Sizzle versus simple: what’s your approach to digital transformation?

We here at Trapize spend a lot of time talking to businesses that are beginning to transform themselves into modern digital enterprises.  Most of what we talk about revolves around the sizzle topics: compliance, governance, and data loss prevention (DLP).  While those are great topics to address, it is important to remember that the simple things matter too.

When an enterprise is choosing to consume a digital service, an implicit contract is made with the service provider that the particular service remains both available and reliable.   More and more we hear of enterprises requiring service level agreements (SLAs) for services that are now crucial in the day to day operation of their business.   A complete service outage – or even a consistent delay in processing requests – can have a disastrous, sometimes cascading effect on internal business systems.  Even if a service is moving data packets in and out, it is crucial to have a view that shows the service is actually performing the task the business is paying for.

The modern digital enterprise needs a way to effectively monitor, ensure availability, and measure the performance and functionality of the services it has built the business around.

The Trapize Digital Services Broker (DSB) monitors the performance of all the digital services within an enterprise.   Built-in support for secure socket layer inspection (SSLi) allows the DSB to not just ensure that encrypted data packets are flowing in the network but to also inspect the flow for service functionality.  The DSB monitors and understands the service response time and actual responses to ensure the service is positively performing as expected and not just passing packets around.  Reports summarize the use of a service by requests and responses and monitor the service on a packet-by-packet basis for latency, delays, and service faults in the encrypted tunnels.  Alerts and alarms can be tied to these metrics allowing the business to quickly identify service issues and quickly rectify them before critical services fail.

Proverbs: how to become a cloud-based digital service expert using Trapize, no fishing required

As a business transforms itself into a digital enterprise by consuming cloud services, the IT department may feel as if they are being dragged along for the ride.  Gone are the days when an IT department’s sole concern was the management of firewalls, email, VPN’s, and more.

Today’s IT departments are now being asked to not only evaluate digital services but also determine the risks that those services may pose to the enterprise.  With the services running through a ‘pinhole’ in a firewall or via some encrypted, tunneling technology, the IT department must secure the access while also understanding the underlying data that is being exposed.

Every digital service that an enterprise exposes itself to causes the corporate IT staff to become an expert in a new application domain.  An enterprise either chooses to assign staff to help IT understand the applications (“give the man a fish…”) or begin the process of training the IT staff on the applications (“teach them to fish…”).

We’ve found that when it comes to our customer’s digital services, they don’t want to deal with fishing at all.  They instead want to sit down to enjoy a nice trout almandine.  The Trapize Digital Services Broker can make that a reality with built-in service intelligence.

The built-in tokenizing data vault allows the network management and IT staff teams to monitor and control application performance without being exposed to any sensitive business data. The Trapize inline proxy delivers profiles of popular digital services that allows the IT department to both monitor the performance of the service at the application level and enforce compliance and governance controls without becoming application experts.

Is Shadow IT going to sink your enterprise?

We’ve all heard the saying “loose lips sink ships” and now imagine how that translates to enterprise data, where sometimes exchanging sensitive data with a partner is a good thing, sometimes not so much.

Today we’re finding that corporate infrastructures at most large enterprises have sprung more than a few leaks.  This situation has been driven by the rise of cloud-based digital services, where corporate IT is under increasing pressure to open ‘pin holes’ in a firewall or add DNS exceptions to satisfy business needs.

Unfortunately, this is a risky approach that could compromise the safety and integrity of the enterprise network, particularly since the term ‘pin hole’ implies a small, manageable exception to the otherwise rigid controls that a firewall supplies.  In reality, this couldn’t be further from the actual risk introduced with this approach.

With every pin hole or exception added, a ‘digital waterway’ is created where data can flow in and out of the enterprise.  Adding another layer of complication, this data is often encrypted so centralized compliance and governance solutions have no visibility into these streams.  This has given rise to the popular term “shadow IT”, where core IT has ceded control of previously protected corporate data to the line of business application using cloud-based digital services.  All in all, a pretty perilous situation and unacceptable to regulators who provide oversight.

While some cloud security solutions gaining in popularity today think that scanning for data that has left your enterprise gives you control, we think having the right tools – a sound strategy and navigational instruments – is a safer approach.

So why are enterprises putting their data at risk?

At Trapize, we have built an in-line proxy that not only decrypts this data, ours has a packet-by-packet deep understanding of the data in an application flow.  So, as data enters or leaves the enterprise perimeter, Trapize can apply policies on a service-by-service basis.  It’s a better approach to keep your enterprise afloat.

APIs help digital services ‘talk’ but does IT know what’s being exchanged?

For the last several years businesses have been on a digital transformation journey and today APIs are proliferating. Last year alone, estimates show that a typical enterprise required integrations with over 1,400 unique cloud services. It’s clear that businesses are consuming multiple services from multiple sources.

But businesses face compliance and control challenges in their shift to digital services driven by APIs: cloud-based traffic is traversing firewalls with little IT visibility or control, there’s increased areas for threat as your organization adds/consumes services, and there’s a lack of existing tools to address this exposure when consuming these services. Gartner predicts that “through 2020, 95% of cloud security failures will be the customer’s fault.”

Consequently, IT is caught in the middle trying to address core business functions – controlled stability, internal platforms, service-oriented architectures – while navigating pressing requirements like agile innovation from their line of business stakeholders. But with more than 150,000 third-party APIs available today, business leaders are faced with not only a blind spot but also the discovery of ‘shadow IT’ teams when trying to secure and manage company-wide APIs.

This has led to a critical need for brokered intermediation and digital services governance to monitor usage and protect data. Some questions to consider:

  • Who has access to API-driven business services?
  • When, where and how they are being used?
  • What type data is being exchanged that may be bypassing your existing security controls?

If there is a gap in oversight, Trapize provides the missing piece. Trapize is a digital service broker that gives your IT organization real-time visibility and control into the behavior and value of the digital services that drive your business. There is no other solution available today that provides compliance, governance and security for the API-based microservices your enterprise consumes. Trapize alerts you of potential risks, ensures compliance requirements like FISMA and HIPAA are met, and acts as a control point to enforce data security policies, protecting your enterprise against threats.