20
Mrz

Zürich DevSecOps Meetup

Thanks Jan for sharing this with us https://www.linkedin.com/pulse/z%25C3%25BCrich-devsecops-meetup-jan-jambor

 

The second Zürich DevSecOps Meetup organized by Reto and Ken of astarios with support of „the DevOPS“ company VSHN and hosted by Swisscom.

 

DevSecOPS automation with open source tools

The first part was a presentation including some demos helt by Ken. He has been working on automating certain aspects of his development process and shared some experiences and tools with us.

 

Detecting secrets in your code

Github recently started to scan repos for API keys and passwords and alerts the owners, some also have reported that AWS revokes API keys which are found in public repositories. Shhgit recently grabbed some attention as it collects information about publicly shared secrets.

Wouldn’t it be smart if a tool helps you to identify secrety in your commits before you send them off to github & co.? And thats what Ken has shown us in his first demo: Talisman. Installed as a pre-commit hook it checks for passwords and other secrets and aborts the commit when something is found.

There are also other tools like SonarQube avaiable for that tasks which also offer more features.

 

Where to store secrets

As we have been discussing secrets already, we discussed how to deal with them the right way. And here Ken has shown some vault solutions. HashiCorp Vault beeing one of the better known solutions, but also all of the big cloud providers offer their own solutions – like Azure Key Vault – which are also good. The point you have to concider is portability of your solution. So, no excuses anymore for hardcoded passwords, not even for testing. Don’t do that, it will come back on you quick and hard.

 

Package managers and dependencies

The short version of this part of the demo is: all package managers are fundamentally broken. Not only do we have a ton of dependencies for simple „hello world“ apps, there are unknown potentially insecure packages which are not well updated. One example of SQL injections is shown on the picture below (source: https://snyk.io/blog).

The big SaaS source code repository solutions like github have introduce security checks for package managers and dependencies of your app. But also, on prem solutions can be enhanced with appropriate checks in the build pipeline.

 

Dynamic analysis scanning

We also quickly discussed the OWASP top 10 which is suprisingly (or not suprisingly?) not changing that much over decades. There are many tools out there, commercial and open source to help you with dynamic analysis. OWASP itself has a huge list of tools on their website.

 

Infrastructure as code

Infrastructure as code is also a huge topic. Most of the time it heavily relies on components and images pulled from public resources. Just like packages mangers mentioned above we have unknown and potentially insecure sources of these components. Here static analyzers like Clair for Docker images come into play and help identify potential problems.

Update: I just found vulnerablecontainers.org, a huge collection of public available containers images (e.g. docker hub) with scan results, this should be pretty alarming if you are using these images out of the box in production.

 

Keeping track

Now we have seen many different tools and sources of „noise“ in a security officers’ day to day business. What we need is a way of keeping track of the important things, basically a „nagios“ for DevSecOPS is required. Ken has shown us archery sec which just does that. It helps you collect all the information from the different sources and identify the really important points in all that noise.

 

Project SYN of VSHN

The second part of the meetup was presented by Adrian Kosmaczewski, responsible for Developer Relations at VSHN who introduced us to the very cool upcoming project SYN which should help to cover the 5 big points of DevSecOPS: GitOPS, maintenance, logging, trusted sources and Policy management.

Some huge pluses in my eyes are:

First: everything will be open source, not only the code but also the whole discussion about the specs and most important the organization which makes a big difference. Just putting a project on github is in my eyes not even close to the complete job. Try to make one of the Apache projects like Superset work in a PoC in less than one day and you’ll see what I’m talking about.

Second: Adrian described it as „low hanging“ fruits when he said, that project SYN will integrate with the big 3 cloud providers (AKS, EKS and GKE) and also existing clusters. That’s a huge plus in my eyes. I have been looking in similar solutions like nginx’s new controller v3.0 which only supports complete new created clusters on bare metal or VMs which is a huge problem from my point of view. So, if project SYN is delivering nearly what has been promised here: huge!

Third: VSHN eats their own dogfood! And they have by far the most experience when it comes to cloud native infrastructure, Kubernetes and Open Shift. So, what we will see here is, what powers VSHN every day. And this cannot be bad.

