How Agile Methods can promote the Digital Transformation in Companies

Lately, much has been said about digital transformation, a concept that goes beyond automating processes, and shows that business models are no longer immobilized, that is, business models must be created and changed continuously. Technologies like Cloud Computing, Big Data, Mobile Payment, IoT (Internet of Things) and Artificial Intelligence offer a great potential for companies that are ready to invest into them and are willing to embrace change.

A new reality in the speed of business changes and disruptive technologies

For the longest time the organizational and management model of companies was based on the concept of operational stability, designed to withstand change. When these eventually arise, companies create long-term strategic projects that try to incorporate all the likely changes they see happening. The goal is to create a new model, also stable, that is long lasting. And the cycle repeats itself. The mental model is clear: long periods of stability, followed by a large break, adaptation to the new model and the consequent stabilization in the new context.

Obviously, this mental model permeated the IT governance guidelines and models. Their processes and methods clearly reflect the quest for stability and resistance to change. It is a vision of slow and gradual change, often backed by bureaucratic hurdles from an extensive list of management approvals.

Due to rapid technological evolution, companies are turning and creating unexpected competition for the market giants. For example, the creation of Uber in the taxi industry, Airbnb in the hotel industry, Netflix in the film and entertainment industry, Whatsapp in the communications industry, among others that directly influence previously stalled and changed business models using what technology currently has to offer as a way to position itself again in a competitive way in the market, causing a rupture in traditional business models, for new forms of business we named disruptive business models.

More and more business innovations are software based and digital businesses move very quickly simply because software changes much faster than physical things. This affects all business sectors. Some have already been affected, others will soon be affected. Rare will be those who will be more or less immune to these ruptures. And even sectors that are considered immune are subject to disruption when the boundaries between the industry sectors themselves begin to collapse. The competition may come unexpectedly from both a software company and from a completely different industry.

That is why many companies are adopting the agile methods in their way of working and are seeing that it is not only a process improvement, but a new strategic need. When it comes to agile methodology, the big challenge is to create agile mindset. It does not only mean having the skills and know-how, but also cultivating an agile team, being supported by the top management of the organization.

Digital Transformation needs Cultural Transformation

Numerous aspects involve organizational changes and new management practices and structure are resilient to be incorporated into corporate culture. Major changes are only possible if there is a change in the way of thinking. In speech, it is common to hear about innovative practices, but what you see in reality are organizations trying to embrace them in the old fashion. This fear is common even in companies that begin to adhere to the agile culture modestly in some areas, indicating that there is a concern in broadening the concept. As long as the transformation does not pass through the company as a whole, it will not produce results. It will only work when it reaches values and infects all employees.

Without this transformation, organizations will have more difficulty coping with the changing times of the digital economy. After all, it is no use bringing technologies that have been developed in this model if the company still does not live this reality. Technological solutions will not solve the way of thinking. So, what happens is a new product being used the old way. Agile Culture has a series of principles that help users receive the news and even direct projects for success, generating more business value and economy.

In times of crisis, recession and change, it is necessary to save, show results, be ready to change direction quickly, focus on delivering greater value in the shortest possible time and cost. It is a daily effort to try to achieve, with a single shot, the right target. Everyone looks for a way to be different, but it's no use just adopting technology. You have to conduct it and implement it in the right way, to the right audience and at the right time.

The beginning of the new dynamic is difficult and requires patience, but in times of need an opportunity to do something different is born. The change is continuous: what we heard as a trend yesterday has already become a reality today and the company can only grow if the organizational structure is ready to receive technological modernization.

Agile Methods to promote the Digital Transformation

Given this scenario of constant change, how can agile methodology help in the delivery of digital transformation? Simple: Unlike traditional methodologies, which require a lot of time to deliver something to the customer, one of the principles of the agile method is to satisfy the customer through deliveries in short timeframes in a continuous and advanced way, always keeping in mind the most important: The added value.

