In order to cope-up with the business needs, small and medium-sized companies needed a fast, secure, and scalable IT infrastructure. But these companies lack the ability to have this setup in-premise, due to huge capital investment that goes into the growing needs of the IT infrastructure, staff, and the expertise to administer, preventing them from focusing on their core businesses. Hence, emerged the need to migrate to cloud computing, a solution that helps organizations to focus on their core businesses rather than worrying about the investment and maintenance of their business IT infrastructure.

Typically, Software as a Service (SaaS) and Platform as a Service (PaaS) are considered as types of cloud computing. In SaaS, software is held centrally and not by local machines, which is presented to the user on an on-demand basis usually by means of virtualization. Central control of the application is retained allowing for reduction in licensing, implementation, and ongoing maintenance costs. The delivery route in this instance is the ‘Cloud’, this being the general term for the Internet. Whereas, PaaS can be considered as the next step in the SaaS model, where on-demand delivery is not simply the specific item of software required but the users’ platform, allowing centralized control of the usage of each machine on the PaaS network.

Cloud computing solutions offer more scalability, location independent access, reduced cost of ownership, and improved server efficiency. They also help businesses to reduce the environmental impact of their IT infrastructure due to reduced requirement for hardware, implementations, and location dependence.

But, along with these potential benefits, cloud computing presents a new set of concerns such as security, privacy, availability, data integrity, lack of control, and integrity, which must be mitigated effectively if it is to be considered as a viable option for business. Third-party independent testing service providers with niche capabilities in the areas of performance testing, security testing, reliability testing, and experience in virtualization technologies are better suitable to do this work.

Migrating to a cloud environment requires an understanding of the new business needs and the inherited challenges associated with it. Hence, the scope of the software testing also needs to be widened to fully cover those business requirements and the inherited risks associated with cloud computing. In order to meet these testing requirements, organizations need to be equipped with additional resources including additional infrastructure such as different testing skills required by test engineers to perform the job of testing in a cloud.

Organizations must document the test strategy before initiating testing in order to gain benefits from cloud computing. They need to identify various types of testing to be performed and should choose the right cloud test environment. Understanding business characteristics of cloud computing and applicable cloud models to be tested play a pivotal role in choosing various cloud testing types such as, System Integration Testing (SIT), User Acceptance Testing (UAT), Interoperability Testing, Compatibility Testing, Performance Testing, Load Testing, Stress Testing, Recovery Testing, and Security Testing.

The two possible options for choosing the right test environment include, simulating in-house cloud test environment and choosing the right cloud service provider. In addition to identifying applicable testing types, testing teams should also focus on general considerations that are common to cloud testing.

Hence, testing teams should develop a good testing strategy that discusses the scope of software testing to meet the business requirements and characteristics of cloud computing, mitigating the risks and issues introduced by cloud computing.

The principal indicators of a growing business are widening customer base and rising return on investment and various parameters such as cost, time, and quality drive these indicators in the positive direction. To meet customer requirements with assured quality, organizations need to extensively consider market dynamics and should deliver, cost effectively, the right product, in the right way.

In software product development, an Agile methodology is one strategy adopted while addressing the challenges of market dynamics. The aim of any Agile project is to deliver a basic working product as quickly as possible and then to go through the process for continual improvement. An Agile project is characterized by having a large number of short delivery cycles (sprints) and priority is given to feedback-loops from one cycle to the next, which drive continuous improvement and enable issues that inevitably occur to be dealt with much earlier in the development life cycle.

Agile uses a Test Driven Development (TDD) model. As part of the project team, the Test Manager is responsible for establishing quality processes, identifying test resources, and delivering the test strategy. The test strategy will include details of the Agile development process being used along with test phases that are not directly related to Agile development. The testers, developers, business analysts, and project stakeholders all contribute to kick-off meetings where the ‘user stories’ are selected for the next sprint. The selected sprints are used as the basis for a set of tests, with testers creating test scenarios which are presented to business analysts and project stakeholders for their approval.

