As a technology start-up there are always more areas we would like to improve compared to the resources available. So this for us is about making the right choices for this moment on our roadmap. Having said that, after putting our heads together there is a very clear top 3 for us:
- Security and compliance automation
- Implementing our ‘Replicator’, to deliver standard integrations at lower cost
- Launching our Unity (after Node 1 of the ISS) Testing Solution
Eating our own dog food
After obtaining our ISO27001 certification in September last year, we knew there was some serious homework attached to re-certifying ourselves in 2023 (and each year after that). A lot of this work is in the form of consistently executing certain controls, such as verifying the right persons have access to the right resources and asserting critical security configurations are still in place.
The process of periodically executing these controls and documenting the evidence can become a headache when performed manually. We want to practice what we preach: avoid manual activity and especially manual data entry where we can. Hence we will embark on a project of security automation. In line with our partnership philosophy, we won’t do this alone.
Our partner Tidal Control will be providing support for our security automation, like they do for their other clients. With Tidal Control, we can not only set up an automated workflow that ensures controls are evaluated periodically, but we can also automate the execution of the controls and evidence collection by integrating Tidal Control with the rest of out IT landscape.
And you could have guessed it: Harmonizer will be the 'glue' to tie all these applications together. To give a concrete example, we may define a control in Tidal Control to scan our Harmonizer application for security vulnerabilities on a daily basis. Normally, one would have to set this scan up in a solution like Tenable and check the results every day and submit the evidence and follow up actions. By integrating Tidal Control with Tenable, the whole process will be automated and we will only need to jump into action when a new vulnerability is detected.
Other than eliminating manual activity, the main benefit of automating information security compliance is in the workflows for us. We set them up once, and after that we know a robust process is always followed. This also eliminates the need to ‘chase’ people: no more good old herding of cats. All of this will save a lot of time.
Finally, we will make our auditor happy by showing him the audit evidence that is automatically gathered, all in one place: Tidal Control. Documentation generated this way is more robust, than a handwritten memo compiled in a rush a few days before the auditor arrives.
Tweaking our business model by introducing Replicator
Our roots are in being able to provide custom integrations using standard components at very decent price levels. For a while, we have known that a certain segment of our partners would like to service their clients with a portfolio of standard base-integrations. We are seeing collaborative use cases with Partners that are so standardised that the exact same integration would be relevant to a larger group of customers. We have enabled this with our current technology so far, but at the end of 2022 we have started to develop ideas around how to make this more efficient and augment our partner-customer journey in this regard.
This has seen the creation of the Minimum Viable Product of what we call the Replicator, which will be built out to a more mature version in 2023. The Replicator is basically a dynamic interface in Harmonizer for our partners, allowing (the name gives it away) for replication of standard / basic integrations. The partner will complete a ‘form’ in Harmonizer, only providing parameters that are different between their customers, like their API keys. Then, Harmonizer will set up the integration according to the specific parameters. Currently the Replicator MVP is being tested with a few trusted partners, to learn how we can improve before rolling the functionality out more broadly.
The main benefit from the Replicator is that it enables our partners to sell standard integrations that would normally be too expensive. Especially if they would be set up on a client-by-client basis. Now we set up the integration once, and then the partner configures it multiple times, and this way of collaborating dramatically lowers cost.
Unity Testing Solution
We have always been all over testing the responses from APIs we connect with. It is at the core of our service, as it ensures robust and reliable integrations. But as with anything, we need to get more sophisticated as we grow. This means performing the testing at a more granular level, more automation and better oversight and control.
In line with the optimisation of our regression testing, we needed to give it a well-sounding name. When thinking about all the different tests that we deploy and how it all works together, the international space station came to mind. Their first module is called Unity. This seemed like an excellent name for what we were trying to achieve. And so, we are now further mapping out our Unity Testing Solution.
What does the Unity Testing Solution do? It takes monitoring of these API's to the next level. It consists of a whole new application that continuously tests all these API's and reports about them. It enables true ‘cockpit views’ for each API and enables us to define prioritise API's based on which ones are actively used in production instances.
Further, the Unity Testing Solution will allow us to set up alerts more efficiently, drill down so we can troubleshoot better which means it will take us less time to figure out what the issue is and what is going wrong. For certain API's we may even send out automated alerts to the developer of the API, to inform them in case certain errors occur. In short, it will give us better control over our API connectors and put us on the front foot with the remediation of any issues.
Our 2023 wish-list
Much like we have a few more or less definitive plans for this year, we also have two areas of development we would like to look into more extensively in 2023.
Serverless and containers
The first one is containerising our application. We have been thinking about a serverless version of our application for a while but haven’t put it firmly on our roadmap just yet.
In part, this is because we are still trying to nail down a cost-benefit analysis. On paper, we know that all the dependencies for our application would reside inside the container and therefore there should be less work for developers. Also, we assume a containerised version would have benefits for deployment. However, before we invest a significant amount of time and effort in developing this, we need to have a clear picture of the pros and cons, and not just chase the trend.
One of the first steps we will take to investigate this, is talking to our long term partner Exonet . They know all there is to know about infrastructure and cloud options for hosting applications, so we will be keenly picking their brain on the pros and cons of writing a containerised application.
And then there is a ‘good housekeeping’ idea, regarding documentation. Important, but no one wants to do it. As with anything, integrations should be documented. Even if there isn’t much of it, staff churn on our and our customers’ side mean we can’t get around documentation for retention of corporate knowledge. Therefore, our second plan is to investigate ways in which we can improve our documentation while we create a worker. Ideally, we want to build a tool that will allow us to print a PDF when we are done constructing a worker. This PDF should then also be a deliverable to our customers for their documentation. It probably doesn’t surprise you this is yet another plan involving some degree of automation!
More and more and more... APIs and automation
Finally, we continue to extend our API support, both in local and global markets. We currently support several hundreds of applications, which is just the beginning. In order to scale from a few hundred APIs to a few thousand, we are constantly looking for smarter ways of adding new APIs to our platform. In the past year, we have build automated procedures around OpenAPI definitions, which drastically decreased the amount of custom code that needed to be written.
What about you?
That’s enough for our plans. What are your plans? We would love to hear all about your 2023 hopes & dreams, and see if there are ways to help each other out!
Image by Joe from Pixabay