Digital transformation. It’s the buzzword that’s on the mind of every technology professional as companies across all industries look to modernize their tech habits, because in this increasingly digitized world, every company is a tech company.
Cloud, mobile, and big data technologies are already forcing organizations across every vertical to adapt, and that’s just the beginning. Emerging technologies in the form of AI, machine learning, Internet of Things (IoT), and blockchain are further causing disruption.
With more than 80% of enterprises still in the early stages of digital innovation, the time is now to tap into this accelerated change of pace. Old infrastructure and the traditional ways of building apps are becoming growth inhibitors for enterprises and small and mid-sized businesses.
Companies need rapid innovation to rollout new business models, optimize business processes, and respond to new regulations. And business leaders and employees are demanding this agility – everyone wants to be able to connect to their Line of Business (LOB) systems through mobile devices or remotely in a secure and efficient manner, no matter how old or new these systems are.
What is Application Modernization
Legacy application modernization is a project designed to create new business value from existing, aging applications by updating them with modern features and capabilities. By migrating your legacy applications, you can include the latest functionalities that better align with what your business needs to succeed.
Keeping legacy applications running smoothly while still being able to meet current day needs can be a time consuming and resource intensive affair. That is doubly the case when software becomes so outdated that it may not even be compatible with modern day systems.
Why Do Enterprises Need Application Modernization
Let’s take this one step further – why do enterprises specifically need application modernization?
- Cost Avoidance: You can eliminate a costly capital expense in favor of a manageable and scalable operating expense.
- Staff Productivity: From fewer application incidents, improved team utilization, and new features and functionality, modernized applications are built to help your employees.
- Customer Experience: Similar to your employees, modernized apps are ultimately built to improve the customer experience by enabling new services and processes with a more user-friendly interface.
Build a New Revenue Stream: An updated system allows your business to create new services and processes that add value to the customer and create new revenue streams.
Legacy Modernization Strategies
Legacy modernization strategies can include the re-platforming, re-hosting, re-coding, re-factoring, re-architecting, re-building, or the replacement and retirement of your legacy systems.
Applications dating back decades may not be optimized for mobile experiences on smartphones or tablets, which could require entire re-platforming.
This isn’t to say that application modernization is about completely reprogramming from scratch.
Instead, it’s about taking the bones, or DNA, of the original software, and modernizing it to better represent current business needs. This can be invasive and involve heavy re-coding, or non-invasive by linking the app via a modern cloud service or web-based front end.
An example of invasive modernization comes in the form of rewriting existing application code written in COBOL – the first popular programming language designed to be OS agnostic dating back to the 1950s that is still used by many financial and business applications – to more modern and friendly programming languages like Java and C#.
There are thousands of Line of Business systems designed for budgeting, order processing, invoices, approvals, and so on that are vital to how an enterprise functions. The reality is that these business functions can be overly complicated.
Multiple systems may serve somewhat similar functions that require an employee to jump from system to system to get work done. These varying degrees of functionality can hamstring productivity, preventing businesses from reacting in a timely manner to disruptive situations.
In some cases, legacy infrastructure can be decades and decades old. IBM, for instance, still produces its IBM System Z mainframes that stretches back nearly half a century. It may not be easy or practical to replace a system that has been a core function of your business for that amount of time.
A company’s infrastructure may also be quite diverse, with some processes running on mainframes, custom-built apps, or on an ISV solution customized exactly for that organization. Apps could also be hosted in the cloud or on-premises, making this diverse array of systems more challenging to innovate on or maintain with the speed necessary.
Lack of Agility
With legacy applications and aging infrastructure comes a lack of agility in an organization. Employees spend about 28% of their time on administrative tasks like copying data from one system to another, conducting approvals across multiple systems, and spending time hunting down data hiding somewhere in one of these systems.
On top of slowing down employees, many CIOs report that 70 to 80% of their IT budgets are tied into running current processes or maintenance, leaving very little wiggle room for innovation. These legacy applications and aging infrastructures can be a drain on company resources that can be alleviated by application modernization.
Infrastructure can be centralized in a data center or spread across multiple data centers. These decentralized data centers can be controlled by the organization (owner) or by a third-party, such as a cloud provider or a colocation facility.
While the terminology may seem hard to follow, here’s an overview of what makes an infrastructure, down to each component and IT support services.
DATA CENTER INFRASTRUCTURE
This infrastructure supports the data center hardware with power, cooling, and building elements. This hardware includes:
- Storage subsystems;
- Networking devices—switches, routers, cabling; and,
- Network appliances—i.e., network firewalls.