Often delivering something on the shortest time scale, between two to three weeks, causes the customer to see the added value and progress of the product. When we deliver value added, we need to keep three points in mind: 

• Cost (how much does it cost to do this part of the product?)
• Business (how much return will this part of the product bring to the business as a whole) and 
• ROI (how long will it take to get the return on investment?)

Now imagine a project for mobile payment, following the traditional methodology, in which the customer would only receive the product ready, according to the agreed scope after a few months. Are the requirements raised by the client the same as those agreed upon at the beginning of the project? Did the technologies for this type of project have not changed during this period?

Using the agile method there is a better management of the change of requirements, since it assumes that the initial requirements will be altered, even later, that can create a competitive advantage for the client and still be a differential for the company that provides the service.

Another important point when we speak of agile method is the quality question, which is guaranteed through the correct application of best practices, in which frequent tests are performed on each of the functionalities, allowing the identification of any problem in advance necessary for the delivery product is completed within the deadline and specifications agreed with the customer.

Digital transformation today is a reality that has been growing and revolutionizing the IT market. Companies that still use development and delivery methodologies with bureaucratic practices and processes are bound to lose market share to competitors. To prevent this from happening, new processes work as allies and must be adopted by everyone in the company.

DevOps to facilitate the Digital Transformation

Fully integrated with the agility model, the DevOps concept when it comes to software development is also a process that facilitates Digital Transformation.

Traditionally, models such as ITIL have been used for a long time to control change processes by reducing the frequency of these changes and triggering controls if one occurs. In general the traditional process accumulates the changes and makes deliveries at once. The famous changes of releases. This expectation is one of the causes of many user areas investing not because they want to, but by necessity, in the famous "Shadow IT" initiatives, leveraged by offering new cloud alternatives, beyond the reach of IT rigidity. Delivering too late is the same as not delivering, because it does not meet the demand of the business: it was the solution to the problem of yesterday, not to today!

DevOps has another vision: its philosophy is of continuous delivery, with small pieces of code each time. It believes that changes in the business context happen so quickly and so often that waiting to accumulate all of them is putting the business at risk.

Adopting DevOps is not something that happens from one day to another. It is a conceptual change and a mental model. Demand knowledge of new practices and intensive use of technology to automate the software development process to the fullest. Many companies will have greater difficulties due to regulatory issues. Others with an immense legacy of systems are likely to maintain traditional processes in some of their systems and adopt methods such as DevOps in customer facing systems that exploit mobility.

Agility is a mental model. You need to embrace it in your mind before you can start to employ it in your business processes. 

Conclusion

The first step is to recognize that the traditional model has already aged. The second is the decision to embrace change. Agile and DevOps involves new practices such as continuous delivery of new features in small doses, use of dedicated, cross-functional and small teams, loose coupling architecture, automated environment processes, integration and continuous testing and interactive and collaborative environment, with users, operation and development acting together, without friction between sectors, as we see today.

From there, fill the gap of expertise, adopt technologies to automate processes and make cultural and organizational changes, dealing with the inevitable psychological barriers (adverse reaction to changes in the status quo, disbelief, etc.). 

Do you embrace and promote change and adoption of new and agile working patterns in your organization, or do you sit back and watch those who are imprisoned in their old thinking models manage it towards it's collapse?

Cross Site Scripting (XSS)

Cybercrime has been at an all time high in recent history, with many corporations and online services having suffered through some significant cyber attacks which have been harmful to the safety and privacy of their own data as well as that of their clients. 

Every day new exploits are being discovered or combined in a new clever way, making protection of sensitive customer data increasingly difficult.

One of the more common attack vectors is called Cross Site Scripting. In fact it continues to make it into the OWASP Top 10 Application Security Risks Report year after year.

Cross Site Scripting (or XSS) is a technique by which an attacker gains access to the user session through clever placement and execution of his own malicous code into vulnerable web applications. Instead of attacking the website or service directly, the goal is to hijack the already established session of a user, allowing the attacker to then impersonate his victim.

