Securing Software Development without Sacrificing Innovation: Crowdsourcing and the Gig Economy

0
49

By Michael P. Morris, CEO for Topcoder | Global Head of Crowdsourcing for Wipro

Given the increase in suspicious cyber activity, modern IT teams have a tough challenge: to continuously innovate, and yet, to do so in a way that is secure for the enterprise and its customers. Securing software development without sacrificing that rapid pace of true innovation is topping the agenda of C-levels across every industry.

A strategy proving to be efficient and cost-effective (for both employers and workers), is the cultivation and use of the global community of virtual freelancers (a.k.a. the gig economy workforce). A 2018 BCG and Harvard Business School survey of 6,500 worldwide executives recorded that 40 percent expect freelancers to account for an increased share of their workforce over the coming five years. McKinsey & Company found that 162 million people in the US and Europe “engage in some form of independent work.” Google made headlines this March when it revealed temporary workers and contractors outnumber full-time employees.

Clearly, technology is at the root of this evolution. It makes it easier for people to collaborate from anywhere in any time zone, which has resulted in an endless pool of gig economy workers available for hire.

Security and the Gig Economy

Whether talking with companies from the US or abroad, it seems the concern around security and remote workers is a key factor holding them back from diving into the gig economy waters. However, modern-day cyber strategies are making the physical location of employees almost irrelevant—a 2018 Shred-it study found that employee negligence is actually the main cause of data breaches. The truth is, like many aspects of software development, it’s all about the methodology.

Crowdsourced software development projects allow organizations to access vetted software developers and designers from anywhere in the world that have in-demand skills for cutting edge technologies, like AI and quantum computing. Qualified crowd platforms have built-in processes—from scoping and specifying to coding and QA/testing—that take extreme measures to make sure every interaction with a gig economy worker is secure, down to a very granular level, with multiple checks and balances performed along the way. Many would argue that crowdsourced software development is as safe as, if not more secure than, in-house software development.

Organizations like the US Dept of Energy, NASA, Harvard, Land O’Lakes, the Olympic Diving Team, Booz Allen Hamilton, and more have embraced crowdsourcing and see measurable success with the gig economy workforce. They turn critical IT projects into secure, online challenges and make them available to a global community of developers who compete to provide the solutions. The combination of competition, public recognition, and monetary rewards is the ultimate pay for performance model, and you can bet that security and confidentiality are a priority.

Four security tips for crowdsourcing in the gig economy

Contracts, rules, and regulations—Checking references, doing background research, being upfront about rules/expectations and signing contracts seem like obvious “must haves” in a freelancing arrangement, but companies get caught up in the need to get something done ASAP and mistakenly skirt around important housekeeping items. Mutual agreement on engagement is the very first notch on the totem pole in terms of establishing security measures. In the digital age, it’s important to protect corporate assets: quality crowdsourcing professionals will understand that, as well as the importance of protecting themselves.

Furthermore, an experienced crowdsourcing platform will go way beyond that baseline and have other specifics in place to qualify gig economy workers. It’ll also know how to enforce them, so ask for examples of relationships gone bad, as well as good.

Security/IP screening and confidentiality—When it comes to security, the best offense is a great defense. IT departments must be vigilant about data security, considering the volume of IP being shared throughout global development teams. Confidentiality — the ability to hide, anonymize, or otherwise obfuscate information from those people unauthorized to view it — is non-negotiable.

An advanced crowdsourcing platform protects the integrity of the intellectual property, like data, code, designs, and algorithms, on an ongoing basis by incorporating monitoring and automation into the lifecycle of the project. If the platform you’re considering doesn’t offer secure channels to transfer IP with automated security checks, it’ll be impossible to systematically monitor and track digital assets throughout the process and something will be missed.

Reviews and accountability—If your crowdsourcing platform provider doesn’t have a methodical testing and QA process, you may want to consider partnering with someone else. Content and context-aware controls must be in place to guarantee that no one has access to any other code than what’s necessary to complete their work. Furthermore, the most advanced crowdsourcing platform providers measure, monitor and hold those in the gig economy accountable for every action. For example, making a contractor’s compensation contingent upon the cleanliness of their code, collaborative community spirit, and adherence to the terms of work.

In addition, availability should be examined as a security posture of your development lifecycle. The weakest link in this chain will govern the availability of what you can deliver using a gig economy workforce. Security controls need to be in place to protect against denial of service, disaster recovery, encrypted communications and more.

Rating systems—In the same way, we’d feel more secure taking a ride from a 5-star driver, or purchasing a positively reviewed product when shopping online, you should be partnering with a crowdsourcing platform provider that uses rating systems to rank their members. A partner that can provide detailed developer insight, such as reliability, speed, accuracy, consistency, overall participation/earning/success rate and more (in relation to their peers), paints a distinct picture of the already-vetted talent quality you’ll get when leveraging that crowd community.

Developers, data scientists, designers, and testers in the gig economy appreciate having these facts speak for themselves, as the security and confidence of a documentable track record help to establish credibility.

Crowdsourcing preserves privacy, limits risk, fosters collaboration

Securing software development without sacrificing the rapid pace true innovation demands is critical to successful crowdsourcing with the gig economy. Security should be an element intrinsic to the platform you select—from the first interaction to the virtual workforce registering and competing on projects, to ultimately delivering finished solutions.

Secure crowdsourcing strategies and platforms empower organizations to benefit from the best technical talent anywhere in the world. The gig economy workforce has in-demand skills needed for cutting edge work that they are looking to lend companies savvy enough to use it.

About the Author

Mike Morris is the CEO of Topcoder (a global community of 1.4M+ design, development, and data science experts disrupting enterprise software innovation through competition) and Global Head of Crowdsourcing for IT-services leader Wipro. A gig economy expert, he speaks worldwide about cultivating a passionate workforce to drive the transformative nature of digital asset development across every industry imaginable. An active Boston College alum and engineer at heart, Mike continues to lead the crowdsourcing revolution by empowering organizations with limitless software development possibilities and unprecedented access to Topcoder’s talented multinational technologists.