To ensure that data is secure and protected from theft or malicious damage, only authorized personnel should have access to the infrastructure. So for IT infrastructure security, data centers also have physical security for the data center building. This type of security includes:
- Electronic key entry;
- Video and human surveillance; and,
- Controlled access to servers and storage.
Outside of the data center is the Internet infrastructure, which is built by Internet service providers (ISPs). The components of Internet infrastructure include transmission media, such as:
- Fiber-optic cables;
- Microwave antennas;
- Aggregators; and,
- Load balancers.
Cloud computing has changed the design and use of IT infrastructures.
INFRASTRUCTURE-AS-A-SERVICE (IAAS) MODEL
In this model, businesses access a cloud provider’s data center services and infrastructure. This model provides flexible, on-demand computing.
SOFTWARE-AS-A-SERVICE (SAAS) MODEL
A third-party provider hosts software, hardware, servers, storage, and other components for IT infrastructure.
The design of IT infrastructure must also support infrastructure management. In the form of software tools, IT administrators can view the infrastructure easily as a whole, or access details about any device in the infrastructure, making for efficient management. They are also able to optimize resources for various workloads and deal with the impact of changes to those resources.
Systems management tools help IT teams to:
- Configure and manage network devices, storage, and servers;
- Support remote data centers;
- Support private and public cloud resources; and,
- Make use of automation to increase efficiency, reduce human errors, and support a company’s best practices and objectives.
An example of an infrastructure management tool is the Building Management System (BMS). BMS reports on data center facilities, such as:
- Power usage and efficiency;
- Physical security activities; and,
- Temperature and cooling operation.
TYPES OF INFRASTRUCTURES
As businesses grow and technology advances, businesses can use a variety of infrastructure types to meet current objectives. The different types of infrastructures include:
Manages services and software on IT resources by replacing components instead of changing them. For example, instead of using a patch to update an app, IT will deploy a newer app instead, retiring the old app and redirecting traffic to the new one.
As workload demands change, this framework will automatically adjust itself. This reduces time, effort, and errors in infrastructure management while improving efficiency. These resources can also be managed manually if needed.
This type of infrastructure’s assets is essential and require continued operation for the security of a country, its economy, and the public’s health and safety. It often includes remote data centers and cloud resources.
Includes the physical and virtual resources needed for the effective operations of a call-center facility. The components include automatic call distributors, computer-telephony integration, queue management, and integrated voice response units.
Virtualizes resources, making them available over the Internet using application program interfaces, command-line interfaces, or graphical interfaces. The cloud infrastructure allows users to see their resources and services and corresponding costs through user self-service, user-side reporting, and automated billing or chargeback. Cloud storage infrastructure has hardware and software components to support a private or public cloud storage service.
Also known as shadow IT, this is the part of a framework that has undocumented but active software and services whose function and existence is unknown to the system administrators.
Network security is the practice of preventing and protecting against unauthorized intrusion into corporate networks. As a philosophy, it complements endpoint security, which focuses on individual devices; network security instead focuses on how those devices interact, and on the connective tissue between them
Network security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users, and programs to perform their permitted critical functions within a secure environment.
But the overall thrust is the same: network security is implemented by the tasks and tools you use to prevent unauthorized people or programs from accessing your networks and the devices connected to them. In essence, your computer can’t be hacked if hackers can’t get to it over the network.
Definitions are fine as top-level statements of intent. But how do you lay out a plan for implementing that vision? Stephen Northcutt wrote a primer on the basics of network security for CSOonline over a decade ago, but we feel strongly that his vision of the three phases of network security is still relevant and should be the underlying framework for your strategy. In his telling, network security consists of:
- Protection: You should configure your systems and networks as correctly as possible
- Detection: You must be able to identify when the configuration has changed or when some network traffic indicates a problem
- Reaction: After identifying problems quickly, you must respond to them and return to a safe state as rapidly as possible
This, in short, is a defense in depth strategy. If there’s one common theme among security experts, it’s that relying on one single line of defense is dangerous, because any single defensive tool can be defeated by a determined adversary. Your network isn’t a line or a point: it’s a territory, and even if an attacker has invaded part of it, you still have the resources to regroup and expel them, if you’ve organized your defense properly.
Network security methods
To implement this kind of defense in depth, there are a variety of specialized techniques and types of network security you will want to roll out. Cisco, a networking infrastructure company, uses the following schema to break down the different types of network security, and while some of it is informed by their product categories, it’s a useful way to think about the different ways to secure a network.
- Access control: You should be able to block unauthorized users and devices from accessing your network. Users that are permitted network access should only be able to work with the limited set of resources for which they’ve been authorized.
