Software Process Improvement Network

1

• Software Process Improvement Network
• Presentation

Gary Deneszczuk Senior Product Consultant
November 9, 2005
2
Compuware Corporation

• 32 years of delivering proven IT value through
  technology and services to the worlds largest
  businesses
• 8,500 employees
• 84 offices in 16 countries
• Financially rock-solid
• 1.3 billion in revenues for FY04
• Strong cash position, no debt
• Our commitment Real VALUE and ROI for every
  single dollar you spend with us.

3
ITs 2006 Oxymoron Reduce IT Cost by
Modernization IT code, Privatize IT Data, and
Testing it all thoroughly Agenda 1. The
Growing IT Budget 2. Modernizing Applications
to obtain increased value 3. Quality Testing to
get a better ROI 4. Protecting your customers
with a Data Privacy solution 5. Understand the
dollar value over time
4
IT Budget Allocation
IT Operating Budget Distribution by Resource
Category for 2005
Facilities and other 1
Telecommunications 12
Hardware 21
External Service Providers 15
Software 18
Internal Staff 33
Source IT Spending and Staffing Survey Results
and Predictions, Gartner, 2005
Gartner Group(Research and analysis of
information technology companies, products, and
services)
5
IT Budget Allocation Trends into 2007
IT Operating Budget Distribution by Resource
Category for 2005
Facilities and other 1
Telecommunications 11(-1)
Hardware 19(-2)
External Service Providers 18(3)
Software 17(-1)
Internal Staff 34(1)
Source IT Spending and Staffing Survey Results
and Predictions, Gartner, 2005
6
IT Budget Allocation Trends into 2007
IT Operating Budget Distribution by Resource
Category for 2005
Better Hardware Utilization and Cost containment
More Consultants and Outsourcing
Facilities and other 1
Telecommunications 11
Hardware 19
External Service Providers 18
Software 17
Internal Staff 34
Cost Containment and only keeping necessary
Software Solutions
Balancing increases in cost and staff reduction
Source IT Spending and Staffing Survey Results
and Predictions, Gartner, 2005
7
The Challenges of Driving Value
Page 7
CompuwareCorporation
Source Gartner, 2004
8
The Challenges of Driving Value
Page 8
CompuwareCorporation
Source Gartner, 2004
9
Three Beneficial IT Projects that will help to
reduce the 80 Legacy Support Cost
10
(No Transcript)
11
The Agile MainframeTM
Re-energizing of the mainframe platform made some
improvement in 2004 with year-to-year growth in
MIPS shipped. Management still views the cost of
third-party software and management perception
that the mainframe is outdated as the top two
inhibitors to growth. Gartner Group March,
2005
Application Modernization (Destiny of
Existing Portfolio)
Eliminate
Outsourced Development
Integrate(Reuse)
Tolerate(No Action)
Migrate(Package or Platform)
10
20
25
25
20
Source Gartner Group(Research and analysis of
information technology companies, products, and
services)
12
Application Modernization Common Definitions
Replace (COTS) or Rewrite (new development)
Application Modernization or Renewal process of
transforming aging or legacy application assets
to more modern architectures
13
Approach Identify Top Candidates

• Tolerate with Restructuring
• Application maintenance costs are low
• Business value is medium to high
• Change requirements are manageable
• Legacy people assets are confirmed and
  productive
• Your IBM environment is over 1000 MIPS

• Integrated Environments
• Business value is high
• Legacy application is agile, high-performing,
  and error free
• Modernized front-end is desired or mandated
• Co-operative application isthe best solution
• Development expertise exist

Technical Quality

• Replace or Re-host
• Maintenance costs are high
• Business value is low
• Application doesnt justify custom development
• COTS replacement could lower ongoing costs
• Equal business value and bettertechnical quality
  can be achievedby replacing or re-hosting

• Rationalize Elimination
• Business value is low or obsolete
• Maintenance costs are high
• Legacy people assets have moved on
• Cost of maintaining executionenvironment is
  wasted
• Application owner non-existent

Business Value
14
Modernization Project Strategies

• Tolerate with Restructuring
• Track true maintenance cost
• Consider performance improvement
• Eliminate coding faults forever
• Reduce maintenance by identifyingand reusing
  components Agility
• Implement Relational DBMS solution
• Document application flow to improve future
  maintenance cost

• Integrated Environments
• Document current application flow
• Build in-house or out-source newfront-end
  applications
• Be ready to support multiple environments,
  databases, and coding languages
• Eliminate the silo mentality
• Prepare for enterprise performanceissues

Technical Quality

• Replace or Re-host
• Investigate and purchase an off theshelf
  commercial application(COTS)
• Build-in additional features
• Move to right-sized executionenvironment
• Develop in-house to meet your business
  requirements
• Utilize in-house skills or considerout-sourcing,
  or a combination of both

