It’s clear that in the last two years, the global pandemic has created unique circumstances for business and IT leaders at small- and mid-sized businesses.. Yet strategic technology decisions, such as vendor consolidation, can help support a business’s ability to handle volatility and remain agile in challenging times.

In this second episode of our 5-episode podcast, Essential Connections: The Business Owner’s Guide to Growth During Economic Uncertainty, we examine how to future-proof your business with agile IT leadership.

In fact, according to GoTo research, 95% of those surveyed have consolidated or plan to begin consolidation to multi-purpose vendors as they seek to streamline and optimize in the face of global uncertainty. Our guest, Paddy Srinivasan, GoTo’s CEO, says this is essential.

“When the pandemic set upon us, most IT departments were in a scrambling mode. And they bought a lot of technologies just to make ends meet as their workforce started dispersing across the world,” he explains. “So, there was a mad scramble for solutions for remote connectivity, monitoring, management, security, and the whole nine yards.”

Fast forward, and most IT departments are looking for ways to streamline these investments, he explains. “Having multiple vendors and tools drive up costs significantly. And it also becomes super hard to share information and have seamless workflows for all the tasks that the employees (both in IT and outside IT) must accomplish on a day-to-day basis.” The answer: Streamlining IT vendors.

Listen in to learn all the details, including Paddy’s actionable insights on how to reduce the burden on IT while keeping employees and customers happy.

Be sure to listen to other episodes in our series, Essential Connections: The Business Owner’s Guide to Growth During Economic Uncertaintyand learn how you can future-proof your business with agile IT leadership.

IT Leadership, Small and Medium Business Can you detail the Bin Dasmal Group’s digital transformation process and how changes have helped improve business performance?

Umesh Moolchandani: Among various IT initiatives undertaken during the last few years, upgrading ERP has revolutionized the organization. The upgrade has allowed the business to optimize the total cost of ownership by approximately 25% to 30%, while deploying serves with the highest standards of security in Oracle Cloud Infrastructure, shifting the cost model from CAPEX to OPEX. Furthermore, the integrated view of company data in web-enabled architecture has improved information sharing, collaboration across functional and corporate boundaries, and decision making for the management using advanced analytics based on a single view of data. This has to be achieved by investing in the latest available technologies with lower total cost of ownership and maximizing ROI. For setting up the infrastructure, the objective was to host the servers in Oracle Cloud instead of investing in on-premise hardware. The key objective was to host the application securely in the cloud, with no or limited public exposure, while keeping optimal performance, infrastructure resiliency, and data redundancy. Implementing CRM software has also improved response time to customers as well as decision-making based on customer-related data.

Umesh Moolchandani

Where have you been investing during the past two years in terms of tech initiatives?

Bin Dasmal Group decided to upgrade the legacy ERP application to a more agile, modern and cutting-edge web-based application in a cost-efficient and secure manner in order to help track its supply chain activities from inventory purchase, production, processing and final shipment to customers. This integrated view of company data in a web-enabled architecture would improve information sharing, collaboration across functional and corporate boundaries, and improve decision-making for the management. We also deployed CRM software that covers a broad set of applications and software designed to help businesses manage customer data and customer interaction, access business information, automate sales, provide marketing and customer support, and manage employee, vendor and partner relationships.

In addition, we decided to work with [modern data protection software developer] Veeam as our backup solution provider based on its capabilities for providing tools for both on-premise servers as well as cloud environments, and the ability to handle disaster recovery requirements. The new architecture was created with high availability at various levels, like server and storage levels. The servers along with VMware Essential Plus and Veeam software deployed in the Dubai Investments Park, and a few changes were done in the datacenter architecture for deploying disaster recovery. So the solution enabled cross-site disaster recovery of the servers and data based on the required RPO and RTO, which were decided based on the criticality of the system and data. Plus, the Veeam software was configured to back up cloud-based servers too.

Can you give us a little more detail of how further investing in ERP is helping the business?