Some sneak peeks Adrian has shown to us:

A huge point is the close cooperation with crossplane. This rather new solution helps to manage cloud-native apps and VSHN making use of it and contributing to it in return is a huge plus for both. Some more tools which are used are listed below (not a full list).

GitOPS

  • Based on ArgoCD
  • Signed commits are enforced
  • Secrets forced to be in Vault

Maintenance

  • Maintenance & updates improved based on renovate
  • Overview of open maintenance PRs to enable easy discussion and quick actions when needed

Logging

  • based on Prometheus; Alertmanager; Signalio

Container registry

  • reviewed and validate images, auto vuln scans
  • compatible with K8s & OpenShift
  • central registry & inventory based on lieutenant and steward

Policy management

  • based on CNCF open policy agent

 

What’s next

The second Zürich DevSecOps Meetup was big success in my eyes. I’m really looking forward to the next meetup.

In the meantime, I’m going to the Hands-on docker image security best practices workshop which is on March 9th 2020 (as far as I know fully booked but if you are interested sign up for the waiting list). And of course I’m in for the DevOPS Day Zurich in September 2020.

29
Jan

Clutch Names astarios a 2020 Top Swiss Development Partner

Here at astarios, we know it can be tricky to juggle your innovative business culture while and scrambling to complete development projects to help your company get ahead. That’s where we can help! We specialize in state-of-the-art product engineering and software development services. We can add on to your existing development team or start a new one. We have two decades of experience providing near shore development services and tech talent, and we’re confident we can help you too!

In light of our long-standing impact in the technology sector, we’ve been named one of the top Swiss development firms by Clutch, a verified ratings and reviews resource.

We’d like to thank our clients for helping us achieve this award. They took part in interviews with Clutch analysts to assess our impact on their business operations. We were evaluated on the lines of quality, attention to project timelines, overall value for their financial investment, just to name a few. In reflection of those scores, we’re happy to say we’ve garnered a five out of five stars on our Clutch profile! Please take a look at a recent review below:

 

 

We are thrilled to have been chosen as top b2b companies Western Europe 2020.”
                                                                                                                                                        – CEO, astarios

We’ve also been featured by Clutch’s two sister sites, The Manifest and Visual Objects. The Manifest, a company listing site, lists us among their top development partners in Switzerland. We’ve also earned our spot on the top list of 2020 Visual Objects firms for custom software development.

We’re excited to receive this amazing honor, and look forward to helping even more companies maximize their earning potential through high quality solutions. Please contact us today if you’d like to start a project with astarios.

 

 

 

 

14
Okt

Essential Steps to Choose the Right Offshore Software Development Team

What’s in common between Dell and Elastic? You can hardly come up with an answer unless you know that they both rely on remote teams.

Dell announced about their decision to create Connected Workplace, a remote work program, and give 50% of the workload to remote teams by 2020. Elastic, a company building software that allows using data in real time and at scale, is running a completely distributed team that extends across 37 countries.

Collaboration with offshore software development companies is also getting the new normal. By integrating outsourcing into every day workflow, businesses benefit from cutting costs, proficient manpower in place, shifting focus onto mission-critical tasks, and the new ways of generating profit.

Alibaba, Basecamp, WhatsApp are among the many who took advantage of the offshore software development outsourcing. In his book, the Alibaba founder Jack Ma told how he achieved success and why outsourcing to the remote development team played a big part in that.

Here’s the statistical evidence that software development outsourcing keeps increasing its market share. In 2018, Gartner released their annual report saying that the global IT spending would total $3.8 trillion in 2019, showing a 3,2% rise compared to 2018.

 

Global IT spending forecast figures

 

As the stats show, IT services are still the major spending in 2019 including offshore software development outsourcing. This is how Gartner commented on the trend in their press release:

“An expected global slowdown in economic prosperity, paired with internal pressures to cut spending, is driving organizations to optimize enterprise external spend for business services such as consulting. In a recent Gartner study, 46 percent of organizations indicated that IT services and supplier consolidation was in their top three most-effective cost-optimization approaches.”

source: https://www.gartner.com

 

Even though teaming up with a dedicated development team is a reliable strategy for numerous businesses, it is still considered to be a risky endeavor by others. 

