Tuesday, July 27, 2010

Three new Open Group white papers help make for a peaceful leap to cloud computing

This guest blog comes courtesy of Dr. Chris Harding, who leads the Cloud Computing Working Group at The Open Group. He can be reached at c.harding@opengroup.org.

By Chris Harding


History has many examples of invaders wielding steel swords, repeating rifles, or whatever the latest weapon may be, driving out people who are less well-equipped. Corporate IT departments are starting to go the same way, at the hands of people equipped with cloud computing.

Last week I was at The Open Group Conference in Boston. The Open Group is neutral territory with a good view of the IT landscape: An ideal place to watch the conflict develop.

The Open Group Cloud Computing Work Group has been focused on the business reasons why companies should use cloud computing. The Work Group released three free white papers at the Boston conference, which I think are worth a closer look: “Strengthening your Business Case for Using Cloud,” “Cloud Buyers Requirements Questionnaire,” and “Cloud Buyers Decision Tree.” Three Work Group members, Penelope Gordon of 1Plug, Pam Isom of IBM, and Mark Skilton of Capgemini, presented the ideas from these papers in the conference’s Cloud Computing stream.

"Strengthening your Business Case for Using Cloud" features business use cases based on real-world experience that exemplify the situations, where companies are turning to cloud computing to meet their own needs. This is followed by an analysis intended to equip you with the necessary business insights to justify your path for using cloud.

My prediction: Over time, cloud will be able to occupy the fertile valleys, and corporate IT will be forced to take to the hills.



The “Cloud Buyers' Decision Tree” can help you discover where cloud opportunities and solutions might fit in your organization. And the "Cloud Buyers' Requirements Questionnaire" will help you identify your requirements for cloud computing in a structured way, so that you can more easily reach the best solution. These two papers contain ideas that will help you assess the potential the cloud has for your organization, and they will be refined as practical decision tools through use out in the field.

Deciding whether, and where, to use cloud computing can be difficult. Trying it out is easy. You can set up a small-scale trial quickly, and the cost is low. You can probably pay by credit card.

Assessing the financial implications for a particular application is relatively straightforward, although there can be unseen pitfalls. But, assessing the risks is more of a problem, particularly because cloud is so new, and the dangers -- where they are known -- may not be understood. And, integrating cloud solutions with each other and with in-house systems can present significant problems. Best practices in these areas are still evolving.

The white papers will help you reach these decisions, and understand where cloud is a good fit for businesses. Today, it is often a good fit, but there are many situations where it is not the best solution. These situations will become less common as cloud computing matures and enterprise architectures evolve to be more cloud-compatible. But there will always be cases where computer capacity should be retained in-house.

So perhaps the data center isn't quite dead, but cloud computing is certainly making headway. My prediction: Over time, cloud will be able to occupy the fertile valleys, and corporate IT will be forced to take to the hills.

This guest blog comes courtesy of Dr. Chris Harding, who leads the Cloud Computing Working Group at The Open Group. He can be reached at c.harding@opengroup.org.

You may also be interested in:

Monday, July 26, 2010

Business trends in global IT markets provide new traction and value for enterprise architecture

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Sponsor: The Open Group.

We've assembled a panel to examine the key market trends impacting enterprise architecture (EA) in different regions of the world. We'll evaluate how the use and value of EA is emerging and progressing worldwide, and how the expanding use of EA offers a unique window into global business trends as well.

Coming to you from last week's The Open Group Conference in Boston, the experts here share their knowledge on several developing and mature markets, as well as present a focus on China. We'll hear about the cultural barriers and/or accelerants for EA adoption from region to region.