• Rationalize Elimination
• Track program execution
• Identify non-executed programs
• Interview user to determine the value of this
  application
• Look at merging applications

Business Value
15
Modernization Project Long-term ROI

• Tolerate with Restructuring
• Minimize cost by controlling project
  enhancements
• Improve the performance and agility
• Utilize Legacy assets
• Negotiate better Legacy hardware,software, and
  people contracts
• ROI 30

• Integrated Environments
• Utilizing proven application solutions
• Meeting business requirements with a proven
  solution
• Build expertise for future projects
• ROI 35

Technical Quality

• Replace or Re-host
• Reduction in dependence on the Legacy
  environment
• Maintenance Agility in the newenvironment
• Implementation of current practicesfor
  development SODA,MDA,QA
• ROI 40

• Rationalize Elimination
• ROI 50 - 100

Business Value
16
Quality Testing
17
Quality Testing
Meeting Corporate Business Requirements
Meeting IT Requirements

• Increased customer satisfaction
• Make products salable
• Meet competition
• Increase market share
• Provide greater sales income
• Secure premium prices
• Be cost effective
• Meet regulatory requirements
• Address Security issues

• Reduce customer dissatisfaction
• Reduce error rates
• Reduce rework, waste
• Reduce inspection and testing
• Shorten time to market
• Improve performance
• Be cost effective
• Incorporate Security processes
• Create Audit Trails and Documentation

18
Quality Testing
Common Practices in many IT organizations

• Focus is on process instead of product
• Quality Testing Late Lifecycle testing
• Delegated Real Testing to a QA testing team
• No risk management to prioritize quality
  activities
• No verification of the thoroughness of the test
  cases
• Manual Documentation verses Automated
• No consideration given to Testing
  Modernization
• Quality attributes such as reliability,
  security and performance are considered
  separately and in isolation

19
The Quality Delivery Challenge - Today
High
Planned
Actual
Low
Less Value due to enhancements and problems
Extra Time needed here
High
More Costly
20
The Quality Delivery Challenge - Today
High
Planned
Low
High
21
Quality Testing A Discipline to Manage
Business Risk
Software Development Life Cycle
Production
Business/Operations Requirements
FunctionalRequirements
System andInterfaceSpecifications
Detail Design
Code
Test and DefectCorrection
Application Quality Life Cycle
22
Quality Testing Considerations
23
Quality Testing Considerations
Understand the percentage of code executed Verify
the percent of new or changed code executed View
color coded statements for showing executed
verses un-executed code Interpret the Halstead
metric statistics for program complexity Risk
Analysis of testing to date via through the code
coverage statistics Reveal the programs dead
code Create an Audit Trail of Code Coverage
progress
TM
TM
Testing Modernization
24
Quality Testing Considerations
Reduce the number of duplicate test cases in the
data files Reduce the number of duplicate test
cases in the online scripts Perform in
combination with Code Coverage analysis to ensure
quality Speed test execution time Execute more
tests in a shorter time Reduce the overall impact
of testing on your IT environment Achieve the
goal of finishing the testing phase of the
Application Lifecycle sooner Reducing the amount
of data used in testing, will result in a
reduction in Risk
TM
TM
Testing Modernization
25
Quality Testing Considerations
Understand the test cases that are missing in the
data files Understand the test cases that are
missing in the online scripts Evaluate the
importance of the missing test cases Add
additional test cases to increase Code Coverage
Statistical percentages Document new test cases
into the application test plan Having thorough
set of test cases will reduce Risk
TM
TM
Testing Modernization
26
Quality Testing Considerations
Manage Test Plans from a central
repository Schedule Test Plan execution Initialize
consistent baseline data files Re-execute proven
test cases and online scripts quickly Compare all
output files, databases and online
screens Document un-anticipated
differences Provide Audit Trail of Test Plan
execution
27
Quality Testing Considerations
Create a Load testing environment Replicated
online scripts Execute applications exceeding the
maximum input possibilities Measure and document
enterprise performance Develop reasonable SLAs
28
Quality Testing Considerations
Capture application defects into a central
repository Track defect resolution through the
testing process Update the application
specifications when appropriate Create an Audit
Trail of defect discussions and results as the
application is moving toward the production
environment
TM
TM
Testing Modernization
29
Quality Testing Considerations
Add Security Testing to your overall Testing
Strategy Use proven methods to search for
vulnerabilities in your code during
development Discover vulnerabilities during code
execution debugging Simulate attacks during the
pre-deployment phases of your Application
Lifecycle
TM
Testing Modernization
30
Quality Testing
Can Quality Management Create Value?
31
Implementing Best Practices - Example

• General Motors
• World-wide assembly line system for all plants
• Unique approach to quality management combined
  Testing Center concept
• Successful delivery on-schedule and on-budget
• ROI Project Cost savings 10, Production
  Execution savings 7

32
Implementing Best Practices - Example

• Nortel Communications
• Export document application supports 300 users
  worldwide - with poor performance
• Application deficiencies resolved in 10 week
  period
• Implementation of a Performance Monitoring
  process
• Response time improved by 80 and bandwidth
  reduced by 60 or 300,000 per month for a
  similarly sized company

33
(No Transcript)
34
(No Transcript)
35
New and Old Federal and State Privacy Laws
36
Data Privacy in the News
37
What is Data Privacy?
In simple terms, Data Privacy is about protecting
information deemed sensitive or personal in nature
38
The Private Data
Credit Card Numbers
SSNO
Account Numbers
Dollar Balances
Medical IDs
Addresses
Order Dates
Diagnosis Codes
PIN
Vehicle Identifier Numbers
Policy Numbers
License Plate Numbers
Order Numbers
Zip Codes
Phone Numbers
Drivers License Numbers
Shipped Dates
Birthdates
First, Last, Middle Names
City of Birth
Childrens Names
Mothers Maiden Name
39
Where your Security Dollars are being spent today
Top Internet Security Vulnerabilities
The majority of worms and other attacks are made
possible by vulnerabilities in a small number of
common operating system services.
Window Systems
Web servers and services Workstation
services Windows Remote access services Microsoft
SQL Server Windows authentication Web
browsers File-sharing applications
UNIX systems
BIND(Berkeley Internet Name Domain) DNS Web
servers Authentication Version control
system Mail transport services SNMP Open SSL
InfoWorld May 2005 Bob Francis
40
What happens to your Production Data when it is
copied into the Test Environment for Quality
Testing?
Production Environment
Test Environment
z/OS
z/OS
Distributed
Distributed
41
Develop a Data Privacy Solution
Production Environment
Data Privacy Manager
Test Environment
z/OS
z/OS
Subset Extract
Load Maintain integrity

• Build
• Test
• Validate
• Disguise

Distributed
Distributed
42
Data Disguise Techniques
Replace sensitive values with formulated data
based on a user-defined key
Encrypt
Replace sensitive values with meaningful,
readable data using a translation table
Translate
Replace sensitive dates consistently while
maintaining the integrity of a date field
Age
Conceal partial fields
Mask

Generate fictitious data, from scratch or from
some other source
Generate
43
(No Transcript)
44
Data Privacy Results for Auditability
Disguised Data
Rule Applied
Original Data
Translated Aged Translated Unchanged Encrypted Mas
ked with 7s Encrypted Generated

• Mary Lynn Gorman
• 02-19-1974
• 104 Stanford Street
• Northville, MI 48167
• 370-55-2939
• 4294 5730 5839 3037
• 300,000
• null

Jill Joyce Jones 04-19-1984 111 State
Avenue Northville, MI 48167 431-81-6492 4277 7777
7779 3037 126,877 (810) 609-2873
45
The ROI for your Corporation

• Consistent solution for Production and Test
• Lowers cost of regulatory compliance
• Substantial reduction of risk and liability
  associated with data privacy
• The Biggest ROI

Avoidance of a Costly Breach in Privacy
46
Proving the ROI Value
47
Can you help prove that there is an ROI?
CEO
Enterprise Business Objectives
COO
CFO
IT Value
CIO

• Prove that IT is
• Aligned with Business Needs
• High-quality Service and Systems
• Highly Efficiency and Competitive Cost
• Enabling Competitive Advantage

Strategic IT Objectives
48
IT Management Challenge Today
NAPKIN
Client Rel.
BUSINESS CASE
MANAGEMENT REPORTS
Portfolios
Projects
Resources
Time Cost
Development
POST-ITS
QA
Production Cost
IT Cost Report
Operations
49
Integrated IT Management Solution
Portfolios
Integrated Database
People Process
IT Cost Report
Production Cost
50
Today we heard about three IT initiatives
The ROI of these projects may be proven with a
great deal of effort or possibly never be proven.
Unless people, such as yourselves, can help IT
organizations management all projects with an IT
Governance Solution.
51
Summary - Addressing the Complete IT Business
Management Challenge

• Compuware Solutions
• IT Governance
• Application Modernization
• Sarbanes-Oxley and IT
• Compuware Application Reliability Solution (CARS)
• Broadest life-cycle offerings from a single
  vendor
• Multi-platform support
• Practical, flexible products
• Professional Services
• Solutions for specific IT business needs
• Near Shore Development Center (NSDC)

52
Thank You