The biggest lesson learned from the Equifax breach is that executives and application owners need a software risk scorecard that clearly outlines KPIs around software structural quality and security.
Open source is the lifeblood of modern software development, there’s no getting around it. It makes sense that development teams want to get a head-start when beginning a new project and don’t want to have to start from scratch every time. Because open source software is designed and “certified” with public use in mind, it is prevalent throughout the app dev community.
There is a lot of talk about DevOps these days. I guess you’ve noticed that too, if you have anything to do with tech and haven’t been living in the woods the last three years.
I spoke on a panel a few weeks ago at the MIT CIO Symposium called Running IT Like a Factory. One of my co-panelists talked a lot about cloud-native companies, and how Netflix does 3,000 releases per month and Amazon does 11,000 releases per year. He also referenced the robustness of AWS and how companies like this can create a ton of value very quickly.
Harvard Business Review has reported that digital leaders succeed in large part due to their ability to recognize and scale innovation across their business – seeing beyond transformation hurdles and IT complexity. They never lose sight of the end goal.
So, what does it take to be a digital leader? As a sponsor of the Software Risk & Innovation Summit last week in New York City, I was able to hear from some of the leading experts on the matter, including CISQ, JetBlue, COACH, Fannie Mae, BCG and others.
Our friend Paul Bentz at CISQ recently published an article detailing the imperative for CIOs to become digital leaders. Research from Gartner confirms that high-performing CIOs are leaders because of their participation in a digital ecosystem. To effectively drive transformational programs, CIOs must have a keen understanding of how digital drives both business and IT success.
The key to security is to ensure that your most sensitive data is handled with proper controls in place. This should include working with your architects to explore the architecture of applications that handle the most critical data, starting from the data elements themselves and fanning out via impact diagrams (for example, CAST does this with the Application Intelligence Platform). Over time, your team will be able to establish secure architecture components that should handle all sensitive data.
Insurance organizations have reached a tipping point. Historic institutions, with in some cases hundreds of years of service, they are being forced to transform due to changing consumer demands and nimble, technology-centric startups bringing innovative products to market. No stranger to regulatory and privacy concerns, Insurance carriers have overcome many roadblocks throughout their lifetime of doing business. Now they must tackle their legacy IT systems and improve software risk management to deliver the value today’s market is after.