In Part 1,[1] we acknowledged our data-driven world and identified some of the ways in which data impacts upon us, and we impinge upon and build-upon the vast volumes of data now in play from day to day.  It remains essential for us to gain a better understanding of this data, and so we considered it from a complex systems perspective by assigning 5 data domains or “faces” as follows: Form Factors, Applications, Categories, End-Users, and Scale.  Part 1 introduced and explained the model, illustrating it by further treating Form Factors across its 6 levels.  Now, in Part 2, we do the same for “Applications”.



These are the tools with which we actually collect, collate, manipulate, and further relate to the data.

Level 2 (provenance): At this level, we bifurcate into native applications and web-based applications.[2]  The former are predominantly created and generally managed locally, while the latter are often available for access or download on the world wide web, and managed remotely – if at all.  There is very wide variation in the level of stability, support, and functionality that web-based applications offer (unless they are home-grown and hosted on a proprietary intranet, and thus arguably native); and some vendors will still not stand behind their offerings, or lack the funding to roll-out more robust supports.[3]

Level 3 (management): The great variety of available applications leads to a plethora of management issues.  We see the following three main spheres of management with regard to applications: (i) Network Management; (ii) Intrusion Management; and (iii) Data Loss Prevention (DLP)/Business Continuity Planning (BCP).  The first is primarily concerned with ensuring sufficient network uptime to meet intended network/IT goals and required business functions, that all applications play nicely together, and that sufficient resources and related support tools and personnel are timely provisioned for respective business units and functions.  The second concentrates on ensuring that the network remains secure against malicious software, rogue actors (whether identifiable insiders escalating privileges, unknown outsiders socially engineering entry, or criminal groups and government agencies stretching the law and sometimes the facts, to manufacture or utilize real and virtual backdoors into third-party client and customer data).[4]  The third, focuses on eliminating or at least minimizing the harm from a breach event, as well as ensuring that critical business functions can continue – whether onsite, or virtually, or in some third recovery location – should the main system or systems become compromised or fully go down for any reason.  This can range from natural disaster, through terrorist event or utility failure, to a lockout with ransomware,[5] or distributed denial of service (DDOS) attack.

Level 4 (security): Just as with form factors, there are on this level categories for identity and access management (IAM); management “controls for risk, encryption, and security technique” (CREST); and two categories for regulatory compliance.  Regulatory Compliance (generic) includes privacy and Intellectual Property Rights (IPR) regimes, which, although they may differ somewhat across jurisdictions, tend to follow similar lines of reasoning.  Regulatory Compliance (specific) includes subnational, national, and transnational rules, and any industry-specific codes to which the business must adhere.  Despite the strong security presence on level 3 for applications, level 4 is a more appropriate one to actually place that identifier because much of these regulatory compliance metrics and standards have been regulator or industry-vetted, and have stringent security measures built-in.  This point also illustrates why we have put MPS together as interchangeable across levels 2, 3, and 4.

Level 5 (attack surfaces): As with form factors, the available attack vectors for applications are almost innumerable and continue to multiply and morph daily, intra-day, and across timezones.  However, there will always be many more attack surfaces within applications than there can be form factors.  This can range from corrupted code, imperfectly patched applications, omitted vulnerability updates, and even malicious software that masquerades as the legitimate version on a legitimate, semi-legitimate (sponsored or popular – i.e. “but, everyone uses it/goes there”), or a spoofed site that is unwittingly reached and trusted by a victim – including embedded advertising that might take you to or through many pop-up levels of where you really don’t want to be if you click on them by accident or in curiosity.[6]

Level 6 (aggregation): Applications can be aggregated across 6 main spaces: at the outer reaches, we have (i) the Cloud API, (ii) the Datacenter, and (iii) the In-house server.  Applications hosted in these spaces are (or should be) much more robust and better managed, due to their accessibility and use by far larger numbers of people than those found at the last three aggregation spaces.  Those last aggregation spaces are (iv) the workgroup,[7] (v) the single system desktop or laptop, social media, or gaming console/application,[8] and (vi) the mobile, to include tablet, smartphone, and wearable-tech.


Once again, these above 20 faces (6+5+4+3+2) in the Applications Data Domain can combine and interact with, each and every one of the other 80 faces across the other four Data Domains identified, and so the depth and diversity of data remains and grows in its complexity as a system.

In the next installment, we will look at the “Categories” Data Domain.[9]  In the meantime, I bid all readers and blog visitors a very Merry Christmas, and a peaceful, prosperous, and progressive New Year 2014.



Ekundayo George is a sociologist and a lawyer.  He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing).  See, for example:  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other Services, and Environmental Law and Policy.  He is a published author on the National Security aspects of Environmental Law, and enjoys complex systems analysis in the legal, technological, and societal milieu.

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, strategic projects (investigations, procurements, and diverse consulting engagements) with multiple stakeholders and multidisciplinary project teams.  See, for example:

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.

[1] Ekundayo George.  The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 1 – Form Factors).  Published on, November 1, 2013.  Online: ><

[2] Casey Frechette.  What journalists need to know about the difference between Web apps and native apps.  Posted on, April 11, 2013.   Web: ><

[3] Again, however, that is not always a credible excuse, as the following (albeit dated) review of then-available online support and helpdesk applications clearly shows an attempt to bridge that gap.  See e.g. Muj Parkes.  10 Great Online Support and Help Desk Apps.  Published on, June 28, 2010.  Online: >< ; See also International Federation of Red Cross and Red Crescent Societies (IFRC).  Innovation contest will provide support and funding for app development.  Published on, October 8, 2013.  Online: ><  This was a more recent multiparty effort to spur development and rollout of socially-useful humanitarian applications by offering funding through a “(…) contest which asks young people to come up with a concept for an app that will help people make a positive contribution to their communities and improve their own skills at the same time. Winners will receive both mentoring and financial support to help bring their ideas to fruition”.  Today now, in some jurisdictions, there is also a crowdfunding option.

[4] Barton Gellman.  Edward Snowden, after months of NSA revelations, says his mission’s accomplished.  Published on, December 23, 2013.  Online: ><; See also Joe Shute.  Christmas – the busiest time of year for the criminal cyber gangs.  Published on, December 9, 2013.  Online: ><

[5] Peter Suciu.  Cryptolocker Malware Holding Up To 250,000 Computers Ransom.  Published on, December 26, 2013.  Online: ><

[6] Lee Bell.  Drive-by exploits are the top web security threat, says ENISA. Published on, January 8, 2013.  Online: ><

[7] Into this “workgroup” space, I would also breakout and insert such critical applications as the implanted ones (pacemaker applications), and the SCADA (remote monitoring and control applications).  These would all need to be more robust and have designed-in or otherwise deeply-embedded security features against hacking, due to the delicacy of their functions, their potential or design for remote operation and monitoring, and the developing Internet of Things (IOT) that will create workgroups out of several dozens or hundreds or more networked “hordes” of single such applications and application groups; all capable of hijack if not adequately secured.

[8] There is strong overlap between the workgroup, mobile/gaming, and wearable spaces with the proliferation of gaming applications that have wearable enhancements or other utilities bringing a virtual reality, multiple players in several locations beyond line-of-sight, and the potential to scale-up to large numbers of simultaneous users.  This is echoed by multi-user social media applications including chat and comment sites, pastable walls and apps., and all past, present, and future “virtual world/virtual reality” applications.  Again, subject to available or inbuilt security features and the patched/unpatched nature of the form factor used to access them, these apps. can be manna or minefield.

[9] See Ekundayo George.  The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 3 – Categories)Published on, February 4, 2014.   Online: ><

%d bloggers like this: