Written by Peter Doherty; contribution from Ovidiu Ciule.
The oil & energy industry is adopting browser-based dashboards powered by open source web application frameworks such as Django or Flask (on the back-end) and React or Bootstrap (on the front-end).
Most organizations in Oil & Gas may choose to build their own applications in-house for proprietary, confidential and security reasons. These applications consist of third-party open source components and vendors, which come with some security risks. How can these risks be tested and assessed within your organization?
Security vulnerabilities, performance updates, and new features are published at a rapid pace in the software world today. A roadmap that accounts for open source security risks, security patches and management of unsupported software versions is critical to prevent data loss and security breaches.
Under our Web Application Development service, we are pleased to introduce "Long Term Digital Application Support".
Known security issues are addressed by our engineers, especially for legacy releases no longer secured by their open source maintainers. This allows your team the flexibility and agility to focus on high priority, high-value tasks within your organization. Avoiding forced upgrades can be time-consuming and costly.
Our value-added is that an unplanned scramble to fix issues is taken care of routinely by our team under an attractive pay-as-you-go plan.
The Digital Journey & Unchartered Territory
Embarking upon a digital journey to drive value for your organization with modern technologies should be viewed as a long term initiative - not a short term endeavor. Transforming activities and workflows in oil & gas can involve several layers of technology, for example:
- Cloud computing
- In-house servers
- Machine learning
- Code libraries
Piecing this all together for your global application are hundreds or thousands of mini-applications and libraries forming a dependency chain, giving your browser dashboards functionality.
Moreover, taking the digital route will expose your workflows to underlying security risks that should not be neglected. Even with careful planning, unforeseen gaps can arise in the technology stack you've built, which may require urgent attention.
By not keeping the dependencies of your application maintained - in other words, not addressing known vulnerabilities - the organization could be exposed to:
- Denial-of-Service Attacks (DoS attack)
- Unauthorized data access
- Hardware destruction
- SQL Injection attack
- XSS cross-site scripting attack
- Password attack
- Malware attack
An update required for a seemingly low-risk patch can potentially be overshadowed by one or a combination of the following:
- More urgent attention required elsewhere in the IT or engineering department
- Not enough resources on-hand to implement, test and deploy a patch
- Lack of skilled personnel to address urgent fixes
If low-risk vulnerabilities are put lower down on the To-Do list, they could be combined with a more serious, undetected threat. This could disrupt the systems introduced under your Digitalization programme.
Software Maintenance and Management
When a new software release is issued it may be beneficial to wait until the major release has reached maturation. This is because application package developers need time to update and test their work for this new version. Updating on the day of a new release may introduce complications with dependencies that don't work with the latest major software release. This could render certain features of the software inoperable.
Having a clear roadmap and software documentation with guidelines are quite beneficial to allow a clear strategy and communication to direct teams as to what and when software applications should be considered for update.
Cybersecurity, Cyber Insurance & Losses
Cybersecurity involves continuous monitoring and updates software and associated libraries that your team may use, to fix known vulnerabilities.
"There were 2,216 data breaches and more than 53,000 cybersecurity incidents reported in 65 countries in the 12 months ending in March 2018." [Ref. 1]
Another facet of Cybersecurity is protecting your organization with cyber insurance to cover losses incurred due to a cyber-attack.
Insurance companies would usually request a risk assessment profile, company strategies for software updates and descriptions of adopted, industry best practices.
It has been reported that insurance companies may withhold payments to cover losses associated with a cybersecurity breach due to obsolete versions of code or failure to update software applications for instance.
Get In Touch About Support
Contact us to discuss our plans, pricing and Service Level Agreements that are customized to meet your department's needs for Long Term Digital Application Support.