Solutions in Context - Home End to End Integration

End to End Integration

Application Management, Security and Privacy By Design - Threats, Vulnerabilities and Risk Management

Hi

 

Recent events have heightened public awareness of threats, vulnerabilities and risks.

 

"Apps" have become the users' front door to business, information and IT services using mobile, wireless and wired devices. User confidence and trust are increasingly critical to service success.

 

While the App is perceived to be the functionality on the access device, we need to manage the  "application" as the end to end set of business transactions, system transactions and component interactions between the user and the target service.  For example, mobile banking, web banking, ATMs and payment card devices are access devices that provide apps to connect me to my bank services. While they are separate access channels (using different devices, Apps and connections) they will share some enterprise application infrastructure (connections, workflow, application components and data) and update my bank accounts. They are all part of the set of banking applications I use to debit and credit my bank account. Multi-channel access presents new risks to enterprise applications and data by potentially exposing cross channel vulnerabilities.

 

Application management, security and privacy need to be designed and built into the App. Design needs to consider the end to end context, behaviour and security of both the application and the underlying infrastructure (Application Service Platform, Application Infrastructure Services, Infrastructure Services, and Network Services).

 

Security requirements overlap with application management requirements. For example,

  • Timely alerts that an application component service has failed or been compromised is essential to managing incidents and meeting service level targets,  but also could be instrumental in early detection of Denial of Service Attacks.
  • Transaction performance and integrity are key application management components, but are now critical to maintaining customer trust and satisfaction.
  • The ability to start and stop a service based on alert triggers is critical to both application management and security

Application design needs to integrate services (apps, devices, connections, transactions, component interactions, workflow and data), and layer protection and management mechanisms (controls, audit, reporting, monitoring, alerts and incident management) into an effective end to end security and management solution for the application and the Apps which access it.

 

For this reason, we continue to recommend assessing security threats, vulnerabilities and risks from a defense in depth perspective for information management and flow based on user context and authenticaton across all services used to provide the target application.

 

 

…fred

416 580 7857

 

Fred Nagy, CMC, PMP, ITIL

Solutions in Context – “Strategic Design and Risk Management

 

 

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on Google+ Share on LinkedIn

Contributors

Fred Nagy
10
March 31, 2015
show Fred's posts

Archive

Current

Show Latest Posts

2015

March
Application Management ...
Public Sector Services ...
Managed Service Progra ...
February
I&IT Service Puzzle - ...
Public Sector Service ...
January
Service Innovation thr ...

2014

October
Current Trends + Prior ...
Solution Strategy Shou ...
Architecture and Proje ...
New Website

Tags

Everything Managed Service
 
 
© Copyright 2017 Solutions in Context. All Rights Reserved. Web Design and Content Management by REM Web Solutions.