Thus, German-based companies tend to search for the software development teams inside their homeland rather than give their projects away to outsourcing companies. But as long as the DACH region experiences a shortage of skillful developers, outsourcing turns to be the best solution so far. 

This article is to help you find the right people to work remotely and build a smooth collaboration process with them. So, let’s roll.

 

The Offshore Software Development Company to Rely On

 

Selecting an offshore software development company reminds of an employee hiring process. You search for the candidate’s social profiles, ask for a portfolio, appoint a personal meeting to take a closer look at his personality and test hard skills. 

But picking up reliable dedicated developers is a greater undertaking. You should be picky and accurate, since your company further progress may largely depend on the manpower you are going to hire. 

Here are the points for you to consider when choosing a dedicated development team:

A Comprehensive Request for Proposal (RFP)

A thoroughly planned RFP helps to be on the same page from the early stages of communication. It sets out project details, goals to be achieved, a range of services and deliverables, technical requirements, timeline, and main selection criteria for the software development partner. 

While developing product requirements, you should clearly describe both categories – functional (what a software system should do) and non-functional (how a software system should do it right). 

Before writing the RFP document, you should know what you need and how it relates to your business strategy. Here’s how the whole process of pre- and post-RFP planning usually looks like:

 

Standard stages for the RFP development

source: https://www.smartsheet.com

 

Once the RFP document is ready, it’s vital to determine who will be responsible for reviewing the submissions of the software development vendors, selecting them, and monitoring the entire product implementation process.

Basic Criteria in Selecting Dedicated Developers

Having a comprehensive RFP in place simplifies the selection of the dedicated developers a great deal. Basically, the criteria that guide your choice may embrace:

  • Communication
  • Company size and experience
  • Pricing policy and rates flexibility
  • References from other businesses
  • Technical expertise and agility
  • Culture fit and English proficiency
  • Geographical proximity and ability to easily get to the vendor’s location
  • Knowledge-sharing practices
  • Employer brand and an employee retention rate

Interestingly, the selection factors in 2017 referred mostly to technical and financial reliability of the IT service provider. You may also want to include them into your list, so here’s the chart developed by Statista:

Basic selection factors in selecting IT service vendor

 source: https://www.statista.com

 

Asking for References and Recommendations

For a great many software development providers receiving positive feedback means everything, since the word of mouth gets new clients on board. 

Prior to scheduling an individual meeting, it always makes sense to check their website, industries covered, customers, and testimonials. The web section featuring use cases or success stories also requires attention, as it explains how a particular product was developed and what obstacles a dedicated development team had to overcome. 

Some extra information on a company’s key competencies can be provided by the international review rating like Clutch.

Checking an IT Services Vendor Portfolio

Examine the experience of the vendor and dedicated developers. It is extremely crucial to hire a mature team that can create a comprehensive knowledge base, accurately check and report errors, produce a maintainable code, implement secure development, write consistent software requirements specification, and keep their hard skills sharp. 

An efficient vendor should be able to understand your business needs, align them with technical capacities, suggest a communication plan, build a clear roadmap, etc. Most importantly, your tech partner should know well your business niche and offer solutions that can fit in your brand, customers, and goals. 

Discovery Phase and Technical Solutions Offered

Many times, development of the custom software from scratch may be the best option for your business. A legacy code base puts extra obstacles in the path, taking more time, effort and budget to fix bugs and rewrite code. 

Alternatively, an offshore software development company can suggest utilizing an out-of-the-box solution by adjusting it to your business needs. To make this happen, mature dedicated development teams insist on running a discovery phase. It gives enough time to both a customer and an IT service provider to understand what is actually required and how to put it into life.

Effective Budget Model in Place

There’s no universally approved price model. Pricing depends on a wide range of factors like a project scope, its overall complexity, integrations, migrations, and the current state of where things are. It impacts on the development stages and the choice of the dedicated developers to be involved into the project. 

Put differently, you should understand what your budget limits are and search for the provider that can guarantee staying within the set budget (provided that all the initially discussed conditions remain unchanged).

There’s a common myth that fixed price projects can be a good way out. However, it’s not an ultimate solution. Static budget may give you more control over the project, but it may significantly restrict the whole development process. Your project requirements as well as business goals may change over time, while it may take time for a dedicated software development team to craft the solution that would better correspond to your upgraded business roadmap. 

