Software Intelligence provides valuable analytics for IT leaders at any stage of digital transformation. Whether the objective is to improve operational agility, deliver better business functionality at speed, take advantage of modern technology and architectures, or attract new talent, Software Intelligence can illuminate areas that require the most focus.
Digital leaders and IT professionals from across the private and public sector joined CAST at the Software Intelligence Forum in Washington, D.C. to discuss the challenges, risks, and opportunities associated with digital modernization. The day-long exchange included CAST customer testimonials, reflections on software quality industry standards, and a discussion of solutions available through CAST to mitigate modernization risks.
While there was a great variety of topics throughout the day, presenters converged on one key finding: it is essential to address modernization and application security simultaneously, and Software Intelligence provides the microscopic level of software insight needed to ensure digital readiness while ensuring mission-critical software is secure.
The event kicked off with a panel discussion between Andy Schlei of Sony Pictures Entertainment, Paul Seay from Northrop Grumman, and former CIO of Department of Homeland Security, Luke McCormack. At different points in their respective modernization efforts, they confronted the question: how do we keep data secure during and after transitions? Software Intelligence can help IT professionals navigate this inflection point. Application portfolio management gives leadership the insight to acknowledge existing vulnerabilities, discern where to invest and apply industry standards to monitor evolving portfolios.
Allan Friedman, Director of Cybersecurity at the National Telecommunications and Information Administration at the US Department of Commerce, underscored software transparency as a way to maintain and improve resiliency throughout modernization efforts. Though there is no particular government solution in mind, current policy initiatives such as a software bill of materials (SBOM) would enable bottom-up tracking of inputs and top-down audit for software quality, risk management, and compliance. There is a need for more visibility with third party components and dependencies. Tracking and communicating third party components in software and IoT with a SBOM can improve and communicate secure development practices, help enterprise customers protect themselves, and foster better markets for secure products.
Is it a panacea? No, says Friedman. But knowledge of risks is crucial, and when comparing solutions, a SBOM can help inform a security-based decision and can help prioritize a response to newly discovered or exploited vulnerabilities.
But what does transparency look like across sectors? Does it translate from on-premise to cloud-native systems? “In 4-5 years, all applications – including source code – will live in the cloud,” says John Chang, Head of Solution Design at CAST. “Your software will need to as well.” As software evolves to become serverless, a single perspective on systems architecture will no longer suffice. Software Intelligence must provide both an executive bird’s eye view and a microscopic view into the system’s engineering.
CAST Highlight helps IT professionals fine tune and improve software health and cloud readiness, but developments to CAST AIP are underway to enhance software blueprinting capabilities. As software and cyber ecosystems grow, AIP is growing with it to help you better support web services, understand inter-technology dependencies, model new architectures, and integrate into cloud repositories. As Friedman suggests, it’s important to nurture an adaptable cyber and software ecosystem which is easily updateable – perhaps the next challenge is finding a dynamic yet standardized way of doing so.
It's difficult to make good modernization decisions without knowing where your systems stand today. Whether you're looking to undergo a cloud migration, merge functions, modernize components or de-couple system architecture, having MRI-like visibility into complex systems is not only advantageous, but crucial to running an agile, efficient and safe digital business.