Next generation Application development

The Next generation application development will not only take care of utilizing 50 or 100+ processors which will be available in you laptop or desktop or mobile but by using parallel processing available at clients
https://sandyclassic.wordpress.com/2012/11/11/parallel-programming-take-advantage-of-multi-core-processors-using-parallel-studio/
I covered 7 points last article this is part -2 of
https://sandyclassic.wordpress.com/2013/09/18/new-breed-of-app-development-is-here/
also Next genration ERP read first: https://sandyclassic.wordpress.com/2013/09/16/new-age-enterprise-resource-planning-systems/
8. More pervasive BI eating App: Business Intelligence application development will go deeper in organisation Hierarchy
Oraganisation Hirearchyfrom more strategic level BI  and Middle management level to more pervasive  transactional processing level , and Office automation System level BI (shown in diagram as knowledge level or operational level.)

How it will affect architecture of Enterprise product Read SAP HANA
https://sandyclassic.wordpress.com/2011/11/04/architecture-and-sap-hana-vs-oracle-exadata-competitive-analysis/
Understanding Management aspect to little contrary view but related.. there will be need for more deeper strategic Information system to make more unstructured decision making.
https://sandyclassic.wordpress.com/2013/01/31/strategic-information-systems-will-be-in-focus-again-next-5-yrs/

pervasive BI bound to eat up Application development market also fulled by in-memory products like cognos TM1, SAP HANA etc..but also changes, cross functional innovation happening at enterprise level.
read :https://sandyclassic.wordpress.com/2013/09/18/new-breed-of-app-development-is-here/

As with these products no need for separate Database for datawarehouse and for operational systems. This unification of Operational data store ODS and data warehouse DW. on reporting level both Business intelligence BI and operational reporting will be accessing same database and that will be using in Memory technology.

9. Bigdata as everyone knows is Hot: more unstructured data than structured data today present for you is like open laboratory to experiment. More of it will find place in strategic management system and Management Information system.
read more details: https://sandyclassic.wordpress.com/2013/06/18/bigdatacloud-business-intelligence-and-analytics/

Read Application in security for metadata analysis : https://sandyclassic.wordpress.com/2013/06/18/how-to-maintain-privacy-with-surveillance/

10. Application security will be important as never before: its already there .
The intensity can be gauged from fact that changes in top 10 OWASP list is happening as never before and positions are changing in terms of top most risk ranking.
https://www.owasp.org/index.php/Top_10_2013-Top_10

list before:

https://www.owasp.org/index.php/Top_10_2010-Main

2010 A2 was Cross site Scripting XSS but 2013 at ranking to of perceived risk is Broken Authentication and session management. Changes do happen but here ranking and no of incident changing fast because momentum is fast.
11. More will continue when I find time next time….

Authentication market segment and future

Electronic authentication (e-authentication) is the process of establishing confidence in user identities electronically presented to an information system.

Authentication provider Market size estimated by Gartner estimate stand at 2 billion dollar growing at average 30% year on year with about 150 vendors.

Authentication technologies companies can be segmented to 3 types :

  1. Client-side software or hardware, such as PC middleware, smart cards and biometric capture devices (sensors)
  2. Software, hardware or a service, such as access management or Web fraud detection (WFD), that makes a real-time access decision and may interact with discrete user authentication software, hardware or services (for example, to provide “step up” authentication)
  3. Credential management software, hardware or services, such as password management tools, card management (CM) tools and public-key infrastructure (PKI) certification authority (CA) and registration authority (RA) tools (including OCSP responders)
  4. Software, hardware or services in other markets, such as Web access management (WAM) or VPN, that embed native support for one or many authentication method.

Specialist vendor provide SDK,while commodity vendor provide one-time password (OTP) tokens (hardware or software) and out of band (OOB) authentication methods.

Shift is happening in industry from traditional hardware tokens to phone-based authentication methods or supporting knowledge-based authentication (KBA) methods or X.509 tokens (such as smart cards). NIST defines three types of authentication methods:

Agile project management for security project

As Agile project management incorporates principles of Lean techniques , kaban and six sigma into software development life cycle. Lean comes into picture as instead of huge inventory of requirements getting stacked in Product/Project Backlog an inventory is kept as small or as lean as possible. Security feature or requirements are more costly if not caught early in life cycle or product development life cycle. Paper discusses lean management of security requirements. Also application of Security Testing Methodology , application of Security patterns anti-patterns to increase Reuse and reduce time and reduce cost.

