Imagine if a fire department’s app crashed as a citizen tried to report a fire. Or if a coronavirus contact tracing app was hacked.
Governments cannot afford any lapses in either performance or security. They need their digital services to function at all times and be protected from cyber attacks, all while delivering as quickly as possible so citizen needs are met. This is even more important now as work and school shift into the digital space, raising the risks of cyber attacks, according to the World Economic Forum.
The DevOps approach, which integrates the building and testing of digital services, allows governments to roll out services much faster. Instead of building and conducting tests in a linear fashion, teams can test early on in the building process, so any issues can be identified and fixed quickly. Software experts at Micro Focus explain how to conduct such tests well, so organisations can build effective and secure public services.
Testing a service’s performance is crucial – that’s how you know if it works. There are a few things to test for before rolling out a service. First, the service has to function properly. All the buttons should be clickable, and all the pages should be accessible.
Next, it should be able to cater to a large number of users. Government services are built for all citizens and need to be scalable.
It’s important for agencies to conduct a wide variety of tests when looking at a service’s performance. Government services need to serve many different types of users, and the performance tests need to reflect that citizen inclusivity. For instance, teams need to make sure their service works on browsers for the visually impaired as well.
How to conduct good performance testing
After an issue arises in a test, data analytics can help teams to pinpoint its root cause quickly. When governments are rushing to deliver services, developers may not have time to run through the code line by line.
Having information on trends and anomalies in how the service was used can help teams identify problems much faster. In one instance, an app developed by Independent Health, a healthcare provider in the US, was taking too long to respond to user requests. Micro Focus’s tool provided real-time insight into the app’s user experience, and the agency was able to reduce the app’s response time by 60 per cent.
2. Integrated tools
A simple performance test is a good one. It should be able to integrate with all the other tools used to automatically create a test, run the test, and consolidate its results. Seamless integration is key, since it lowers the barrier to the adoption of performance testing. Micro Focus offers a comprehensive tool which runs performance tests across any application type.
3. Simulate real world scenarios
It’s useful to be able to simulate real world scenarios, so teams can accurately see how a service performs. This is especially helpful in network tests. Digital services depend a lot on the network they run on – bandwidth or WiFi issues can hamper their performance.
Another issue that can crop up when testing multi-component applications is that all its features may not be ready at the same time. Service virtualisation simulates how even incomplete services would behave so teams can continue to test. These more realistic, scalable and secure tests can help improve the quality of the overall application, while reducing costs with its simple test infrastructure.
This tool allowed European media company Sky to simulate the performance of 350 services, so that tests could go on even when the real service or data was unavailable. This was often the case, since it uses third party services to support its sales and service requests. “We’ve replaced unreliable systems, increased staff efficiency, and launched new customer services with complete success,” shared Alan Abernathy, Sky’s Principal Engineer.
Security is another top priority for government services. Traditionally, however, security concerns are considered just before services ready to be released. Identifying vulnerabilities only towards the end of the development cycle delays the release of the services by weeks or even months.
This is where the principles behind building security into DevOps can help. Teams build secure code practices at every step of their agile development lifecycle – an approach known as DevSecOps.
There are two types of security tests for teams to make sure a new service can hold up to cyber attacks. The first is called a static test, where a security tool like Micro Focus Fortify scans a set of code for inherent vulnerabilities. This can be done very early on in the building process, before the service is tested for its performance.
The second type is a dynamic test, which simulates a hacker trying to break into the application. Hackers don’t have access to the application’s code, so they use alternative methods that can force a web server to release confidential files such as log-in credentials. A dynamic test helps teams understand how easy it is for hackers to penetrate an application from the outside.
What makes a good security test tool?
There are useful tools that can help organisations conduct security tests. Here’s what makes these tools effective.
First, security tools have to be backed by a strong research team. This means the tool can recognise a wide range of vulnerabilities across multiple programming languages, and the web of knowledge is kept updated and relevant through continuous research and experiences from security experts.
Second, all teams need to have access to a central dashboard that tracks the entire building process. All results from the static and dynamic tests would go into this dashboard, so everyone knows exactly what needs to be done for the developing, operations and security aspects at every stage.
A US Healthcare Technology Company needed a secure platform for processing millions of transactions across the country. It was important for them to conduct security tests across all their services, which included hospitals, pharmacies and laboratories.
Micro Focus Fortify dashboard provided a helpful consolidation of security test results for them, as well as suggestions for how to fix issues in the code. Developers who write the code may not be familiar with security requirements. The central dashboard – called Software Security Centre – zooms in on lines of code that need to be changed, and provides detailed explanations and advice for developers, application managers and information security officers
The dashboard can also be integrated with a ticketing system, which tracks all changes made to the code. This ensures transparency and accountability in the building process.
There can be no compromise in performance or security when it comes to digital public services. That’s why testing, and good testing tools, have to be a part of governments’ service building process.