The upgrade of ERP application included a newly procured manufacturing module that allowed Bin Dasmal to improve operational efficiency using best practices in the manufacturing industry. The new application also provides greater visibility into operational processes and profitability by providing various dashboards, reports and alerts with different dimensions. It’s easy to use, can be accessed anywhere based on rights and security and provides improved reporting of business data. This has improved decision-making because managers at all levels have real-time access to the same data, such as production status summaries and financial reports. The new processes, and upgrades in existing processes, have increased the cost efficiency and better visibility in operations, resulting in improved quality and customer service for the whole Bin Dasmal Group.

The company also moved to the cloud. Why did you choose to work with Oracle above other providers?

Oracle Cloud Infrastructure offers several unique features and tools that support migrating and running its databases and business applications portfolio efficiently. Minimal changes are required to move Oracle applications, reducing the cost and length of migration to the cloud. Its infrastructure also offers tools and architecture that help enterprises seamlessly move from on-premise to the cloud, leveraging improved automation and built-in security to mitigate threats, ultimately supporting superior migration and economics. Their IaaS offering delivers a diverse range of capabilities unmatched in the industry—from its second-generation platform and suite of bare metal services to remote direct memory access (RDMA) for technical computing clusters. This differentiation enables Oracle Cloud Infrastructure’s guarantee on both predictable performance and customer isolation.

Where is Bin Dasmal Group going to further invest? We’re going to shape business priorities in consultation with business leadership for the long term, and create IT roadmap for optimization of back-end processes, IT infrastructure capability building, large-scale automation, transformation strategies, and so on. It’s also critical to keep an eye on the beyond Covid-19 era since the competitive landscape will be reshaped and markets, competitors and value propositions will differ from those before the pandemic. At this stage, it would be crucial to understand the changes ahead in order to take the correct steps that will align the company with the world beyond the crisis.

CIO, Digital Transformation

By: Lars Koelendorf, EMEA Vice President, Solutions & Enablement at Aruba, a Hewlett Packard Enterprise company

Can an enterprise CEO today be successful without having a strong relationship with the CIO and the corporate network?

The short answer is no. Technology today powers and enables so much of how businesses function. Given the pace of digitization, the corporate network, led by the CIO, is increasingly becoming a critical business decision center for the CEO within the broader context of running a large enterprise.

In particular, there are three points CEOs today must consider when examining the network and their relationship with the CIO.

1. Investing in the network is foundational to achieving business goals

Is there any department across the modern enterprise business that would not benefit from the ability to work better, faster, easier, smarter, cheaper, and more secure?

The COVID-19 pandemic has already proven again and again why digital transformation is now fundamental to business growth and survival, especially in the face of outside, unanticipated events severely impacting normal business operations.

Matching technology with how business engages key publics, from clients to the community to investors and beyond, allows employees to create higher quality work while producing more competitive products and services that keep pace with ever-evolving demands. It means empowering back-end functions to support the rest of the business better than before. Meanwhile, regardless of which department they belong to or where they choose to work, employees must have the best experience possible, without any technical roadblocks and complications that can stop them from delivering their best work. Otherwise, employees will and are seeking out that environment elsewhere. Indeed, many employees actually experienced very good connectivity while working from home during the pandemic – and now demand that same easy and seamless experience coming back into the workplace or while on the road.

The key to creating that effective work environment is ensuring the CIO makes clear to the CEO the value of automated systems, which not only includes streamlining operations, but eliminating human error, overcoming human limitations, and freeing up employees to focus on projects that drive real value. In short, with the right technology, CIOs can drive actionable insights from the deluge of data that a given company has been accumulating that support the CEO’s long-term vision and business goals.

Enterprise data has the potential to deliver significant cost savings, improve operational efficiency, and even unlock new business opportunities and revenue streams. But first, it needs to be stored, secured, sorted, and analyzed – all of which a great enterprise network can facilitate.

To unlock its full potential, CEOs need to work closely with their CIOs and other department heads to understand the exact impact that the network could have on every area of the business.

