<img height="1" width="1" src="https://www.facebook.com/tr?id=1758628641118349&amp;ev=PageView &amp;noscript=1">

LeanIX Blog – we love IT Architecture!

(October 12, 2018)

Data Breaches: Assess and Mitigate IT Risks (Part 2)

Can higher quality data lead to smarter security?


Exactis, a US-based marketing firm you didn’t know existed, discovered earlier this year that it was storing its database of 340 million customer records on a publicly accessible server. The security firm which located the risk told WIRED it was one of the most far-reaching databases of information it had ever seen—the entirety of which was easily vulnerable to attack.

Exactis’ failure presents obvious parallels to Equifax Inc.’s 2017 breach of 143 million US customers’ Social Security Numbers and much else. Disasters like it are why Senator Elizabeth Warren is championing for an Office of Cybersecurity at the US Federal Trade Commission to enforce higher data protection standards for handling consumer records.

The core principles of Senator Warren’s proposed Data Breach Prevention and Compensation Act of 2018 (DBPCA) became a reality in the European Union as of last May. For EU members it’s called the General Data Protection Regulation (GDPR)—and the LeanIX blog has reported on it from conception to reality plus hosted compliance seminars with those like Andreas Bosch from McKesson. But seeing that many EU companies grapple with its terms, are American enterprises likely to also struggle if/when their turn to submit?

And more specifically, must Enterprise Architects re-think operations to prepare for whatever wave of intensified scrutiny is coming their way?

Read more »
(August 15, 2018)

Why Enterprise Architecture is a key ingredient to  Security & Risk Management

Last year in March hackers stole sensitive data of millions of Americans from Equifax, one of America's biggest credit reporting agencies. In this massive breach, data including passports credit card numbers, driver's licenses as well as the Social Security numbers of nearly 146 million consumers were stolen.

Read more »
(April 04, 2018)

How to Perform a Technology Risk Assessment

Sometime at the beginning of the year, the Head of Infrastructure of a manufacturing company walks into the CIO’s office: “I just had Oracle on the phone. We have a problem”, he said. “Why is that?”, asks the CIO. “We need to get off that Version 11 Database. They are going to waive premium support and the security risk is no longer acceptable”. “Uh, ok… What does this really mean?", asks the CIO looking puzzled. The head of infrastructure starts to explain: “The migration will have quite a few ripple effects, and the new version requires a newer server operating system. That means some of the older servers need to be replaced. I suspect that a large number of applications will be affected, and migration from the older ERP legacy systems will be tricky. I cannot promise that we will make it without any production downtime.” With a worried expression, the CIO mutters, “I wish you would have told me that before the budget planning two months ago…” Source

Read more »
(October 09, 2017)

Risk Management Series - Part 4: Smart Technology Risk Management

From lifecycle to business impact

The establishment of a standardized technology product information data basis with current lifecycle information sets the basis for smart technology risk management. But it doesn’t end here. Let’s look again at our opening example of the CIO that is surprised by an ad-hoc need to upgrade to a new database technology. The short conversation reveals three challenges of managing technology risk.  

Read more »
(October 02, 2017)

Risk Management Series - Part 3: Navigating the Enterprise Technology Data Jungle

Up-to-date technology product information is a key input for Enterprise Architects to assess the risk of their application landscapes. From an organized approach, EAs are able to plan, manage and retire technology components in a smart way.

Read more »
(September 25, 2017)

Risk Management Series - Part 2: The Six Hidden Costs of Obsolete Technology

Read more »
(September 18, 2017)

Risk Management Series - Part 1: Proactive Technology Risk Management

As innovation drives the market, new technologies are being invented, while existing technology is being improved upon every day. Regular and frequent software updates re-engage existing users, fixes any bugs or issues, and patches problems before hackers can exploit them. Unfortunately, many companies do not know the true lifecycle of their supporting technologies and fail to process updates which leads to a great risk.

Read more »
(September 13, 2017)

Four Steps to Successful Risk Management

Technology supports and enhances almost every move we make as humans. From intricate banking procedures to shopping for groceries - every activity that we have embarked upon has been greatly influenced by technology. As the world becomes more interconnected, we also become more susceptible to risks. Just last week, one of the largest cyber attacks was announced, exposing the personal data of over 44% of the American population.

Read more »
(June 14, 2017)

Authorization and Authentication with Microservices

Logging in to a website is so easy: I enter my username and password and can use the site. That's it.

What seems so simple is actually simple if the site is based on a monolithic application. But what if a website is powered by multiple microservices? How do the microservices know that a user is who s/he claims to be, and how can this be handled efficiently? The use of JSON Web Tokens can provide a secure and high-performance solution here.

Read more »
(May 17, 2017)

5 tips to prevent your system from getting infected by ransomware attacks like WannaCry

As many of you probably know, on May 12th, an international cyberattack started infecting more than 230,000 computers in over 150 countries with the worst-hit countries being Russia, Ukraine, India and Taiwan and including many others worldwide. In Europe, some of the worst hit enterprises were Telefonica, FedEx, Deutsche Bahn, Latam Airlines and parts of Britain’s National Health Service.

Read more »

Subscribe to Email Updates