Here to help better understand the role of EA as it bestrides the globe, please welcome Allen Brown, President and CEO of The Open Group; Eric Boulay, president and CEO of Arismore and also CEO of The Open Group, France; Chris Forde, vice president of Enterprise Architecture & Membership Capabilities of The Open Group; Mats Gejnevall, a Certified Enterprise Architect with Capgemini, Sweden, and Stuart Macgregor, CEO of Real IRM and CEO of The Open Group, South Africa. The panel is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:
Brown: Enterprise Architecture (EA) is an umbrella term that relates to an awful lot of activity that flows further down, whether it's business IT architecture, data architecture, and so on. There are many things, but the driving force in many organizations is this need to integrate and share information.

A trend over a number of years now is that the barriers within enterprises; the silos, the departments, the stovepipes, have been broken down.

Organizations are working cross-functionally. They're bringing people together. They're working with their business partners, and they have their IT infrastructure integrated with their business partners. That has caused a requirement for people to be able to look across the entire organization and think about how IT impacts different parts of the organization and how it integrates together.

Many parts of the organization have had applications built for the stovepipes that now need to work together in ways that they were never intended, when those legacy applications were put in, because we never intended those legacy applications to last this long. But, they did, and you can't just replace them.

What's happened with what we call boundaryless information flow, or the requirement for access to integrated information under security issues, is that we're now having to deal with something called "EA" on a number of different levels.

Different aspects


Many people have tried to define EA, and I don't think anyone has come up with a satisfactory overarching definition yet. But, there are a number of different aspects to it. At the moment, EA is focused on the IT element, although it has ambition to look at the architecture of an entire enterprise at some stage.

We're seeing continued growth in the adoption of EA in general and TOGAF in particular -- and it's continuing to grow. There are organizations that are saying that EA isn’t delivering near-term to the bottom lines, so they're going to cut the cost.

There are more organizations that are saying that this is the time to invest, to rationalize, and to really drive out value from their IT investment. It varies from enterprise to enterprise. So, you're starting to see a mix of things. But, generally speaking, my experience in the developed or struggling economies is that there are more people focused on EA than not.

We're seeing EA and TOGAF adoption pretty broadly across the planet, really. Obviously the US and UK were leading, but the amount of uptake in the Asia-Pacific region right now is quite dramatic and we're starting to see that take off. But, it's really difficult to isolate any particular region.

We’ve now got something like 15,000 members of our professional body, the Association of The Open Group Enterprise Architects. They are, in some way or another, connected with TOGAF for our IT architect certification. Those people are distributed across 116 different countries. So, it's really quite difficult to say which is growing the most.

Boulay: Key drivers for EA in France are the necessity to move forward for big and small enterprises. Because of the downturn, the future of the enterprise is to roll out in an international, standard view. In order to roll out -- for example, for big banks on a European or worldwide basis -- they have to welcome big transformation, and this kind of big transformation can be helped by EA.

It's an architecture issue to transform local enterprise to a worldwide or a European enterprise. This is a huge opportunity for enterprise architects and for EA to help in this big change. So, there is no downturn for EA, because if we use it and build a new EA practice in order to better address this kind of job, it's a huge opportunity for us. There is no downturn for us. It's only a matter of finding the right skills in order to help enterprise go abroad.

We spent a lot of time to move from IT EA to real EA. Now, I think we're mature enough to take the new capability brought by the new technologies. Cloud should be one of them. And now, once more we're ready to move from the old-fashioned way of sharing resources to better practices brought by new technology. You can transform the business, but you also can transform the way to consume IT.

Forde: The Chinese market is really very interesting. There's an opportunity there for the EA practice to grow massively. For the most part, larger enterprises in the China region are relying on the brand name western companies to do strategy and planning, and there is very limited internal capability, knowledge, and experience around EA.

I've been hearing from folks in various organizations, both state-owned companies and others, that they're reluctant to step away from these brand-name companies, because there is a certain degree of security around the planning and activities that go on there, but there is also a degree of dissatisfaction that they aren’t feeling in control of their own fate.

Over the next several years, I anticipate the development of internal architecture practices and an up-scaling of staff. The universities already have in place CIO forums and executive MBA activities that explicitly deal with EA as a set of concepts. Over time, I think that it's going to find it's place in the Chinese organizations.

