Relaunch of user portal at a well-known insurance company
A success story about the further development and maintenance of the information security application in use at a large German insurance company in the area of conflict between the new and the tried and tested.
Initial Situation
In the application portal for information security of one of the largest German insurance companies, a large part of the software products in use (InfoSec assets) are tracked and the risks associated with the use of this software are managed. These individual risks (e.g., PenTest findings, vulnerabilities in the software, etc.) are classified into different levels of severity and are then taken over by the responsible stakeholder.
The application portal also provides workflows on these risks and their adoption to ensure that threats are dealt with appropriately. A review process of the affected applications is regularly initiated for this purpose.
Due to the unexpected, organic growth of the application, the internal application development reached its limits. The capacity for internal further development was no longer available to the desired extent, which is why an external partner with good industry knowledge was sought to take over the further development, support, and operation of the application.
Challenges
In order to meet the qualitative demands of the customer as well as the legal and regulatory requirements, it should be ensured on the one hand that the functionality of the application is always guaranteed despite an ongoing, agile development process.
The dependency on individual persons should be reduced by distributing the knowledge about the application, its functions, and its operation among several persons. In addition, where possible, processes should also be partially or fully automated to reduce dependence on human resources.
Solution
In order to fulfil the tasks of maintenance and further development, the further development was transferred to a development team comprising several people. In addition, modern toolsets such as SCRUM and ongoing code reviews are used to ensure professional software development and the desired quality.
In order to reduce the dependency on individual persons, the team was expanded on the customer side in addition to the use of a multi-member development team. Processes that were previously carried out manually, such as testing the basic functionality of the application, were supplemented by fully automated, functional test cases.
The provision of new application versions including all necessary activities (creation of backups, upgrade of the database schema, etc.) was fully automated.
Benefits
Outsourcing maintenance, further development, and operation to msg Plaut enabled the customer to focus on its core competencies again and to free up valuable internal human resources.
The creation of redundancies in the area of both internal knowledge carriers and external development partners leads to greater resilience in the event of the failure of individual resources.
The automation of various test and deployment processes leads to a lower workload for the employees involved, which means that these freed-up capacities can now be used more efficiently again.