Link between information security and AMM
Security needs more awareness! And, this is not only true in terms of the IT industry: 72% of all decision makers, suggested by latest research, indicate that their IT-security program is neglected -somehow. Furthermore, security measures are – most of the time – part of the equation when it is actually too late.
What can be inferred from that?
If a company is going to be successful in a sustainable way not only reactive, but also holistic and/or proactive concepts need to be implemented in order to take full advantage of a company’s potential. This is why security is paramount on the AMM CoE (short for Center of Excellence) agenda. The purpose is to bring data security and data integrity to the next level and make it one of the indispensable core competencies that complement AMM implementation efforts.
What are the main goals of information security?
Any form of information security has to meet the following criteria to provide sustainable safety:
- Availability: Information has to be available consistently
- Confidentiality: Prevents the disclosure of information to
unauthorized individuals or systems
- Integrity: Information has to be protected from damage
Lesson learned: AMM efforts and security are not at odds, they rather complement each other – but where is the link between AMM and security?
Information security addresses the main goals of Application Management and Modernization (AMM), especially against the backdrop of sprawling application jungles. Application Management increases transparency in complex legacy landscapes – that have grown over the years – and brings about improved delivery capabilities as well as standardization.
Many applications carry out redundant assignments for different departments and/or processes. A case in point would be procurement: Furniture is managed by one application, while as procurement for paper is managed by another application; although the process and activities are identical.
Application Management and Modernization identifies these applications and functionalities to, for example, build new standalone applications.
Lack of transparency and complexity are the most common obstacles to every efficient security program. Transparency and simplified complexity is achieved by implementing, transforming, and modernizing all affected IT-processes according to certain standards (ITIL).
As a result, however, the customer receives an exact overview of his applications and is able to answer the following questions.
- Does the application work?
- Where is the application?
- What is the application doing exactly?
- Who is managing the application?
- Are their interdependencies and which data is processed by the application?
With the help of a Security Risk Management Process, the user is able to take actions that are capable of minimizing security risks. Yet, the prime principles, when choosing the battlefield, remain efficiency and error-free implementation.
Above all, it is extremely vital to stick to the security standards in order to increase the possibility of a resilient security system and ROI for all security measures.
Delivery capacities describe T-Systems capability to provide this service worldwide. This means that every employee and every data center is able to perform the necessary standardised process; differences only arise out of the chosen delivery model (on- or offshore). In the case of an incident, like a power shortage in one region, another data center will deliver the service with minimal impact on the daily business. This leads to a high availability of the running application
Several blog entries already addressed the utilization of AMbition® 3.0, T-Systems AMM solution. This standardized tool allows every project participant to react quickly and unitarily in the event of an incident – the required availability is the result. Security measures in every of the three phases (transparency, delivery capacity and standardization) provide a gapless progress. The goal is to continuously ensure the necessary security criteria (availability, confidentiality, integrity).