2. The network also plays a vital role in achieving sustainability goals

Sustainability is not just a strategic priority. For most companies around the world, sustainability has become the priority, given that it’s being driven both from the top down (by company boards, investors, and governments) and from the bottom up (by employees, the general public, and key communities affected by business operations). In essence, networking capabilities must align with corporate sustainability goals and initiatives to truly achieve its full potential.

The network plays an integral role in empowering enterprises to become more sustainable, to measure and prove that sustainability, and to build more sustainable products and services. Therefore, investing in the right network infrastructure should be at the top of any CEO’s agenda, and they will need to work in tandem with the CIO and other relevant department heads to achieve those aims.

3. A modern network can help the enterprise stay ahead of potential pitfalls

Given the rate of change and disruption, any CEO simply investing just enough in the network to keep operations moving has already lost the plot. The CEO instead must work closely with the CIO to anticipate future business needs, opportunities, and threats, outlining clear goals and corresponding initiatives that ensure the modern network is flexible and nimble enough to meet the challenges.

It used to be that if the network were down, employees could do other manual work while waiting for a fix. Today, however, if there are issues with the network, everything stops, from the factory floor to the storefront to the corporate headquarters. In that sense, the network is mission-critical to keeping the business running.

But the network has so much more potential than this – to help the business continually stay ahead of and be differentiated from the competition. The reason is an agile network creates the foundation for every area of the business to innovate, from IT to R&D and logistics.

With an agile network, the infrastructure is always ready to integrate, support, secure, and fund any new technological developments that might help the business to move the needle on its goals.

Creating Strong C-suite Connections

While this particular article has focused on the relationship between the CEO and the network, at the end of the day, the CEO must empower the CIO to be an advocate for the network and support all C-suite members to work together towards building one that helps them achieve both individual departmental and collective organizational goals.

For more on creating a modern, agile network, learn about Aruba ESP (Edge Services Platform):


The agile approach to project management has gained immense popularity across nearly every industry due to its flexibility and its emphasis on visualizing projects as discrete parts that can then be delivered quickly in sprints.

Given the demand for speed in today’s digital business environment, agile stands out as a project management and software development methodology, helping IT professionals deliver high-quality outcomes quickly — and thereby enhancing their career prospects.

Developing agile expertise will also improve IT leaders’ ability to get the most out of their multi-skilled agile teams. Armed with agile know-how, enterprise technology leaders can increase their projects’ prospects for success in service of business goals, which will in turn help take their careers higher.

Here are 16 agile certifications that will give you the skills and knowledge necessary to take your IT career to the next level.

Top agile certifications

Agile Programme Management (AgilePgM)Agile Project Management (AgilePM)Professional Scrum Master (PSM)Professional Scrum Product Owner (PSPO)Certified Agile Project ManagerSAFe AgilistSAFe Product Owner/Product ManagerSAFe Scrum MasterCertified ScrumMaster (CSM)Certified Scrum Product Owner (CSPO)ICAgile Agile Fundamentals (ICP)ICAgile Agile Product Ownership (ICP-APO)ICAgile Agile Team Facilitation (ICP-ATF)ICAgile Business Agility Foundations (ICP-BAF)ICAgile Agile Project and Delivery Management (ICP-APM)PMI Agile Certified Practitioner (PMI-ACP)

Agile Programme Management (AgilePgM)

The AgilePgM certification offered by UK-based APMG International offers the planning, management, and communication skills required for agile program implementation. It offers hands-on knowledge of incremental development, in which each consecutive version of a product is usable, and is developed on the previous iteration based on user feedback. The AgilePgM can be earned independently without coursework, which various training providers do offer for those who need it. The certification is currently offered in foundational proficiency only.

Cost: $160; training fees are billed separately, if necessary

Agile Project Management (AgilePM)

The AgilePM certification offered by APMG aims at enabling practicing project managers and agile team members to scale up as agile project managers. The certification covers the framework and principles of agile, as well as the roles and responsibilities of team members within an agile project. It deals with an agile project lifecycle, containing alternative configurations and the techniques applied, as well as their advantages and constraints. The AgilePM can be done independently without coursework, which is provided by various training providers if necessary. This cert is currently offered in both Foundational and Practitioner proficiencies.

