Minimizing risks – 10Clouds' approach to secure project delivery

At 10Clouds, we believe that effective risk management is the foundation for delivering successful software projects. Since 2009, we’ve worked with a wide range of companies—from startups to enterprises like Pinterest and Asmodee—to deliver reliable and high-quality applications. Our proactive approach to risk management ensures that no matter the scope or scale of the project, we minimize surprises and maximize value for our clients.

When you partner with 10Clouds, you’re not just hiring a vendor—you’re gaining a trusted partner that is dedicated to managing risks effectively and ensuring your project’s success.

Mitigating technical risks during development

Technical risks are inherent in any software development project, whether it's technology compatibility issues, platform instability, or unforeseen bugs.

At 10Clouds, we mitigate risks through rigorous planning, testing, and collaboration to ensure that your project runs smoothly from start to finish.

Technology compatibility issues

Compatibility issues may mean different things depending on context but when we are talking about the development of websites and applications there are three main risks we need to watch out for.

1. Subcomponent integration risks

In many projects, maintenance can become increasingly difficult due to the reliance on outdated libraries and wrong implementations in the initial development. This was the case with Quesmed, a UK-based, tech-driven education platform, in which old libraries posed significant risks. Our team had to adapt quickly, learning new schemes and identifying the flaws that hindered the project’s performance.

To address these issues, we devised a comprehensive rework plan. This included fixing incorrect implementations, adopting a more systematic approach in line with best practices, and updating the project's documentation to ensure future maintainability. One of the key factors in our success was the client’s willingness to step back, embrace necessary changes, and trust us to guide them through the process. It’s rare to find such a forward-thinking approach, but when it happens, the results can be remarkable.

At 10Clouds, we're committed to identifying and mitigating these types of risks early on.

Our experience shows that taking the time to update outdated systems and ensuring all subcomponents integrate smoothly can prevent costly problems down the road.

2. Lack of support for specific technologies

The second type of compatibility issue is a lack of, or inadequate support from certain technologies for the environment we’re building. Let's say we've used Auth0 as the basis of our authentication in previous projects and we are very happy with the results we got. The next application we are building is going to be written in Rust.

It turns out that Auth0 doesn't have official SDK libraries for Rust or examples of integration. It doesn't mean we can't use it, because we can treat Auth0 as any other API and write the communication with it ourselves – but we were used to having a certain level of support from previous projects, and integrating it ourselves will take a lot of time. In the end, we need to decide on what gives us more benefits. If one piece of technology gives us a distinct advantage that would be very hard to replicate elsewhere it may be worth it to invest some time to create custom integrations. But in other cases, the advantage is not big enough to justify additional expenses.

3. Compatibility issues during updates

The third type of risk related to compatibility is encountered when we are updating some core components of our codebase. Some libraries and systems are dependent on each other and changing/updating one may lead to a cascade of changes in various parts of the application. Sometimes dependent systems/libraries are released without any synchronization. We may need to wait before we can easily update anything. We manage this risk by performing a pre-update analysis and determining the dependencies involved in the planned update.

Platform instability

We are often working with bleeding-edge technology – new inventions and unusual integrations that were not tried before. Software also develops over time and some instability or bugs are inevitable. It's important to check if the building blocks of our application are stable and that the integrations we intend to make will work reliably and scale with our solution.

For third-party services, it's a good idea to monitor the availability and contact the vendor to discuss the way we want to use it and the load we need to put on their infrastructure. Suddenly dropping millions of requests on someone's API may lead to the deterioration of the service and cause our solution to fail even though it was working fine during testing.

In our collaboration with Well Over One (WOO), a health tech company developing AI-powered wellness applications, we encountered a challenge of platform instability due to the complexity of integrating advanced AI features. By implementing a CI/CD pipeline and conducting rigorous testing, we mitigated these risks and ensured that the platform remained stable, even as new AI-driven features were added. This approach allowed WOO to offer a personalized and reliable health monitoring experience to its users, with seamless, real-time adaptations based on their needs.

Unforeseen bugs during development

While we can mitigate and resolve a lot of the issues before they become a reality some problems will fly under the radar. Rapid application development and integration with unknown third-party solutions tend to produce some bugs and issues that could not be anticipated.

We recommend using CI/CD pipelines to streamline processes around deployment to different environments, quality assurance, and releasing new versions. This makes the processes highly automated, fast, and predictable while also decreasing the possibility of human error. The inclusion of automated testing in both CI and day-to-day development greatly reduces the risk of introducing regression bugs and makes the development of new features without breaking anything around them much easier.

One of the first things we did after taking over the development of a code-generation app, was to introduce the concept of infrastructure as code. This made all of the testing and production environments identical which made deployment and QA processes a lot more reliable. The pipelines were enriched with various automated checks which made sure some of the harder-to-track features like SEO or page speed were being taken into account before release to production.

Managing post-launch risks for continued success

The launch of a product is only the beginning. Post-launch risks, such as performance issues and the need for ongoing improvements, can still arise. At 10Clouds, we continue to work closely with our clients to ensure the long-term stability and performance of their applications.

Performance issues after project delivery

It's important to know the limitations of the software we are using. Some services or databases work well with smaller amounts of data but require special care to remain stable as they scale. This was the case with Quesmed. The application was working successfully in the production environment until the amount of data in the database grew to hundreds of millions of rows.

The database performance was still pretty good most of the time but the internal mechanisms of PostgreSQL for freeing memory kicked in, which led to it occasionally becoming unavailable. We tweaked the cleanup settings to work on smaller amounts of data more often which brought system stability back to normal.

While performance testing is a great idea before releasing an application to the public, it's also very hard to do it reliably, and expensive to perform. It's also widely accepted that users will often surprise you with their activity. Some of the features you deemed not to be very important will become highly used, and in some cases this may require scaling or optimizing certain parts of the app that you weren’t focusing on pre launch.

At 10Clouds, we know that a good product vision and performing closed testing events for prospective users can mitigate those risks.

We set ourselves up to be able to react quickly and reliably to the changing environment. Having both performance metrics and the ability to track users' behavior will give us the best tools to decide what changes need to be made after the initial launch and every subsequent update.

Ongoing improvements and evolving user needs

Our products do not operate in a vacuum. Operating systems, web browsers, and the Internet as a whole evolve over time. There are also vulnerabilities discovered in libraries and sub-components of our applications every day. It's very important to keep your codebase up to date. While ongoing improvements and fixes are costly the unfortunate truth is that any codebase left unattended for a long time deteriorates on its own. It leaves your application open to newly discovered security issues and deprives your users of improvements to the application features.

If the application is left without updates for a very long time it may become very hard to update it. With constant small improvements, you are able to easily test and apply the fixes. If, after some time, it turns out that half of your underlying systems require updates it creates a mess of dependencies that are hard to track and untangle.

We were recently asked to add some small features to an application that was left without support for over 2 years. While the changes were fairly simple we quickly discovered that we are not able to even release the mobile version of the app to the store. Updating the core framework led to many other changes that had to be made to keep the whole codebase compatible. In the end, making the requested functional changes were estimated to take a lot less time than doing the updates which made the app releasable again. Performing periodic upgrades prevents those kinds of accumulation of work even if your application doesn’t require functional changes.

Building trust through expert risk management

10Clouds has built a reputation for delivering reliable, high-quality software through proactive risk management. Whether it’s mitigating technical risks, ensuring post-launch stability, or managing team resources effectively, we are committed to minimizing the risks that can threaten project success.

Get in touch today.