That being said, flexible budgets and project scopes often turn to be the best fit. 

Developing a Clear Communication Plan 

Many times, outsourced projects fail because of the inconsistency in communication. IT service provider often retains software developers by offering flexible working hours and a remote work opportunity. While keeping software developers in comfort, these tactics may lead to the discrepancy in interaction between team members. 

 

Why outsourced projects tend to fail

source: https://smallbizclub.com

 

What’s the best solution? Develop a communication plan. For the sake of smooth cooperation, it should cover these points:

  • scope of work to be implemented (clearly described in the SLA agreement), performance KPIs, methods of progress monitoring
  • clearly prescribed roles and responsibilities including decision-makers
  • team interaction stages and syncups frequency 
  • a list of tools/software to ensure progress tracking and transparency in communication
  • how sensitive information should be communicated across the team
  • successes and failures registry 

Here’s a communication plan template you may want to use:

 

Communication plan with an IT service provider

 

Risks Mitigation in Dedicated Developers Management

Given that team mates may change over time, secure data transfer presents one of the biggest challenges.

 

Key obstacles in outsourced projects management

source: https://hackernoon.com

 

To ensure high data security, determine the data to be accessed by the dedicated team, where it will be stored (within the facilities of your IT services provider, internally, or both), how the access to the data will be granted and how it will be exchanged across the team.

In such a way, you’ll be able to develop a data loss prevention plan. To make sure your potential software development partner complies with the data security standards, suggest conducting a risk assessment procedure and regular due diligence check-ups. The security policies should also be clearly described in a Service Level Agreement with all the risks assigned to either of the parties.

Find out how we at astarios maintain a secure service provision all the way through the software development process!

22
Aug

Ukraine’s IT Outsourcing Draws Praise around the World and Here is Why

Ukraine’s IT outsourcing has long established itself as an Eastern Europe software development powerhouse. It has become the second largest industry in the country following the official data shared by the National Bank of Ukraine. The total income received from IT services export in 2018 totalled $3,204 billion, a 29% increase compared to 2017.

In 2018, the International Association of Outsourcing Professionals (IAOP) released the Global Outsourcing 100 list with 18 Ukraine’s tech companies amongst the finest. Just four years ago, in 2015, Ukraine’s IT outsourcing was not such a success with only 5 companies awarded.

   Ukrainian IT in international rankings

                                                         Source: Ukraine IT Association

                                                         

Another reputable B2B research and rating firm Clutch has recognized 92 Ukraine’s IT outsourcing companies as the top global providers of IT services. What’s more, Clutch’s Top IT Outsourcing Companies in Ukraine now features 253 software providers with an average project size ranging from $25,000 to $50,000. 

International recognition is not the sole factor that encourages giants like Samsung, Oracle, Cisco, Gameloft, and Wargaming to set up R&D centers in Ukraine. The country has a huge tech talent pool with 150+ major educational institutions and 23,000 IT specialists graduating annually, favorable economic and tax environment, and beneficial outsourcing cooperation models. 

Unit.City, Ukraine’s innovation park that brings together startups, mature businesses, and international companies, has recently delivered a comprehensive research on Ukraine’s software development

We at Astarios have carefully examined the key findings set out there as well as analytical data provided by IT Ukraine Association, and a few more reputable sources to give you the big picture of what Ukraine’s software outsourcing is today. So let’s dive in.

 

Software Development in Ukraine: Industry Overview

 

Following the data released by Unit.city, the exports of IT services in 2018 made up about 4% of Ukraine’s gross domestic product. These numbers are expected to reach $8.5 billion by 2025. 

Here is how the IT service exports have changed over time:

Ukraine IT services export in 2013-2017

                                                         Source: https://data.unit.city/tech-guide

                                                         

As the report suggests, 70% of the income earned through software development in Ukraine comes from abroad. IT Ukraine Association assumes that more than 50% of IT software outsourcing in Ukraine is rendered to the United States and UK. Other customers reside in Canada, Germany, the Netherlands, Ireland, Israel, and other EU-based countries.

AIN states that 78% of all earnings come from web development, whereas mobile application development makes 64%.  

