The biggest lesson learned from the Equifax breach is that executives and application owners need a software risk scorecard that clearly outlines KPIs around software structural quality and security.
Open source is the lifeblood of modern software development, there’s no getting around it. It makes sense that development teams want to get a head-start when beginning a new project and don’t want to have to start from scratch every time. Because open source software is designed and “certified” with public use in mind, it is prevalent throughout the app dev community.
Harvard Business Review has reported that digital leaders succeed in large part due to their ability to recognize and scale innovation across their business – seeing beyond transformation hurdles and IT complexity. They never lose sight of the end goal.
So, what does it take to be a digital leader? As a sponsor of the Software Risk & Innovation Summit last week in New York City, I was able to hear from some of the leading experts on the matter, including CISQ, JetBlue, COACH, Fannie Mae, BCG and others.
CAST recently participated in a TechMarketView round table in London, discussing the effectiveness of digital strategies in banking. It’s no surprise that banks are facing some significant headwinds heading into 2017, including geo-political uncertainties, increased regulation, the need to modernize legacy systems and growing cyber threats.
Digital is no longer “just another channel” – it’s essential to success and securing optimal position for the next generation of banking customers. In order to capitalize on opportunities, bank management must establish solid KPIs to create and sustain the right behaviors in a digital environment.
The key to security is to ensure that your most sensitive data is handled with proper controls in place. This should include working with your architects to explore the architecture of applications that handle the most critical data, starting from the data elements themselves and fanning out via impact diagrams (for example, CAST does this with the Application Intelligence Platform). Over time, your team will be able to establish secure architecture components that should handle all sensitive data.
It seems more and more frequently we see security and cyber-attacks in the news today. From Yahoo’s apparent cover up of a massive security breach that is damaging its merger with Verizon to the even more recent bank hack in India, where millions of debit cards were compromised, it’s apparent that there are holes in our current defense systems. Adding to the complexity of it all, eWeek has reported that DDoS attacks hit record highs in Q3 2016.
For most data-intensive organizations, it would spell disaster if mission-critical or customer information was leaked. What’s more, security gaps are known to go undetected for much longer in enterprises with a high percentage of legacy systems.
Insurance organizations have reached a tipping point. Historic institutions, with in some cases hundreds of years of service, they are being forced to transform due to changing consumer demands and nimble, technology-centric startups bringing innovative products to market. No stranger to regulatory and privacy concerns, Insurance carriers have overcome many roadblocks throughout their lifetime of doing business. Now they must tackle their legacy IT systems and improve software risk management to deliver the value today’s market is after.