Blog
The Pitfalls of Poor Software Implementation
The importance of apps to businesses
Software applications (apps) are at the heart of modern business success and have transformed the way companies handle their operations. A well designed and developed app with user-friendly methodologies and a security and privacy mindset can be very beneficial to a company’s operating, marketing, and sales strategies.
Apps benefit businesses in numerous ways, providing credibility, higher productivity, and building trusted relationships with their customers. However, developing an app does not always go as planned. Failures do happen. And when they happen, they create major disruptions and financial losses.
Have we learned from past failures?
The good thing about failures is that they can be a great source for lessons learned . In application development, learning from others’ mistakes can be lifesaving.
Healthcare retailer goes bankrupt
In the early 90s, FoxMeyer, a healthcare service company, was the fifth largest drug wholesaler in the United States, with $5 billion in annual sales and around 500,000 items shipped daily. FoxMeyer needed a solution that would make complex supply chain decisions while minimizing cost. They decided that an ERP would offer the best solution to get real-time information, automate, and integrate inventory systems into a unique system. The implementation cost was budgeted at $65 million, and the ERP system was projected to save FoxMeyer about $40 million per year.
Because of poor planning and implementation, the project was a total disaster with a final bill of $100 million. FoxMeyer only saved half of the projected amount, and the company had to file for bankruptcy a few months later.
National healthcare project fiascos
The NHS Connecting for Health (CFH) agency assumed the responsibility of delivering the NHS National Program for IT (NPfIT), an initiative by the Department of Health to move the National Health Service (NHS) in England towards a single, centrally-mandated electronic care record for patients and to connect 30,000 general practitioners to 300 hospitals, providing secure and audited access to these records by authorized health professionals.
Hit by technical problems and contractual delays that skyrocketed associated costs, the software part of the project was never finished. The UK government was also criticized for not demonstrating value for money. The NPfIT was described by Members of Parliament as one of the “worst and most expensive contracting fiascos ” ever.
In Australia, the State Government of Queensland selected IBM Australia to set up a new payroll system for the 80,000 employees of Queensland Health (QH). The initial contract was budgeted for around $6 million and was expected to go live after six months. However, the project did not turn out as expected. The system did not go live until late 2010, with major defects and an additional cost of nearly $25 million. Even though the core system was functioning, QH had to hire another 1,000 employees to manually undertake the payroll, adding $1.15 billion over eight years. The commission reviewing the project called it “the worst failure in public administration in Australia’s history .”
When Siren(s) fail to sound
The Surrey Integrated Reporting Enterprise Network (Siren) was commissioned by Surrey Police in 2009. Siren was specifically designed to log crimes and store intelligence on criminals and suspects. The project never met its intended purpose with auditors Grant Thornton saying it was an “ambitious project that was beyond the in-house capabilities and experience” of the police force and police authority.
The force spent £14.8m on the project from its inception to 31 March 2013. The money was spent on staff costs, training, software, technology, and consultancy. It was replaced with a less costly crime information system which is used by 13 other forces.
Obamacare website fails
The US new national healthcare exchange went live at healthcare.gov. The site was intended for people who want to buy health insurance under the provisions of the Affordable Care Act. However, the website failed from the start. It was unusable to hundreds of thousands of Americans who wanted to enroll. Despite pledges from the administration officials that the “glitches” would be quickly fixed, the list of bugs and problems kept growing.
By some estimates, only 1% of people managed to successfully enroll with the site in its first week of operation. On October 20, 2013, President Barack Obama remarked , “There’s no sugar coating: the website has been too slow, people have been getting stuck during the application process and I think it’s fair to say that nobody’s more frustrated by that than I am.”
Why apps implementation projects fail?
20 years ago, Tom DeMarco said that “the success or failure of a software project is seldom due to technical issues.” This claim seems to be an accurate one. A recent comparative study by the University of Technology in Malaysia demonstrated that software projects fail predominately due to non-technical factors (94%), as opposed to technical factors that account for just 4% of the examined failures.
With apps being such an integral part of business, failure should be avoided at any cost. The best way is to avoid known traps, such as the following.
Insufficient project deadlines
Companies are often in too much of a rush to get their software projects completed. They set unrealistic and arbitrary deadlines for their software projects without adequate data to support their decisions. Further, these estimates are made hastily without consulting the developers to determine how much time they require for the project to complete. Allowing insufficient time means sacrificing design and usability for the sake of completion.
Unrealistic expectations
When it comes to planning and ensuring the right resources are in place to guarantee project completion, many things can go wrong. Many businesses do not realize how long a project will take or how much it will cost. Unrealistic scope often leads to unrealistic expectations. As result, these projects are doomed to fail due to lack of time, staff, resources, and budget.
Unclear project requirements
Project specifications are always laid out in the first stages of planning. Unfortunately, the app users, managers, and executives, may not concisely and clearly communicate the scope of the project. With unclear requirements, developers are left unsure of what features are needed, resulting in out-of-scope products. Revisiting or restating the requirements in later stages of software development will only lead to project derailment.
Very big project teams
To meet pressing deadlines, many project managers elect to hire more people in their teams. This decision may create further problems than the ones it intended to solve. First, adding more people to the project is costly and impacts overall project budget. Second, it can result in compromised quality, because communication between team members might be unclear and may create more opportunities for misunderstandings. On the other hand, if a project is already late, adding more people to the team won’t alleviate the problem, especially if the new members need to be brought up to speed.
Lack of testing
A lack of proper planning and insufficient time usually results in little or no testing at all. When there is a lot of pressure to deliver a project in a particular timeframe, testing is typically the first thing to be abandoned. But if there is one thing we must always do, is to test software for bugs. Sometimes, companies test their software in their own production environment. Unfortunately, this can lead to security breaches. If the app doesn’t function properly, features are broken or crash unexpectedly, and data leak, customers will become angry and penalties will be imposed.
Poor project management
While lack of time and planning, absence of resources, and insufficient budget are common reasons for software project failures, the lack of a competent project manager is a key problem. Poor project management results in broken communication between all stakeholders leaving it doomed, disjointed or ambiguous.
How CSSLP can help you avoid failures
The (ISC)² Certified Secure Software Lifecycle Professional (CSSLP) certification arms you with the knowledge and best practices required to avoid the traps discussed here. Implementing a secure and effective app is important for driving business success. CSSLP knowledge can guide the process of following secure coding practices, analyzing code for vulnerabilities and fixing those vulnerabilities, implementing security controls, securely using third-party components, and debugging security errors.
Earning the globally recognized CSSLP secure software development certification is a proven way to build your career and better incorporate security practices into each phase of the software development lifecycle (SDLC).
CSSLP certification is recognized as a leader in application security skills. It shows employers and peers you have the advanced technical skills and knowledge necessary for authentication, authorization, and auditing throughout the SDLC using best practices, policies, and procedures established by the cybersecurity experts at (ISC)².
You may learn more by reading our white paper, How to Reap the Benefits of DevSecOps , or downloading the CSSLP Ultimate Guide .