Tag: Software Risk Management

High-capacity network bandwidth has become more widely available, and we have quickly tapped into every last inch of its capacity. More devices are built with wi-fi capabilities, the costs of mobile devices are going down and smartphones are in the hands of more people than ever before. In fact, Apple might have already exhausted the market and is seeing drastically lower sales forecasts for the iPhone.

We are moving into an era in which virtually any device will connect to the Internet. Phones, fitness trackers, dishwashers, televisions, espresso machines, home security systems, cars. The list goes on. Analyst firm Gartner estimates that over 20 billion connectable devices will exist worldwide by 2020. Welcome to IoT—the Internet of Things. A giant network of connectable things.

In April, Google experienced a fairly significant cloud outage, but it was hardly news at all. In fact, it was likely the most widespread outage to hit a major public cloud to-date. The lack of coverage is strange, considering the industry’s watchful eyes like Brian Krebs and others. The even more recent Salesforce service outage seems to have received more attention. But despite the fact that Google seems to have gotten away with a “pass” this time, the glitch brings renewed attention to the fact that tech players large and small are continuing to deal with software robustness issues.

Today, CAST is meeting hundreds of Enterprise Architect aficionados, gurus, practitioners and professionals in National Harbor at the Gartner EA Summit. When glancing at the agenda, it is evident that EA has become omnipresent and is interacting either directly or indirectly with 100% of hot IT challenges such as Digital Transformation, Cloud Readiness, Internet of Things, Cyber Security and Innovation - the topics that are keeping many executives up at night.

The intent of this post is to share “one” view of the EA journey and provide some personal insight into software risk management and what I think will be the upcoming challenges in our favorite discipline.

On March 15, CISQ hosted the Cyber Resilience Summit in Washington, D.C., bringing together nearly 200 IT innovators, standards experts, U.S. Federal Government leaders and attendees from private industry. The CISQ quality measures have been instrumental in guiding software development and IT organization leaders concerned with the overall security, IT risk management and performance of their technology. It was invigorating to be amongst like-minded professionals who see the value in standardizing performance measurement.

Software Risk Management in Digital Transformation was the focus during the 4^th edition of the Information Technology Forum, hosted by International Institute of Research (IIR).  Massimo Crubellati, CAST Italy Country Manager, discussed how Digital Transformation processes are changing the ICT scenario and why software risk management and prevention is mandatory.

Massimo shared our recipe for Digital Governance evolution: including a specific ICT Risk chapter in the design of the governance structure of the digital transformation, whose most relevant aspect is to determine which methods and through which key performance indicators to measure the operational risk inherent in the application portfolio. Measurement needs to be continuous and structural, it must include the assessment of application assets inherent weaknesses, through the analysis of correlations between the layers composing them. Thus obtaining, not only an effective prevention of direct damage ensuring the service resilience, but a reduction in maintenance and application management costs.

Software risks to the business, specifically Application Resiliency, headline a recent executive roundtable hosted by CAST and sponsored by IBM Italy, ZeroUno and the Boston Consulting Group.  European IT executives from the financial services industry assembled to debate the importance of mitigating software risks to their business.

If you've read the news lately, you've seen headline after headline (some, even on our blog) about computer glitches, technical failures, software risk, and hacks.  The health of applications is now under more microscopic attention than ever before - because no matter whether internal or external causes prompt a software outage, the security and stability of your applications are paramount.

When Electronic Health Records were first installed into hospitals and networks, it was seen as a great innovation. However, an important step in their implementation was glazed over: ensuring their security. According to Politico, hacks related to security lapses have cost the healthcare industry around $6 billion a year.

Dr. Carol Woody of SEI was recently featured on a CISQ webinar about the correlation of software quality and software security. Her lessons on this topic highlight why software security cannot be something added after-the-fact, it must rather be factored into the development of software applications from the moment coding begins.

This is a lesson that companies such as Sony need to learn. While past breaches like the ones carried out by the LulzSec group in 2011, affected their customers and cost them dearly in terms of reputation and reparations, the one they suffered late last year hurt them much closer to home when cyber criminals breached Sony’s entire network and threatened to expose all stolen data.