Cost: $160, Foundational; $240, Practitioner; training is billed separately, if necessary

Professional Scrum Master (PSM)

Anyone who desires to validate their knowledge of the Scrum framework and its application can avail the Professional Scrum Master certification offered by Courses are available to aid your preparation for the assessment, including the Applying Professional Scrum and Professional Scrum Master courses, but you can also take the PSM I assessment directly without coursework. The certification is also offered at higher proficiencies (PSM II and PSM III). All assessments are conducted in English; many test takers use the Google translate plugin to take the assessment. There is no need to enroll in a course if you already have a substantial level of Scrum knowledge and an understanding of Scrum application within Scrum teams.

Cost: $150, $250, $500 for PSM I, II, III, respectively

Professional Scrum Product Owner (PSPO)

The Professional Scrum Product Owner certification from aims to equip product owners with a clear understanding of the value drivers for their products, and to help them develop a keen sense of how to use agile practices and Scrum to maximize that value. Anyone intending to validate their knowledge of the Scrum framework and ability to support value creation and delivery should undertake this certification, which is also offered at higher proficiencies (PSPO II and PSPO III).

Cost: $150, $250, $500 for PSPO I, II, III, respectively

Certified Agile Project Manager

This certification offered by the International Association of Project Managers (IAPM) is for candidates holding a basic knowledge of agile project management. It aims to help candidates understand how to establish and implement an agile project efficiently, giving them tools for completing routine project activities spanning from project initiation to project close-out. The IAPM certification is offered in three proficiency levels: Basic (Certified Junior Project Manager), Intermediate (Certified Agile Project Manager), and Advanced (Certified Senior Agile Project Manager). It can be taken without coursework from a training provider as long as self-preparation is robust enough.

Cost: From $90 to $580, depending on proficiency level

SAFe Agilist

The SAFe Agilist certification covers the foundations of SAFe, the principles and practices of Lean agile transformation, and the tools necessary to lead SAFe agile in remote environments with distributed teams. The certification helps candidates understand how companies can build business agility with SAFe and improve quality, productivity, employee engagement, and time-to-market. It provides certification holders expertise in making organizations more customer-centric and in running significant SAFe alignment and planning events, such as PI planning. The certification is coupled with trainings, which are provided by several training providers and are not offered independently. Depending on the training providers selected, prices may vary over a wide range.

Cost: From $650 to $900

SAFe Product Owner/Product Manager

The SAFe Product Owner/Product Manager certification guides candidates through the strategic responsibilities required for these roles in the Agile Release Train. It offers tools to work efficiently in remote locations with dispersed teams and imparts understanding of how product owners and product managers should work in collaboration to get the best customer and business outcomes. Topics include customer-centric design; test processes; collaborating with engineering teams and business stakeholders; how to write epics, features, and stories; and the ways to design, prioritize, build, test, and deliver products with enhanced productivity and superior quality. Certification is coupled with trainings provided by several training providers and is not offered independently. Depending on the training providers selected, prices may vary over a wide range.

Cost: From $550 to $850

SAFe Scrum Master

The SAFe Scrum Master certification aims to help candidates coach agile teams to deliver business value, providing tactical skills to be an efficient Scrum master in a SAFe organization. It also offers instruction in facilitating agile events such as iteration planning, standups, and retrospectives, and it imparts know-how of DevOps implementation for continuous flow and delivery. Certification is coupled with trainings provided by several training providers and is not offered independently. Depending on the training providers selected, prices may vary over a wide range.

Cost: From $595 to $1,300

Certified ScrumMaster (CSM)

The Certified ScrumMaster credential provides an understanding of the Scrum framework and a perspective of team accountabilities, events, and artifacts. It also provides an understanding of how to guide a team to apply Scrum. The interactive course helps increase leadership skills and influence organizational change. In addition to the foundational certification, it is also offered as advanced proficiency (Certified ScrumMaster Professional). Price for combined certification and training varies depending on the training provider selected and on the delivery channel, whether in-person or online.

