AlgoBuzz Blog

Everything you ever wanted to know about security policy management, and much more.

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt
Search in comments
Filter by Custom Post Type
Posts

Application Connectivity: There’s a Map For That!

by

Over the life cycle of an application, network connections tend to become more complex and the need for them may come and go. Yet it’s difficult to know how and why data flows between applications below the multiple overlapping layers. As a result, any significant update or effort to close down access runs the risk of outages, frustrated customers and unhappy executives if you don’t have good up-to-date documentation of your application connectivity architecture.

When you first implement an application, you have a clear understanding of how it connects to other applications and why. There’s usually a good process in place for documenting the application architecture on paper and mapping it digitally. But five years down the road, do you know all the connections that have been made since? Many organizations do not—and that creates tremendous operational risk.

Let’s say IT builds a stock market data application for a bank and implements it to provide online access for customers. Over the next five years, the organization installs new routers, updates security, changes access rules and rolls out several new applications that draw on aspects of that stock market data application. Now there’s a more robust application for stock market information and IT needs to update the application. Can they do it safely?

It depends. Chances are no one knows all the hooks into the existing application, which means decommissioning connections risks impacting availability for online customers, which could damage the bank’s reputation and may cause some customers to leave. No one wants that. And yet, leaving all the current connections in place may also be risky because unneeded access points leave doors open for cyber criminals.

This isn’t just a hypothetical situation. I’ve seen it happen: An organization left open a generally unused access point in an older application, maybe because they weren’t aware of it, maybe because they worried that closing it would cause other problems. Their own developers found the opening and used it to access production data, complete with customer social security numbers and names for their own development needs. Luckily, it wasn’t an outside attack, but it easily could have been, with quite serious repercussions.

To safely update application connectivity, organizations needs a current map of the application architecture and connectivity that can show exactly how changes to one application will affect other applications that have piggy backed on it over the years. With good digital documentation, you can then remove the rules that might cause outages and eliminate the hooks that no longer serve a business purpose.

Over the life cycle of an application, network connections tend to become more complex and the need for them may come and go. Yet it’s difficult to know how and why data flows between applications below multiple overlapping layers. As a result, any significant update or effort to close down access runs the risk of outages, frustrated customers and unhappy executives if you don’t have good up-to-date documentation of your application connectivity architecture. Fortunately, there is a map for that.

Subscribe to Blog

Receive notifications of new posts by email.