New data risks must be contained now for the IoT future
This post originally appeared as SOA governance a secret weapon for enterprise it risk management on our COO, Carlos Melendez, Under Development blog at InfoWorld and is reprinted with permission from IDG.
Whether it’s stories about big banks being hacked, or McAfee reporting on mobile malware threats, data risks are a regrettable reality. IT security execs have long dealt with data risks, but even the best among us have to face the fact that in Internet of Things age, where device proliferation reigns and BYOD is the norm, those risks are increasingly hard to manage and can no longer be ignored.
As more “dumb” objects get smart through software services, and more workers expect interoperability between enterprise systems and mobile devices in order to get their jobs done on a day-to-day basis, managing interconnected enterprise systems and services is becoming increasingly complex. At the same time, the dominance of service-oriented architectures in enterprise IT has fostered labyrinthine relationships between applications, data, devices, and users.
Risk, of course, comes from multiple sources – some of which are within our control, and some of which are not. Hackers, ultimately, fall into the latter category. But risk-management strategies like SOA governance are well within reach.
SOA governance is more than establishing a framework for SOA monitoring, auditing, and management. It is the process by which enterprises handle access to underlying data and processes through the reuse of the current application infrastructure. It is a layer on top of the Enterprise Data layer – and essential for creating that elusive, single point of truth that informs decision making with good data.
Whether that single point of truth can be found in a current IT architecture isn’t really what’s at play here – the single-data-store approach in the data layer is now standard best practice. Many enterprises have solved the multiple data source problem, but what about the multiple application source problem?
Consider sales data. In the past, the biggest challenge might have been that sales data was stored in multiple locations, including spreadsheets and discrete databases. Without a single, verifiable data source, it was difficult and time consuming to reconcile sales information between, say, the sales organization and Finance. This created significant risk for the enterprise (it still does, for some companies that haven’t fully tackled the problem yet).
But application-layer risk is a whole other story. What happens if you have clean, consistent sales data across the enterprise, being managed by a single data store, but multiple applications feeding into that store? Unless they are operating according to the exact same business rules, these applications could be adding inaccurate or contradictory sales information into that store.
As software proliferates along with connected devices in the enterprise, effective application risk management becomes increasingly acute. Without SOA governance – a framework that includes multiple elements, from process register documentation to continuous improvement initiatives – enterprises that have tackled data risk will still face application risk.
Let’s face it: hackers will always threaten data. The Internet of Things will continue to get bigger. The trick is not to contain the risks you can’t, but to manage the risks you already have. Like the ones living in your applications.