Don’t Get Dragged into the Black Hole of Middleware Complexity
Middleware plays an important role in helping enterprises avoid complex point-to-point integrations among applications to process messaging, FTP data, and other transactions. But middleware is also a black hole (or black box as referenced in my last blog) that requires visibility to understand dependencies that may exist between applications. This lack of visibility adds significant operational and cyber risk that organizations have just begun to identify and grapple with.
It’s yesterday’s news that applications are now the core of any enterprise’s digital business. But none of these applications operate independently. In fact, even a single modern application is now composed of numerous interconnected microservices.
Most enterprises have difficulty keeping track of their application dependencies. Today, that is primarily a costly manual process, prone to both errors and being quickly outdated, and existing solutions are not built to solve this newly contemporary problem. When applications connect through middleware, as many do, the task becomes nearly impossible. This is because in addition to direct dependencies, enterprises now must understand multi-hop dependencies and data flows through middleware that underpin the complex communications among connected applications.
How does this play out operationally? In our experience, many operations teams don’t have the necessary information to answer the basic questions that can lead to compromised application resiliency. These include:
- What applications connected through middleware suffer outages when another connected application goes down?
- Where are the recovery time objective (RTO) mismatches between applications connected through middleware?
- What are all the changes that resulted in an outage?
Security teams also face challenges related to this lack of visibility and understanding, including:
- What happens to other applications when ransomware locks down a connected application?
- What is the size of the blast radius of a breach with lateral movements?
- What applications have access to sensitive data stored on middleware?
- What is the extent of Internet-connected applications?
Lacking comprehensive answers to pertinent questions like these result in organizations facing an uphill battle to manage, govern and control their businesses to the levels of complexity they now face.
Moreover, enterprises make changes to their applications all the time, introducing new features, fixing bugs, and more, to respond to business needs. Yet in an agile world, the change control board that historically governed service changes and assessed impacts is far too slow and outdated. As a result, business owners have no understanding of how one updated application can lead to several others that break. Troubleshooting is a painstakingly manual process—made even more difficult when priorities are poorly understood.
For example, RTO mismatches between applications with multi-hop dependencies through middleware can lead to a new code push to a non-critical application that, in turn, causes mission-critical applications to fall down and incur significant additional costs. One of vArmour’s global bank customers spent over $50 million per year trying to improve its service resiliency and mitigate incidents due to unknown multi-hop dependencies.
Applications interconnected through middleware also represent a source of cyber risk that is largely unaccounted for, increasing an enterprise’s potential attack surface. Most organizations fail to understand how wide and deep prevalent threats can manifest in attacks that move laterally inside the perimeter due to unknown relationships through middleware. Ransomware or other security attacks that disrupt or shut down targeted applications or workloads can have a much greater impact on other more important or mission-critical applications. Enterprises have no way to minimize the blast radius of an attack, so any breach can have more damaging implications.
Without an understanding of the multi-hop dependencies through middleware among applications, security organizations can’t create and deploy granular policies that show where violations occur and protect applications by limiting access privileges.
To ensure better operational and cyber resilience, enterprises must gain visibility and insights beyond what network-based point-to-point dependencies can provide. Understanding, managing and controlling operational, financial and reputation risk today means observing and understanding the dependencies and data flows between applications that extend through the middleware in your infrastructure.
To learn more about the importance of observing and understanding the data flows from the application relationships that extend through middleware, read Andrew Hendry’s blog here.
Follow author Andrew Hendry on Twitter @awhendry