A new year is a time for reflection, a practice corporate IT would do well to adopt. Although I took some time off over the holidays, a number of events, trends and news kept me busy. In December, it was the Log4j security vulnerability, whose full consequences remain unknown as the Trojans may still be slumbering in yet to be identified systems.
The threat to corporate IT from Log4j and related extortion attempts is far from over, so companies should continue to keep a backup from before December 1, 2021, just to be safe.
Don't Blame Log4j on Open Source
People have used the vulnerability as an excuse to argue against open-source solutions, stating they are not as secure. But keep in mind proprietary, closed software has its fair share of security holes. If the code is open, at least theoretically more developers can look inside to fix the bugs. Of course, Log4j made it clear that even open-source solutions are not and will not be bug-free. If the code is then widely distributed, as in the case of Log4j, it can have corresponding widespread effects, which will hopefully not be as dramatic as the rule.
An error in Microsoft Exchange at the turn of the year reiterated that software errors unfortunately are part of the everyday life in IT — and more broadly, to our everyday lives. Headlines online noted how the 'Y2K22 bug stops Exchange mail delivery' and how 'Antimalware engine stumbles over 2022.' Some versions of the Exchange server (2016 and 2019) failed to deliver emails at the beginning of the year because an incorrect date format could not be processed in the integrated malware scanner. The bug has since been fixed, but some servers are still hiccuping and it will take a while before all of the emails go out. Once again, a reminder of the vulnerabilities of the systems we rely on so heavily.
Related Article: Equifax Breach Drags Open Source Security Into Spotlight Once More
AWS Outage Takes Out Netflix, Disney+ and More
Another end of year story that flew slightly under the radar was the Amazon Web Services outage in early December 2021. The outage affected many companies on the East Coast of the U.S. However, in this case, the disruption exemplifies how much individuals and businesses depend on "the cloud," in this case, market leader AWS. Suddenly Disney+, Netflix and smart home devices no longer worked.
But we are dealing with enterprise IT here. The incident forced companies and government agencies to realize that they too are dependent on the cloud, even if they thought they had no contracts with Amazon. But when Trello or Slack stopped running, it was precisely because these solutions use Amazon Web Services.
One other factor in our cloud dependency to remember: most of the time we're not just using one cloud anymore. When we use Microsoft Office products as well as Trello or Slack, when we migrate to SAP S/4 Hana or use other solutions from HR to supply chain, we as a company automatically are using different cloud providers, even if it's not apparent at first glance. The multi-cloud is a reality in most workplaces today. Companies will not be able to escape from this for cost reasons alone. A complete return to the company's own data center is likely no longer possible. Instead, there will be a hybrid cloud world in which various cloud providers and the private cloud are used in the company's own data center.
Challenges for Corporate IT: Multi-Cloud, S/4 Hana, Cybersecurity
All the incidents above show how sensitive our critical IT infrastructures are, how quickly and consistently we have to react, and how much expertise we need to set up, run and manage our corporate IT. Cybersecurity may be the topic for 2022, but building and managing a hybrid multi-cloud remains on the agenda alongside the migration to SAP S/4 Hana that many companies are facing. Companies will have to think about how they can remain as independent as possible in the cloud world, and potentially move solutions from one cloud to another. They will have to look at how important resilience is to them and what they are willing to pay for it. Will they allocate the money to run critical systems in two or even three Availability Zones?
These are all special challenges at a time when IT specialists from security experts to SAP specialists are in high demand. I expect companies will need to bring in external expertise, even as they think about new ways to bundle and share expertise, for example in the area of cybersecurity. These issues and challenges cannot be put on the back burner — the incidents above make that clear.