Recently, scandals in information systems are frequently occurring, especially in banks called mega banks.
Even outsiders like me feel a sense of crisis. As the Ministry of Economy, Trade and Industry pointed out in 2018. Japan has already begun to fall the "cliff of 2025,"
Even if I look up to cling to something on the cliff's edge, I can only find the leaves of weeds that are about to die and are unreliable.
The phenomenon of this megabank seems to be the situation pointed out by the Ministry of Economy, Trade and Industry in 2018.
(The concept proposed by Professor Eric Stortermann is defined in an easy-to-understand manner for Japan, which the Ministry of Economy announced, Trade and Industry in December 2018, "Guidelines for Promoting Digital Transformation (DX Promotion Guidelines)". .)
「Recently, scandals in information systems are frequently occurring, especially in banks called mega banks.
Even outsiders like me feel a sense of crisis. As the Ministry of Economy, Trade and Industry pointed out in 2018. Japan has already begun to fall the "cliff of 2025,"
Even if I look up to cling to something on the cliff's edge, I can only find the leaves of weeds that are about to die and are unreliable.
The phenomenon of this megabank seems to be the situation pointed out by the Ministry of Economy, Trade and Industry in 2018.
(The concept proposed by Professor Eric Stortermann is defined in an easy-to-understand manner for Japan, which the Ministry of Economy announced, Trade and Industry in December 2018, "Guidelines for Promoting Digital Transformation (DX Promotion Guidelines)" ..)
But was this proposal really "whistle but not dancing"?
It seems like a response like other personnel of the Ministry of Economy, Trade and Industry. But isn't it just a whisper of "DX, DX ..." with a slight sound that no one can hear?
Was the Ministry of Economy, Trade and Industry worried about its own country and acted with a sense of crisis?
The Ministry of Economy, Trade and Industry briefly explains why the annual economic loss of 12 trillion yen is a "system risk caused by legacy systems."
If DX cannot be advanced, the system currently in use = legacy system will continue to remain after 2025.
Looking at the Ministry of Economy, Trade and Industry report in a little more detail,
Based on the survey results, the loss due to system failure, such as data loss and system down in 2014, amounted to about 4.96 trillion yen in Japan.
Assuming that system troubles caused by legacy systems account for about 80% of the total, it seems that it was estimated that an economic loss of "4.96 trillion yen x 80% = about 4 trillion yen" would occur even at the present stage (as of 2018). is.
Based on the contents of the report that investigated the years that a company's core system has been in operation, we estimate that the percentage of companies operating the system for 21 years or more in 2025 is 60%. Based on this point, we estimated that the amount of economic loss after 2025 will be about 12 trillion yen annually, assuming that the systematic risk due to the legacy system will triple from the current level.
The trends of the world ultimately delay this warning from the Ministry of Economy, Trade and Industry.
Even so, it seems that the reality of Japanese companies is that they take it seriously and do not try to kaizen.
Problems from other companies are expected to become apparent sooner or later.
Cyber security issues have already become apparent.
At the end of February 2022, Kojima Industries Corporation (Toyota City, Aichi Prefecture), which supplies interior and exterior parts to Toyota, was hit by a cyber attack and the company's system failed. Due to this effect, Toyota's domestic finished vehicle plants (including 14 plants and 28 lines, Hino Motors' Hamura plant and Daihatsu's Kyoto plant) will shut down on March 1st (2 shifts). As a result, there was a production delay of about 13,000 units.
It is no exaggeration to say that hackers are now targeting the Japanese manufacturing industry. It is generally regarded as "many companies have poor security measures" (experts).
This time, Kojima Press received a ransomware (ransom-requesting virus) attack. However, in the Japanese automobile industry, Honda was also damaged by ransomware in June 2020, and the production of "9 domestic and overseas factories" (the company) was temporarily suspended.
"Honda's case was so widely reported that other Japanese manufacturers should have been fully aware of the dangers of ransomware," said an expert. Nevertheless, a similar incident has occurred in the Japanese automobile industry. (March 8, 2022, Nihon Keizai Shimbun)
The computer software development process in Japan is called the conventional waterfall type. The prime contractor sets the concept and orders it from subcontractors, subcontractors, and great-grandchildren for a considerable time. I heard it is a way to complete one software by spending time.
It is very similar to the general contractor method.
The disadvantage of this method is that it cannot respond flexibly to changes in primary conditions.
So he adopted a process called Agile, which is too flexible to make changes.
I understand what it means to be agile, but I haven't evaluated it because it's too much redoing.
Today, software development is being advanced by the Department of Defense, including Carnegie Mellon University in the United States.
DevOps Furthermore, it has evolved into a process called DevSecOps.
Dev: Development
Sec: Security
Ops: Operations
In the software world, Security is critical, so we are focusing on Security from the development stage.
Agile can handle relatively small systems, but it is not suitable for large systems.
The reason why DevSecOps is needed is that timing and pace of development are essential. In addition, we need a basic idea of Security.
Therefore, developing software with built-in Security (Baked-In Security) is necessary.
Given these global trends, general contractor-style software development left to major Japanese vendors is already outdated.
I'm a complete outsider regarding software development, but looking at the level of abstraction of the "development process", DevSecOps has keywords such as front loading, modularization, and automation, and I find many things in common.
Amazon and others automatically kaizen and rewrite the source code thousands of times daily.
For example, the following lessons can be seen if you look at the case of automation of the design process (IT).
As shown in the figure below, the design process processes the customer's request information in the order of sales ⇨ design ⇨ material procurement ⇨ manufacturing, finishing it as a physical product and delivering it.
Lean development is connected like the flow of black arrows; each process adds value to the previous process information without waste. Finally, the product, as requested by the customer, is finished.
Such a process can automate immediately.
However, if the flow of information goes back, such as the red arrow, there is always waste. These are all redone.
Specifically, there are problems such as hearing back the unclear points of the information received from the previous process or making mistakes in the information received, resulting in rework.
In this way, the workflow is often left as it is without kaizen, and only the process in the middle is replaced with application software.
No easy automation!
Automate after solving all the problems!
The primary process itself may be able to be processed quickly due to the introduction of IT, but they will always redo it at the connection part of the process. So, as a whole, the work of the software caretaker will increase.
The problem is the red arrow. No matter how good the software is, you won't have to start over if you don't find the cause of this red arrow and remove it.