LeanIX Blog – we love IT Architecture!

Can higher quality data lead to smarter security?

Exactis, a US-based marketing firm you didn’t know existed, discovered earlier this year that it was storing its database of 340 million customer records on a publicly accessible server. The security firm that located the risk told WIRED it was one of the most far-reaching databases of information it had ever seen—the entirety of which was easily vulnerable to attack.

Exactis’ failure presents obvious parallels to Equifax Inc.’s 2017 breach of 143 million US customers’ Social Security Numbers and much else. Disasters like it are why Senator Elizabeth Warren is championing for an Office of Cybersecurity at the US Federal Trade Commission to enforce higher data protection standards for handling consumer records.

The core principles of Senator Warren’s proposed Data Breach Prevention and Compensation Act of 2018 (DBPCA) became a reality in the European Union as of last May. For EU members it’s called the General Data Protection Regulation (GDPR)—and the LeanIX blog has reported on it from conception to reality plus hosted compliance seminars with those like Andreas Bosch from McKesson. But seeing that many EU companies grapple with its terms, are American enterprises likely to also struggle if/when their turn to submit?

The not-so-modern phenomenon making the digitalized world shudder

Surprising no one, Allianz Group has named Business Interruption (BI) as the global business community’s most feared risk in its 2018 Risk Barometer report. It is now the sixth straight year that BI has taken this distinction.

What this means is that more than 1,900 risk management experts from top international enterprises have expressed, ad nauseum, the perils of systems outages—ones resulting not only from natural disasters but also from digitalization and the delicate interconnectedness of all business services.

Enterprise Architecture is and has always been, a collaborative effort. We’ve previously outlined how Enterprise Architects can use their holistic view of the enterprise to support the critical questions of their stakeholders. This article will outline how enterprise architecture and IT service management intersect and support each other.

Last year in March hackers stole sensitive data of millions of Americans from Equifax, one of America's biggest credit reporting agencies. In this massive breach, data including passports credit card numbers, driver's licenses as well as the Social Security numbers of nearly 146 million consumers were stolen.

Let’s review two indispensable tools for any self-respecting Enterprise Architect (EA): Inventorying and Modeling.

Both mechanisms provide unique advantages for handling complex IT ecosystems—and both present limitations which only the other can improve. 

Technology risk is any potential for technology failures to disrupt your business such as information security incidents or service outages.¹

Sometime at the beginning of the year, the Head of Infrastructure of a manufacturing company walks into the CIO’s office: “I just had Oracle on the phone. We have a problem”, he said. “Why is that?”, asks the CIO. “We need to get off that Version 11 Database. They are going to waive premium support and the security risk is no longer acceptable”. “Uh, ok… What does this really mean?", asks the CIO looking puzzled. The head of infrastructure starts to explain: “The migration will have quite a few ripple effects, and the new version requires a newer server operating system. That means some of the older servers need to be replaced. I suspect that a large number of applications will be affected, and migration from the older ERP legacy systems will be tricky. I cannot promise that we will make it without any production downtime.” With a worried expression, the CIO mutters, “I wish you would have told me that before the budget planning two months ago…” Source

Welcome to Industry 4.0, also known as the Fourth Industrial Revolution. This revolution includes a range of new technologies that fuse the physical and digital worlds. It impacts all disciplines, economies, and industries.

As many of you probably know, on May 12^th, an international cyberattack started infecting more than 230,000 computers in over 150 countries with the worst-hit countries being Russia, Ukraine, India and Taiwan and including many others worldwide. In Europe, some of the worst hit enterprises were Telefonica, FedEx, Deutsche Bahn, Latam Airlines and parts of Britain’s National Health Service.