Skip to main content

How to Adapt and Implement a Large-Scale Agile Framework in Your Organization

  • Chapter
  • First Online:
Large-Scale Agile Frameworks

Abstract

You can adapt a Large-Scale Agile Framework suitable for your organization using the methodology presented or develop it yourself from scratch—for a deviating problem class, for example. In doing so, we present an approach and explain how this can be done based on the current state of research. In this chapter, we demonstrate how to proceed when adapting a Large-Scale Agile framework to perfectly fit the problem classes of software vendors. Undoubtedly, other problem classes prevail in other industries, but almost all of them are now software-driven to a greater or lesser extent, or develop software independently as well. To help you answer the question to what extent your organization is acting in the role of a software producer, a separate section is devoted to answering this exciting question and shows you exemplary companies whose IT strategy can be assessed from the outside in a way that is easily perceivable in large parts. The most pressing question in most companies is: “How do we switch as quickly as possible to an agile mode in which the most diverse teams within an organization work together efficiently?” On the other hand, the question “How do organizations perfectly operate in agile mode?” is on the mind of every organization—the only differences are in the maturity level of the respective organization in this regard. With the increasing shift of IT infrastructures to the cloud and with container-based virtualization of applications, the complexity level of IT applications is being extended by a new dimension. This increase in complexity in IT scenarios also has a significant impact on the establishment of an agile framework. Even though IT security has always had a high priority for the development and operation of software, cloud security poses different requirements than the protection of monolithic applications in traditionally largely sealed-off corporate networks. The cloud trend is also changing many workflows and business processes within an organization. The move to the cloud or the expansion of cloud scenarios therefore inevitably necessitates both process-related and organizational changes within an organization. A separate section explains the interrelationships that exist here and the dimensions in which this has a concrete impact. The focus here is on cloud properties and cloud models. Cloud computing uses virtualization technology because of the cost-efficient advantages it offers, such as payload-oriented hardware and energy utilization, automated troubleshooting, consequently the quality improvement of software as well as increased flexibility and simple manageability. The concepts of virtualization and containerization are related in importance to this. Because the orchestration of containers is now an established standard in software development and in the deployment of software releases, and the interoperability of cloud technologies represents an important property for software architectures, it is advantageous to regularly obtain first-hand information. Interoperability and standardization: The relevant standardization bodies with regard to cloud standards are presented. IT security by design: software architecture & IT security—How is it possible to integrate and anchor IT security in an organization as a bundle of diverse activities and technical protective measures as an integral building block when IT systems are regularly highly complex and consist almost everywhere of countless individual components, basic technologies and frameworks? The artifacts of the software architecture—with an integrated IT security architecture and its communication within the organization—play the central role here. The earlier IT security requirements are taken into account, the more cost-effective their consideration becomes. You will therefore benefit immensely in terms of high software quality and avoiding unnecessary costs if you involve your IT security specialists at an early stage and establish agile processes in which IT security by design is taken into account in a practice-oriented manner. Coupled with the increasing use of cloud services and the resulting IT security and privacy challenges, fundamental aspects such as identity theft, data breaches, data integrity, and data confidentiality count. This makes trust management inevitable for cloud computing, microservices and API-based architectures. Precisely because cloud computing provides services from remote and globally distributed data centers and we cannot exercise any direct control from within our organization other than taking technical measures, there is a need to exercise an appropriate strategy to protect any data; this is exactly what the zero trust concept offers proven solutions for. Protection principles and their technical implementation based on Zero Trust are presented. In this context, the concepts of secret management and the extended protection requirements of virtual container environments are explained. Key management and cryptographic protection measures play a central role here. With the cloud trend taking place, applications designed as microservices are increasing in number and proliferation day by day. This software architecture approach of a distributed IT system is highlighted in the context of Cloud and the Large-Scale Agile frameworks and put in the context of APIs, RESTful design and the current architecture pattern of Service Mesh. With cloud services and distributed services, the importance of IT security and pentesting increases, so these security-related aspects and how they are handled using threat modeling are also addressed. With respect to Agile teams, roles, tasks, and processes are highlighted in an easy-to-understand manner and in the direct context of these important software development topics.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 59.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Sein, M. K., et al. (2011). Action design research. MIS Quarterly, pp. 37–56.

    Google Scholar 

  2. Cooper, A., et al. (2014). About face: The essentials of interaction design (4th edn.). Wiley.

    Google Scholar 

  3. Maaley, W. (2017). Vorlesungsunterlagen zum Modul Empirical Software engineering—Software requirements—Requirement elicitation methods Stand 09/2017. Universität Hamburg.

