Category Archives: Digital Transformation

  • October 7, 2019
  • -

Outdated And Unsecured – Your Application Is A Sitting Duck

Category : Culture , Development , Digital Transformation

Companies with revenues in the millions and even billions of dollars face the risk of running outdated software applications. Why do they continue to do so? Are the risks only restricted to outdated software? 

Applications built using the latest stack also risk being vulnerable when appropriate security measures and policies are not followed. Facebook was under scrutiny for storing millions of passwords unencrypted. According to Facebook, the passwords were not stolen. The incident did result in a loss of trust which further exasperated the situation at Facebook. Facebook was fortunate that the passwords were not hacked. There are many instances where encrypted and unencrypted information were stolen. Such was the case with LinkedInYahoo, and many others.

In this article we will focus primarily on the topic of outdated applications and how to approach them.

One major reason that organizations continue to run outdated applications is the cost involved and the return on investment (ROI). Companies see upgrading as not a worthwhile expenditure unless there is no other choice. The organization may be using agile and lean methodologies to build a software. However, they may not necessarily end up with a product that can stay agile and lean.

Stay Relevant

The decision to stay current is largely driven by the culture. An organization that is enthusiastic about the trends in the industry will try to analyze what is worth adopting and go for it. 

When responsive sites were becoming popular, it was an easy win for many. It was like upgrading the upholstery. There was definitely a cost involved but was much less for the new look and feel of the same legacy application.

So, how do you convince your management that your software needs to stay current? Your organization can either be motivated by the new capabilities or be threatened with the consequences of non-compliance, security breach etc. 

The threat factor usually does not work well. The news cycle has so many of those threat factors. The Equifax hackDoorDash breachCapital One breachTarget breach and many more fills our news on a regular basis. Many organizations do not understand their vulnerability. Even if they understand it, it is a complex problem to analyze and mitigate the risk.

If your application has reached a point where upgrading is a high-risk project, remember that not upgrading is of a much higher risk.

The application may be so important that you can’t risk disturbing it. Or it may not be important enough for you to care about it. Either way the risk still remains.

The risk with running outdated applications is that there are a lot of known and exploited vulnerabilities already in them.

How do you bring about change in an organization? Let’s look at a few things that you can focus on to bring attention to the problem.

Be More Specific

  • “There is a new security patch to install. When can we do it?” Vs. “A regular user can impersonate and perform admin functionalities. We have a patch. We need to apply it immediately.”
  • “The next version of software has a lot of good features.” Vs. “The next version of software will allow us to deliver content seamlessly across multiple channels.”
  • “Upgrading to the latest version is going to be a major effort.” Vs. “Upgrading to the latest version is going to take 6 months and cost $500,000.” 

A security alert notification that I received in January 2019 read, “Users with User.VIEW permission can update other user’s password.” The implication is if someone can view your profile information, they can also update your password. What risks are you facing? If you have an SSO with a third party identity manager and that is the only way users can access the affected system, your risk may be low. If not, you are taking a big risk by not applying the patch. A hacker can gain admin access by changing the admin password. 

Equifax security breach due to the failure to patch a vulnerable software resulted in millions of users information being stolen. How do you keep track of such security flaws in a 9 year old library with the flaw being reported only around the time of attack?  There are some vendors who continuously track vulnerabilities and can help generate reports for your application. This will only work on reported vulnerabilities. It is not effective on a Zero-day-Exploit like Equifax where the attack happened even before the vulnerability was publicly reported.

If your application is a moving target rather than a sitting duck, it could help reduce such attacks like that of Equifax. It should be a high priority to keep your application current.

Make It Clear

We all at some point or the other might have heard this. A lasting change comes from within. This applies to individuals, groups, and organizations.

When the drive is not from within the organization, all outside compliance requirements are not that effective. If a compliance requires that you take appropriate backups, a diligent organization will also make sure that the backups are useful. 

You cannot force your business leaders to upgrade if they see no value in it.

What are the advantages and disadvantages to upgrading? More importantly what are the direct and hidden costs. How do you mitigate the risks?

Are Your Clients Happy?

In certain scenarios a major client of yours may mandate that your product is built on current technologies. In this case, there is a financial consequence of losing the client if your product is built on older versions of software.

