This post originally appeared as Rebuilding enterprise security: Application modernization and the Premera hack on our COO, Carlos Meléndez, Under Development blog at InfoWorld and is reprinted with permission from IDG.
When word broke last week that the data belonging to more than 11 million customers, dating back to 2002, had been hacked at Premera, it occurred to me that IT is at a crossroads between the proliferation of customer-facing apps and the need for application modernization across the enterprise.
Standing at that crossroads (and a little bit exposed) is enterprise IT security.
Demand for customer-facing apps is exploding — and it’s driven as much by IT strategy as by business needs from Marketing, Sales, and HR. With increased volume comes increased complexity (hello, Big Data!), and with increased complexity often comes reduced control over security.
Like rebuilding an automobile engine, app modernization can be an economical and efficient way of extending the life of the app. It’s also in line with modern software development: in the age of SaaS, we tend to have a test-and-refine approach, rather than a rip-and-replace appetite.
Unlike rebuilding an old motor, app modernization is not always about extending the life of something that needs to be retired soon. Modernization also is a strategy for upgrading an organization’s entire IT infrastructure, starting at the application level, and then going deeper when needed to address foundational issues that, in turn, support stronger application integration, deployment and management.
As companies need to push out more customer-facing apps, the need for a comprehensive security strategy never has been more acute. Take, for example, Premera’s industry, healthcare: online portals to access health plan information, mobile apps for insurance claims, and integration with provider e-health information systems are increasingly standard features, rather than unique offerings from health plans that are early IT adopters.
Combined, these kinds of apps provide increased opportunities for direct customer engagement — and increased risk of exposure to security breaches. Companies can help mitigate the risk by developing new apps as part of a modernization strategy that codes for security.
By tinkering with apps through the modernization process, organizations can uncover opportunities to rebuild the security of their IT infrastructure. Rather than just rebuilding the engine, they can replace the wiring and update the lines that connect the IT powerplant — the software applications that bring the business to life.