    Google Scholar 

  4. Mell, P., Grance, T., & National Institute of Standards and Technology. The NIST definition of cloud computing. https://csrc.nist.gov/publications/detail/sp/800-145/final. Accessed 10. Jan. 2022.

  5. Smith, J. E., & Nair, R. (2005). The architecture of virtual machines. Computer, 38(5), 32–38.

    Article  Google Scholar 

  6. Bernstein, D. (2014). Containers and cloud: From LXC to docker to kubernetes. IEEE Cloud Computing, 1(3), 81–84.

    Article  Google Scholar 

  7. Docker Inc. Docker Swarm—Container-Orchestrierung mit Docker. https://docs.docker.com/engine/swarm/. Accessed 17. Feb. 2022.

  8. Cloud Native Computing Foundation (CNCF). CNCF annual survey 2021 report. https://www.cncf.io/reports/cncf-annual-survey-2021/. Accessed 17. Feb. 2022.

  9. Open Container Initiative. Standardisierungsgremium für Container-Technologien. https://opencontainers.org/. Accessed 22. Mar. 2022.

  10. Open Container Initiative. Technical oversight board (TOB). https://github.com/opencontainers/tob. Accessed 22. Mar. 2022.

  11. Cloud Native Computing Foundation—Projektwebsite. https://www.cncf.io/. Accessed 22. Mar. 2022.

  12. Internet Engineering Task Force (IETF). Offizielle Seite des Standardisierungsgremiums. https://www.ietf.org/. Accessed 22. Mar. 2022.

  13. Granata, D., & Rak, M. (2021). Design and development of a technique for the automation of the risk analysis process in IT security. CLOSER 2021, 87–98.

    Google Scholar 

  14. Schoeneberg, K.-P. (ed.). (2014). Komplexitätsmanagement in Unternehmen: Herausforderungen im Umgang mit Dynamik, Unsicherheit und Komplexität meistern (1st edn.). Springer/Gabler.

    Google Scholar 

  15. Mehraj, S., & Banday, M. T. (2020). Establishing a zero trust strategy in cloud computing environment. In 2020 international conference on computer communication and informatics (ICCCI) (S. 1–6). IEEE.

    Google Scholar 

  16. Barker, E., & Barker, W. C. NIST, National Institute of Standards and Technology: Recommendation for key management part 2—Best practices for key management organisations. NIST Special Public Publication 800-57 Part 2, Revision 1. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt2r1.pdf. Accessed 15. Feb. 2022.

  17. Barker, E. NIST, National Institute of Standards and Technology: “Recommendation for key management part 1—General”—NIST Special Public Publication 800-57 Part 1, Revision 5. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf. Accessed 14. Feb. 2022.

  18. Bundesamt für Sicherheit in der Informationstechnologie (BSI). (2021). “BSI—Technische Richtlinie—Kryptographische Verfahren: Empfehlungen und Schlüssellängen”, BSI TR-02102-1 vom 24. März 2021. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf. Accessed 15. Feb. 2022.

  19. NIST, National Institute of Standards and Technology: “Definitions of public key infrastructure.” https://csrc.nist.gov/glossary/term/public_key_infrastructure. Accessed 16.Feb. 2022.

  20. Tuecke, S., Welch, V., Engert, D., Pearlman, L., & Thompson, M. Internet X.509 public key infrastructure (PKI) proxy certificate profile. Rfc 3820—veröffentlicht im Juni 2004. https://www.hjp.at/doc/rfc/rfc3820.html. Accessed 13. Jan. 2022.

  21. Hassan, S., Ali, N., & Bahsoon, R. (2017). Microservice ambients: An architectural meta-modelling approach for microservice granularity. In 2017 IEEE International Conference on Software Architecture (ICSA) (S. 1–10). IEEE.

    Google Scholar 

  22. Taibi, D., & Lenarduzzi, V. (2018). On the definition of microservice bad smells. IEEE Software, 35(3), 56–62.

    Article  Google Scholar 

  23. Fielding, R. T. (2000). Architectural styles and the design of network-based software architectures. Dissertation, Information and Computer Science, University of California, Irvine. https://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm. Accessed 17. Feb. 2022.

