How are we, as a collective community, going to keep global and vertical segment (think electrical grid) software easy to update and/or rewrite to support new features for the internet or the electrical grid? Right now, there are a limited number of global experts that know how the internals of these applications work. What will we do?
This was percolating in my mind, and I came across old DNS (Domain Name System) code. You would think the core of this application is simple, but it integrates with software called BIND which looks to be a monster in size of lines of code. Whoa!
There are also cloud business applications written by Oracle or Salesforce that have software integrations or configurations that support many, many business-critical operations. These applications must be running well so that they support operations well.
There is a logarithmic gap between simple applications that support a business and one that is two logs more difficult than it. Companies can just chuck their old applications and approach current vendors like Oracle or Microsoft to improve applications that need only a few customizations to provide 99% of what they need. Their ongoing cost of the in-house applications (new features and software maintenance) makes them expensive to keep around.
Vertical industries are deploying SaaS applications widely. Manufacturing firms may have critical manufacturing line products running in one of the three major vendors’ clouds. Think about the risk related, mentioned in the CISSP certification, to the manufacturing line.
Also, what about the companies and standards bodies that support the power grid industry? Standards such as ISA 62443-3-3 and NISTIR 7628 define policies for them to follow. Companies like Siemens provide global power grid firms with the software that manages their grids. I worked at Siemens when they had over fifty countries that were adding custom features to Siemens’ core application to manage their company’s power grid.
Of course, vertical business applications support the core of their business. They are differentiating their critical functions from other competitive vendor’s functions. The world is moving to cookie-cutter applications that run in a SaaS (Software as a Service) environment. Companies gain a competitive advantage through creating custom applications in-house or purchasing them from a specialized software vendor and then tweaking them.
The core internet application’s development is quite complex. DNS is more complex than it appears to be. Key interactions and key management are complex. They need extra scrutiny before deploying them worldwide. Software teams deployed by powerhouse technology vendors such as AWS, Microsoft, and Google address the logarithmic product complexities. They also deal with the risk associated with the success or failure of their products.
About DNS and BIND, who can maintain or update its software? It looks like the software was written in the C programming language. Who wants to rewrite or improve that code, argh. Where does one start? Should the application be rearchitected and rewritten? It is critical to the world, as we know it today.
No engineer stays at one firm now. The lack of talent makes it difficult to update or rewrite applications. There are IEEE 802, ISA, NIST CSF, NIST 800-53 and other standards that guide, create, and update global and vertical product architectures. These global experts work and critique critical internet and IoT architectures.
So where will all the talent come from to develop critical global applications?