Back to the Basics in Cloud Product Development
If your basic functionality doesn’t work, the whiz-bang features don’t matter
I’ve been thinking about this recently and just a quick note on a topic that’s been on my mind.
As cloud platforms attempt to deploy and develop more and more new and exciting features, some of the top people in your company want to move over to what is “new and shiny.”
In the process the solid engineering that goes into the base platform may start to degrade over time.
Some developers may find these things boring:
- Fixing bugs that occur as new features get added to the system
- Validating that core engineering principles are in place for all new products and features
- Implementing base features required for every new service like proper CloudFormation templates (I’m looking at you Lambda Step Functions)
- Repetitive QA to make sure that things are still working correctly
- Fixing old issues like policy documents in CloudFormation that give you a generic error message for every possible syntax issue
- Ensuring your deployment system on your cloud platform works flawlessly — and fast
The above may be boring but if your customers can’t do the basic things they won’t be able to do the fancy new things you are introducing to the platform.
I remember what Steve Jobs did when he came back to Apple and “fixed” it. He removed a bunch of extraneous areas of focus to concentrate on doing less things really well.
The people who focus on and fix issues in your core functionality should be as highly regarded in your organization as the people rolling out the flashy new features. Those people supporting the base platform and fixing the mundane bugs and making sure the platform runs seamlessly and securely are the folks who will keep you in business for the long term.
If customers can’t easily use your base functionality — they will never get to the fancy new features.
> Have you looked at your metrics to see what types of errors are coming up most when customers try to use your platform? Fix that.
> Have you analyzed what is costing different types of customers the most money unnecessarily? Fix that.
> > Different types of customers mean those who are spending millions and the start ups who may someday grow to one of those companies spending millions if you help them grow on your platform with a pricing model that supports their needs.
> Are you reading and measuring customer feedback not only from your largest customers but from the people submitting feedback online related to your documentation, comments and complaints on social media, in blogs, and across the board?
> How about looking at what is taking the most time to deploy? Are there ways you can reduce that — including deployment of any type of resource on your system not just those used most frequently.
> What is generating the most security events and incidents? Can you make a simple change to reduce that by adding a warning or disallowing problematic actions?
> What bug fixes are customers requesting most? Is there a particular product that has a higher amount of bug reports relative to the number of customers using it? Sure your most popular service that gets used the most has the most bug and issue reports. But maybe your less used services have less traction because they simply don’t work well.
> How long is it taking you to fix bugs? Is there a way you can speed that up without introducing a security problem?
> Is there a repeated issue reported with documentation that can be addressed one time to reduce a large number of issues? Can you reduce redundant documentation so there’s less to manage? Is your documentation well structured so customers can easily find what they are seeking? Is it complete? Is it consistent across products so customers can always find the same information for the different products in the same place in a set of product pages? Are your links working and pointing to the most recent documentation?
> Which error messages do customers most often submit to your support team, in online blogs, or as GitHub issues? Is there a way you can centralize and fix an issue that occurs across many platforms or development kits? Do your error messages clearly tell customers how to fix the problem they are having? Is each error message specific to a single problem?
Customers should rarely need to contact customer support if your documentation is complete and accurate and your error messages tell them what they need to do to fix a problem.
> Are your engineers well trained in core engineering principles including those who are supporting legacy systems? Do you compensate people supporting the legacy systems well and recognize them for their efforts? Perhaps the people who support the boring base infrastructure should be speaking at cloud conferences about the features they have implemented to improve the core systems under the hood — to improve documentation, security, speed up deployments, and make error messages more specific so customers can resolve issues more quickly and move faster.
> What issues reoccur repeatedly in test reports? That includes penetration testing, bug bounties, and QA functional and performance testing. Is there a way you can prevent those issues at the core like Google did when it introduced Trusted Types to help prevent DOM cross site scripting? Is there a particular team or person that is introducing the most issues? Do they need training?
Before you roll out another fancy feature, consider where your focus lies and whether issues with the core infrastructure, documentation, and usability are undermining people’s abilities to use fancy new features. Consider whether having too many products and features to support is spreading the company too thin to support all of them well.
Although clouds need focus, avoid the mistake some companies make that roll out a product or feature every five minutes, then kills or renames it later because they didn’t think it through and can’t support it very well, or it just wasn’t a good idea in the first place.
And that leads me to my last thought.
Where did the original ideas that made your product successful come from? Who was that and do they still exist at your company? Are their voices amplified due to a track record of success? Or are you looking to new voices constantly for new ideas — voices that haven’t stood the test of time?
Yes we need new ideas and innovation — but be careful to remember the core competencies that drove your success in the first place.
The solid engineering, security (because that is what initially kept people from moving to cloud platforms), and usability that drove everyone to become a customer in the beginning needs to exist in every new product and feature that you release to ensure sustainability.
And with that — I recall what Steve Jobs said when he wanted to get people to pay for music online. People said no one would do it because they could just steal the music using Napster. Steve Jobs said something like, “If you make it convenient, people will pay for it.”
I can’t believe how long ago iTunes was introduced. Feeling old at the moment. Now online music services are everywhere but back then none existed. I was using a free service for no-name artists called Live365 before all this came about. The thing is — he made it easy and had cool devices (ipods) to play the music on and the rest is history. Now everyone streams music on their phone or from an echo or whatever. And many of them pay for it.
According to IFPI’s Global Music Report 2023, music streaming services grew by 10.3% in 2022.
Make sure the core platform works and make it easy to use — and people will pay for it. Just because it’s not new and flashy doesn’t mean the revenue won’t grow. But it will definitely decrease if people can’t easily use it.
Related:
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2023
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab