Protecting your Software Investment. Rule #2: Control

Last week we explored the first of my 3 rules for Protecting your Software Investment from “yourself” — i.e. your own need to integrate, enhance and extend your Enterprise Software Systems:

Today let’s talk about Control. Control comes in three concepts:

  • Control of software
  • Control of interfaces
  • Control of people

Control of Software
This is the easiest, but often overlooked form of control. When your software is installed, or after each upgrade, take a snapshot of it. The Staff Member or Contractor charged with executing your backup regime should also have this as part of their responsibilities. This way you are never stuck in the position of asking “How do we get back to what used to work?”

Control of Interfaces
This is the critical complement to Rule #1: Separate. You are going to allow people to access/integrate/enhance your core system. In order to minimize the amount of reintegration and testing required after each upgrade, you are going to minimize the number of interfaces or touch points between your core system and the outside world. The system may already provide a set of interfaces. Remember that there are two types of interaction — getting information out of the system, and causing the system to ‘do’ something.Getting information out can be a relatively easy query to a database. Causing the system to ‘do’ something or to accept information is much more complex, and is usually best done through mechanisms provided by the software’s developers. These mechanisms are often called API’s for “Application Programming Interface.”

Also remember that at the same time you are considering what you need to make the system do, you also need to keep in mind the tools your staff will be using and are comfortable using. There is no point paying a system vendor for a “SOAP” or “REST” API if the limits of your team’s technical abilities is writing database queries. Integration interfaces that match your future requirements and your team’s skill sets should be a must requirement for all software purchases. If your system does not provide interfaces you can use, there are often 3rd party tool sets or Systems Integrators who can give you the interfaces you need.

Control of People
This is last because it is the one on which all other controls rest. You must communicate what interfaces are allowed, for what purposes and what are the sanctions for using “unapproved” mechanisms. I find that so long as the rules are clear and reasonable, people usually comply!

So now we have dug into rule #1: Separate, and #2: Control. We’ll wrap this series up next week with an examination of Rule #3: Document.