Only five years ago, many business leaders and technical departments were skeptical about cloud infrastructures. The basis for this skepticism was security and business continuity issues, as existing information systems and their architecture didn’t take into account new trends in cloud infrastructures. Over the past few years, cloud providers have proven that the services and infrastructure they supply are more reliable than many on-premises solutions, although there have been major outages. And in order to solve security-related issues, the providers have introduced a wide range of new services. Additionally, new tools have been developed, which help to migrate and adapt existing information systems and databases to the cloud. Most customers choose cloud platforms from top providers such as AWS, GCP, and Azure. Many large companies see operators as additional resources for existing local information systems. We analyzed the popularity of each of the top platforms among customers to find out the main selection criteria. For instance, one of our customers from Switzerland chose Azure due to its physical presence, as the processing requirements in this country are very strict. Many of the clients are puzzled, first of all, with local regulatory requirements, which impose restrictions on the territory of information processing and storage. There are situations when a customer presents in many markets, and compliance with the information security legislation of several countries is required. There was a difficult case when a customer of ours was developing a global business and presented in America, Europe, and Australia. AWS, due to its geographical distribution, allowed sharding the database correctly and complying with the requirements of local regulators in each of the locations. As part of our analysis, we selected three regions in AWS for storing personal data: New York, Frankfurt, Sydney. The application was sharded across the given regions and was configured to use regional DBMS for storing personal data. Using the GDPR as an example, we will consider the most important areas to focus on when building infrastructure for complying with requirements: Territorial coverage Determining whether the GDPR applies to the activities of an enterprise is crucial for the company to be able to meet its compliance obligations. Data subject rights The GDPR expands the rights of data subjects in several ways. It is necessary to make sure you are able to take into account the rights of data subjects when processing their personal information. Data breach notifications As a data controller, a company must report breaches to protection authorities without undue delay. Under all circumstances, the message must be sent within 72 hours from the detection of the violation. Data Protection Officer (DPO) It may be necessary to appoint a DPO who will monitor data security and other matters related to personal information processing. Data Protection Impact Assessment (DPIA) Some situations require an assessment to be conducted and a report to be filed to the DPIA Supervisory Authority. Data Processing Agreement (DPA) In order to be GDPR compliant, a DPA can be required, especially if personal data is transferred outside the European Economic Zone. Not all services of cloud operators meet the requirements of the regulator, and such cases can be highly non-trivial. Even with a strong technical team, it’s not always possible to figure out the subtleties and build an infrastructure in compliance with data protection requirements. For instance, widely popular services ECS and EKS do not support data encryption, which makes it difficult to use dockerized applications and the extra benefits of cloud providers. This does not mean using these services is impossible; what this means is that one needs to use them correctly and ensure data encryption by other means, or use these services only as a concomitant to the data processing core. This is just one small example. Nowadays, there are many more services and, obviously, business needs, so many other requirements must be met: HIPAA, PCI-DSS, ISO 27017, ISO 27018. The analysis of companies’ infrastructures showed that one in two companies, where the infrastructure had been designed independently, has compliance problems. Today, in order to ensure the required level of data security, Cloud Security Engineers dive into the very essence of customer’s processes in order to understand them. They determine what a customer needs to run the business and how to ensure business continuity. As a rule, standards and requirements illustrate the general nature of problems, and we simply must solve them. However, they don’t describe the necessary means for solving those problems. The services provided by operators only partially solve them. It is necessary to adapt both the company’s processes and applications. It should be borne in mind that compliance with the requirements doesn’t make the systems secure. It is necessary to build protection for infrastructure, information systems, and a business in an integrated manner. Because not only data but also the intellectual property and the company's reputation must be protected.
Every technical leader is constantly looking for ways to improve the development processes and quality of a product. Developers and QA engineers are under constant pressure, trying to ensure the best product quality and meet planned deadlines. In such a situation, any techniques and tools that can help to save time without losing quality are valuable, and automation is number one and a must-have. In this article, we are going to figure out the benefits of automation testing, why automation testing is necessary when developing software, and what exactly needs to be automated in the first place. Why automation testing is necessary The main argument for automation is the possibility to conduct testing as quickly as possible and run testing in parallel with development. Plus, test scripts allow saving money on hiring manual testers. In the view of Bruce Hogan, CEO of SoftwarePundit, automation testing has the following benefits: Quick feedback on the new code Increased throughput for testers to investigate more complex potential problems. Jorge Perdomo, a Co-Founder of goTenna, believes that automation testing is the only way to scale a high-quality tech product. Otherwise, the workload on QA specialists increases so much that they barely have time to deal with regressions. Experts confirm that automation has clear benefits. The automation saves time and money, delivers fast results, and allows running hundreds of tests simultaneously. This, in turn, provides a means for scalability. So, the necessity of automation is confirmed. Now we need to find out what exactly should be automated to get the maximum result. Which tests should be automated It should be immediately clarified: despite the fact that automation testing is necessary, there is no way of automating everything. Automation, although an effective tool, is not suitable everywhere and doesn’t solve all problems. For test automation to work, a thorough assessment of the current QA process is required. It is necessary to divide the process into parts, evaluate each part separately, and then make a decision. A company needs to identify those tests, the automation of which will be the most beneficial, and make a plan. IBM research shows that there are three main scenarios where automation is preferred over manual testing: The test script is expected to be relevant for a long time and will not need to be changed. The script is relatively easy to automate. The cost of automation is lower than the cost of manual testing. If the testing process fits at least one of these categories, this is a serious reason to think about automation. No manager wants to waste their team members’ valuable time on the work that an automated algorithm can do. Which tests should not be automated In short, it’s not recommended to automate processes that include a creative component. For example, during exploratory testing, experts imitate the actions of a user in order to assess the application from the user’s point of view. As of now, full imitation of human behavior using AI is not possible. Developing a bot that can perform actions as close to a human as possible is a resource-consuming task, and in the vast majority of cases, it doesn't pay off. Exploratory testing and UX tests are methods that can’t be automated because they are subjective. Another factor to consider is product maturity. In his book, Leading Quality, Ronald Cummings-John explains how a testing strategy should be adapted as the product changes and grows. For example, automated testing is ineffective when working with a product at an early stage of its development. When the main goal is to create an MVP, writing detailed test scripts is impractical. However, as the product is scaling, testing must be scaling as well. As the number of users grows, quality becomes more important and more expensive, so automation becomes a reasonable solution. Conclusion Thus, the decision to use automation testing comes down to analyzing the current process and finding where automation fits. When deciding whether you need automation testing right now, answer the following four questions: Do you expect the test scripts to be relevant for a long time without any changes or editing? Will it be cheaper to automate testing than conduct it manually? Will it be easy to automate a test? How mature is your product? Do you expect most of its functions to be changed in the coming months? If you are not sure about how to identify the necessity of automation testing in your project, contact experts. Andersen provides software test automation services for any type of product. Our QA Automation Testers provide QA Audit services to identify drawbacks in software testing, including readiness to launch test automation. After an Audit, we identify the automation test strategy and Set up the automation testing process. In fact, we have found that a blend of manual and automated testing is the best way to achieve full test coverage and deliver the highest quality product. We have set up automated testing in 120+ projects including FinTech, Travel, and Retail projects.