How does Trident develop and update information systems? In-house IS development group or outsource?
Commercial-off-the-shelf (COTS) software solutions have been the answer to many organizational needs. COTS are easy to buy products that are available with many copies and also with minimal charges. Moreover, COTS can be integrated with existing information systems. Besides, they can also be a part of a bigger and more complex system. However, the more complicated the requirements that COTS software is expected to meet the more the need for the software to be customized. In retrospect, the company is not in developing software; thus the company shall settle for COTS that can be customized in line with the internal needs of the personnel management services, human resources, and security training.
In Trident’s case, the investment of an in-house COTS solution has some marked advantages that will translate to the cost benefits. The most attractive benefit of having modified software is that it is entirely customizable to include all the features and user requirements. Another sign that an in-house COTS is the best solution for the organization is that the costs are more predictable. Settling for COTS can reduce maintenance costs related to changing standards as well as software sustainment such as upgrades and security patches.
Software engineers that work to maintain the legacy of Trident’s system plus the modernization efforts can attest how expensive and difficult it is to keep up with custom development efforts that typically involve changing standards and sustaining software patches. With the adoption of the commercially available software, the burden of ensuring compliance with the standard of the software specifications and new versions of documentations plus any other standards that may emerge is borne by the intersystem rather than the company. Additionally, the vendor is also responsible for maintaining the security patch and fixing basic bugs that may be manifested during the operation of the system.
Ultimately, the decision to invest in COTs is not that straightforward. Implementation of most COTS within the Trident framework requires a substantial amount of work that involves integration and configuration. Considering the magnitude of the company’s data and the need for interoperability of the system, the success of the system is mainly dependent on the team that is responsible for integration and maintenance. If all comes to worst, then the company shall outsource from China. For example, China has non-Trident owned custom processors, that can generate a custom web app.
At some point, when the organization might need to buy or implement a new IT system. What are the important steps to do?
Once the decision has been made to bring in the software and the rationale behind it, such as the expected Return on investment and the payback period for the investment is determined, then steps can be made to have the software purchased. There is also the aspect of financing the project. Important considerations include whether the project is to be funded by debt or internal finances. The company settles for internal financing because it is direct and straightforward way to obtain capital for growth. It doesn’t also require lengthy timelines in acquiring finances. However, it is essential to note that the finance team needs to have a solid grasp of the company’s financial health and working capital before committing the company’s internal resources to fund the project. With this said, the company has policies regarding significant purchases. Purchases of hardware and software typically follow a recommendation by an IT team ask it requisition, which is approved at the end of year. Acquisitions have a budget cap such that items whose purchase cost is less than $ 100,000 are approved by the CIO; otherwise all purchases above that range but higher than 1M have to be approved by the Chief Finance Officer and the CEO. The CFO also recommends unbudgeted expenses. Subsequent expenses that may occur such as failure of the server may require new purchases that must be approved in the same order.
What types of security measures are implemented?
The growing number of security incidents have forced organizations to take up comprehensive information security strategy and roadmaps to secure the company’s information system. Before moving into a cloud-based system, Trident had taken up security measures that focused on identifying and protecting the organization’s system against intrusion from third parties. Physical security has three primal objectives, access control, surveillance, and testing. Obstacles are put in place to prevent potential attacks/ Such measures include physical security, perimeter security, network security, application security, and endpoint security.
The internet of things (IoT) has widened the scope of security because computer devices that are connected to the company’s internet can now be located outside the company’s firewall. Public cloud services and eCommerce activities expose the company to internet vulnerabilities and network threats such as service attacks, malware, phishing, and Trojan horses. An attacker can easily eavesdrop on a company’s activities and transactions, and cause adverse losses to the company. The focus of security within such a platform is not much on preventing intrusion but securing end-user. Appropriate safeguards such as email scans can reduce breaches by up to 90%. Instituted screen locks, two face factor authentication, and more complex passwords can provide additional security.
In 2019, Trident implemented additional security features, including employee training. Training is essential here because it is a constant reminder that threats are unending therefore employees should be aware of their role in accelerating and preventing the same as well as how they can be victims of the same. Most importantly, cybersecurity is a team effort; therefore training should evolve with the changing landscape. Other additional features in the security system include the patch management solution that manages software upgrades, the privileged access management that refers to a range of solutions that help control, manage, monitor, and secure access to critical assets and networks. In privilege access, the network administrator goes in to verify users before allowing them to access the system especially if it a repeat log in. Another management feature involves security information and event management (SIEM). This system provides real-time analysis of security alerts that are generated by credentials for the use of software and hardware.
Lastly, Trident has also taken up a continuous system audit to help identify the security risks and protect the company against the same. A system audit is a continuous process because things change quickly. The organization will grow, the company will need to take up new hardware and software installations; new employees will also be hired. All these activities necessitate constant audit systems. Moreover, continuous audit is key to identifying audit trails which establish the root cause of risks in the organization.