What is the value of beautiful applications developed with performance and security in mind, and why do we often realize far too late that we have lost something important? Questions like this help us understand what is wrong and how to adjust our behavior to avoid expensive pitfalls.
Before you have it
Our customers are in the driver's seat because they decide where to buy. A beautiful product presentation is one of many steps in the right direction, but if your site loads slowly at your customer's point of presence, the chance is high that they will abandon your services. History shows we ignore soft facts such as response time or application security. Security breaches due to application vulnerabilities occur each day, and non-acceptable response times are often on our day-to-day agenda. We work with slow systems in our professional jobs, navigate on slow websites, and get distracted from focusing on our intended tasks due to this slowness.
Those of you who tried to speed up their applications to fix security issues at the root have realized that this is not a simple planning task. It requires experience, a guiding hand, and the trust of the management team before quick wins can be realized.
Drivers for the value of performance and security before we have it are
Experience and Skills
The wrong toolset
When you have it
Your teams put all their efforts into tuning and optimizing your brand-new application. Critical performance hotspots have been fixed. Performance requirements are within expectations, and performance assessments of new releases are in place, identifying hotspots and escalating those to developers. A robust quality gate controls what applications get deployed to production. Such a high performance and security maturity level requires some investments that make you feel inappropriate if performance and security at production are too good. You can quickly run into a pitfall and cut down investments for non-functional aspects.
Drivers for the value of performance and security when you have it are
Quality gate in place
Hotspots have been fixed
Response times are within expectations
No IT security risks
After you lose it
For many reasons, performance and security could easily fall back behind other priorities, and once you realize that massive slowdowns are impacting user experience, it's almost too late.
Your teams worked hard and built beautiful applications. All medium and high-risk security issues have been fixed, and page load times are excellent. There are no user complaints about slow-loading websites. Operational teams have monitoring cockpits, which display all key performance metrics. Deviations are immediately reported to responsible support teams, which investigate the problem, identify the root cause, and request a fix for those performance hotspots from their development teams.
Priorities change once the application is deployed at production. There is no longer a DevOps team that is permanently analyzing and optimizing the new system. Data volumes grow, content changes, and the underlying infrastructure is often shared with more and more applications. All those changes impact end-to-end user experience and security.
According to research, only 1 in 10 customers reports performance slowdowns. The remaining 90 percent get frustrated and abandon using your services. You will even notice it when it's too late and your customers are frustrated and sales decline.
Drivers for the value of performance and security when you lose it are
Gaps in the monitoring chain
Frustrated users abandon using your services
Image and Reputation Impact
Decline of sales
Proactivity and ongoing optimization are the best strategies to avoid a performance or security disaster. Validate performance and security early and often in your DevOps pipeline, fix issues as they have been identified, close technical depts, and regularly check the reliability of your apps deployed at production.
For any questions concerning how to make performance and security part of your DevOps pipeline, reach out to me.
Keep doing the good things!