Feature Management Architecture & Security (what to consider)
Adding new features to existing applications used to mean that code pushed into production automatically updated the entire app. This raises security risks to the existing application, because a single bug could have catastrophic consequences. This risk can be reduced by implementing a secure feature management architecture that allows code updates with increased flexibility and the power to easily switch between versions.
What is Feature Management Architecture?
Feature Management Architecture is a software development concept that helps keep software features organized by allowing developers to control the availability, behavior, and release of specific features in real-time, without having to redeploy the entire application.
A Feature Management Platform can help manage features in real time by storing the state and configuration of each feature. They also store an API for the application to apply the configuration. Developers, product managers, marketers and everyone involved in the software development process can easily manage features through a consumer focused and user-friendly dashboard
The importance of security in Feature Management
Feature management greatly improves the security of every application. Imagine never releasing a beta without proper testing or being able to correct a buggy release in real-time. That is the power and security that comes with using a feature management platform to manage all your feature flags.
Feature flagging is a simple programming design pattern that allows developers to turn application features on or off without having to redeploy the entire codebase. Simply put, feature flags let you launch new features and change your software configuration without (re)deploying code.
Before starting to use feature flags, there are a few things you have to consider, ranging from your tech stack, to the different departments working on your team.
If you tick any of these boxes, why aren't you using feature flags?
- Your project has a complex codebase with different developers working on the same codebase.
- You constantly have different ideas that you want tested by a small segment of your users.
- You have a wide variety of users.
- You run marketing campaigns that require direct changes to your application for a specific period of time (e.g. a Christmas promotion).
- You are just trying to test something new and are not sure whether you want it to be on your app permanently.
Understand the goals and requirements of your application then choose the right feature management platform.
All that's left is designing a scalable and flexible architecture for managing feature flags to keep your workflow seamless and secure.
Feature Flags can act as an extra security layer in several ways:
- Remotely toggle features on and off: This provides a quick way to control features in production by easily switching the toggles
- Real-time Monitoring: Feature Flag Management systems often include continuous monitoring capabilities, providing teams with real-time insights into the usage and performance of features in production. This helps in identifying and dealing with any potential security threats or issues quickly.
- Controlled Releases: Feature Flags put the power of new releases into your hands, allowing you to roll out and take back features at will, reducing the risk of exposing security issues in production. Features can be tested and validated in a controlled environment before being released to a broader audience.
- Segmentation: Feature Flags allow for the segmentation of features based on user characteristics or environments. This means that certain features can be enabled for specific groups of users, allowing for thorough testing and quality assurance.
- Specific Access Control: Feature Flags are managed through a centralized platform, allowing for specific access control and tracking of feature deployments. This helps to ensure that only authorized individuals like the product manager or lead developer can access and modify the Feature Flags, reducing the risk of tampering by unauthorized access.
Best Practices for Secure Feature Management
Maximize the security of your feature flags by doing some (if not all) of the following:
-
Keeping your codebase organized.
-
Making sure all features have been properly tested before launch.
-
Allowing only authorized personnel to access the feature flags dashboard.
-
Removing old flags that are redundant.
-
Removing old employee access in case of changes in management.
Feature management doesn't have to be a hassle in the software development process. Create a ConfigCat account, link it to your application, and you're good to go.
PS: No need to worry if your application doesn't use feature flags yet. It is fairly easy to set up with the ConfigCat SDK. So whether you're building on .NET, iOS, React, NodeJS, Angular, Go, etc or planning on integrating directly with your other developer environment tools like Slack or Jira, it's never been easier with ConfigCat!
If this piqued your interest, visit ConfigCat's Facebook, Twitter, LinkedIn and GitHub for more details.