At the moment, they're still continuing with this kind of organic growth of the IT approach to things, which is something that the Western markets dealt with 15 years ago, and found the need for a more planful approach to doing things.

This is the opportunity for us in EA in that particular market. The issue is that at the leadership level in these companies there isn’t a perception that they need to do anything, because the problem hasn’t actually arrived broadly inside China, from what I’m seeing.

Gejnevall: Transformation has always been a big driver in the enterprise Architecture Forum, but what we see these days is that getting your IT under control has been a major factor for going into the EA side of things. Slowly the companies now are connecting the IT structures they have with the business.

It was a struggle in the beginning, and most of the EA projects were IT-based projects, but now, business is starting to understand the full impact and understand that the IT solutions that we create should really be aligned with the long-term strategies and objectives of the organizations.

In the past, public sector has been pretty slow on the uptake, but recently we're doing a lot of business with healthcare services and so on. They're really large organizations, with 30,000, 40,000, or 50,000 people, and they have lots of different divisions. They need to work together in a collaborative fashion and fulfill the long term goals that the politicians have set up for them.

Macgregor: South Africa is slightly different, because EA is from the business side, rather than from technology. A lot of organizations have spent a lot of money working on business processes, and that business process architecture across the business domain is now being linked to the technology domains.

In fact, we're coming from the top down, instead of from the technology side upward. South Africa currently has roughly 10 percent of the Architecture Forum membership, all South Africans, and there is a big adoption of TOGAF in South Africa. If you look at our GDP in comparison, it’s quite exceptional.

That’s really been because of The Open Group's presence in South Africa, organizing events, a lot of TOGAF training, a lot of certification, a lot of press articles, and really driving the business value and the business understanding of what EA is about.

We have had for example, SASOL which is one of the larger petrochemical organizations, adopt TOGAF, working it into their governance standard. What their enterprise architect did, is he bought Enterprise Architecture as Strategy, the Jeanne Ross book, and distributed to senior executives. Given that it is written in business-speak, it really led to the adoption and understanding of what EA is about, and was quite serious for the uptake within the business.

We differ across business sectors as well, in that our financial services sector -- again, a big focus on the business process area -- are lagging in the technology domain, and that’s now a key focus area bringing that up to speed.

We’re seeing greater focus on modeling and defining information architecture. We're understanding the difference between information architecture and data architecture and using that as a way of bridging the gap between business and technology, while tackling the information architecture domain.

Body of knowledge

Forde: The learning that has occurred in the Western markets have produced a body of knowledge in TOGAF that can accelerate for other companies the way they adopt and improve their ability to deliver on strategy, planning, and execution.

Once the recognition is there inside companies, when the need arrives, those companies in that market that have planned for this will start to really accelerate in terms of their global position.

Gejnevall: Capgemini has put together a number of service offerings worldwide that we are adapting to the conditions of each one of the countries. We can see that things like boundaryless information -- being able to use information in new ways -- is something that every company wants to do.

In cloud, it always comes into the discussion, even though people don’t quite know how to use it yet. I think The Open Group’s effort around cloud computing can actually help that to a large extent. The ROI paper on cloud computing, for instance, will be a tremendous help for a lot of companies to have a look at and see what can they do. But, everything is moving very, very slowly. In countries like Sweden, the bigger companies might try these out, but the smaller ones are not ready yet.

Brown: Everything I hear says that organizations that are involved in EA in general, and TOGAF in particular, are finding it much easier to integrate with business partners. Mergers and acquisitions are enabled more effectively. So, in working with other organizations, as we get more and more connected, EA is a positive force in that.

Depending on the maturity of the company and of the region, you might be talking anywhere from six-month payback on an EA activity to a three-year payback.



You can get to one of the conferences and share experiences with other members. That's the key area to start. But, if you can’t do that, then there is an awful lot of available information. At the minimum, TOGAF itself is available freely online for people to read, look at, and use within their own organization.

