Business Continuity

Business Continuity
How can organizations infuse security into the customer experience?

Top Answer : You have to actually use it internally as you're designing it so that you can see the experience. It will add a layer to the current process if you don't have any security—we all know how much security two-factor authentication (2FA) provides, but people hate it. And some people who just want to be ignorant about the security risks out there continue to believe that 2FA's annoying and they shouldn't have it. So how do you get that persona to listen to the benefits of security and yet make it easy enough for them so that they can use it on a daily basis? That's a challenge that every company is facing.  The way I have handled it is by trying to minimize the number of clicks and the number of times that people have to move from one app to the other—how often you have to look away and do other things in that workflow. Try to simplify the process because there are simple ways of doing it. A lot of companies have solved for it, so you don't have to be a rocket scientist. There are a lot of use cases where it actually works, so replicate them, steal them and do it yourself. This is all about being efficient and being productive.

Should IT leaders incorporate the language of compliance frameworks into their security posture?

Top Answer : Unless there is a massive invasion by aliens to come in and eradicate every lawyer on the planet, you're going to have to close one eye and determine whether or not the language fits and interpretation versus letter of the law. Unless we're mandated by a higher being that says, “Follow this law. This is what this means and there are no deviations,” then we just have to do our best. I've gone through too many others, like HIPAA, HITRUST, PCI, and everything else; I'm going to do my best and the rest has to come after that.  When you're talking about security, it all has to be highly customized and subjective; you cannot have one framework that is perfect for everyone. There are concessions there because you have different requirements, different needs, etc., and we don't have an endless amount of money to spend.

What is your most immediate concern right now as an IT leader?

Top Answer : Ensuring that we are adding value and enabling the business

Related Tags
Is this crisis an opportunity to undertake other projects like infrastructure?

Top Answer : What we're doing now is looking at all options to reduce unnecessary expenses. So anything that we think of in terms of projects that can wait, we've postponed them. We are considering upgrades that we might not have done before, like upgrading our website, bringing in new infrastructure, solutions like moving our server footprint to the cloud. Few things that we've kind of talked about as projects if we've always wanted to do, we decided to do them in larger bulk because we don't have as much of a customer impact as we would have had earlier.

Related Tags
Digital Strategy in 2021Digital Strategy in 2021

How are overall digital strategies shaping up for leaders in 2021?

 Improving quality of conversation when remote Improving quality of conversation when remote

Remote work has become the new norm in 2020. How are executives thinking about improving the quality of conversation around remote work?

Related Tags
What are your thoughts on SaaS management platforms (SMP)?

Top Answer :

Related Tags
Business Application Development
Architecture & Strategy
Requirements & Design
Testing, Deployment & QA
Mobile Development
Selection & Implementation
Business Analysis
Applications Vendor Landscapes
Data Center
Public and Hybrid Cloud
Business Applications
Crisis Management
Data & Business Intelligence
Artificial Intelligence
Business Intelligence Strategy
Data Management
Enterprise Integration
Machine Learning
Data Lake
Big Data
Data Warehouse
Disruptive & Emerging Technologies
Virtual Reality
Digital Innovation
Augmented Reality
End-User Services & Collaboration
Collaboration solutions
End User Equipment
End-User Computing Devices
Endpoint management
Productivity tools
Document Management
End-User Computing Applications
End-User Computing Strategy
Voice & Video Management
Continuous Integration
Technical Product Management
Continuous Deployment
Quality Assurance
Customer Relationship Management
Enterprise Content Management
Customer Success
Enterprise Information Management
Enterprise Resource Planning
Marketing Solutions
Human Resource Systems
Product Recommendation
Risk Management
SOX Compliance
Governance, Risk & Compliance
Infrastructure & Operations
Cloud Strategy
I&O Finance & Budgeting
Operations Management
Network Management
DR and Business Continuity
Server Optimization
Attract & Select
Cost & Budget Management
Manage Business Relationships
Organizational Design
Program & Project Management
Train & Develop
Talent management
Performance Measurement
Organization Structure
Manage & Coach
Availability Management
Financial and Vendor Management
Service Desk
Management Tools
Enterprise Service Management
People & Process
Process Management
Asset Management
Project & Portfolio Management
Portfolio Management
Project Management Office
Confidentiality, Integrity, Availability
Secure Cloud & Network Architecture
Endpoint Security
Data Privacy
Identity and Access Management
Security Operations Center
Security Strategy & Budgeting
Security Vendor Landscapes
Threat Intelligence & Incident Response
Threat & Vulnerability Management
Vendor Management
Infrastructure Vendor Landscapes
Strategy & Operating Model
Business Continuity
Architecture Domains
Tool Recommendation
Can vendor lock-in ever be valuable?

Top Answer : It can be positive in some cases if the organization is investing in a specific platform like AWS or Google Cloud. Utilizing the system services provided by that particular vendor helps because the interoperability is really high. And cost-wise, sometimes it's cheaper when you stick to one vendor ecosystem. That is the plus side of vendor lock-in. The downside is that you have to depend on it and pay for anything the vendor bills for you. We see a trend where initially the cost is low, but then it increases. But as long as you build things on top of open standards, you can take them to any Cloud provider or vendor. The best example of that is Java, which was an open standard. And things like open API specifications and even Kubernetes are good examples—I call Kubernetes the Linux of networking. So it's a choice and there are pros and cons to both approaches. The low-code cloud-native engineering platform we built for professional developer using open standards call “Choreo”, you can try for free from

Should vendor landscapes shift into an industry-wide standard architecture model?

Top Answer : I used to lead the solutions architecture team at WSO2 for more than 10 years. While working with architects I identified a bunch of issues that they are facing. First, people are looking at a mismatch of reference architecture because most of them are reference implementations. I call it a reference implementation because most are bound to a specific vendor. It's explaining how you build something using that particular vendor technology. I wanted to make a vendor and technology-neutral architecture. Second, people are blindly moving to microservices. They are not looking at the complications they face in production systems and enterprises, or how to use microservices correctly. And there's a need to group or federate microservices but there's no standard to do that. In addition to that I saw a gap between the architecture, development, and deployment—basically between the architect, developer, and DevOps engineer. There was nothing common that you could take from architecture into development, and into deployment. So I wanted to build an architecture construct that can take throughout the development life cycle. I call the architecture construct a ‘Cell’ in the reference architecture.   That's where cell-based architecture (CBA) came into the picture. I saw that the concept of cells in biology was very fitting because cells create complex systems, and in an enterprise, you see the same thing. I studied system biology a bit and looked at parallels between biology, system biology, and the system architecture to create this architecture style. For example, each cell should have a gateway, like the membrane of a biological cell that controls it. After I released a paper on this in 2018, many other parallels came on the market. Uber is using a concept called Dorma, a domain-oriented microservices architecture, which is the same concept. A number of our customers use this concept to plan, build and run their cloud-native microservice deployments. We are planning to inherit some of the concepts in our internal product development in this low-code and pro-code platform as well. You can read the complete spec from, released under CC-4.0 so feel free to contribute, comment and even criticize.

Which is written correctly?

Top Answer : It depends. Most posts or written explanations can be any one of these. Most of the posts I follow in the government sector in he US spell it “cybersecurity” but I have also seen it spelled “cyber security” or “cyber-security”. Overall I would see “information security” as covering all security within a organization. I think it would probably depend on where you work, where you live and what you do but all of these are fairly ambiguous.

Related Tags