Hi folks,
I was curious given there are a mix of techies and non-techy IHers how you prioritise the more 'mundane' tasks of running your app/product...
I'm thinking things along the lines of backups, patching, security tasks, documentation updates, knowledge transfer etc
From my experience it tends to turn into Technical Debt in favour of releasing shiny new features for customers...
its a broad topic but I ll give it a shot:
Slight amend to my previous comment:
We started doing this all as part of our routine from the early days. Running an online HR platform means we are dealing with critical sensitive data, so we cannot afford any sort of breach.
We've set up multiple layers of security and only have our servers accessible via a certain VPN for maintenance. We also set up testing/staging/production platforms that run independently, and only select members of our team have access to production. I am the only one who can access the production database, and even then I have to go through 3 layers of passwords (which are not rememberable or saved in my tools) to get write access to the production DB. Our development team do not have any access to live data whatsoever.
Backups and encryption etc. are all automated on our hosting platform, but everything is documented on our Wiki, or should I say Wikis, because we have one specifically for our development and DevOps team, and one for our support, customer success and admin team that are kept totally separate.
We are increasingly getting more and more requests from larger companies to ensure that we have HIPAA, SOC2 and ISO27001 compliance, so we will have to tighten up our controls and training a lot more in order to meet these requirements.
It really should be part and parcel of any SaaS aimed at the business market to have these things in place from an early day IMO. If we were to try and set them up now, it would be very onerous and I would likely put it off indefinitely. But having everything documented and practiced since nearly day 1 has made it easier to manage and improve moving forward.
One of my priorities when I desing something is to have all the services managed, that way I can concentrate on create/fix/marketing, it would be too much if I have to manage/provision the db/servers too :S
I like to think that in some point I will open source my project so there is a public shaming factor.
I added password-less authentication a few months ago, so I don’t have to worry about passwords being stolen anymore (me and the users!). I also started deleting all the information when you don’t renovate your plan. Some needed credentials are encrypted in the DB and the key is stored in an ENV variable.
GitHub dependa or is a very helpful tool as well, as it notifies you about any security patch related to your code.
Finally, I try to update all the dependencies to the latest stable version every 2 years. It use to be like a 2 weeks job but I really enjoy it :p
Thanks for replying Luctus, a couple of great tips for us to consider there!
Interesting topic, watching
It would be cool to hear from a range of people/teams wouldn't it? I was curious how many don't really do much until they have a showstopper and then bake it in to their routine. Also depends on how critical the product is / what the value is as well of course...