According to Clutch, the key areas of focus for the most of Ukraine’s IT outsourcing companies include ecommerce, enterprise solutions, fintech, edtech, healthcare and a few more.

Ukraine IT companies by industry focus

                                                         Source: https://idapgroup.com/blog

 

The steady growth of Ukraine’s IT outsourcing market can partially be explained by the service quality. IT companies no matter how big or small strive to incorporate best QA and cybersecurity practices to ship robust and safe solutions that can resist data breach attempts and maintain high credibility with end-users.

Searching for greater quality, customers tend to hire Ukrainian developers in order to fix or redo the projects completed by some Asian IT outsourcing providers. 

With such a big emphasis on quality assurance, Ukraine’s IT outsourcing companies may sometimes be a good alternative to inhouse dev teams and save a pretty penny.

                                                   

IT Companies in Ukraine: Economic Environment

 

Despite the war raging in the eastern Ukraine, the IT industry has never stopped growing. It remains the country’s strongest engine that accounts for 5% of the total export revenue. Being well aware of the fact, the Ukrainian government is supporting the industry and Ukraine’s IT software outsourcing in particular.

In the next few years, it is going to implement a series of regulations made for smooth operation of the IT companies in Ukraine. The changes will be made in data protection, taxation, employment procedures and service export to streamline collaboration with foreign customers.

Another positive factor is that Ukraine’s economy has stabilized. Inflation has been slowly going down: to 7.4% in April 2019 and 0,7% in May 2019.

Inflation rate in Ukraine in 2018-2019

                                                         Source: Tradingeconomics.com

 

Ukraine has also implemented a series of anti-corruption reforms. The official government portal claims that the state has maximized criminal and administrative liability for breaking income and property requirements. 

The introduction of e-declaration system was one of the biggest changes made. E-procurement system Prozorro, open access to property registers, automatic VAT refunds system also belong to the list of the recent improvements.

IT software outsourcing in Ukraine contributes much to local budgets, as most of the employed tech specialists have a sole proprietorship status paying taxes to regional tax offices. They play a pivotal role in further development of regional economies and therefore gain more support from the state authorities.

 

Ukraine’s IT Outsourcing Market Today

 

In 2018, Ukraine’s IT outsourcing market boasted 20% of all country exports. The number of IT companies amounted to 2,000, while the total quantity of tech experts fluctuated between 160,000 and 172,000 people. 

These figures have significantly grown with time. Unit.City affirms that today’s number of registered tech companies in Ukraine has increased up to 4,000. IT professionals have also multiplied in number, amounting to 184,700. 

 

Ukraine IT market stats and numbers

 

                                                         Source: https://data.unit.city/tech-guide

 

In 2018, IT outsourcing companies gained the biggest share of the Ukrainian IT market. Others operated as outstaffing service providers, R&D centers, or product companies.

Nevertheless the number of tech companies has increased, the market is dominated by IT outsourcing with an average employee number ranging from 80 to 1,500+ per company.

As for the major IT clusters based in Ukraine, Kyiv (accommodates about 47% of all IT specialists) and Lviv (employs 20K IT specialists) are not the only cities taking the lead.

Kharkiv (22K+ IT specialists), Dnipro (8K software engineers and 2K tech specialists graduating annually), Odesa (6K IT specialists with over 150 IT companies located there) are also keeping up the pace.

IT hubs are multiplying encouraging smaller cities to join. This is how the map with IT clusters looks now:

 

Ukraine IT clusters geography

 

                                                         Source: https://data.unit.city/tech-guide

 

Ukraine’s IT outsourcing companies strive to create favorable working conditions for their employees. They make individual development plans and provide a wide range of non-wage benefits and perks to increase retention and motivate them to grow within the company. 

Leadership and mentoring programs, inhouse educational trainings and workshops are among the many activities initiated by many IT outsourcing companies.

Apart from inhouse IT events, Ukraine is hosting a series of international conferences that promote knowledge sharing and encourage new generations to enter the IT world. 

IT Arena, Dev Challenge, iForum, and IT Weekend Ukraine are among the most popular ones. In addition to these large-scale events, Ukrainian IT clusters often run specific workshops that bring together specialists from one domain, like Data Science fwdays (with a focus on Artificial Intelligence and Data Science), Frontend://zt, Systems Engineer Day (with a focus on DevOps), The Rolling Scopes Conference (with a focus on JavaScript, Node.js, Front-end, Android, iOS, and UX/Design).

Thanks to the initiatives taken, Ukrainian software developers get a chance to exchange insights and upgrade their skills.

 

Ukrainian Software Developers: Hard Skills and Hourly Rates

 

A huge range of career opportunities, distant work, flexible schedule, and high salary rates stimulate specialists from other industries to transition into a career in the IT field. This is another reason why Ukrainian software developers are quickly increasing in number. 

On average, Ukrainian developers and QA specialists boast 3-5 years of experience. The survey conducted by DOU says that only 1% of the surveyed developers (DOU surveyed a total of 9,387 people) work in the IT field less than a year.

The biggest share of the manpower works on software development with PMs and QAs making smaller cohorts.

 

Ukraine software developers PMs QAs stats

 

                                                         Source: DOU.ua

 

DOU affirms that the most popular programming languages used by Ukrainian software developers are these:

 

Popular programming languages in Ukraine

 

                                                         Source: DOU.ua

 

If developers were to choose any programming language to code, their choices would differ:

 

languages Ukraine’s developers would like to choose

 

                                                         Source: DOU.ua

 

64% of Ukraine’s developers taking part in the DOU survey said they would definitely learn a new language the following year:

 

languages Ukraine’s developers will learn next

 

                                                         Source: DOU.ua

 

As for the language and experience interdependency, most popular languages are used by the IT specialists with a 3-year experience.

 

Experience of Ukraine’s IT specialists and languages

 

                                                         Source: DOU.ua

 

By 2020, the number of Ukraine’s developers is expected to surpass 200,000. Hard skills will mature, while soft skills will be taken much more seriously. There is a huge tendency towards nurturing efficient managers.

The hourly rate set by Ukrainian IT outsourcing providers offer the best price-quality ratio in contrast to other neighbouring countries like Poland or the Czech Republic. In Ukraine, the hourly rate usually amounts to $25-50 with an average software developer salary amounting to $2,500-4,000 per month. 

Even though these rates may be bigger than in many Asian outsourcing countries, they still remain lower compared to the rates set in the U.S. and Western Europe.

 

Why Outsource Software Development to Astarios?

 

astarios combines both Ukraine’s tech skillset and Swiss quality, as our teams are located in Kyiv and Zurich. You get a highly secure and powerful solution, since we put a lot of effort into security of the solution delivered to you. 

 

Services we deliver: 

  • Web and mobile app development
  • Application security services (secure DevOps, Secure Software Development Lifecycle, etc.)
  • Robust M2M and IoT solutions

 

Cooperation models: 

  • Fixed project scope 
  • Team extension
  • Outstaffing and office rental
  • Dedicated IT team 

 

All-around support:

astarios keeps you timely updated on the project progress and ensures instant communication. We put special emphasis on discovering your business needs and stick to security development practices since the first line of code. 

Interested in getting a quote and scheduling an individual meeting or call? Get in touch with us by filling out the form here or call us on (US) +1-650-996-2875 or (UA) +380-95-168-3652.

16
Jun

Security First Software Development

According to Gartner, Inc. overall worldwide IT spending is projected to total $3.8 trillion in 2019 while at the same time worldwide spending on information security products and services will reach more than $124 billion, an increase of 8.7 percent from 2018. Those are pretty mind-boggling numbers but then again still only approximately 3.3 percent of IT spending is security related. Also in a recently performed survey by Gartner eighty-eight percent of global CIOs have deployed or plan to deploy cyber security software and other technology in the next 12 months.

Needless to say that IT related security is a very hot topic as data has become arguably the most valuable commodity around. But still IT security is viewed by many (especially software developers) as a necessary evil defined in some annoying security guidelines.

In almost all projects I’ve been involved in, security has been architected into the environment very late in the game – akin to building a bricks and mortar bank and worrying about security aspects when the building is already complete. Or to put it into a simplified development life cycle – compile it, deploy it then let the firewall and some network segmentation take care of the rest (and of course cross your fingers that nothing ever bad happens to your data).

 

Security starts with the Specifications

Even though the concepts of Abuse Cases, Threat Modeling, etc. have been around for ages (like in 1970’s/1980’s) they are very seldom applied to modern day software development. Instead of focusing only on the functional aspect of the specifications (for sure features are more fun to build and allow the developer to show off his talent) it’s just as important in today’s age of cyber threats to focus on security specifications.

For example if questions like “Where are my high-value assets?”, “Where am I most vulnerable to attack?”, “What/Who are the most relevant threats?” and “Is there an attack vector that might go unnoticed?” are considered very early in the development process then the resulting system will be much more robust to potential attacks and not just be reliant on a firewall to protect it (I have nothing against firewalls btw).

While the features of the MVP are being debated and sketched out the above mentioned security specifications should also be well thought of, documented and clearly understood. Data breaches have been known to kill new products before they properly were able to hit the market.

 

Embrace the Security Guys early

So instead of viewing the guys from the security department as the necessary evil mentioned above – embrace them in the development life cycle very early on – like from the beginning. Doing the first penetration test a couple of months after releasing a product just to obtain this fuzzy feeling of being secure is not a bad idea but for sure not the best one. The earlier your developers are confronted with security threats and advice the more robust the resulting system will become.

Also in todays world of speed, speed and more speed where new features are king you can still not afford to leave your systems and data exposed and vulnerable to the ubiquity of cyber threats.

 

(c) 2019 – Reto Kaeser, Managing Partner @ astarios

 

References:

https://www.gartner.com/en/newsroom/press-releases/2018-10-17-gartner-says-global-it-spending-to-grow-3-2-percent-in-2019

https://www.gartner.com/en/newsroom/press-releases/2018-08-15-gartner-forecasts-worldwide-information-security-spending-to-exceed-124-billion-in-2019

https://en.wikipedia.org/wiki/Threat_model

6
Mai

Qualifying Pitch Decks using Insight Engine

VCs receive a steady stream of business ideas and proposals, yet only a few percent ever make it through their process. Actually, to keep up their business they need about every tenth project to succeed. Analyzing and filtering the projects is therefore crucial to their business. However, this is a very time consuming task – ideas need to be understood, the people behind them need to be verified, they need to keep up with trends in any industry and they need to understand whether they would be the right investor for the project.

To achieve that they have set up elaborate processes to filter out valuable opportunities.

A typical simplified deal flow process.

A typical simplified deal flow process.

 

 

At each point a project can drop out of the process, because following through with all of them will cost them not only a lot of time, they might also miss another great opportunity because they don’t have the resources.

Aleacta’s Insight Engine facilitates this process by automating and supporting every step of it, cutting down processing time from up to two weeks to a few minutes. This enables us to also valuate each process for every aspect in the workflow.

The deal flow using Insight Engine.

 

 

Given only a few input parameters and the startups pitchdeck we can automatically find and research relevant data and put it into context in a knowledge graph. To do this we search a predefined set of public information – social media, news, commercial registers, trend reports etc.). Our algorithm not only generates a quick overview over the project, everyone involved and the internal “fit” (e.g. do we have contacts that might bring this project forward). We also train a predictor on several measurements taken from the graph.

 

A knowledge graph, in this example showing the connections between people and companies.

 

 

The result is not only a much more efficient process, but also a better analysis of the business idea, giving the VC the ability to process more applications in a shorter timeframe.

The project qualification is tailored specifically to the VCs investment profile.

 

Analytics view in the Insight Engine.

 

23
Jul

What You need to know about IT OUTSOURCING to UKRAINE

Ukraine has become a real buzz in IT industry, first of all, as one of the main destinations for software development outsourcing. Many globally recognized businesses choose Ukrainian engineers because of variety of motives and lower prices aren’t the driving impulse anymore.

In this article we will reveal the reasons why Ukraine is steadily and continuously increasing its influence as international software development vendor.

 

High tech skills in large amount

Ukraine has the largest number of IT professionals in Central and Eastern Europe. According to Colliers international, Ukraine is 4th in the world by the number of IT specialists and houses more than 1,000 software development companies of different size.

Currently the number of software developers in the country comes to 130 000 and continues to increase by 20% yearly.

