Gartner: Sculpting Change
Written By: Austin Miller
Engineering trust isn’t the only thing that we cybersecurity pros have to focus on – we also need to think about how the world of IT is changing. Sculpting that change is key to empowering both IT teams and business partners to attain the targets they want. Of course, guiding the change that you want to see in the (business) world is not easy, but it can be made easier through some clever innovations and an intelligent approach to automation.
For that reason, we’re focusing on the next four key developments in Gartner’s 12 Top Strategic Technology Trends starting with composable applications – the art of creating apps that are easy to create, rapidly. Not only are these services easier to manage from a security perspective, but they are also easier to deploy and easier to fit into an automated workflow.
What are composable applications?
If you are working in a production environment with non-technical employees, you’ve likely come across no code solutions. These simple, semi-pre-built approaches to application and workflow creation have revolutionized who can create useful contributions to business goals. But the world of work is changing and fusion teams – combinations of developers and business experts – need a new way to quickly create exactly what they need at the drop of a hat.
In order to do this, we need to be prepared to remove coding ability as a prerequisite for application creation. For security professionals from a developer background, this likely sounds like sacrilege! But pre-packaged, customizable applications that can be built by non-specialists are the next big thing.
Implementing composable applications depends on many factors – some proponents of this approach back Infrastructure-as-a-Service (IaaS) as the best way to implement a completely composable application driven approach. Plugging the individual pieces of an application into the larger IaaS framework then becomes a matter of managing and securing APIs, something that is sometimes easier said than done.
Other organizations – especially those with large development teams or a DevOps/DevSecOps approach to work – may want to custom-build their own IaaS platform that provides the functionality that they need. By breaking apart all of the pieces of overall business goal into chunks, a combined DevSecOps team can create and manage the integrity of each part with greater control and greater trust in the viability of individual parts.
What does this mean for the world of IT?
Traditional Software-as-a-Service (SaaS) approaches will become a thing of the past. You don’t have to take my word for it either – here’s Gartner’s statement on the topic:
By 2024, the design mantra for new SaaS and custom applications will be “composable API-first or API-only,” rendering traditional SaaS and custom applications as “legacy”.
Considering that SaaS products dominate the market right now, this bold prediction is likely to upset a few people around the world!
How can composable applications help security teams?
If you’ve had to work with no-code/low-code solutions, you may be well aware of the logistical nightmare of dealing with a web of pre-built and completely customizable applications. Because these microservice-like aspects all belong to someone else, actual security work becomes a balancing act of creating value for business individuals while also managing the sometime clandestine backend.
Because composable applications are entirely driven by API-first or API-only goals, the applications themselves become extremely flexible. In line with agile goals, businesses and security professionals work together to create individual pieces of an application which can be managed separately and drawn from “fluid source pools”.
As with microservices, composable applications become a series of small tasks that need to have their security managed separately. Individual application parts are handled by smaller management teams, allowing for more time to be spent securing the chain that holds the whole approach together – securing the API. In this sense, composable applications require less security overhead and allows smaller, individual teams to specialize on a certain aspect of the application creation and maintenance process.
How are composable applications implemented?
As the financial sector is one of the largest in the tech-obsessed global north, it is no surprise that composable applications have found their place at the American banking company, Ally.
By creating multiple packaged-business capabilities (PBC), Ally has copied tech giants Amazon in implementing microservices that are individually managed and provide greater flexibility for customers. One example of this is the fraud alerting feature, a necessary tool that was implemented by the fusion team from their low-code environment. Not only was a massive amount of time saved in the creation of these individual application pieces, but the customer also gains greater satisfaction and ease of use.