Cost: From $445 to $1,595, for CSM; from $750 to $1,495, for CSM Professional

Certified Scrum Product Owner (CSPO)

The Certified Scrum Product Owner certification provides an understanding of the framework and principles for efficiently deploying Scrum, as well as the critical skills and tools required to be an effective product owner. Scrum Alliance members can tap into the community to gain access beyond the classroom via resources, events, education, and coaching. Prices for training and certification vary depending on the training providers selected and the delivery channel chosen.

Cost: From $495 to $1,495, for CSPO; upward of $1,500 for CSPO Professional

ICAgile Agile Fundamentals (ICP)

The Agile Fundamentals certification provided by International Consortium for Agile (ICA) offers an understanding of the foundational concepts along with an understanding of the agile mindset and principles. Also known as the ICAgile Certified Professional (ICP), the cert paves the way for ICAgile’s product and technical certification. With this, you can gain organizational agility without pinning on any particular agile methodology or framework (i.e SAFe, Scrum, Kanban, XP, DSDM, etc.). Certification is bundled with training from various training providers, which provide both online and in-person courses. Price varies depending on provider and delivery channel.

Cost: From $800 to $1,725

ICAgile Agile Product Ownership (ICP-APO)

The Agile Product Ownership certification from ICAgile imparts knowledge to successfully deliver software, products, and services via key agile practices. Product owners, product managers, business subject matter experts, business analysts, and project managers can take this certification, which is given on successfully completing the class and post-class survey. The certification is bundled with training from various training providers, which provide both online and in-person trainings. Price varies based on provider and delivery channel.

Cost: Upward of $1,000

ICAgile Agile Team Facilitation (ICP-ATF)

The Agile Team Facilitation certification is intended for professionals who wish to learn how to facilitate and coach agile in a team context. Befitting roles include Scrum master, product owners, business analysts, agile product managers, agile coaches, and those keen on harnessing facilitation capabilities. Certification is bundled with training from various training providers, which provide both online and in-person trainings. Price varies based on provider and delivery channel.

Cost: From $650 to $1,545

ICAgile Business Agility Foundations (ICP-BAF)

Professionals looking to drive organizational agility in modern business environments may find the Business Agility Foundation certification from ICAgile worthwhile. The ICP-BAF is not a direct substitution for the ICP credential, and those already in possession of the ICP may find the ICP-BAF more useful. Certification is bundled with training from various training providers, which provide both online and in-person instruction. Price varies by provider and delivery channel.

Cost: From $300 to $1,595

ICAgile Agile Project and Delivery Management (ICP-APM)

The Agile Project and Delivery Management certification is aimed at validating candidates’ skills for successful Lean and Agile product delivery. Various approaches including projects and value stream delivery methodologies are taught in the training. Trainees will be able to identify dependencies and blockers, enable rapid feedback and learning, and facilitate incremental value delivery through this training and subsequent certification. The ICP-APM is bundled with training from various training providers, which offer both online and in-person training. Prices vary depending on provider and delivery channel.

Cost: From $1,100 to $1,495

PMI Agile Certified Practitioner (PMI-ACP)

The Agile Certified Professional credential from the Project Management Institute (PMI) covers several approaches to agile such as Scrum, Kanban, Lean, extreme programming, and test-driven development to increase your versatility, no matter how the project spirals out. The three-hour exam has 120 multiple-choice questions. To maintain the PMI-ACP, 30 professional development units in agile topics must be completed every three years. Prerequisites include a secondary degree, 21 contact hours of training in agile practices, 12 months of general project experience within the past five years, and eight months of agile project experience within the past three years.

Cost: $495

More on agile project management and certifications:

Agile project management: A comprehensive guide
16 tips for a smooth switch to agile
Scrum vs. Lean vs. Kanban: Comparing agile project management frameworks
7 simple ways to fail at agile
Agile’s dark secret? IT has little need for the usual methodologies
5 misconceptions CIOs still have about agile
Introducing the scaled agile framework (SAFe)
Comparing scaling agile frameworks
The 13 most valuable certifications today
13 emerging IT certifications for today’s hottest skills
19 big data certifications that will pay off
Top 11 project management certifications
Agile Development, Careers, Certifications, IT Skills, Project Management Tools

Insurance or not, many organizations are transforming themselves with agile models. We spoke to a top leader of an international insurance firm that is leveraging Agile approaches more often and in more projects. Here are some learnings we discovered.