These test scenarios are then broken down to test cases that offer adequate test coverage for the given functionality. The developers then write code that will pass the tests. In this approach, development and testing take place continuously throughout the sprint with no separate testing phase. Results are then presented to the stakeholders for immediate feedback. The test scenarios defined are not limited to functional testing but can include other types of testing including performance and integration testing when the product is mature enough.

The user stories for the next sprint are written and these include the stories specified in the delivery plan as well as additional stories required to cover any issues identified from previous sprints. Regression testing must be performed on a regular basis to ensure that existing functionality has not been impacted by the introduction of new functionality in each iteration cycle. Stakeholders will take a decision on moving the application to release phase, depending on the market need or level of key functionality being added to the system. Prior to release, a final acceptance test is performed before transitioning the application into production.

However, Agile projects present their own challenges to the testing team. Unclear project scope, multiple iterations, minimal documentation, early and frequent testing needs, and active stakeholder involvement all demand special and diverse skills from the testing team. Some of the key factors for successful Agile development include, effective resource management; good communication between testers, developers, business analysts, and project stakeholders; and implementation of quality governance processes.

Hence, companies which adopt Agile projects should appreciate that engaging test teams at project initiation will ensure an accelerated delivery of working software, and time, cost, and quality must be controlled and balanced in order to achieve customer satisfaction and ROI.

The security of business IT systems has never been as important as it is today. Effective security can mean your business is safe from malicious activity or accidental introduction of malware. Failing to secure systems, websites, and manage employee usage of the internet exposes the company to great risks such as reputation damaged reputation, risk of system damage, loss of business, and the cost of remedial work. This is in spite of common uses of defenses such as firewalls and intrusion prevention systems.

The advent of new technologies such as Web 2.0 and the social networking phenomenon has revolutionized the internet by using existing technology in a different way to enhance communications, secure information sharing, collaboration, and functionality of the web. But, these technologies are also leading to an array of complications, greatly enhancing the risk in today’s business world. Malware targeting Web 2.0 applications is getting more diverse and harder to track and will most likely get even worse.

In order to reduce as much of the threat as possible, organizations need to identify, analyze, and report vulnerabilities in a given application. Correct firewalls must be put in place and regularly updated to account for any new threats that may arise. Security is fast becoming the focus of many regulators, and organizations and industry bodies are working together to tackle the issues that the on-line world presents. One industry that is enforcing its members to ensure a high degree of security is online retail. Companies are being forced to ensure their networks are secure to protect themselves and their customers from potential threats.

The solution adopted to ensure security in this environment is the Payment Card Industry Data Security Standard (PCI DSS), which is specifically designed to protect customer account information of credit/debit card holders. Every company that accepts credit card payments, processes credit card transactions, stores credit card data or accesses personal and sensitive data of customers are required by contractual obligation to be compliant with the PCI DSS. The complexities that PCI DSS compliance brings to an organization are significant. The mandatory elements of PCI DSS compliance should be built into business requirements definition when defining a new application to ensure they are subsequently developed and tested.

To ensure highest level of security, a best practice would adopt security measures such as, installing and maintaining a firewall configuration to protect data; do not use vendor-supplied defaults for system passwords; encrypt transmission of cardholder data and sensitive information across public networks; use and regularly update anti-virus software; develop and maintain secure systems and applications; assign a unique ID to each person with computer access; restrict physical access to cardholder data; track and monitor access to network resources and cardholder data; and regularly test security systems and processes.

Furthermore, website penetration testing (this time in a Web 2.0 environment) could highlight the areas of weakness. All changes in technology must be tested thoroughly to identify the problem areas in order to help organizations understand the measures that must be put in place to combat risk, undertake remedial work, and prevent future problems. Testing should be as objective as possible to ensure there is 360 degree coverage eliminating as many weak spots as possible.

In today’s fast paced world, listening skills have become critically important for being successful managers. I would like to share my views on this aspect. I firmly believe that our ability to influence others is directly in proportion to how well we listen to them. I would like to emphasize that   ‘listening is not hearing’, it is ‘hearing and understanding’. A very common assumption people make is, ‘if you have listened to some one, it means that you have accepted what ever the other person said’. This is not true. Listening simply means understanding. Whether we agree with what we have heard is another matter. This simple clarity of thought about listening is very liberating and sets the stage for us to effectively ‘listen’ to others.

