What kind of automated catalog do you use for keeping a list of all 3rd party software API integrations exchanging data to external 3rd parties?  Additionally, who does the data classification for all these software integrations in your org?  A major issue that we are seeing is dependence on 3rd party software services being called from the various code bases is increasing, and declaring all data sub-processors accurately is a challenge in terms of communication between teams and visibility when audits and customer data privacy requests come through.

Security & GRCStrategy & ArchitectureProcess Management+3 more
413 views9 Upvotes4 Comments
IT Manager in Transportation, 10,001+ employees
Limit you APIs and depend more on internal solutions. 
Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
put rate limits
Associate Director, IT, 10,001+ employees
I would start with establishing a API Governance body which will include Lead Developers/Architects. Then start analyzing with the biggest platforms first - Salesforce, AWS etc. You should do it platform by platform. We have very effective IDE's and configuration tools which will give the list of all the end points in the code and metadata with some regular expressions. Once you have the list made, keep adding the new ones to the list as the team identifies them. Let the Governance body act as an SME and guide the future implementations. In parallel run a "Technical Debt" program which will either fix the issues in increasing sprints or re-design the whole thing with some new design pattern (Microservices?). And also, the Governing Body should analyze if you need to consume so much data from the 3rd party applications. If any of it is static or doesn't change frequently (lets say quarterly), batch jobs will help to bring in the data. It will also improve the performance of the application. 
1
IT Manager in Energy and Utilities, Self-employed
I agree that one of the first things to do is establishing governance. In my organization, our application architect developed a web based tool to catalogue all applications, their owners, type of data used, APIs, type of APIs, locally developed or 3rd party …etc. The decision to classify the data is governed by our data classification policy which is under Data Architecture team. The security classification is also done by our cybersecurity team.
1

Content you might like

So many improvements in an organization depend on not just talking about change, but actually implementing change - specifically: - improving culture - especially at the individual level around owning and delivering on concrete goals or everyday processes - strong accountability - especially around tasking, outcomes and ownership to get-things-done - rising productivity - especially around digital-first and digitally-savvy behaviors like asynchronous work, and peer-to-peer knowledge transfer - continuous improvement in processes - especially via crowdsourced ideas for improvement becoming adopted by everyone - continuous innovation - especially in a way that's process-driven so that lots of ideas can go through a pre-designed funnel  Which of the following are true, in your organization?

People & LeadershipStrategy & ArchitectureCloud+15 more

Accountability - There's no system for accountability - we just rely on people keeping their word33%

Innovation - There's a structured process to contribute an idea and see the eventual outcome and decisions52%

People - Our company finds it difficult to do any of the above33%

People - Laggards hold things back but certain people and teams make it happen31%

General - We find it difficult to do any of the above15%

IT - We are held back from most of the above by legacy systems and a dependence on IT25%

Processes and Workflow - We've reached a point where email, chat and documentation have been replaced with accountable tasking and repeatable processes17%

Processes and Workflow - We publish processes or documentation and try to keep it up-to-date13%

Something else (comments below)1%


615 PARTICIPANTS
4.9k views6 Upvotes2 Comments

I am wondering if there is any guidance that I can obtain regarding Workday Prism Analytics. We bought Workday licenses and along with that our HR and Finance bought Prism Analytics not knowing its capabilities. We also have Power BI and Tableau. I am looking to standardize on a tool but not much aware of Prism

Data & Analytics
54 views

When building cloud instance images (e.g., AWS EC2 AMIs) and baking sensors in, what is your preferred method?

CloudComputeData Center

IaC User Data10%

Configuration Framework (Puppet/Chef)44%

Custom Post Provision (AWS SSM)25%

EC2 Image Builder/Packer16%

Other (comment below)3%


536 PARTICIPANTS
1.9k views

Does anyone have any guidance, tips, and/or templates to share to help establish Identity Access Management governance as a part of an overarching Identity Governance and Administration program?

Process ManagementIdentity & Access Management (IAM)
2.1k views2 Upvotes1 Comment

What are the best practices for delivering application load balanced hosting services with effective backup plan at multiple locations?

Applications & PlatformsCloudContact Center & Telecom+13 more
Read More Comments
1.8k views8 Upvotes2 Comments