You can buy the book, if it’s easier to have that. If you want to go to the next state, there are many trainee organizations that can train your people in TOGAF. If you can’t avail yourself of that -- there are some countries where that’s not possible -- then there is a study guide that you can get from The Open Group to work your way through.

F
orde:
The body of work that we have available to us in TOGAF is that, if you look at it as a tool in the context of the problem you’re trying to solve, you can drive immediate value. If you look at it as some sort of massive program that you’re going to implement, you’re looking at a longer term payback.

So, it’s very important for individuals and companies to approach EA with a specific problem in mind, not just some sort of generic goodness thing that they’re looking at.

There are a number of places [to get started]. The first and foremost one will be the membership of The Open Group, and particularly the Architecture Forum. You’ve got people sitting around this microphone right now that can help, and you’ve got people out at the conference who have an enormous background and this capability.

Then, in the member companies, either on the supplier side, on the customer side, or in academia, you also have resources available. Those are the places to go to find out what you need to do, and what the approaches can be used, and in a practical sense, what the barriers and the pitfalls are in the approaches. People here have been there, done that, and that’s where you need to go, to the experience.

Macgregor: To me organization change leadership is an absolute essential component of getting EA to work, the mechanics of modeling etc. It’s not really that difficult. It's the stuff that we have mastered and we’ve been doing for years. It’s how to drive positive business-appropriate and sustainable EA practices that are run like businesses with a very clearly defined offering that understands who the customers are, and can really deliver more value than they cost.

Boulay: In France, we had a long journey to capture EA practice. Right now, we consider that we moved from IT EA to enterprise, to real business EA, and this is a big shift. Now, CxOs aren't chasing enterprise architects. They're trying to educate enterprise architects inside their company. They understand that they need these kind of people in order to make the company be successful and to move forward.

So, it’s a big challenge and a big recognition for us. They need our body of knowledge as TOGAF and the EA body of knowledge. They need us to train, coach, and to help their inside employees to become leaders. Enterprise architects are definitely, as many of you mentioned, people who are ready to talk with different groups in order to ensure there are no more stovepipe in these companies.
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Sponsor: The Open Group.

You may also be interested in:

Friday, July 23, 2010

The state of enterprise architecture: Vast promise or lost opportunity?

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Sponsor: The Open Group.

Coming to you from The Open Group Conference in Boston, we’ve assembled a panel this week to delve into the advancing role and powerful potential for enterprise architecture (EA).

The economy’s grip on IT budgets, and the fast changing sourcing models like cloud computing, are pointing to a reckoning for EA -- of now defining a vast new promise for IT business alignment improvement or, conversely, a potentially costly lost opportunity.

The need for EA seems to be more pressing than ever, yet efforts to professionalize EA do not necessarily lead to increased credibility and adoption, at least not yet.

We’ll examine the shift of IT from mysterious art to more engineered science and how enterprise architects face the unique opportunity to usher in the concept of business architecture and increased business agility.

Here to help us better understanding the dynamic role of EA, we're joined by Jeanne Ross, Director and Principal Research Scientist at the MIT Center for Information Systems Research and noted author; Dave Hornford, an architecture practice principal at Integritas Solutions, as well as the Chairman of The Open Group Architecture Forum, and Len Fehskens, Vice President for Skills and Capabilities at The Open Group. The discussion is moderated by me, Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:
Fehskens: [Enterprise architecture] is really just a gleam in many people’s eye at this point. If you look at the discipline of EA and compare it to mature professions like law and medicine, we’re back 200-300 years ago. We’ve been doing a lot of research recently into the professionalization of other disciplines.

Most of the people studying the subject come up with a fairly short list of characteristics of professions. They usually include things like a well-defined body of knowledge, and well-defined educational program and particular degree programs, often offered by schools that are specifically focused on the discipline, not just the department within a larger organization.