What challenges did you need to overcome to be successful?

As we looked to scale Agile across our organization, one of the biggest problems that we experienced was that our tool wasn’t, well, agile. It was little more than a fancy looking spreadsheet and our staff spent their time battling with the tool rather than leveraging the tool to help the business. That just wasn’t sustainable.

In what ways do you address these issues?

Just like any other aspect of business, the ability to deliver work effectively using Agile requires a combination of the right information driving the ability to make sound decisions in a timely manner, and a tool that allows people to focus on doing their work rather than interacting with the tool. We needed to find a solution that could easily integrate with our other enterprise tools, and that could help us become more effective and efficient.

What was your end solution, and what impact did it have?

For us, Rally Software from Broadcom was the answer. We recently ran our first PI planning session using the tool and we cut the duration of the planning session by two hours. Multiply that across the number of people and the number of times we plan PIs and it becomes a material saving. And of course, that efficiency means staff time can be redirected into work that adds value to the business.

Rally integrates with our other tools — delivering information, consuming information, and generally improving workflow and automation. That means people have the information they need in a way that works for them, allowing them to focus on their tasks. We’re also planning to leverage Rally as a decision-making tool for the business — helping teams to prioritize and refine user stories and drive more improvements.

How is this driving your success?

We’re breaking down silos. With the ability to collaborate in a tool that actually helps us deliver, we are strengthening relationships between business and IT. That improves understanding and ultimately drives engagement in ensuring that the best possible solutions are delivered — so we can keep increasing customer and business value.


Through effective implementation of agile solutions such as Rally Software, teams can enhance innovation, optimally balance resources, and fuel dramatic improvements in delivery. Going agile is the first step toward more impactful Value Stream management — so what are you waiting for? If you find yourself in a similar business scenario and would like to learn best practices to unlock excellence with Agile analytics, be sure to download our eBook, “How To Interpret Data from Burnup / Burndown Charts.

Collaboration Software

If it looks like a duck, swims like a duck, and quacks like a duck, then it’s probably a duck. The same is not true, sadly, for many agile project management and development initiatives.

Too often, an organization may launch something that looks like an agile program, calls itself an agile program, claims to operate like an agile program, yet really isn’t an agile program in the least.

Could your organization be fooling itself into believing that its agile practices and methodologies are the real deal? Read on to see how to detect the seven telltale signs of a fake agile in enterprise IT today.

1. Ignorance

CIOs with inadequate knowledge of agile, including its basic principles, requirements, and benefits, are almost certain to encounter fake agile in practice in their enterprises. Organizations that want to be agile, but are at complete odds with the agile philosophy, can also be fooling themselves about their agile practices, observes Jenny Herald, vice president of evangelism at Gtmhub, a provider of tools for setting and measuring enterprise goals and results.

Along with a well-defined strategy, the best way to prevent fake agile is to make sure agile is actually the right fit. Agile is often viewed as a cure-all, but the reality is that it’s not a good fit for all organizations. It requires a mindset shift, Herald notes. “The shift is not just about transitioning to a new set of practices — there must be a change in attitude and mindset around agile values and principles.”

Agile success starts at the top. “A CIO needs to ensure there’s leadership commitment, and not just from themselves but from leaders across the C-suite and the company as a whole,” Herald says. “Leaders must be committed to the enablement of agile teams.”

2. Losing the forest for the trees

When the focus shifts to granular facets of agiles, like Scrum ceremonies, instead of actual content and context, agile’s true principles are lost, says Prashant Kelker, lead partner for digital sourcing and solutions, Americas, at global technology research and advisory firm ISG.

