In one of the Terminator movies, the main character realizes he can’t
destroy the central computer because the “intelligence” was distributed
across many systems.
Similarly, business logic is not confined to a single
application or component. It is distributed across the entire enterprise and in
many cases it is no longer documented outside the system. As a result, it is
very difficult to identify, verify, and replicate. This has always been a
problem with legacy applications but it is an even bigger problem with object
oriented technologies. These technologies allow business logic to be
“buried” across a wide variety of objects including internal/external
data queries, drop-down boxes, form open/close objects, etc. which makes it
difficult to find/verify.
The distribution of business logic to mobile devices
presents a whole new set of problems especially in the auditing and testing
areas. Most change management processes test the functionality of software but
they rarely examine code which makes it entirely possible to have undetected
problems or even malicious code. Using mobile devices as an access point to
other systems to send/receive data is not an issue. The inclusion of business
decision logic and storage of data in mobile technologies dramatically
increases this risk.
IT organizations must improve their processes for
identifying, documenting, managing, and verifying that application logic aligns
with the approved business logic.