  24. DIN EN ISO 9241-11. Ergonomie der Mensch-System-Interaktion—Teil 11: Gebrauchstauglichkeit: Begriffe und Konzepte (ISO 9241-11:2018); Deutsche Fassung EN ISO 9241-11:2018. https://www.din.de/de/mitwirken/normenausschuesse/naerg/veroeffentlichungen/wdc-beuth:din21:279590417. Accessed 17. Mar. 2022.

  25. World Wide Web Consortium (W3C). Resource Description Framework (RDF). https://www.w3.org/RDF/. Accessed 17. Mar. 2022.

  26. Berners-Lee, et al. RFC2396—Uniform Resource Identifiers (URI): Generic syntax. Internet Engineering Task Force—08/1998. https://www.ietf.org/rfc/rfc2396.txt. Accessed 17. Mar. 2022.

  27. OWASP, Open Web Application Security Project. Top 10 web application security risks 2021. https://owasp.org/www-project-top-ten/. Accessed 13. Jan. 2022.

  28. OWASP, Open Web Application Security Project. OWASP mobile security testing guide. https://owasp.org/www-project-mobile-security-testing-guide/. Accessed 13. Jan. 2022.

  29. BITKOM. Position paper regulation on digital resilience for the financial sector (DORA). https://www.bitkom.org/sites/default/files/2020-10/bitkom_position-paper_on_dora_20201016.pdf. Accessed 18. Feb. 2022.

  30. Heise online. Die Bedrohungslage verschärft sich—Log4j-Angriffe nehmen zu. https://www.heise.de/news/Dienstag-Die-Bedrohungslage-verschaerft-sich-Log4j-Angriffe-nehmen-zu-6301155.html. Accessed 17. Mar. 2022.

  31. Bundesamt für Sicherheit in der Informationstechnik (BSI). Kritische Schwachstelle in Java-Bibliothek Log4j. https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Webanwendungen/log4j/log4j_node.html. Accessed 17. Feb. 2022.

  32. Bryant, B. D., & Saiedian, H. (2017). A novel kill-chain framework for remote security log analysis with SIEM software. Computers & Security, 67, 198–210.

    Article  Google Scholar 

  33. Microsoft Corp. (2009). The STRIDE threat model. Artikel vom 11.12.2009. https://docs.microsoft.com/en-us/previous-versions/commerce-server/ee823878(v=cs.20). Accessed 17. Mar. 2022.

  34. Bundesamt für Sicherheit in der Informationstechnik (BSI). Sicherheitsprofil für eine SaaS Collaboration Plattform—Teil 2: Bedrohungs- und Risikoanalyse. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/CloudComputing/SaaS/SPC_Teil_2.pdf. Accessed 17. Mar. 2022.

  35. Olsson, H. H., Alahyari, H., & Bosch, J. (2012). Climbing the „stairway to heaven“—A mulitiple-case study exploring barriers in the transition from agile development towards continuous deployment of software. In 2012 38th euromicro conference on software engineering and advanced applications (S. 392–399). IEEE.

    Google Scholar 

  36. Humble, J., & Farley, D. (2010). Continuous delivery: Reliable software releases through build, test, and deployment automation. Pearson Education.

    Google Scholar 

  37. truffleHog. Analyse-Software für Secrets in Git-Repositories. https://github.com/trufflesecurity/truffleHog. Accessed 17. Mar. 2022.

  38. Preston, D. (2005). Pair programming as a model of collaborative learning: A review of the research. Journal of Computing Sciences in colleges, 20(4), 39–45.

    Google Scholar 

  39. Williams, L. A. (2010). Pair programming. Encyclopedia of software engineering, 2.

    Google Scholar 

  40. Bundesverband Digitale Wirtschaft (BVDW) e. V. EU-US Privacy Shield. https://www.bvdw.org/themen/recht/eu-us-privacy-shield/. Accessed 27. Mai. 2022.

  41. BSI—Bundesamt für Sicherheit in der Informationstechnik—IT Grundschutz, Lerneinheit 4.1: Grundlegende Definitionen. https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzSchulung/OnlinekursITGrundschutz2018/Lektion_4_Schutzbedarfsfeststellung/Lektion_4_01/Lektion_4_01_node.html.

  42. Kerzazi, N., & Adams, B. (2016). Who needs release and devops engineers, and why? Proceedings of the international workshop on continuous software evolution and delivery, pp. 77–83.

    Google Scholar 

  43. Gerstbach, I. (2016). Design Thinking im Unternehmen: Ein Workbook für die Einführung von Design Thinking (1st edn.). GABAL Verlag GmbH.

