Top 4 compliance lessons I learned from the movie “The Blob”

You probably know the storyline, a mysterious Blob creature crashes to earth via a meteorite and two teens (Steve McQueen & Aneta Corsaut) head out to investigate. Along the way they run into an elderly man who has a weird blob attached to his arm. They take him to the doctor’s office, and then go to find out what happened. From there, the Blob begins spreading through the town and eating everyone in its path.

The Blob, a horrifying monster from the 1950’s sci-fi era, is much like its software namesake BLOB (Binary Large Object) that lives on today in modern digital services – albeit no longer binary.

Here’s four compliance lessons I was reminded when watching The Blob:

  1. Compliance fact #1: an enterprise has the same amount of risk associated with how it handles data it receives as it does for data it is sending.   Blob fact #1: if you touch the Blob, you’ve got the Blob and there is no ‘do over’.
  2. Compliance fact #2: even if the enterprise really didn’t intend to receive the data, HIPAA and GDPR regulations require that same diligent care be given to any sensitive data no matter how it enters the enterprise. Blob fact #2: even if you didn’t intend on touching the Blob, once you’ve come in contact you’re exposed.
  3. Compliance fact #3:  often when an application needs to access a single innocuous piece of data, a large complex data structure that holds the item is returned.  Blob fact #3:  the Blob may appear to be small as it creeps under the doorway, don’t be fooled, the Blob is massive.
  4. Compliance fact #4: an application may log or otherwise save the BLOB data without ever realizing how sensitive that surrounding data is. This exposes the enterprise to risk that was not immediately apparent given the nature of the application or digital service. Blob fact #4:  While the Blob starts off small and appears innocuous, once exposed to human contact it’s painful (It’s first victim is heard moaning ‘it hurts…it hurts’). From there the viewer is convinced and frightened of the risk.

Don’t be like the townsfolk and heed the learnings from this movie: don’t overlook compliance when handling data.

The Trapize Digital Service Broker high-performance proxy provides visibility to all data that is crossing the enterprise boundary.  All elements of the BLOB are inspected, tokenized and optionally redacted.  Alerts and alarms can be attached to sensitive data that crosses the enterprise boundary in either direction so we can warn the townsfolk (I mean enterprise).

Think of Trapize as your digital “Steve McQueen” who is helping to protect your data from the risks and exposures you might not believe in before it’s too late.

Keep your enterprise in the fast lane with proactive digital service alerts

As a daily commuter and an engineer, I have often thought there is some parallel that can be drawn between traffic on the roads and the digital services being used in corporate networks.  Speed, congestion, accidents and any number of factors could impact your trip. Unlike the traffic helicopters reporting to help a driver steer clear of hazards, many in IT are caught by surprise when slow traffic or a problem is ahead.

Let me explain, I live in state where most residents view the speed limit as a suggested starting point, when the traffic is moving along at steady pace of 75MPH, everything is flowing smoothly.   However, when a few drivers decide to obey the speed limit of 65MPH, then the rhythm of the commute becomes as congested as the coffee shop line on free donut day.

Today’s most modern applications use more than one digital service.  These services are tightly choreographed to achieve whatever ultimate goal the business needs to keep running smoothly.  Like with an accident on the highway, when one service completely fails it is pretty apparent what the issue is.  Yet, when a service – or set of services – simply starts to slow down, the root cause of the failing infrastructure is harder to determine.

As digital services are consumed in an enterprise, there is an implicit service contract between the application and the external services.  Application developers often assume that if no error occurs on an external transaction, then everything is working correctly. Simply slowing down services over a small period of time can cause a catastrophic failure of an application ecosystem.  This applies to a single service slowing down or a set of services slowing down sporadically which unfortunately is occurring as more and more systems and networks become overloaded or under attack.

At Trapize, our digital services broker monitors all the services that your enterprise is using, think of us as your traffic helicopter reporting on the health of your digital traffic. We provide sophisticated monitoring of external services providing key performance metrics across a wide range of functionality. Alerts can be passed to the enterprise infrastructure or triggered in-band to the applications when services start to misbehave.

Like Sammy Hagar, I will freely admit, “I can’t drive 55”.  Enterprises need a way to ensure their services aren’t as well.

Overcoming ‘analysis paralysis’ to achieve digital transformation of your business

Time is the true enemy of most businesses.  This has never been more apparent than when a business begins the transformation to becoming a digital enterprise.

Cloud-based services allow businesses to pick best-in-class APIs and components for building out their digital enterprise.  However, as the shift of services transitions from being hosted within the enterprise to the cloud, legal requirements like the compliance and governance of data must still be met regardless of the location of the enterprise’s perimeter.  Unfortunately many businesses have become paralyzed as they struggle to understand the implications of bringing a digital service into the enterprise. This paralysis then amplifies the time it takes to safely on-board any digital service and results in added cost for this transformation while potentially losing opportunities to their more nimble competitors.

The Trapize Digital Services Broker (DSB) enables businesses of all sizes to quickly and safely make this transition.  The Trapize DSB includes pre-built service profiles for the most popular digital services used by businesses today.  Each profile is available for download and installation for a low annual subscription fee.  The service profiles allow businesses to transparently add compliance, governance, and performance controls in minutes.  The DSB is designed to support thousands of digital service profiles in a single distributed proxy ensuring common compliance and governance controls across the enterprise.

While we don’t have a flux capacitor – or a custom built DeLorean – to go back in time, we can help businesses catch up to their competitors by beginning their digital transformation today rather than in a distant future.

Proverbs: how to become a cloud-based digital service expert using Trapize, no fishing required

As a business transforms itself into a digital enterprise by consuming cloud services, the IT department may feel as if they are being dragged along for the ride.  Gone are the days when an IT department’s sole concern was the management of firewalls, email, VPN’s, and more.

Today’s IT departments are now being asked to not only evaluate digital services but also determine the risks that those services may pose to the enterprise.  With the services running through a ‘pinhole’ in a firewall or via some encrypted, tunneling technology, the IT department must secure the access while also understanding the underlying data that is being exposed.

Every digital service that an enterprise exposes itself to causes the corporate IT staff to become an expert in a new application domain.  An enterprise either chooses to assign staff to help IT understand the applications (“give the man a fish…”) or begin the process of training the IT staff on the applications (“teach them to fish…”).

We’ve found that when it comes to our customer’s digital services, they don’t want to deal with fishing at all.  They instead want to sit down to enjoy a nice trout almandine.  The Trapize Digital Services Broker can make that a reality with built-in service intelligence.

The built-in tokenizing data vault allows the network management and IT staff teams to monitor and control application performance without being exposed to any sensitive business data. The Trapize inline proxy delivers profiles of popular digital services that allows the IT department to both monitor the performance of the service at the application level and enforce compliance and governance controls without becoming application experts.