How Does Cybersecurity Drive the Business Value of Software?

cyber-security drives business value of softwareSoftware brings tremendous value to organizations, but in today’s day and age, it also carries significant risk.  Malicious cyberattacks continue to rise at a rapid pace.  According to the Identity Theft Resource Center and CyberScout, data breaches increased by 40 percent in 2016 – that’s after a record year in 2015.  With the ongoing upsurge in data breaches, software can be seen by many as a potential liability for an organization.  We are such a data-driven economy today that criminals have realized that they can cause serious damages to companies, governments and other entities by hacking into their information systems and stealing, corrupting or deleting valuable data.  These breaches are extremely costly to organizations – not only financially, but also to their reputations. 

 Just look at Target.  In 2013, hackers stole credit card numbers of 110 million customers costing the retail giant approximately $162 million, in addition to a decrease in sales and a black eye to their reputation (for a short period of time). 

 It’s no wonder that “94 percent of CISOs are concerned about breaches in their publicly facing assets in the next 12 months, particularly within their applications,” according to a January 2017 Bugcrowd study.  However, despite these concerns, another survey of over 500 IT decision makers found that 83 percent of the respondents actually release their code before testing it or resolving known weaknesses (Veracode, September 2016). 

Software is typically at the foundation of all cybersecurity attacks.  In fact, the Software Engineering Institute stated that 90 percent of reported security incidents result from exploits against defects in the design or code of software.  If a network router is hacked, most likely the hacker went through the router’s software, not hardware.  These breaches can pose such a significant threat to an organization’s value that software developers must make application security an integral part of the software development lifecycle. 

By finding and fixing vulnerabilities early in the software development lifecycle, there is less risk to the business and more potential for increased business value from the software.  For example, Adobe Flash player is a product used by many websites to enable interactivity and multimedia.  In 2015, it had more than 300 patches (TechBeacon’s Application Security Buyer’s Guide).  Developing these patches is a resource drain (both time and money).  On balance though the risk Adobe would run by not providing these patches could be significant and negatively impact the Adobe’s value as well as the value of the organizations using its product. 

So, if an application has, let’s say, 500 known weaknesses, the organization may not have the time or money to fix all of them before an imminent release.  They need to collaborate with the business unit and determine which vulnerabilities pose the highest risk to the business (negative business value) and which ones, if remediated, will help to deliver the most value to the business if they are fixed.  It is not unusual for developers to fix those vulnerabilities that are easiest to resolve; however, it is critical to take a step back and prioritize identified vulnerabilities based on business value.  

 

Mike Harris, CEO

Written by Michael D. Harris at 12:29
Categories :

Four Steps to Assessing Software Value in an M&A

Mergers and AcquisitionsIf there is one time when business value is front and center in a conversation, it is during a merger or acquisition process.  The acquiring company wants to know the true value of the company it’s acquiring and the company being acquired wants to prove its value as a viable option for acquisition.  In the case of a merger, both companies have these same two concerns – what is their real value and what is the value of the company with which they are potentially merging?

In today’s organizations, technology, and more specifically, software is an aspect that needs to be carefully assessed to determine its value to the M&A deal as an asset or potential liability (i.e. requiring significant upgrades or maintenance or performing poorly).     

To begin the evaluation process, I recommend looking at the software in relation to the business functions of the target company.  Is the software unique to the company’s line of business or is it used for a business function that is common between the two organizations (i.e. HR, payroll, CRM).  Most likely, the software that is performing the same function in both companies will be of little business value to the acquiring company as they will choose to keep their existing software. 

However, a software solution that is unique to the target company could have tremendous value.  The challenge is that the acquiring company may not be familiar with the software and have a limited understanding of its value or the risk associated with that software.  In addition, if there are only a few individuals who understand how to use and maintain the software (especially with proprietary software) there is a risk that they will not remain at the company and as a result there will be no knowledgebase to maintain and/or enhance the software. 

I recommend taking four key steps during the acquisition process to determine the value of the target company’s software:

1. Software Asset Due Diligence (ADD) – determine how the target organization relies on the software.
2. Software Asset Risk Management (ARM) – assess the risk involved in transitioning to the target organization’s software.
3. Software Asset Maturity Analysis (AMA) – determine the future ROI for the acquired software.
4. Software Asset Integration Management (AIM) – analyze how to integrate the acquired software into the current environment. 

A software assessment needs to be an integral part of the M&A process – no matter what end you’re on.  It can no longer be an after-thought.  Software can provide significant value or pose a huge risk for an organization and that needs to be determined up front. 

I’m always interested in hearing from others about your experiences on how your organization has handled the software assessment process during a merger or acquisition.  What lessons have you learned?


Mike Harris
CEO

Written by Michael D. Harris at 05:00
Categories :

Effective Queue Management Can Drive Software Business Value

Sticky Notes

Proper prioritization is essential to driving the business value of software. Those working in the trenches need to have a clear understanding of the end goal in order to prioritize their projects appropriately.  With all team members focusing on the same mission to maximize business value from software by optimizing the flow of business value through software development, better decisions can be made throughout the software development lifecycle.

The key element to properly prioritizing projects is effective queue management. On a daily basis, tactical decisions are made at the team level about the prioritization of tasks.  In Donald Reinertsen’s book “The Principles of Product Development Flow: Second Generation Lean Product Development,” he offers six principles for creating a value management capability for queue management at the team level:

1. Software development inventory is physically and financially invisible
2. Queues are the root cause of the majority of economic waste in software development
3. Increasing resource utilization increases queues exponentially (but variability only increases queues linearly)
4. Optimum queue size is an economic trade-off
5. Don’t control capacity utilization, control queue size
6. Use cumulative flow diagrams to monitor queues

Often decisions made by IT are not based on delivering business value, but on the difficulty of the project, the resources required or who is shouting the loudest to push their project to the top of the queue. This needs to change. IT departments need to prioritize their projects based on the business value they will deliver to the organization. Effective queue management is an essential component to making the right tactical decisions that will lead to maximizing the flow of business value in software development efforts.

What drives your decision-making process when determining what project to put in the queue next?


Mike Harris
CEO

Written by Michael D. Harris at 05:00
Categories :

David Consulting Group Ltd., Trading as DCG Software Value, Accepted as a G-Cloud 8 Supplier

DCG Software Value, a global provider of Function Point Analysis, software estimation, and Agile support services, has officially been accepted as a supplier for the Crown Commercial Service (CCS) G-Cloud framework, G-Cloud 8.

The G-Cloud framework aims to make it easier to procure information technology services via approved public sector organisations. Those interested can use the “Digital Marketplace” to search for services that are covered by the G-Cloud frameworks. Suppliers are carefully evaluated during the tender process and pre-agreed terms and conditions offer customers sound contractual safeguards. The agreement is fully EU compliant, saving customers the time and money associated with conducting their own procurement exercise.

The goal of DCG Software Value is to make software value visible to those both in IT and on the business side of the organisation. They have successfully helped a number of organisations in the UK to achieve such goals. The company will continue to work with public organisations via G-Cloud 8, helping to implement improvements that will make software development deliver value more cost effectively. 

The company’s available services include:

  • Functional Sizing
  • Vendor Estimate Validation and Estimation On Demand
  • Scaled Agile Framework
  • Training – Functional Sizing and/or Estimating
  • AgilityHealth Radar
  • Agile JumpStart

Public sector buyers are can find DCG’s services via the Digital Marketplace. More information about DCG Software Value is available here.

About DCG Software Value
DCG Software Value is a global provider of Function Point Analysis, software estimation, and Agile support services. Since 1994, companies of all sizes who depend on their software have relied on DCG to foster improved decision making and resource management and to quantifiably impact their bottom line. DCG maintains offices in Newcastle (UK), Philadelphia, and Colorado. DCG Software Value is the operating name of Objective Integrity, Inc., a Pennsylvania corporation.

For more information, visit www.softwarevalue.com.

About Crown Commercial Service
The Crown Commercial Service (CCS) works with both departments and organisations across the whole of the public sector to ensure maximum value is extracted from every commercial relationship and improve the quality of service delivery. The CCS goal is to become the “go-to” place for expert commercial and procurement services.

For more information, visit www.gov.uk/ccs.

Written by Default at 05:00
Categories :

Portfolio Software Value Management

The CIO Forum

Last year our CIO, Mike Harris, was invited to speak at the annual CIO Forum, a gathering of senior-level IT executives. Conference sessions are led by peers or industry experts, like Mike, who have a clear understanding of the business obstacles inherent in controlling large technology departments and how they can be managed and resolved. His presentation, "The Value Visualization of IT," shared his ideas about how to get the most value out of software development initiatives in order to drive better decision making and improve value flow.

His presentation was so well received, that he was invited to speak again this year! Of course, while it's nice to be recognized, the conference is a great opportunity for us as well, allowing us to better understand the issues at the top-of-mind for CIOs and to find out what they're dealing with on a day-to-day basis. In turn, we can provide some insight into strategies and tactics they may not have considered before.

For instance, Mike's presentation this year, "Portfolio Software Value Management," provided actionable steps for maximizing the flow of business value from software. He also shared insights from his forthcoming book, "The Business Value of Software" (publication date 2017), focusing on the best practices for deriving value from software development initiatives.

Industry trends suggest that IT management is increasingly being held accountable for the value of IT initiatives, and yet little effort is made to actually measure, track, and optimize the value of software development in any meaningful way. In the words of Mike, "It's appalling that so few organizations have implemented the necessary steps to demonstrate their value directly to the business in terms that they can understand and openly discuss."

Download his presentation for suggestions on how organizations can move forward down this path - and let us know what you think!

Download

Written by Default at 05:00

"It's frustrating that there are so many failed software projects when I know from personal experience that it's possible to do so much better - and we can help." 
- Mike Harris, DCG Owner

Subscribe to Our Newsletter
Join over 30,000 other subscribers. Subscribe to our newsletter today!