Platform Development
- Secure Development
- Change Management
- Source Code
- Vulnerability And Patch Management
- Release Process
- Penetration Testing
Secure Development
All of Administrate’s software engineers are provided with a secure development environment; including hardware with disk encryption and a cloud-based runtime environment hosted on a private network. The cloud-based environment can be disposed-of and regenerated within just a few minutes, so Engineers can equip themselves with a new secure and clean environment for every piece of work they undertake.
Change Management
All changes to Administrate’s platform, including functional changes and infrastructure changes, are controlled by a Change Management Process. All changes are required to be approved by another engineer, and work undergoes a rigorous set of automated tests, prior to being deployed.
Our automated test suite includes functionality tests and security scanning. After changes are promoted to production, the engineering teams examine the instrumentation to see that each change is running smoothly.
Source Code
The Source Code is the files used to construct the Administrate platform; everything from the configuration of the firewalls, through to the styling of the login pages.
Administrate stores all the Source Code within Github.com, the industry-leading repository for managing source code.
Vulnerability And Patch Management
In addition to the penetration tests outlined below, Administrate uses a variety of development-time tools to identify vulnerabilities, such as static code analysis and dependency checkers.
A risk based approach is used to prioritizing these vulnerabilities into change requests processed by the engineering teams.
Release Process
Administrate is proud of its ability to release new features to customers through continuous delivery. All application changes are subject to the Change Management policy, described above, and once they have undergone a rigorous set of automated tests, tooling will automatically promote the changes to production.
Our customers do not need to wait for the quarterly release, or monthly release; new features and improvements will be made available to them as soon as they are finished. To reduce the risk of surprising customers with new functionality, we have developed a collection of settings that allow us and our customers to control the timing of when new features are made available, should they wish to do so.
Administrate operates a zero-downtime release process; new versions of the software will replace existing versions without needing customers to pause their day-to-day work. Administrate typically delivers over forty production updates each week.
Penetration Testing
Administrate regularly assesses the overall security of its platform through external testing. Automated scans run against our products each week, looking for vulnerabilities. Any findings are addressed by the engineering department.
Each year, we engage an external consultancy to run a manual penetration exercise; looking for problems that are too involved for an automated scan. Administrate uses CREST-certified security experts to perform these multi-day exercises and if a high impact problem was ever found, we would prioritize its resolution over other tasks.