Do you have a competitor who is offering the state-of-the-art product that uses all the latest advancements in artificial intelligence, machine learning, and personalization and also costs less?

Why not experience new innovation?

You should have innovation labs where your team can explore some of the latest technologies and products.

Talk To Others

I have never heard from a vendor that their new product is very challenging.

Are there other clients who are willing to talk about their experience with the new version of the software? If you really want to hear the true story, try to reach out to other users directly without a sales and marketing pitch from vendors. Many market research papers such as Gartner and Forrester provide valuable insights. The concerns that they raise can be extremely valuable.

Cost

Often organizations continue to pay a high price for old technologies when the new subscription model could save them more. Identify the cost differences and the options available. 

You may not be able to tell this to your boss

In a very sensitive environment, a security breach due to outdated software can cost the leadership their jobs. Even if leadership can blame a breach on a systems engineer who did not apply a patch, it is the leadership where the buck should stop.

Build The Right Skills

Are you paying attention to the needs of your team? Are the skills that team has going to become obsolete? Should you invest in your team or risk losing the best? Look out for the soft signs from your teams and see if they are becoming disengaged and disillusioned working with outdated tools and products.

A disengaged team is not going to be able to identify the risks and take proactive steps to mitigate those risks.

One of the major challenges that many businesses face today is that they do not have the people with the right skills to either upgrade a software product to the latest or to analyze the impact of upgrading. 

It is important to build the necessary skills to either be able to do it yourself or at least know when you need help and what type of help.

Any organization that is able to afford a software team should invest in making sure that the team has the capabilities to do it all themselves.

It is perfectly fine to get outside help. But you should not be completely at the mercy of another organization to make you successful.

Upgrades of any major piece of software require preparation and planning. You should expect challenges especially if you have spent a significant amount of time building and customizing the application.

Conclusion

Being current does not mean you can stop monitoring your applications and networks for security threats. Being outdated means that you are risking being a sitting duck that is waiting to be breached. 

Do not stop here. It is time to reevaluate what you have and protect the data of those who have trusted you with it.

  • August 21, 2019
  • -

Digital Transformation -Stay Ahead Of The Curve

Category : Development , Digital Transformation , Microservices , Serverless

Digital transformation is real. If we do nothing it will result in what could be a digital stagnation. Transformation is not a final goal but a continuous process of improvement. The word digital was first used in the 15th century. It took a different meaning with the invention of computers and the first electronic digital systems in the early 1930s and 1940s. Digital transformation has been happening over the last 100 years. 

So, what does the digital transformation in the 21st century really mean?

The digital transformation at this time stands for how we gather data using modern technologies to gain insight in order to better serve and engage customers, employees, and businesses. We could extend that to serve humanity as a whole.

The undeniable fact is that we produce and gather more data than we are able to comprehend and analyze without the aid of machines. Is this good or bad? It depends on the quality of the data that we collect and the benefit that we derive out of it to overall serve people better. Excessive data collection and consumption could become an issue just like the plastic waste that we produce. People are losing their lives while trying to capture the very moment of their lives in the selfie culture.

Digital transformation consists of various components. Some of them are IoT, 5G, AI, blockchain, NLP, ML, big data, analytics and cloud native applications. The rest of the article will primarily focus on the software application aspect of this transformation.

Technology Leaders

Amazon, Apple, Google, Microsoft, and Facebook are continuously inventing to solve their business problems. What we call digital transformation is something the big companies have been doing for a long time. Digital transformation is a process and not a final product. Most of us are only catching up with the pioneers in the field. If we are too late to catch up, it could become the dreaded legacy that no one is proud of. As an example, Netflix OSS dropped their own tool Hystrix for Reslience4J. Another example is that of Google which stopped selling their Google Search Appliance (GSA) product in 2016. Many organizations that invested in GSA had to quickly transform their businesses to use Elastic, Solr or other proprietary search engines.

We need to understand that these companies are not trying to build frameworks for the sake of building frameworks. They are solving the business problem that they are facing. If the solution is irrelevant they move on.

Digital Transformation Failures

Many digital transformation projects fail according to a Forbes article in 2016. The same sentiment held true in a Harvard Business Review article in 2018 and even today among business leaders.

