The Enterprise Architecture Blog

Exactis, a US-based marketing firm you didn’t know existed, discovered earlier this year that it was storing its database of 340 million customer records on a publicly accessible server. The security firm that located the risk told WIRED it was one of the most far-reaching databases of information it had ever seen—the entirety of which was easily vulnerable to attack.

Exactis’ failure presents obvious parallels to Equifax Inc.’s 2017 breach of 143 million US customers’ Social Security Numbers and much else. Disasters like it are why Senator Elizabeth Warren is championing for an Office of Cybersecurity at the US Federal Trade Commission to enforce higher data protection standards for handling consumer records.

The core principles of Senator Warren’s proposed Data Breach Prevention and Compensation Act of 2018 (DBPCA) became a reality in the European Union as of last May. For EU members it’s called the General Data Protection Regulation (GDPR)—and the LeanIX blog has reported on it from conception to reality plus hosted compliance seminars with those like Andreas Bosch from McKesson. But seeing that many EU companies grapple with its terms, are American enterprises likely to also struggle if/when their turn to submit?

Last year in March hackers stole sensitive data of millions of Americans from Equifax, one of America's biggest credit reporting agencies. In this massive breach, data including passports credit card numbers, driver's licenses as well as the Social Security numbers of nearly 146 million consumers were stolen.

From lifecycle to business impact

The establishment of a standardized technology product information data basis with current lifecycle information sets the basis for smart technology risk management. But it doesn’t end here. Let’s look again at our opening example of the CIO that is surprised by an ad-hoc need to upgrade to a new database technology. The short conversation reveals three challenges of managing technology risk.  

Up-to-date technology product information is a key input for Enterprise Architects to assess the risk of their application landscapes. From an organized approach, EAs are able to plan, manage and retire technology components in a smart way.

As innovation drives the market, new technologies are being invented, while existing technology is being improved upon every day. Regular and frequent software updates re-engage existing users, fixes any bugs or issues, and patches problems before hackers can exploit them. Unfortunately, many companies do not know the true lifecycle of their supporting technologies and fail to process updates which leads to a great risk.

Technology supports and enhances almost every move we make as humans. From intricate banking procedures to shopping for groceries - every activity that we have embarked upon has been greatly influenced by technology. As the world becomes more interconnected, we also become more susceptible to risks. Just last week, one of the largest cyber attacks was announced, exposing the personal data of over 44% of the American population.

As many of you probably know, on May 12^th, an international cyberattack started infecting more than 230,000 computers in over 150 countries with the worst-hit countries being Russia, Ukraine, India and Taiwan and including many others worldwide. In Europe, some of the worst hit enterprises were Telefonica, FedEx, Deutsche Bahn, Latam Airlines and parts of Britain’s National Health Service.

Logging in to a website seems to easy: Enter user name and password and you are good to go.

The new year has arrived and now is a good time to get familiar with the CIOs’ key strategic priorities and concerns they have in mind for 2017. The Nomura Holdings CIO Survey does just this by examining their budget priorities for this cycle.