Agility is about shipping as well as development. “Developing software using agile methodologies is not really working if one ships only twice a year,” Kelker warns, by way of example. “Agility works through frequent feedback from the market, be it internal or external.”

Too often organizations focus on going through the motions without an eye toward achieving business results. Agility is not only about adhering to a methodology or implementing particular technologies; it’s about business goals and value realization. “Insist on key results every six months that are aligned to business goals,” Kelker says.

3. Team leadership void

When a team lacks a dedicated product owner and/or Scrum master, it will struggle to implement the consistent agile practices needed to continuously improve and meet predictable delivery goals.

CIOs need to ensure they have dedicated team members, and that the product owner and Scrum master thoroughly understand their roles. “If not, make sure they receive some training and, if possible, arrange for an agile coach to provide guidance,” advises Jerry Walker, consulting director at software development advisory firm Nexient.

Walker suggests spending time with team members to view and understand how they operate. “Ask to see their team metrics,” he says. KPIs can be a good measure of agile success: Are the user stories well written, correctly sized; and how good is the acceptance criteria?

4. Forgoing feedback

Of course, metrics can also be misleading, depending on their use. One of the clearest signs of fake agile, for example, is when an IT department concentrates on team productivity KPIs rather than on value and predictable delivery accompanying each release.

If a CIO recognizes that the IT department is siloed in business goals and objectives, this is fake agile, states Patrick Guidon-Slater, director of agile transformation services for IT service management company TEKsystems. “Agile requires two-way communication, meaning that the IT department and CIO must receive and implement feedback from the customer while also sharing updates and developments,” he explains.

A CIO should also quickly integrate fresh feedback, deliver value, and then move forward to the next value-measured priority, Guidon-Slater recommends. “This can be accomplished by listening to the concerns of internal stakeholders, providing customer feedback, and ensuring that product backlog priority is aligned with the enterprise’s strategic objectives, product roadmaps, and a well-defined portfolio vision.”

5. Rigidity

Fake agile can also appear when an organization overemphasizes doing agile “correctly.” Real agilists focus on being agile, not blindly following accepted protocols to the ultimate degree, says Troy Frever, vice president of engineering at project management software firm LiquidPlanner.

Rigid rules frequently lead to ossified processes and an overall lack of agility. “If there are lots of hard and fast rules, no room for customizing to fit the context, and a ‘my way or the highway’ attitude, then there’s a good chance it’s not the real thing,” Frever says. Agile should be primarily focused on learning, feedback loops, and responding to change. “If you don’t see those things happening, something is likely wrong,” he warns.

Hire experienced trainers with great references who understand agile deeply and are also good at teaching it, Frever advises. “Understand that real agility involves a fundamentally different way of working and get buy-in from both the sponsors and the work teams.” Don’t expect the transformation to occur overnight. “After training, hire experienced coaches and/or Scrum masters that can nurture new agile teams and help them grow over time,” he says.

6. Talking the talk — and overlooking the tech

CIOs should suspect that something’s wrong when teams begin devoting more time to agile catchphrases and events than on improving customer value and experience. Enthusiasm is a powerful team motivator, but leaders need to ensure that zeal doesn’t obscure the fundamental mission.

CIOs should coach agile teams on what’s important to the organization and its clients and shift the conversation from how software is developed to obtaining feedback on the software itself, says Wing To, vice president of engineering at DevOps platform provider “Reviews too often focus on checking if something is delivered, or how it was delivered, rather than checking if it’s iteratively moving towards strategic goals and delivering what users want,” he notes.

Agile’s language and processes provide a strong and necessary foundation, To says. Yet, whenever possible, organizations should also equip their agile teams with tools designed to simplify or accelerate activities. Such products and services “are essential to enable teams to focus on the customer value and feedback,” he says.

To also recommends using automation to streamline the delivery of quality software. “For larger enterprises, tools need to be in place to facilitate planning and adapting plans across multiple team,” he adds.

