• United States




How the lack of application development environments leads to reliability weaknesses

Jul 24, 20174 mins
Application SecuritySecuritySoftware Development

The software development life cycle (SDLC) serves a purpose within DevOps. Are you preparing for future failure?

In working for multiple companies I’ve been surprised at the lack of regimen that is used when deploying critical custom applications in their data center. There is a development process that some of the larger firms I’ve worked for have; they have a rigorous SDLC (software development life cycle) process. The SDLC process is a critical portion of the DevOps practice. A properly executed SDLC process leads to much greater reliability of the end product.

So, many large firms have multiple SDLC development environments to test and debug in-house applications. These environments are often labeled (dev, test, stage and prod). Dev is a development environment where the custom application is initially unit tested. Test is used to test integration of the application with other software functions or methods within the same application. Stage is used to test the application and all the other applications it integrates with. Once the application is successfully tested in stage, the application can be moved to production where it performs its designed business function.

Even in large firms I’ve seen some SDLC processes that concern me. One healthcare firm had a critical application they purchased from a major vendor. The newest product version was acquired from the vendor and the application’s executable was deployed into production without testing in stage. I was alarmed. Of course the vendor has to test their application in other companies’ environments, but they can’t test every configuration that exists in their client’s IT environments. A small unintentional configuration change could throw a wrench into production operation of the application.

What about mid-sized firms? I’ve seen that some don’t even have two environments: dev and prod. This is a serious reliability vulnerability. Experimenting with code that can only be tested in production begs for a serious IT failure in the future. Know this, there will be a critical IT failure — only when the failure will occur is unknown.

So the lack of environments is an impetus to having critical applications put in the cloud. Critical applications that are deployed in the cloud benefit from the redundant data and redundant infrastructure that can exist in the cloud. The client pays more for the cloud services but they can gain much greater reliability. So I would recommend putting a mid-sized firm’s important applications in the cloud, especially if they lack some of the SDLC environments. If they don’t want to support multiple environments, they should use the cloud.

There is another company that I know of that is putting its emergency services functions in the cloud. Their application enables communications between emergency services personnel. It must also protect that emergency data in transit and at rest. They are using the cloud because it enables access points to their services around the U.S. The enables them to communicate with emergency services everywhere.

But, it is very difficult to perform SDLC types of tests for emergency services because the test environments are very expensive to create, use and maintain. So, they are entrusting their significant set of applications to be executed in the cloud. The cloud enables them to test functionality around the U.S. without sinking a significant amount of money in environments. The dev, test, stage and prod environments can take advantage of the geographic spread of the cloud that enables national SDLC environment testing.

In conclusion, DevOps processes using multiple SDLC environments support greater application availability in production. It reduces the risk of something going very wrong in production. Mid-sized firms that don’t use multiple SDLC environments should consider putting their critical applications in the cloud in order to reduce availability risk. The deployment of critical applications, like emergency communications, within the cloud points to the need for greater reliability of the cloud vendor; the cloud must be significantly more reliable than all the global applications that run on it.


Greg Machler is a Technical Lead that focuses on management of technical issues related to IT security project deployments. He has interacted with many different types security project experts. He enjoys clearly defining problems so that they be resolved by a variety of experts.

The opinions expressed in this blog are those of Gregory Machler and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.