Secured Crowd Testing for Government Projects: What You Need to Know
Crowd testing has proven to be an effective way to test software and identify flaws and vulnerabilities. By using a diverse pool of unbiased testers, developers can quickly spot bugs that could create usability or security issues for current or future users.
While there are numerous benefits that come along with crowd testing, there are some disadvantages as well, which can make crowd testing somewhat of a double-edged sword. Perhaps the most glaring problem is security.
This is a concern for any development team involving multiple people, but security concerns are heightened even more for government projects, given the implications of highly-sensitive information falling into the wrong hands where cyber criminals could exploit it.
That doesn’t mean you should rule out crowd testing entirely for secured government projects. Instead, it means you must be aware of some special security considerations to ensure the proper completion of your project.
Hands down the biggest risk associated with this process is keeping inside information safe and confidential. As testers explore the functionality, usability and security parameters of government software, they’re going to gain a close glimpse of its underpinnings and framework. It simply comes with the territory.
This is a concern for nearly every developer, especially when software still has yet to be released. But it’s especially worrisome for a government entity that needs to keep a tight grip on sensitive information. A major data breach could have devastating consequences, and the threat level rises as the size of the tester pool expands.
Therefore, any type of crowd testing for a government project requires confidentiality to be closely managed every step of the way. Ideally, research will be performed on the background of individual testers or anyone who’s not part of the internal team.
- Criminal (Police) background checks
- Verification of relevant professional qualifications
- Character reference checks
- Background checks on experience claimed in CVs or professional qualifications in testing verified
- Passing a crowdsourced tester vendor interview via Skype
It’s also smart to implement some type of confidentiality policy and have participants sign a non-disclosure agreement (if you aren’t working with a crowd testing agency that will manage these needs for you).
From there, testers should be briefed from the onset about your expectations and versed on any specific procedures they must follow. While there are still no guarantees, taking these precautions will maximise security and ensure that the project operates with the utmost level of confidentiality.
Leaking of proprietary information
Nearly every company takes significant measures to safeguard its proprietary information and trade secrets. This is simply part of best practices in our digital-centric world, where the exchange of large volumes of data is an everyday occurrence.
This could range anywhere from a minor inconvenience all the way to compromising national security. Just imagine if a terrorist organisation is able to gain access to a government’s close-guarded secrets. It could be the catalyst for attacks against the country itself. Unfortunately, this problem is exacerbated because of the inherent difficulty of prosecuting individuals who leak sensitive information.
Peter Hoekstra, former member of the United States House of Representatives touches on this topic in an article he wrote in The Heritage Foundation.
“If you talk to the different agencies, especially the Justice Department, they will tell you that leaks occur so frequently because it is extremely difficult to identify who leaked the information and then obtain a successful prosecution.”
This goes to show that those involved in government projects need be hyper-diligent in protecting inside information and put adequate security parameters in place.
You must be aware of just how much data testers have access to and what the implications would be in the event of a worst-case scenario. Once you’ve covered all of the bases and have taken measures to secure sensitive information, crowd testing can be carried out with greater confidence. You can accomplish project goals and fine-tune your software without taking unnecessary chances.
The trustworthiness of testers
There’s no way to go about crowd testing without opening your systems and offering inside access. If you’re dealing with unknown individuals, there’s always the possibility for nefarious intent. You obviously don’t want someone with a questionable past accessing your systems, as this can present major challenges for government projects. This is especially true where data and features are being pre-released and all of the kinks have yet to be worked out. If you’re not entirely sure who’s going to be seeing the new software, it can be a major cause for concern.
Outsourcing the project to a specific company like crowdsprint that’s fully vetted its testers, offers a greater level of control over who’s accessing your system. Going this route tends to offer a more secure environment where a company or agency doesn’t have to worry about the individuals who are accessing their systems.
But if you do choose to go the solo tester route, what’s the best way to gauge an individual’s level of trustworthiness?
It ultimately goes back to performing background and reference checks. Digging deep into the past of your pool of testers is vital. Individuals with any type of red flags should be taken off the project immediately. While the vast majority of testers are usually legitimate and trustworthy, one or two rogues can open a can of worms. So no stone should be left unturned in this type of situation.
The skill level of testers
In addition to background, there’s one final factor that must be called into question: the overall skill level, aptitude and experience of individual team members.
- Do they have extensive background knowledge in software testing, or are they simply a hobbyist?
- Are they capable of performing detailed quality checks?
- How many projects have they worked on?
- Have they been part of government projects before?
Partnering with a company like crowdsprint means that these questions and others like them will be asked and answered for you ahead of time. Although part of the appeal of crowd testing as compared to traditional outsourcing is the variety of skills, ideas and background that testers have, rigorous standards must be upheld to prevent issues from arising.
It’s critical that you fully understand the knowledge and capabilities of each of your testers. It’s wise to put them through a preliminary round of testing (if the agency you work with hasn’t already done so) to ensure that their skills and qualifications match those stated on their resume and cover letter.
You may also want to reserve major government projects for your more established testers with a proven track record of success. You should also know that this isn’t always the ideal type of project for the uninitiated. Not only does this raise security standards, it guarantees a more complete end result. Once testing is complete, you can rest assured of the highest possible level of functionality, usability as well as security.
Getting started with secured crowd testing
Like most areas of software testing, crowd testing for government projects has its pros and cons. Considering the access to diverse testers, technical resources the and streamlined nature of the process, crowd testing makes sense on many levels. That’s why we’ve seen a major upswing in this practice in recent years. However, maintaining tight security throughout each phase should be a top priority.
Although every developer and crowd testing provider will take security precautions, government projects demand an especially close attention to detail. By addressing the specific security considerations mentioned above, crowd testing for government projects can be performed securely and minimise any hiccups along the way.