Computer security is only as strong as its weakest component
In a context of increasing digital transformation and constant cyberattacks, as we have recently seen in Portugal, the downtime of an application means failures in services provided by a company, usually with a negative impact on reputation and high financial costs.

To meet the needs of markets and users, or even due to legal, tax, and computer security requirements, companies have been compelled to quickly adapt their information systems. 

At the same time, there is an to update and monitor infrastructures (servers, firewalls, networks, etc.) and operating systems, as well as communicate the best practices among employees and partners. 

This communication should be an alert to verify the domains from which an email or SMS is received, avoid phishing and identity theft schemes, promote the use of secure passwords, or even publicize the ban on installing unauthorized software on computers. 

Computer security is only as strong as its weakest component. In the absence of 100% secure systems, sometimes it is a question of identifying and mitigating the potential impacts that the weakest link may have on the entire system.

The pandemic also brought profound changes, some more evident and immediate (e.g., the increase in e-commerce and the frequency of cyberattacks) and others with a more delayed impact, such as how we are now working. 

These changes have highlighted the need to build Centers of Excellence (CoEs), to monitor the operation of the most critical applications, since the moment they are created, establishing security policies and practices, until the day-to-day operation monitoring.

CoEs are also responsible for periodically performing technical analysis of the applications’ architecture and its integration into the company’s applications ecosystem. These must always be articulated with the department in charge of cybersecurity to improve or minimize problems identified in security audits.

In addition, CoEs may recommend preventive, evolutionary, or corrective maintenance services for specific applications, typically accompanied by application development services. Preventive maintenance focuses on analyzing the history of incidents and the characteristics of the infrastructure or application logs – performed manually, by a specialist, or automatically with software and artificial intelligence. It is necessary to look at application incidents more strategically and less reactively, as well as have a clear methodology on how to approach the topic.

Also in critical situations, for instance after a serious cyber-attack, the application knowledge of a CoE is often critical if it is necessary to rebuild or replace critical application parts for the business. Last but not least, it should be noted that the work of the CoEs should always be based on specific methodologies, in line with the best market practices, which must be understood by the entire organization, to place no barriers to the necessary work.

Business-critical applications are the backbone of organizations, as the competitive advantage is not so much knowing who is better, but who is faster and more agile in adapting to a changing context. The CoE-based approach allows companies to focus on their core business activities, such as sales, marketing, or product development. That means not to worry about application maintenance or the impacts of cyberattacks because businesses cannot stop.

Maycon Silva
Head of Innovation Lab at askblue