Ruggedizing Health IT

The concept of IT “ruggedization” started in the hardware world. Ruggedizing a laptop, for example, makes it less susceptible to drops and other physical mishaps. Several companies sell add-ons to make hardware more water resistant, shock resistant, scratch resistant, etc. Health IT products used in the field often have ruggedization features. You may one or more ruggedization add-ons for your smartphone or tablet.

The concept also applies to software. Rugged software refers to secure software code. This is especially relevant for the Health IT industry where data integrity and privacy are constant concerns. The Rugged Software Initiative, an undertaking of the Open Web Application Security Project (OWASP) , published The Rugged Software Manifesto in recognition of the importance of secure software to Health IT and all many other aspects of life as we know it. The Manifesto is brief enough to present here in its entirety:

I am rugged – and more importantly, my code is rugged.

I recognize that software has become a foundation of our modern world.

I recognize the awesome responsibility that comes with this foundational role.

I recognize that my code will be used in ways I cannot anticipate, in ways it was not designed, and for longer than it was ever intended.

I recognize that my code will be attacked by talented and persistent adversaries who threaten our physical, economic, and national security.

I recognize these things – and I choose to be rugged.

I am rugged because I refuse to be a source of vulnerability or weakness.

I am rugged because I assure my code will support its mission.

I am rugged because my code can face these challenges and persist in spite of them.

I am rugged, not because it is easy, but because it is necessary… and I am up for the challenge.

Unlike after-market hardware add-ons that simply snap on and instantly ruggedize hardware, software ruggedization is most effective when introduced in the design phase. The risks and costs of change are high once software has been developed so retro-fitting software to mitigate security threats can be cumbersome. The risks and costs of changing a design, however, are often much lower. So it’s better to build in ruggedization than to bolt it on.

Some discussion is arising about how Agile and ruggedization impact each other. The ruggedization concept and Agile work well together. As accessibility features have simply become a way of life for software developers, so should ruggedization – whether following the Scrum methodology, another Agile methodology, RUP,  waterfall or any other methodology. And just as our governance models have evolved to encompass accessibility, they should also evolve to encompass ruggedization.

According to the Rugged Software Initiative, there are four levels in the journey toward ruggedization:

  • Aware
  • Informed
  • Selective
  • Mature

If interested in becoming more aware, the OWASP Top Ten list of software security threats is a good place to start.