    Google Scholar 

  44. Ernst, H., Schmidt, J., & Beneken, G. (2016). Grundkurs Informatik: Grundlagen und Konzepte für die erfolgreiche IT-Praxis.—Eine umfassende praxisorientierte Einführung (6th edn.). Springer/Vieweg.

    Google Scholar 

  45. Obermaier, R. (2016). Industrie 4.0 als unternehmerische Gestaltungsaufgabe: Betriebswirtschaftliche, technische und rechtliche Herausforderungen (1st edn.). Springer Gabler.

    Google Scholar 

  46. Gaubinger, K., Rabl, M., Swan, S., & Werani, T. (edn.). (2015). Innovation and product management—A holistic and practical approach to uncertainty reduction (1st edn.). Springer.

    Google Scholar 

  47. Fischer, P., & Hofer, P. (2011). Lexikon der Informatik (15th edn.). Springer.

    Google Scholar 

  48. Maaley, W. (2017). Vorlesungsunterlagen Modul Empirical Software Engineering—Software Requirements—Requirement Elicitation Methods und Foliensatz zum Themenkomplex Prototyping—Stand 09/2017—Universität Hamburg.

    Google Scholar 

  49. Richter, M., & Flückiger, M. (2013). Usability Engineering kompakt: Benutzbare Produkte gezielt entwickeln (3rd edn.). Springer/Vieweg.

    Google Scholar 

  50. Zimmermann, K. (August 2013). Referenzprozessmodell für das Business-IT-Management—Vorgehen, Erstellung und Einsatz auf Basis qualitativer Forschungsmethoden. Dissertation zur Erlangung des Doktorgrades (Dr. rer. nat.) am Fachbereich Informatik, Fakultät für Mathematik, Informatik und Naturwissenschaften der Universität Hamburg.

    Google Scholar 

  51. Pomberger, G., & Pree, W. (2004). Software Engineering: Architektur-Design und Prozessorientierung (3rd edn.). Hanser.

    Google Scholar 

  52. Alpar, P., Alt, R., Bensberg, F., Grob, H. L., Weimann, P., & Winter, R. (2016). Anwendungsorientierte Wirtschaftsinformatik—Strategische Planung, Entwicklung und Nutzung von Informationssystemen (8th edn.). Springer/Vieweg.

    Google Scholar 

  53. Cooper, A., et al. (2014). About face: The essentials of interaction design. Wiley.

    Google Scholar 

  54. Buber, R., & Holzmüller, H. H. (2007). Qualitative Marktforschung. Gabler.

    Google Scholar 

  55. Richter, M., & Flückiger, M. D. (2013). Usability Engineering kompakt: benutzbare Produkte gezielt entwickeln. Springer.

    Google Scholar 

  56. Dumke, R. (2013). Software Engineering: Eine Einführung für Informatiker und Ingenieure: Systeme, Erfahrungen, Methoden, Tools. Springer.

    Google Scholar 

  57. Weinreich, U., et al. (2016). Lean digitization. Springer.

    Google Scholar 

  58. Saadatmand, M. (2017). Assessment of minimum viable product techniques: A literature. Assessment.

    Google Scholar 

  59. Olsen, D. (2015). The lean product playbook: How to innovate with minimum viable products and rapid customer feedback. Wiley.

    Google Scholar 

  60. Hoffmann, C., et al. (eds.). (2016). Business Innovation: Das St. Galler Modell. Springer Gabler.

    Google Scholar 

  61. DIN EN ISO 9241-392. Ergonomie der Mensch-System-Interaktion—Teil 392: Ergonomische Anforderungen zur Reduktion visueller Ermüdung durch stereoskopische Bilder (ISO 9241-392:2015); Deutsche Fassung EN ISO 9241-392:2017. https://www.din.de/de/mitwirken/normenausschuesse/naerg/veroeffentlichungen/wdc-beuth:din21:270021604. Accessed 21.03.2022.

  62. Böhringer, J., et al. (2014). Kompendium der Mediengestaltung: IV. Medienproduktion Digital. Springer.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Sascha Block .

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer-Verlag GmbH, DE, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Block, S. (2023). How to Adapt and Implement a Large-Scale Agile Framework in Your Organization. In: Large-Scale Agile Frameworks. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-67782-7_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-67782-7_4

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-67781-0

  • Online ISBN: 978-3-662-67782-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics