Top 4 compliance lessons I learned from the movie “The Blob”

You probably know the storyline, a mysterious Blob creature crashes to earth via a meteorite and two teens (Steve McQueen & Aneta Corsaut) head out to investigate. Along the way they run into an elderly man who has a weird blob attached to his arm. They take him to the doctor’s office, and then go to find out what happened. From there, the Blob begins spreading through the town and eating everyone in its path.

The Blob, a horrifying monster from the 1950’s sci-fi era, is much like its software namesake BLOB (Binary Large Object) that lives on today in modern digital services – albeit no longer binary.

Here’s four compliance lessons I was reminded when watching The Blob:

  1. Compliance fact #1: an enterprise has the same amount of risk associated with how it handles data it receives as it does for data it is sending.   Blob fact #1: if you touch the Blob, you’ve got the Blob and there is no ‘do over’.
  2. Compliance fact #2: even if the enterprise really didn’t intend to receive the data, HIPAA and GDPR regulations require that same diligent care be given to any sensitive data no matter how it enters the enterprise. Blob fact #2: even if you didn’t intend on touching the Blob, once you’ve come in contact you’re exposed.
  3. Compliance fact #3:  often when an application needs to access a single innocuous piece of data, a large complex data structure that holds the item is returned.  Blob fact #3:  the Blob may appear to be small as it creeps under the doorway, don’t be fooled, the Blob is massive.
  4. Compliance fact #4: an application may log or otherwise save the BLOB data without ever realizing how sensitive that surrounding data is. This exposes the enterprise to risk that was not immediately apparent given the nature of the application or digital service. Blob fact #4:  While the Blob starts off small and appears innocuous, once exposed to human contact it’s painful (It’s first victim is heard moaning ‘it hurts…it hurts’). From there the viewer is convinced and frightened of the risk.

Don’t be like the townsfolk and heed the learnings from this movie: don’t overlook compliance when handling data.

The Trapize Digital Service Broker high-performance proxy provides visibility to all data that is crossing the enterprise boundary.  All elements of the BLOB are inspected, tokenized and optionally redacted.  Alerts and alarms can be attached to sensitive data that crosses the enterprise boundary in either direction so we can warn the townsfolk (I mean enterprise).

Think of Trapize as your digital “Steve McQueen” who is helping to protect your data from the risks and exposures you might not believe in before it’s too late.

Keep your enterprise in the fast lane with proactive digital service alerts

As a daily commuter and an engineer, I have often thought there is some parallel that can be drawn between traffic on the roads and the digital services being used in corporate networks.  Speed, congestion, accidents and any number of factors could impact your trip. Unlike the traffic helicopters reporting to help a driver steer clear of hazards, many in IT are caught by surprise when slow traffic or a problem is ahead.

Let me explain, I live in state where most residents view the speed limit as a suggested starting point, when the traffic is moving along at steady pace of 75MPH, everything is flowing smoothly.   However, when a few drivers decide to obey the speed limit of 65MPH, then the rhythm of the commute becomes as congested as the coffee shop line on free donut day.

Today’s most modern applications use more than one digital service.  These services are tightly choreographed to achieve whatever ultimate goal the business needs to keep running smoothly.  Like with an accident on the highway, when one service completely fails it is pretty apparent what the issue is.  Yet, when a service – or set of services – simply starts to slow down, the root cause of the failing infrastructure is harder to determine.

As digital services are consumed in an enterprise, there is an implicit service contract between the application and the external services.  Application developers often assume that if no error occurs on an external transaction, then everything is working correctly. Simply slowing down services over a small period of time can cause a catastrophic failure of an application ecosystem.  This applies to a single service slowing down or a set of services slowing down sporadically which unfortunately is occurring as more and more systems and networks become overloaded or under attack.

At Trapize, our digital services broker monitors all the services that your enterprise is using, think of us as your traffic helicopter reporting on the health of your digital traffic. We provide sophisticated monitoring of external services providing key performance metrics across a wide range of functionality. Alerts can be passed to the enterprise infrastructure or triggered in-band to the applications when services start to misbehave.

Like Sammy Hagar, I will freely admit, “I can’t drive 55”.  Enterprises need a way to ensure their services aren’t as well.

Digital service monitoring, compliance & governance “The Jetson’s”-style

Back in the golden age of cartoons – at least my golden age – there was a company called “Spacely Space Sprockets, Inc.” that employed the well-meaning, yet stressed at times George Jetson. Many an episode included the company and how they used advancements in technology to outperform their competition “Cogswell Cogs”.   When employees showed up for their hard day’s work, they only needed to push a button once to start and stop things.  To this day, I have no actual idea what they made, but I have come to realize that this is how the best technology ends up working.

If you look at the march of technology in the security space, not only has it become more sophisticated, the deployment has become increasingly frictionless. Today’s IT professionals have adopted the model of not needing to deeply understand the underlying products they support, they just need to understand the risks it might pose to the enterprise.  From there they can then implement the simplest, most cost-effective solution to mitigate that risk.

No IT professional would be expected to understand the intricacies of an operating system to deploy a virus scanner.  It would be unreasonable to expect your IT department to write custom code that opened every packet entering a system, inspect the packet for intent, then write code to apply rules to handle that particular packet.  No matter how good the tools that you give them are, “slow and costly” is not the mantra for any modern IT department.

Many API management companies would have you believe that is state-of-the-art technology for secure enterprise digital services. Their tools are designed for programmers by programmers. Implicit in this design is the fact that you need to have deep understanding of a service to properly protect your enterprise.  No matter how many cool tools and drag and drop GUI’s they provide, your IT staff better have a programming degree and be willing to dedicate a couple of months’ time to implement even the most basic solution.  An inescapable truism in the IT world is that time is directly proportional to cost and complexity of the solution being deployed.

At Trapize, our digital services broker makes you a modern-day George Jetson. The enterprise IT staff never needs to understand the service and is never exposed to sensitive company or personal information. Our catalog currently supports over 1000 of the most popular digital services in use today. Browse our catalog, pick a service, then click a button.  Monitoring, compliance, and governance with a single click of the mouse.  Not only should it be that easy, now it is.