A major university in the east coast with tens of thousands of users spent three years implementing a digital transformation solution for their students. By the time they finished their product, they were already in a legacy system that approached the end of support and needed an upgrade. The choices that they were facing were either spend another year or more upgrading the system, or build a new system. The transformation product that they choose already became a legacy and not the right solution. Three years is a lot of time in the era of digital transformation. In that timeframe, anything we build could become a legacy.

It is inevitable that all organizations need to transform. It is a challenge that many are not able to succeed in.

Fortune magazine did a special investigation report in early 2019. According to that report more than $36 billion dollars were spent over a 10 year period to digitize health records. It was a major failure. It is unfortunate that some of those errors resulted in the loss of lives.

Digital Transformation Success

There is a centuries old proverb in Tamil which says “Even when throwing (spend money) in a river, measure what you throw.” It applies greatly in the age of digital transformation. Many organizations throw their money into the river hoping that their misfortune with technology will change. It does not work that way. Intuit  is one of the companies that has seen some great success with their digital transformation. A company that helps people keep their books does seem to know how to keep their books right.

There are a few things that companies can do to have a successful digital transformation.

  • Usability. Anything that we build needs to intuitive. It should not require 4000 mouse clicks a day for a physician to perform a shift in ER. We can’t expect our users to be developers who know how to work around the system to get their job done.
  • Accountability. Often teams blame others including the product they spent months choosing, or the vendor that they vetted through RFP process for the failure. We need to own the responsibility. 
  • Measure as we spend. It is important to look at the returns whether it is short term or long term and be able to justify the cost. 
  • Small steps. We need to learn to walk before we can learn to run. Identify some areas that can be transformed and make it a model for the company.
  • Assess before adopting. A lot of the technologies out there are to some extent a fad or hype. Don’t be afraid to look under the hood. If you need help, choose a trustworthy partner. Organizations often choose the wrong product or platform and then try to find a partner who could help them transform.

Stay Ahead Of The Technology Curve

It is important that we always look at the problem that we are trying to solve and understand why we are doing what we are doing.

Many organizations may not have the necessary means to invent their own transformation tool. It is perfectly fine. Everyone doesn’t have to invent their own plane in order to fly in it. The key is to understand the purpose and limitations of the tools. 

REST API became very popular since the early 2000s. Along with that came the Javascript frameworks which made it easy to build applications. Teams started building apps that made dozens of request to update various sections of a single page. This soon became a major issue with all the overhead that comes with every single request. Solutions such as Websockets were proposed to reduce some of the overhead. Even though the data can travel at the speed of light, we share bandwidth just like roads and bridges. 

How did some organizations solve this problem? Some organizations built view optimized tables, caches and even relied on flat schema search engines such as Elastic to reduce the number of requests. Facebook solved this problem by building their own solution and called it GraphQL

Is GraphQL a final solution to all problems? It is definitely not. Now you have to scale the GraphQL server in a similar way you would have to scale any of your database and applications to support all the traffic. We just introduced one more layer to the problem.

What did AWS do with GraphQL? They found an opportunity to take this and make it into AWS AppSync. AppSync relieves the end users of the pain and effort of maintaining another layer. Organizations that are early adopters often may face the challenge of doing everything themselves. The companies that are at this juncture should evaluate which path to choose for a successful digital transformation. Should you spend years building you own or find one that saves you years of effort?

The same applies with Kubernetes. Within a short time of releasing Kubernetes, a whole bunch of companies popped up to tell you how Kubernetes can be made easy and painless so that you can focus on solving your business problems. 

Choose wisely a platform or a cloud solution that lets you focus on the business rather than building massive technology teams. At some point an organization may find itself at the crossroads of becoming the pioneer. If it happens, let it be so. Don’t be afraid to pick up the baton. Thirty years ago, some of the major players transforming the field right now were either too young or yet to be born.

Conclusion

We are in a time where a team may be relying on tools and contributions from Microsoft, Google, Amazon, Facebook or Netflix to build a single solution. It is perfectly fine to work with multiple technologies. We are solving business needs. If we keep our focus on the goal, the technology becomes as an asset rather than a liability. Digital transformation is not a goal but a continuous process.

Archives

Cloud Native
Lean Methodologies
Dallas-Based
US and Nearshore

| © 2014-2019 Got BizSense LLC. All Rights Reserved.