7. Feeble commitment

Fake agile is frequently rooted in a lack of organizational support. Weak commitment can include a lack of understanding, missing or reluctant buy-in from senior management, or a desire to cut corners simply to save time and money. It can also be identified by a lack of collaboration, poor customer engagement, and a focus on processes rather than outcomes, says Gregory Lenzo, CFO at IBR, a personal and student loan provider.

When a project is afflicted with fake agile, the CIO should first attempt to identify the root cause of the problem, Lenzo suggests. Once the issue has been clearly identified, the CIO can then begin taking steps to resolve the problem. “This may include educating employees on agile [techniques], getting senior management to buy in, and emphasizing the importance of collaboration and customer engagement,” he explains.

Agile Development, Project Management, Software Development

How do attackers exploit applications? Simply put, they look for entry points not expected by the developer. By expecting as many potential entry points as possible, developers can build with security in mind and plan appropriate countermeasures.

This is called threat modeling. It’s an important activity in the design phase of applications, as it shapes the entire delivery pipeline. In this article, we’ll cover some basics of how to use threat modeling during development and beyond to protect cloud services.

Integrating threat modeling into the development processes

In any agile development methodology, when business teams start creating a user story, they should include security as a key requirement and appoint a security champion. Some planning factors to consider are the presence of private data, business-critical assets, confidential information, users, and critical functions. Integrating security tools in the continuous integration/continuous development (CI/CD) pipeline automates the security code review process that examines the application’s attack surface. This code review might include Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Infrastructure as a Code (IaC) scanning tools.

All these inputs should be shared with the security champion, who would then identify the potential security threats and their mitigations and add them to the user story. With this information, the developers can build in the right security controls.

This information also can help testers focus on the most critical threats. Finally, the monitoring team can build capabilities that keep a close watch on these threats. This has the added benefit of measuring the effectiveness of the security controls built by the developers.

Applying threat modeling in AWS

After the development phase, threat modeling is still an important activity. Let’s take an example of the initial access tactic from the MITRE ATT&CK framework, which addresses methods attackers use to gain access to a target network or systems. Customers may have internet-facing web applications or servers hosted in AWS cloud, which may be vulnerable to attacks like DDoS (Distributed Denial of Service), XSS (Cross-Site Scripting), or SQL injection. In addition, remote services like SSH (Secure Shell), RDP (Remote Desktop Protocol), SNMP (Simple Network Management Protocol), and SMB (Server Message Block) can be leveraged to gain unauthorized remote access.

Considering the risks, security teams should review their security architecture to ensure sufficient logging of activities, which would help identify threats.

Security teams can use the security pillar of AWS Well-Architected Framework, which will help identify any gaps in security best practices. Conducting such a self-assessment exercise will measure the security posture of the application across various security pillars – namely, Identity Access Management – to ensure there is no provision for unauthorized access, data security, networking, and infrastructure.

Although next-gen firewalls may provide some level of visibility to those who are accessing the applications from source IP, application security can be enhanced by leveraging AWS WAF and AWS CloudFront. These services would limit exposure and prevent potential exploits from reaching the subsequent layers.

Network architecture should also be assessed to apply network segmentation principles. This will reduce the impact of a cyberattack in the event one of its external applications is compromised.

As a final layer of protection against initial access tactic methods, security teams should regularly audit AWS accounts to ensure no administrator privileges are granted to AWS resources and no administrator accounts are being used for day-to-day activities.

When used throughout the process, threat modeling reduces the number of threats and vulnerabilities that the business needs to address. This way, the security team can focus on the risks that are most likely, and thus be more effective – while allowing the business to focus on truly unlocking the potential of AWS.

Author Bio


Ph: +91 9176292448


Raji Krishnamoorthy leads the AWS Security and Compliance practice at Tata Consultancy Services. Raji helps enterprises create cloud security transformation roadmap, build solutions to uplift security posture, and design policies and compliance controls to minimize business risks. Raji, along with her team, enables organizations to strengthen security around identity access management, data, applications, infrastructure, and network. With more than 19 years of experience in the IT industry, Raji has held a variety of roles at TCS which include CoE lead for Public Cloud platforms and Enterprise Collaboration Platforms.

To learn more, visit us here.

Internet Security