When properly exploited, a sucessfull Cross Site Scripting attack can have devastating consequences, as it grants the attacker full control over the user session, which in turn allows him to access and modify otherwise protected data.

There are essentially three different types of Cross Site Scripting attacks:

1. Stored XSS

Also known as Persistent XSS or Type I XSS, stored XSS is arguably the worst form of Cross Site Scripting vulnerability. Stored XSS occurs when an attacker is able to sneak his payload into a website in a way that exposes it to other visitors of the site. The perpetrator finds a vulnerability in the website and injects a malicious script into it. This script is designed to collect tokens and session cookies from any user who accesses it. Often times the attacker exploits weak input validation mechanisms of the website in question, allowing him to insert clientside javascript code into the site, for example through a comment field. When other users visit the site, the inserted script gets executed on their computer and transmits their session cookies to the attacker.

A stored XSS attack has a much larger and widespread effect than that of a reflected one primarily because it comes into action each time the webpage is visited, causing harm without even requiring the user to click or enter a particular link. 

These type of XSS attacks generally occur on popular pages, specifically social media sites and sharing platforms with high amounts of traffic, as once exploited, they can spread and grow exponentially in a very short amount of time.

2. Reflected XSS

This is one of the most common and basic forms of web vulnerabilities. In this type of XSS attack, the malicious script is not directly injected into the website but instead requires the user to click on an specially prepared link first. This link is sent to them through email or any other means of communication. When clicked on, the link will take them to the website, where the malicious script will then be embedded into it and "reflected" to the browser. Since the command is coming from the website itself which is a trusted source, albeit reflected, the browser lets it run.

3. DOM Based XSS

When a browser receives the HTML content of the server, it builds the so-called Document Object Model (DOM), allowing client-side scripts to interact with all the different elements of the page. It is an object oriented in-memory representation of the web page.

DOM Based XSS attacks aim to inject the payload into the DOM using vulerabilities of the existing client-side scripts of the targeted website, making them very difficult to detect.

Recent research has found that about 77% of the top 5.000 URL's from Alexa harbor known vulnerabilities in their clientside JavaScript code, making them susceptible to DOM based XSS attacks. 

Measures to prevent XSS attacks

In order to minimize the risk of a sucessfull attack against users of your website or service you should make sure to implement proper input data validation and URL encoding. Ask your users not to click on any links they receive by E-Mail and encourage them to enter the addresses manually into their browser instead.

Most importantly, keep your thrid party frameworks and libraries up-to-date to protect your users against known security vulnerabilities in them.

Design Thinking and Agile Development

Over the years, software development methodologies have evolved in terms of the sophistication and volume of information needed to develop systems in increasingly complex and integrated environments. With this historical evolution, the main focus was on quality, that is, thus ensuring that traditional software development problems were solved.

All this work ended up generating an excessive load of work, as well as a volume of information often redundant and unnecessary. In order to solve this problem, several studies were done, looking for ways to dampen the software development process, applying the principles of lean thinking, recovering agility lost over time.

In this article we will look at a theme that has been talked about quite a bit in recent years: Design Thinking. But what is the relation between Design Thinking and Agile Development? That's what we'll discover here. 

First, let's take a closer look at the general concept of Design Thinking.

Basic Concepts of Design Thinking

When we talk about this subject, we must first understand that Design Thinking is not a process or a methodology, but rather a philosophy (or way of seeing design) that seeks solutions mainly to analyze the user and its context under different angles and perspectives.

Design Thinking is a new way of thinking and tackling problems. A new mental model.

This approach has some fundamental aspects, such as: Immersion, Analysis and Synthesis, Ideation and Prototyping.

Immersion

Immersion is the initial phase, that is, at which point the project team approaches the context of the problem, both from the point of view of the client and the user.

Analysis and Synthesis

I believe that this is one of the most important moments, because this is where we will begin to have insights for possible ideas, generating some artifacts like personas, empathy map, user journey, among many others.