Ukrainian universities give very strong technical and mathematical basis to the students. Every year about 20 000 of tech graduates join the industry to bring new IT solution for companies all over the world.

The most widely used programming languages by ukrainian developers are Java (23%), JavaScript (16%), C# (15%), PHP (14%), and Python (8%). Moreover, the country is the world’s leader by the number of Unity3D developers and experts in C++. Other scarce programming languages specialists, such as Hybris, Erlang, Go, Scala, and others can be found in Ukraine, too.

Besides that, about 45% of Ukrainian engineers speak English fluently, and almost 40% have an intermediate level of English. Companies pay a lot of attention to the language learning and have optional or obligatory English courses in house.

 

Loyal laws towards foreign customers

One of the biggest advantages to outsource to Ukraine is that country’s government has simplified the process of business cooperation between foreign and native IT companies. Both parties of the process feel protected and encouraged to develop fruitful cooperation.

The most attracting thing is that all foreign companies that delegate software development to Ukrainian company don’t need to pay VAT. Also, the foreign companies can create their branches in Ukraine provided that their business strategy complies with Ukrainian laws.

Established software development companies in Ukraine operate in full compliance with all European IP and information protection regulations and rules. What is more, Intellectual Property Court in Ukraine allows both parties to settle all issues which may arise upon IT software development completion.

 

Optimal development cost for an outstanding quality

Ukraine is currently ranked 6th in Top Coder Rating by the number of the most skilled software engineers. It’s software developers are recognized as the best in Security domain and ranked 4th place in Mathematics and Distributed Systems by HackerRank.

Source: HackerRank

 

Not only Ukraine has excellent and highly-skilled developers, but proposes rather low development cost comparing to European countries and US. Ukrainian programmer has $30 – $50 hourly rate, whereas US developers get $120 – $170 hourly rate.

Also, as was mentioned above, IT specialists have good taxation from government and they pay only 5% tax on their income.

 

World’s biggest companies choose Ukraine as an outsourcing destination

Ukraine became a home to more than 100 R&D offices of market leading companies from different industries including fintech, telecom, gaming, healthcare, retail, and e-commerce. Global leaders, such as Boeing, Aricent, Huawei, Siemens, Nokia, Oracle, Apple, Microsoft, Ebay, Deutsche Bank, Skype, and IBM have R&D facilities in Ukraine.

US has the largest share of R&D partnerships involving Ukraine. About 45% of companies choose this country to set up their R&D office. The amazing potential and serious skill set of Ukrainian engineers makes the country one of the best IT outsourcing destinations.

Not the least, Ukraine has an easy transportation access to different points in the world. The proximity of the country to Europe takes only few hours time to reach it. Taking to account that time zone in Ukraine is GMT+2, working hours with Europe are almost the same.

Combining those factors with high level of cultural affinity with European mindset and ethics we get better cultural connection and comfortable partnership.

 

Without a doubt, Ukrainian IT industry has led its world-class higher education system to meet the needs of constantly growing international market. Perhaps, the highest quality, competitive pricing, excellent project management and developing R&D centers can become the main reasons for you to address your next project to Ukraine?

24
Mai

Astarios welcomes Jim Norris as new VP of North American Sales

astarios welcomes Jim Norris as new VP of North American Sales.

Jim will be responsible for ensuring customers’ requirements are realized as successful projects. Also, he will be focused on engineering process and that all aspects of development go smoothly. Jim has track record creating long-term strategic accounts, facilitating steady communications, and proactively managing accounts to make sure the parties are completely satisfied with the outcome.

Jim says: “Our success depends on our ability to understand our customers’ needs and to deliver the capabilities needed for their specific application development requirements.”

Jim Norris has 20 years of sales experience and 37 years’ experience in Business Development, Engineering Management and Process Development. He has demonstrated a rich history of ensuring clients’ needs and objectives are fulfilled.
Jim has held various positions at IBM, Silicon Graphics, Solid Data Systems, Vanguard Software Solutions, and Gearhead Engineering. Jim possesses a Bachelor’s Degree in Mechanical Engineering from Chico State University and a Masters in Manufacturing Systems Engineering from Stanford University.

We are delighted that Jim has decided to join astarios. His wealth of performance, industry knowledge and expertise are going to help us increase business opportunities.