Last year in March hackers stole sensitive data of millions of Americans from Equifax, one of America's biggest credit reporting agencies. In this massive breach, data including passports credit card numbers, driver's licenses as well as the Social Security numbers of nearly 146 million consumers were stolen.
Sometime at the beginning of the year, the Head of Infrastructure of a manufacturing company walks into the CIO’s office: “I just had Oracle on the phone. We have a problem”, he said. “Why is that?”, asks the CIO. “We need to get off that Version 11 Database. They are going to waive premium support and the security risk is no longer acceptable”. “Uh, ok… What does this really mean?", asks the CIO looking puzzled. The head of infrastructure starts to explain: “The migration will have quite a few ripple effects, and the new version requires a newer server operating system. That means some of the older servers need to be replaced. I suspect that a large number of applications will be affected, and migration from the older ERP legacy systems will be tricky. I cannot promise that we will make it without any production downtime.” With a worried expression, the CIO mutters, “I wish you would have told me that before the budget planning two months ago…” Source
From lifecycle to business impact
The establishment of a standardized technology product information data basis with current lifecycle information sets the basis for smart technology risk management. But it doesn’t end here. Let’s look again at our opening example of the CIO that is surprised by an ad-hoc need to upgrade to a new database technology. The short conversation reveals three challenges of managing technology risk.
Up-to-date technology product information is a key input for Enterprise Architects to assess the risk of their application landscapes. From an organized approach, EAs are able to plan, manage and retire technology components in a smart way.
As innovation drives the market, new technologies are being invented, while existing technology is being improved upon every day. Regular and frequent software updates re-engage existing users, fixes any bugs or issues, and patches problems before hackers can exploit them. Unfortunately, many companies do not know the true lifecycle of their supporting technologies and fail to process updates which leads to a great risk.
Technology supports and enhances almost every move we make as humans. From intricate banking procedures to shopping for groceries - every activity that we have embarked upon has been greatly influenced by technology. As the world becomes more interconnected, we also become more susceptible to risks. Just last week, one of the largest cyber attacks was announced, exposing the personal data of over 44% of the American population.
Logging in to a website is so easy: I enter my username and password and can use the site. That's it.
What seems so simple is actually simple if the site is based on a monolithic application. But what if a website is powered by multiple microservices? How do the microservices know that a user is who s/he claims to be, and how can this be handled efficiently? The use of JSON Web Tokens can provide a secure and high-performance solution here.
As many of you probably know, on May 12th, an international cyberattack started infecting more than 230,000 computers in over 150 countries with the worst-hit countries being Russia, Ukraine, India and Taiwan and including many others worldwide. In Europe, some of the worst hit enterprises were Telefonica, FedEx, Deutsche Bahn, Latam Airlines and parts of Britain’s National Health Service.