Ideation

It is the time when the team will begin to generate ideas to solve the identified problems, having as support material the insights created in the previous stage. It is very common to use collective creativity activities (such as brainstorming) and prioritization. It is important to remember that in this phase, it is critical that the team be diversified (developers, designers, business people, administrators, marketing, among others), because the more different skills and experiences are involved, the more ideas will emerge. In the end the team will have several hypotheses prioritized to be validated.

Prototype

At a time when the hypotheses are no longer so abstract and they become something more tangible. In general, paper prototypes are made because of speed and ease of work, but there are also digital prototypes. In either case, they may have low, medium or high fidelity relative to the final "product." After its construction, it is time to validate them with the possible users of your project, product or service. At the end of this phase, the unvalidated hypotheses return to the previous phases to be reworked, otherwise they are only discarded once and for all.

As you can see, Design Thinking is a very collaborative approach, user-oriented (all of its context) and, although it seems to be complex, it is quite simple to apply. But the question is what does all this have in common with the agile world?


Integration between Design Thinking and Agile Development

The motivation for this integration arises from the limitation of each of the approaches: Agile methodologies are limited in relation to practices aimed at understanding the problem to be solved. On the other hand, Design Thinking explores implementation of the products.

It is noticeable that Design Thinking is perfectly aligned with the agile manifesto. Its collaborative aspect shows us that the participation of all stakeholders in the initial stages of the project brings great benefits for all, especially for the client. Only this factor already covers three of the four values found in the agile mindset.

We emphasize that these steps need not be done just at the beginning of the project. Like Scrum, Design Thinking also works as a framework, and can be tailored to your needs throughout the project. However, it is necessary to respect its premises, that is, not leave aside the collaborative aspect and neither the users and their contexts.

It is also clear that Design Thinking is a great way to raise requirements that are totally focused on the needs of users, and can bring very interesting results, such as the greater adherence of your project to your target audience and, consequently, making the return on investment faster for the customer.

However, to be able to identify the needs of the user, it is important that the team is aware that this is not just a "designer thing", that is, its multidisciplinary aspect is paramount to its success, reflecting only the essence of design.

Another point that stands out is that its application within the agile context results in a strand called Agile UX, that is, using the principles of Design Thinking and Lean UX within the Scrum sprint.

The last point that we perceive is its relation with Visual Thinking, that is, to be able to structure ideas in a visual way. Some of the techniques used in Design Thinking are a good example of this issue (business model canvas and map of empathy, for example), and serve as inspiration for facilitation techniques in important ceremonies such as the Sprint Retrospective and even Sprint Zero (or Pre-Game) of Scrum for example.

Therefore, we can verify that the relationship between the agile world and the Design Thinking is much closer than it seems, having as essential factor the collaboration and the multidisciplinarity, being able to bring very good results for all sides. Another interesting point is that by having these characteristics, everyone involved feels more responsible for the project which is a great way to increase the engagement of the team and even the client.

The integration between the two, Design Thinking and Agile Development, is already a reality in companies of the digital world. Where projects are often treated as startups, they are innovative and extremely designed.

A Challenge: Design Thinking and fast development cycles

A challenge encountered in working with Design Thinking and with agile methods is the need to make fast developments cycles. To meet this need, a widely accepted and applied concept is the MVP (Minimum Viable Product).

It consists of developing the product in smaller scales, however, focusing on meeting the expectations, already generating value for the customer. The classic illustration that represents a comparison between iterative development and MVP shows that already in a first delivery the product is already functional and allows the user to perceive its value.

The MVP technique is largely adopted by the followers of agile methods - this method also presents an excellent integration with Design Thinking, since it shares the same principles regarding prototyping.

The combination of these methods allows a significant simplification and acceleration of creative work and solution development, so organizations, companies and individuals can approach the pace at which innovations are being implemented in the digital age, further fueling competitiveness. Are you prepared?