If information is the lifeblood of the modern enterprise, then by analogy applications are the beating heart of the enterprise that enables this information to flow freely throughout the corporate body – to the users and business processes that need it, when they need it (any time), and where they need it (from any location, on any device, over any network). By all measures, your enterprise’s portfolio of applications is essential to its pursuit of its strategic business objectives.
At the same time, however, for the typical enterprise this portfolio of applications has grown large, complex and unwieldy – perhaps more so than they even realize. Some of the many dimensions of the volume and complexity of enterprise applications include:
- Scale – Traditional enterprise-supported applications number from dozens to hundreds, not to mention the hundreds to thousands of mobile applications – many of them supported, but most of them not – that are installed on the smart phones, tablets and laptops of their users. Leaders have been investing in explicit mobile application strategies, as in the example of Emory University.
- Sources of Development – The “developed” category of enterprise applications has its own layer of additional complexity, in that these applications may be produced and maintained by internal development teams, by outsourced development teams or systems integrators on the organization’s behalf, by open source communities that these development teams choose to leverage – and most likely, by some mix of all of the above.
- Delivery Platforms – In terms of application delivery platforms, organizations have been eager to gain the flexibility and cost-effectiveness of virtualization and cloud computing – but they have continued to be cautious about how quickly they give up visibility and control, especially over those applications that are more business-critical. In one Aberdeen Group study, for example, two-thirds (66%) of all enterprise applications were implemented as virtualized workloads (i.e., either private cloud or public cloud), as opposed to implementations on traditional physical servers or network appliances. At the same time, 85% of all workloads were still being executed within the enterprise-managed datacenter, as opposed to in the infrastructure of various public cloud service providers.
The following figure – which is based on a snapshot of the consumer-facing applications for a multi-national bank – provides a visual illustration of the size and complexity of the application portfolio for one particular large enterprise at a specific point in time:
- Each circle represents one of the organization’s 376 unique applications for that line of business – and note that both the x-axis (number of transactions) and the y-axis (number of users) are represented using a logarithmic scale, due to the extreme range of values.
- The size of each circle represents the number of entitlements for each application, and the color reflects the degree to which these applications can be automatically provisioned (i.e., without human intervention).
- Several of these applications can be seen in a horizontal line along the x-axis, where the number of users is equal to one – these are used only by another application, rather than by end-user consumers.
Now try to imagine the many additional dimensions of complexity that are not represented in this visualization – such as development sources, delivery platforms, programming languages, database connections, and so on! Even assuming that a given organization does have an accurate and up-to-date inventory of its portfolio of applications, this example sheds some light on why the term “unwieldy” is so appropriate!
This tension is precisely the point: by definition, your enterprise’s portfolio of applications is essential to the organization’s pursuit of its strategic business objectives – and yet over time, it has almost certainly grown increasingly large and complex. And the reality of this tension has important implications for the approaches to be taken for the management of risk, compliance, policies, threats, vulnerabilities, incidents, and business continuity, among others. Any of these important enterprise initiatives are only relevant – and indeed, even possible – if they are built on a solid understanding of the specific applications and systems in that organization’s environment.
In other words, context is king. In Aberdeen’s view, success at any of these important initiatives depends on organizations having the business context necessary to make informed decisions about protecting the assets that are most important to their business – a context that should be based on directly relevant intelligence, not just on potentially relevant information, or on mere intuition.
In future entries in this blog series, we’ll talk about:
Why your enterprise application portfolio is a target for attack – and what are the most important capabilities organizations should have to manage this risk
Three strategies for securing enterprise applications – and an emerging option for enterprise application security that your organization should actively evaluate and consider
For additional information, read the full Aberdeen Group research report: Flash Forward: A New Approach for Enterprise Application Security.
Or, watch this short 3-part video series where Derek Brink himself summarizes his latest research on enterprise application security and the latest approaches: