data-center, both in terms of hardware resources as in people. Since all of your applications share the same data-center so resources and people are used more efficient. When capacity isn’t enough, you just order new hardware. The cloud solution like Redhat or VMWare will make sure those new resources are used. The system operators (ops) can focus on having run you’re cloud smoothly, rather then individual applications or servers.
Speaking of clouds: people that worry about privacy issues on the data being stored at Google, Facebook, Apple and lots of other companies will be listened too. The EU will enforce companies to allow people to fully access and optionally remove any personal data companies have gathered on them. With a bit of luck and some sanity will be able to move our data from one cloud to another, truly owning our data.
Security is also an important aspect of clouds and software in general. Quite a lot of security incidents have occurred over the last year. Often, if not all the time, the root cause is emphasis on procedures and procurements rather then the mathematical and technical aspect of security. Notable the Diginotar disaster in our country, The Netherlands. Diginotar was the royal provider of digital certificates. The company had trustworthy name (Notar comes from the Dutch word Notaris – Notary) and a business consultancy company PwC (Dutch article), have verified they had proper checklists in place!
People will realize to have truly security, you’ll have to understand the software and the encryption methods you use, rather then policies, brochures and buzz-words. Also something which is worth a few blog postings.