I would like to lay stress on some of the blocks in the path of ‘effective listening’.

1. It is natural human tendency to see a situation through our own colored glasses (Read it as experience). Because of the similarity of situations experienced in the past, we tend to presume, often imagining things that are non-existent. We also selectively filter out information that does not fit into our thinking pattern.  This leads to reading the situation incorrectly which in turn blocks us from getting total insight into the situation.

2. I have also observed especially in meetings that we have a tendency to evaluate the speaker’s thoughts, or give our suggestions and inputs before he /she finishes speaking, thus interrupting the speaker.

 3. Another  listening barrier is a  “pre-occupied mind” which means we are not paying enough attention to the speaker but pretending that we are actually ‘involved’ in the conversation. This can annoy and irritate the speaker to a great extent.  I would like to present one fact here. The rate at which people speak is about 150-200 words/minute but the human mind processes about 800 words/minute. This translates to about 75% of additional time that is available for the mind. How well this additional time is used differentiates a good listener from an ordinary listener. Good listeners use this additional time to their advantage by concentrating on non-verbal cues (things that are not explicitly told), body-language; gauging emotions of the speaker, tone etc….

4. Another common irritating factor for the speaker is ‘distraction’ from the listener which include telephone calls, interruptions by visitors, frequent glances at the monitor to check email etc.

Good listening requires giving undivided and complete attention to the speaker. This allows the listener to capture what is being told, what is being masked and also helps in assessing the speaker’s emotions etc… There are numerous advantages of good listening such as, leads to empathy, enriching relationships, productive work, resolving disagreements, better team work and helps one learn to become a good listener.

The fundamentals of good listening require courtesy and respect for the speaker. Below are some of the ideas around as an action plan for improving listening skills. This is mostly common sense. Registering these thoughts in our mind & making them as a habit can make a huge difference to our listening skills.

• Complete focus on the speaker
• Let the speaker finish what he/she has in mind completely with out interruptions (Mainly judgments and confrontations)
• Avoid/minimize distractions like the ones mentioned above
• Be visually enthusiastic about the speaker
• Use your eyes, hands to show that you are giving un-divided attention to the speaker. Try to maintain eye contact to re-affirm to the speaker you are attentive and is interested in what he/she is saying
• Listen with empathy
• With-hold judgment while speaker is talking
• Resist the temptation of disagreeing with the speaker before he/she completely finishes his/her view point
• Gain in-sight by asking open-ended questions
• Open-ended question does not have a binary answer like Yes or No. Try to deep dive into the situation by asking questions like “What happened”, “How did it happen”, “when did it happen”. Avoiding “Why” helps us to have a very spirited dialogue
• Try to paraphrase and summarize
• When discussions are happening with “high-emotions”, these two basic skills are of great help. Paraphrasing and summarizing helps us to get on same page with the speaker.

In the current global economic climate, the pressure is mounting on organizations to deliver a final product with less number of security flaws/vulnerabilities, without affecting the project schedule/release or product functionalities.  The advent of social networking sites, blogs, wikis, service oriented architecture, dynamic web contents, and mobile application stores has increased the complexity of security landscape. According to Verizon Business Data Breach Report – April 2009, 90% of websites are vulnerable to attack, while various sources reported that around 60% to 90% of cyber attacks and internet security violations were generated through internet applications.

In addition, organizations also often end up with their projects taking much longer time than estimated and costs exceeding the allotted budget. In a move to tackle these problems, most of the development enterprises are exploring some form of Agile software development methodology (pure or hybrid) for building their applications, as it focuses on customer requirements along with security.

In software product development, Agile methodology is a conceptual framework designed to break the software down into manageable parts that can be delivered earlier to the customer. The aim of any Agile project is to deliver a basic working product as quickly as possible and then to go through the process of continual improvement.

There are various agile methodologies such as, Scrum, Extreme Programming, Adaptive Software Development (ASD), and Dynamic System Development Method (DSDM). The Agile Scrum, which is one of the processes for implementing agile, focuses on delivering the highest business value in the shortest time. In this methodology, product progresses in a series of short delivery cycles (sprints) and requirements are captured as items in a list of ‘product backlog’. Here, a daily Scrum meeting is held where the desired features for each sprint that could extend from 2-4 weeks are determined. This methodology enables inspection of actual working software every two weeks to a month, allowing an organization or a team to decide whether to release it or continue to enhance for another iteration.

The security development lifecycle (SDL) in Agile Scrum methodology tracks metrics, maintains accountability, fixes security issues correctly, while also minimizing the attack surface. The SDL in Agile Scrum can be categorized under three levels of requirements frequency including, Every-Sprint, Bucket, and one-time requirements. The Every-Sprint SDL requirements are essential to security and no software should ever be released without these requirements being met, Bucket requirements are the tasks that must be performed on a regular basis over the lifetime of the project but are not so critical as to be mandated for each sprint, while one-time requirements are once-per-project tasks that need not be repeated once they are completed.

Lastly, a final security review is done at the end of each sprint to check whether all every-sprint requirements have been completed; at least one requirement from each bucket requirement category has been completed; no bucket requirement has gone more than six months without being completed; no one-time requirements have exceeded their grace period deadline; and no security bugs are open that fall above the designated severity threshold. Hence, the SDL in Agile Scrum minimizes the security risk and helps lower the Total Cost of Quality (TCQ) and Total Cost of Ownership (TCO), as well as balance the functionality and security.

In this new era where technologies converge with user experience, an unprecedented number of enterprises use and depend on growing number of relatively new and emerging applications. While technology advancements focus on providing rich user experience, they also pose greater threat to enterprises as they have greater attack surface.

Security remains an afterthought as developers are under pressure to pack features in applications in less than ideal time. While enterprises understand that the usage and adoption of new technologies are inevitable to enhance business opportunities, they also realize that improper design, implementation, and usage of new technologies will most likely lead to information security breaches and public relations debacles.

The advent of social networking sites, blogs, wikis, service oriented architecture, SaaS, dynamic web contents, virtualization, and mobile application stores has increased the complexity of the security landscape. Web applications are increasingly becoming the preferred targets for cyber criminals, with XSS and SQLi being the top vectors. Malware distribution through malicious banner ads and attacks involving stored information are also on the rise. According to Verizon Business Data Breach Report – April 2009, around 90% of websites are vulnerable to attack, while the Ponemon Institute’s – Jan 2010 report shows that the average total cost of a data breach per incident is $6.75m.

The requirement for security testing is gaining significance in the context of current breed of applications and the impact they can have on the business. Security testing, though not as mature as some other testing areas, has now become an integral part of enterprise testing strategy not only because of the awareness of various ways an application can be compromised but also because of the inability of latest technologies to dodge the cyber criminals as demonstrated by recent security incidents and breaches.

But, security testing comes across various challenges such as, shortage of QA professionals with security testing expertise, increased sophistication levels of hacker, growing dependency on new and unproven technologies, multiplexed connections from applications, compressed development lifecycle, and challenges in effectively integrating security testing into enterprise testing. Enterprise application security testing is still hampered by various factors such as ad-hoc testing, dependency on tools, inadequate skills, adoption of new technologies at a rapid pace, end-user centric application designs, wide acceptance of internet based applications, cyber warfare, and lack of overall security strategy.

However, having a common framework that provides guidance in creating repeatable and reproducible approach/methodology, planning and execution strategy, basis to calculate metrics, and determining the impact increases the effectiveness and efficiency of security testing. Hence, the security testing framework helps organizations to execute security tests in a systematic way, have a common approach to test various emerging technologies, reduce security testing cycle time, produce consistent results in validating the security index of the applications, minimize cost of bug-finding, enhance customer confidence, and seamlessly integrate security testing with enterprise testing, resulting in increased effectiveness and efficiency of security testing.

Over the last few years, Test Centre of Excellence (TCoE) approach is gaining traction as meeting the testing needs of the enterprises around the globe while lowering QA and maintenance costs and enabling tighter alignment of IT with business objectives. More and more IT organizations are opting to centralize some or all test related activities in TCOE in order to achieve consistency and efficiency of testing and to consolidate spend on testing. TCoEs are becoming more viable as an alternative to maintaining internal QA organizations and bring a factory like efficiency to organizations that have historically lacked testing maturity.