- Anti-malware: Viruses, worms, and trojans by definition attempt to spread across a network, and can lurk dormant on infected machines for days or weeks. Your security effort should do its best to prevent initial infection and also root out malware that does make its way onto your network.
- Application security: Insecure applications are often the vectors by which attackers get access to your network. You need to employ hardware, software, and security processes to lock those apps down.
- Behavioral analytics: You should know what normal network behavior looks like so that you can spot anomalies or breaches as they happen.
- Data loss prevention: Human beings are inevitably the weakest security link. You need to implement technologies and processes to ensure that staffers don’t deliberately or inadvertently send sensitive data outside the network.
- Email security: Phishing is one of the most common ways attackers gain access to a network. Email security tools can block both incoming attacks and outbound messages with sensitive data.
- Firewalls: Perhaps the granddaddy of the network security world, they follow the rules you define to permit or deny traffic at the border between your network and the internet, establishing a barrier between your trusted zone and the wild west outside. They don’t preclude the need for a defense-in-depth strategy, but they’re still a must-have.
- Intrusion detection and prevention: These systems scan network traffic to identify and block attacks, often by correlating network activity signatures with databases of known attack techniques.
- Mobile device and wireless security: Wireless devices have all the potential security flaws of any other networked gadget — but also can connect to just about any wireless network anywhere, requiring extra scrutiny.
- Network segmentation: Software-defined segmentation puts network traffic into different classifications and makes enforcing security policies easier.
- Security information and event management (SIEM): These products aim to automatically pull together information from a variety of network tools to provide data you need to identify and respond to threats.
- VPN: A tool (typically based on IPsec or SSL) that authenticates the communication between a device and a secure network, creating a secure, encrypted “tunnel” across the open internet.
- Web security: You need to be able to control internal staff’s web use in order to block web-based threats from using browsers as a vector to infect your network.
Network security and the cloud
More and more enterprises are offloading some of their computing needs to cloud service providers, creating hybrid infrastructures where their own internal network has to interoperate seamlessly — and securely — with servers hosted by third parties. Sometimes this infrastructure itself is a self-contained network, which can be either physical (several cloud servers working together) or virtual (multiple VM instances running together and “networking” with each other on a single physical server).
To handle the security aspects, many cloud vendors establish centralized security control policies on their own platform. However, the trick here is that those security systems won’t always match up with your policies and procedures for your internal networks, and this mismatch can add to the workload for network security pros. There are a variety of tools and techniques available to you that can help ease some of this worry, but the truth is that this area is still in flux and the convenience of the cloud can mean network security headaches for you.
Network security software
To cover all those bases, you’ll need a variety of software and hardware tools in your toolkit. Most venerable, as we’ve noted, is the firewall. The drumbeat has been to say that the days when a firewall was the sum total of your network security is long gone, with defense in depth needed to fight threats behind (and even in front of) the firewall. Indeed, it seems that one of the nicest things you can say about a firewall product in a review is that calling it a firewall is selling it short.
But firewalls can’t be jettisoned entirely. They’re properly one element in your hybrid defense-in-depth strategy. And as eSecurity Planet explains, there are a number of different firewall types, many of which map onto the different types of network security we covered earlier:
- Network firewalls
- Next-generation firewalls
- Web application firewalls
- Database firewalls
- Unified threat management
- Cloud firewalls
- Container firewalls
- Network segmentation firewalls
Beyond the firewall, a network security pro will deploy a number of tools to keep track of what’s happening on their networks. Some of these tools are corporate products from big vendors, while others come in the form of free, open source utilities that sysadmins have been using since the early days of Unix. A great resource is SecTools.org, which maintains a charmingly Web 1.0 website that keeps constant track of the most popular network security tools, as voted on by users. Top categories include:
- Packet sniffers, which give deep insight into data traffic
- Vulnerability scanners like Nessus
- Intrusion detection and prevention software, like the legendary Snort
- Penetration testing software
That last category might raise some eyebrows — after all, what’s penetration testing if not an attempt to hack into a network? But part of making sure you’re locked down involves seeing how hard or easy it is to break in, and pros know it; ethical hacking is an important part of network security. That’s why you’ll see tools like Aircrack — which exists to sniff out wireless network security keys — alongside staid corporate offerings that cost tens of thousands of dollars on the SecTools.org list.
In an environment where you need to get many tools to work together, you might also want to deploy SIEM software, which we touched on above. SIEM products evolved from logging software, and analyze network data collected by a number of different tools to detect suspicious behavior on your network.
In conjunction with the development of these maturity models, Aperture has developed a Data Center Infrastructure Management (DCIM) maturity model to assist organizations in assessing their maturity in Data Center Service Management™ (DCSM™)