UserStoryScrum

click to download document in word format:

Project management for information security management project

Information security has become most critical aspect of any firm today. From protecting intellectual property for any company where  patents company hold is substantial part for their business. Actually company shell out huge money for Acquisition and merger just to get patents like google acquired motorola mobility for getting patents related to hand held device, Microsoft acquired skype fot entering into telecom protocol and SIP phone based markets.. So now it more important for them t protect using security measures. Same way sites like Amazon which is book seller, best buy for retail same way there are companies which are emerging on web which are taking away the traditional way of doing business essentially everything is coming onto web. So we have Wen 2.0 then Web 3.0 to cloud computing where platform as service PAAS , infrastructure as service IAAS, Software as Service everything is exposed on web. its becoming more critical for them to manage security.

Biggest problem in Security is how to define security which i covered some part in my last article but there bigger concern how to manage security projects. Because traditional way of SDLC or software processes does not apply to security due to huge dimensions it can touch like a threat may come from software defined by OWASP , or Web interface still OWASP, or may come from OS (virus, malware, torjan etc…) or may be at assembly level, or may come from hardware recently DSS algorithm failing for ATM cards (PCI DSS standards) or it may come from operational lapses not captured in audit or it may come from transmissions of signals making data exposed to and machine catching signal or sensor network, or network layer Router switches or it may be in mathematics of encryption and decryption which is brooken. Domain is so vast that pointing 1 fault is sometimes mistake. Problem is: defining requirement has bigger problem but more bigger problems are which managing such projects. So what it takes to manage such project? traditional view of PDCA Plan – do – check  – Act does not take emergency situations and penetration testing when its done on software to website or and protocol or technology..PDCA is valid when u are creating a project of pen testing but for maintaining security is continuous task testing methodology like OSSTM provides help only in Application security project not for network security or  OS security or any there part security.. so security is continuous project..it requires exhaustive preparation.

 

Separation of Duties is not answer to problem its only corrective part where is preventive?

What Separation of duty does is It pins responsibility to one person in chain of command who can be hold responsible for the failure..But that’s only corrective part of problem. What about preventive part? For preventive part there should be one person in security Team who can work across technology from OS layer to network layer to application layer…and also at data mining level he can do statistical analysis of logs or of huge logs on hadoop clusters of server , create BI report to know the expectation of damage. It does not mean 1 person has to do everything it only means is he can take control of situation.he is director of symphony.

Also analyse most incidents logs to make relevant judgement based on gathered data and make analytic on data a possibility. As technology changes requirement gathering techniques are also at shows faults for not being able to identify gaps.Gaps which exists and come at Each step of SDLC which can be identified using six sigma methodology and tested using techniques like Test of hypothesis. There is integration architect which can integrate any two different system or technology or create road map for it.But there are people who need to understand all the technology could offer to tell and go across the big picture. It is like everyone grappling with elephant tale problem..Where a blind people(specialist in one skill) holding the elephant tail (part of problem from there domain) assuming This tail is whole elephant while other holding Ear say Ear is elephant…While a person who sees whole picture hand experiences from development, networking, storage, data warehousing, Business intelligence ,ERP,EAI, java like languages can say what is really elephant (mean what is problem) and say how to solve it? where to fix what…?Image

a person with higher level overview and not experience can not make judgement as his hands are not dirty with other skill set and other skill set out of his range on which he never worked. he has theoretical knowledge and not have his hand dirty on implementation of technology..hence cannot contribute even in discussions of cross functional team. Usually enterprise architect are are expected to be working right from first phase of project till last phase And provide interface between different technology specialization for developers and between general functional requirements of user, domain requirement of functional specialist and implementation detail as well project management…What should we normally call this? When we should call Business Architect Managers..As this role cut across all three areas of business Analyst, Technical Architect (in some company both roles are combined called as Business Architect. But here when we add domain , user expectations and project management. So business Architect managers can work across these teams funnel the requirements as well go deep into domain.Now  are one will be in huge demand in future….