Years ago, I worked on a consulting project for a large financial services company, which had recently invested $20 million into their core offering, a managed services platform for financials that was used by hundreds of customers.
We did a Failure Mode Effect Analysis for them, looking at every component making up the major service—every app, every piece of infrastructure supporting each app, every business process, every development and IT process—and every permutation of interactions across that entire stack.
As it turned out, the routers they were using for each of their dedicated customers were end of life, which we flagged as an issue. Sure enough, all of those routers came up with a bug that turned into a nasty illness. It took down the entire infrastructure and none of the firm’s customers could access their financial systems to process invoices, make or receive payments, initiate new purchases. Suffice to say, it was a catastrophe.
The fact that a $20 million service could be taken offline by a $1,000 part goes to show that any system is only as strong as its weakest link and its associated app security insertion point. Major applications today are so complex they rival living organisms, with security acting as an immune system. Infections can come from anywhere, so you have to be looking everywhere, and defending everywhere too.
Read the full article published November 27, 2019 here: https://www.securityweek.com/build-your-immunity-across-all-app-security-insertion-points by SecurityWeek.