Application ecosystems are expanding and becoming more complex with the emergence of AI-based applications, modernization efforts, and new initiatives. While I don’t think that’s necessarily a secret, some aspects across an ecosystem are essential to focus on, and lack of visibility or understanding can cause frustrations within entire organizations.
Teams that manage applications have an incredibly tough job, and it’s only getting more challenging — especially as managers and executives now want intelligent insights about application costs, performance, and layout. The problem is gathering that information is easier said than done.
To help reduce the headaches, here are five things you should focus on in your application ecosystem and how to solve them.
Impact
Organizations are adding and modernizing more applications for various reasons, such as AI, new initiatives, and migration. One of the biggest concerns I hear is that application teams don’t know how updates or new applications impact others in the same ecosystem.
As you can imagine, this is a big problem. One update or fixing of a vulnerability in another app can break the rest of the applications it was tied to. Sometimes, it’s easy to follow the path manually. However, most of the time, a lot of quick-fire drill digging must be done.
A large financial institution I was recently working with mentioned how they use 50+ tools in their application lifecycle toolchain. Writing and maintaining custom dashboards and scripts to manage vulnerabilities is becoming more cumbersome and unmanageable. They see this as a considerable risk to their core banking operations.
There are two ways to go about solving this. First is getting a middleware-type solution that takes all the application data streams and funnels them into one interface to see the correlations between applications. This approach makes everything visible — which is honestly the biggest issue with trying to modernize.
The other approach is looking at your applications and seeing where to build more connectivity between them. This is more of a DIY approach and will require more time and resources, but it’s more suitable than disparate applications everywhere and having no idea about the impact between them.
Blast Radius
Security professionals already know blast radius is a big deal, but most application teams don’t. I’m not talking about the actual vulnerability of Blast-RADIUS, specifically the “area and distance of impact” terminology.
In a recent engagement, a customer’s environment had 200+ applications and employed a team of 30 people to manage vulnerabilities. But the interesting fact was that they prioritized vulnerabilities without any knowledge about the impact on the application — if an application was critical to their business or was behind a firewall without any public access endpoints exposed. These factors should influence decision-making, which can only be done through automation.
Application vulnerabilities (no matter how big) have a blast radius ranging between easy-to-understand and unknown. While this ties into my first point of impact, application teams who manage the ecosystem between clouds, edge devices, and on-prem have a rough job trying to make blast radiuses small or resilient. Modernization efforts are usually a hybrid approach, so teams must know where and how things can be impacted.
Observability software must be attached to your applications to help connect the dots between an application and its end of connectivity. An application is as far-reaching as it’s built out to be. Understand and anticipate blast radiuses in your ecosystem.
Data
At this point, data rules everything around us. Quality data can be the most helpful thing to care about in this new AI-driven landscape.
We’re seeing more clients bring separate data streams directly into a single solution to understand their ecosystem better. While that’s highly recommended, the data needs to be incredibly buttoned up when it gets to the solution to take meaningful action.
When it comes time for application teams to run diagnostics, testing, and CI/CD, insufficient data and data streams will ruin progress and create more inefficiencies.
User Interface
A lot of vendors pride themselves on slick UIs and easy-to-use portals. Whether it’s security software or a DevOps solution, users will have access to drag-and-drop and other easy ways to interact for productivity.
However, there’s probably not a single UI available to manage your entire ecosystem. And if so, it’s perhaps not the easiest to use.
We’re all shifting in that direction of needing to manage applications better, so start with finding a middleware-type solution that can provide this or create one in a DIY fashion. If you choose the DIY route, please prioritize the teams/personas using it.
Can your CFO pop into the interface and easily see how much your applications cost the business? Can your application teams understand what’s going on at a high level yet be able to dig deep into issues with a click or through AI/ML? That’s the point we all need to get to.
Compliance
Whether privacy, certificates or something else, compliance is an area with an added level of buttoning up and due diligence. It’s also stressing application teams out as applications become more prevalent and more intertwined with the architecture.
A CTO at a large pharmaceutical company mentioned his CISO and BISO teams track compliance through spreadsheets. This is error-prone and introduces further risk to their operations, and he was actively looking for ways to reduce or eliminate risk to his enterprise.
It’s to a point where the most prominent solution here is automating. Automating policies, certificates, and privacy rules are all incredibly important. My reason for bringing this up is that there needs to be more emphasis on doing this in a way that doesn’t damper the CI/CD process.
Suppose organizations want to take themselves seriously in innovation and modernization. In that case, application teams need a solution that automates these paperwork-type issues so they can focus on the more significant revenue-generating problems to solve.
Complexity Isn’t Slowing Down
Whether it’s compliance, blast radius, impact, UI, or data, managing an application ecosystem is becoming more prominent. Application teams need something better than manual processes. Executives need easy-to-use solutions. Business leaders must create solutions that help application managers work efficiently and effectively because complexity isn’t slowing down soon.
I speak from personal experience where we have implemented the above five attributes in my teams’ software development and management process. The fact that application complexity is increasing over time made us realize the current techniques we use (though they may appear sufficient today) were soon becoming cumbersome and burdened to stay up-to-date with impact analysis using data that was becoming out of control. This is why we invented new mechanisms to automate the whole risk management process end-to-end.
Some human oversight is still required (I don’t see that disappearing soon). But with modern techniques and the advent of generative AI, we have solved this issue while preparing ourselves for the future load of applications coming our way. We can now spend time on more high-value tasks – like developing quality code with new features that our customers expect of us.
The post 5 Things IT Teams Should Focus On in Their App Ecosystem appeared first on The New Stack.
Leave a Reply