A TCoE is a centralized testing model that brings together people and infrastructure into a shared services function for standardizing processes and optimizing resource utilization in order to generate supernormal benefits across the organization. It provides organizations with the ability to support frequent releases in a year as well as bring in dynamic business changes.

AppLabs’ TCoE is delivered using its proprietary SCORE (Standardize, Centralize, Optimize, Review, Expand) methodology, an approach to implementing a TCoE in a conservative manner, one well defined step at a time. This ‘Core + Flexi’ resource model focuses on building organization wide test platform  and maps processes and metrics to an organization’s business goal, hence cost goes down exponentially with each addition of product into TCoE.

The Standardization of processes yields immediate benefits of predictability while Centralization of test assets and creation of a centralized testing infrastructure management group leads to an immediate improvement in asset and resource utilization and significant cost savings. Both these steps open the door to major optimization opportunities such as rationalization of test infrastructure by leveraging various virtualization techniques, reduction in licensing costs by leveraging under-utilized software, and sharing skills across test teams, and much more. A gradual expansion of the TCoE ensures that the benefits of the initial steps are being realized before additional steps are taken and more people are brought into the TCoE fold.

The objective of AppLabs’ framework of assessment is to understand, analyze, and Recommend on clients’ global test organization. It involves analyzing client’s vision and goals, understanding information gathered while establishing baseline for measuring improvements and providing actionable recommendations.

Thus, Test Center of Excellence approach can help organizations to achieve operational excellence and generate enormous business value by accruing many benefits in terms of higher quality, higher performance, speed to market, lower cost, and flexibility to support business needs.

In any organization, it is often found that the key data whether related to product or customer is maintained in multiple systems, which may some times lead to inconsistent view and duplication of the data. Master Data Management (MDM) is a set of processes that seek to ensure that an organization does not use multiple (potentially inconsistent) versions of the same master data in different parts of its IT systems.

Before appreciating MDM, let us understand Master Data and its classification. Master data can be defined as data that is non-transactional in nature, shared or used by most systems. It generally falls into categories such as People, Things, Places and Concepts, which are further classified based on the organization’s business model. Customer and Product master are the most critical master data to be managed for any organization.

Often organizations have a hard time creating, finding, and managing data that is complete, as different IT systems would have been established at different times using different technologies by different business units.

MDM and its processes focus on the need to clean up the inconsistencies from the legacy systems data as well as to create an accurate, timely, and complete set of master data for the growth of an organization. It is comprised of a mixture of business processes or applications, methods, and tools. The important activities/processes that will be performed during the appropriate phases of MDM implementation include, identifying the source databases containing master data; collecting and analyzing the metadata information for master data; finalizing the common master data definitions; creating master data model(s) for MDM DB and XMLs; defining data transformation rules for transforming legacy source data to MDM database; identifying or building toolsets required to create master data by cleansing, transforming, and merging the data; collecting and harmonizing the unique instances of data to populate the shared MDM repository; integrating with existing and new consuming applications to synchronize the data periodically via a SOA approach; and establishing data governance policies and procedures to maintain accuracy, cleansing process, and timely synchronization of data.

There are various architectural approaches for developing a Master Data Repository, with Hub – Repository being one of the most common approaches, where core master data is managed with a single repository and the data is not replicated to multiple systems. In this case, all the source systems provide updates to the central hub and the consuming systems receive data via central services (SOA), whereas the common interfaces/services perform the data cleansing, transformation, and mapping to the MDM repository.

The popular MDM products in the market include IBM InfoSphere Master Data Management Server for Product Information Management, IBM InfoSphere Master Data Management Server for Customer Data, SAP NetWeaver Master Data Management Server, Oracle Master Data Management Suite, Talend MDM (Open Source), Kalido Master Data Management, Siperion Multi-Domain MDM Hub and Tibco Collaborative Information Manager.

MDM implementation may vary from organization to organization depending on the need and time of implementation. Testing the MDM, which is key in MDM implementations, covers various scenarios such as, large volume of source data from multiple sources with different data standards; initial data migration testing from different sources to MDM database; periodical data synchronization between source systems and MDM DB; testing of multiple technology components; multiple failure points and consuming systems interfaces; and also validating the consuming systems especially if it is a product with no proper documentation.

Quality is an attribute that is easily recognized, but not easily defined. When a company produces a product or provides a service, one of their aim would be to achieve good quality. They then hit with the problem of defining quality. In the end, it comes down to the fact that quality is just “What you like”.

Now, let us come to testing. Can quality be introduced through testing? In my opinion the answer is “Yes, but to a limited extent”. Testing of a partly finished product or service will only indicate that certain attributes are either right or wrong. This in itself gives some measure of quality which depends on analyzing the problem and rectifying it, thus improving quality. The issue comes when the artifact is fundamentally of poor quality. Quality is not something that can be tacked on at the end. It has to be built in right from the start with early integration of quality disciplines and approach more likely to provide a product of superior quality.

Focus should remain on quality and thought should be given to the users of the product or service – the customers. How are they going to use the product? What is going to delight them? How can the relevant features be built into the product so as to maximize customer satisfaction? By changing your viewpoint to coincide with that of the customer’s, you can get an entirely different (and valuable) perspective on quality.

Plan your development realistically, include quality objectives and build in contingency for unanticipated problems. Making testing an integral part of the project right from the start and revising the plan in case the outcome is not smooth will add greatly to the final result. A constant review needs to be done. As quality is so hard define, it becomes largely subjective with various views coming from all ends. It is also important to keep an eye on costs and stick with the actual purpose of the product.

Testing of the finished product is to be performed and this should be a matter of confirming that the right amount of quality has been built into the product and identifying and correcting any minor defects that may have crept because of the difference of opinion during the whole process.

Finally, testing can improve the quality of a product, but the major part of quality needs to be built into the product right from the start. Quality and the pursuit of excellence is a mindset, not a process and with the right attitude the chances of success can be easily maximized.

Testing is becoming more and more important to companies worldwide, with an increasing focus on quality assurance and continuous process improvement. However, some common challenges faced today start with a client’s understanding of what testing is, what purpose it serves, and the time and resources it takes to complete.

One of the major challenges in test consulting is engaging the client, establishing a shared vision, understanding their requirements and meeting their expectations. The ability to establish trust and rapport with a client from day one is crucial in establishing successful test projects and longer term client/supplier relationships. In consulting, expectations are the success criteria through which a client will measure your work regarding a future target or goal.

All test consultants must have expectations at the forefront of their day to day activities. Inherent in all these challenges is the test consultant’s ability to communicate and educate a client on what the testing process involves, what each test phase will cover, how long it takes, resources required throughout the testing lifecycle, and common terms and definitions used in testing.

Testing is an iterative process and so is managing expectations. It is therefore essential to truly understand your client’s needs, and then be able to set, manage, and influence their expectations, and learn from such experiences.

A challenge often faced is when expectations are misaligned to the overall goal (realistic or otherwise), resulting in required standards and expectations of the client not being met and hence be deemed a failure. However, raising the issue of unrealistic goals early in the lifecycle can influence and realign both the goal and expectations, whilst establishing a level of trust and a sense of unity that you are working in partnership.

Test consultants should develop their own methods for setting, managing, and influencing the clients’ expectations. They should consider the tools and techniques such as, Time, Cost, and Quality that will help generate tangible metrics to influence a client’s expectations; articulate the risks and their overall impact and severity that significantly influence client decisions within a project and amend their expectations; discuss priorities, roles and responsibilities and jointly develop action plans; remove assumptions, deal with facts and re-emphasize the shared goal; remove ambiguity; and develop guidelines around the client’s expectations.

Test consultants should also gather feedback to ensure that you are still focusing on the same shared goals and deliverables. The longer a client/supplier relationship is, the more perception and expectations change and the greater the need to monitor such changes.

Another key problem in consulting is when false expectations are set, or the expectations of the client and consultant are mismatched. Setting high expectations is always preferable, but they must be reasonable and achievable if they are to be successful. It is always better to under promise and over deliver than over promise and under deliver.