There's some kind of professional certification or vetting process and often even some kind of legal sanction, a right to practice or right to bear the title. We don’t have any of those things right now for EA.

Proprietary knowledge

The body of knowledge is widely distributed and is largely proprietary. We’re at a state similar to going to a lawyer, and the lawyers try to sell themselves based on secret processes that only they had that would allow you to get a fair shake before a judge. Or similar thing with a doctor, who would say, "Come to this hospital, because we’re the only people who know how to do this particular kind of procedure."

So, we’ve got a long way to go. The big thing we’ve got going for us is that, as Jeanne pointed out, the stakes are high and so many organizations are becoming dependent upon the competent practice of EA as a discipline.

There's a lot of energy in the system to move forward very quickly on the professionalization of the discipline, and in addition to take advantage of what we’ve learned from watching the professionalization of disciplines like law, medicine, engineering, civil architecture, etc. We’ve got long ways to go, but we are running really hard to make some progress.

Ross: The stakes are high, because organizations are becoming more digital out of necessity. It’s a more digital economy. Thus, IT is more strategic. I think people see that, but outside of people who have already embraced architecture, there is some reluctance to think that the way we get more value from IT is basically by taming it, by establishing a vision and building to standards and understanding how that relates back to new ways of doing business, and actually developing standards around business processes and around data.

... The architect’s role is to make sure that there is a vision. You may have to help provide that vision as to what that process is, and how it fits into a bigger vision. So there is a lot of negotiation and envisioning that becomes part of an architect’s role that is above and beyond just the technology piece and the methodology that we’ve worked so hard at in terms of developing the discipline.

... We’ve learned a lot about methodologies, disciplines, and tools, but there is an art to be able to take the long-term vision for an organization and not just say, "It’ll come guys, be patient," but rather, "I understand that starting tomorrow, we need to begin generating value from more disciplined processes."

... There is a piece of it that’s just not appealing [across the organization]. Besides, we feel like this should all be about innovation, which should be all exciting stuff. Architecture just doesn’t have the right feel for a lot of businesspeople.

Hornford: The stakes are high in the sense that should someone in your industry figure this out, they will change the game on you, and you will now be in a serious trouble. As long as all of your competition is struggling as long as you are, you’re okay. It’s when someone figures it out that they will change the game.

Where people are doing it well is where they are focused on business value. The question of what is business value is highly dependent. People will mention a term, “agility.” I work with a mining company. They define agility as the ability to disassemble their business. They have a mine. Someone buys the mine. We need to remove the mine from the business. A different organization will define agility a different way, but underpinning all of that is what is the business trying to achieve? What is their vision and what is their goal?

Practitioners who are pursuing this have to be very clear on what is the end state, what is the goal, what is the business transformation, and how will the digital assets of the corporation the IT asset actually enable where they’re going, so that they’re able to move themselves to a target more effectively than their competition.

... The fundamental with leadership in EA is that architects don’t own things. They are not responsible for the business processes. They are not responsible for the sales results. They are responsible for leading a group of people to that transformation, to that happy place, or to the end-state that you're trying to achieve.

If you don't have good leadership skills, the rest of it fundamentally doesn’t matter. You’ll be sitting back and saying, "Well, if I only had a hammer. If I only had authority, I could make people do things." Well, if you have that authority, you would be the general manager. You’d be the COO. They're looking for someone to assist them in areas of the business at times that they can't be there.

... If you do not lead and do not take the risk to lead, the transformation won’t occur. One of the barriers for the profession today is that many architects are not prepared to take the risk of leadership.

Fehskens: A phrase that you’ll hear architects use a lot is "compelling value proposition." The authority of an architect ultimately comes from their ability to articulate a compelling value proposition for architecture in general, for specific architect in a specific situation. Even if you have a compelling value proposition and it falls on deaf ears, for whatever reason, that’s the end of the road.

There isn’t any place you can go, because the only leverage an architect has is the ability to articulate a compelling value proposition that says, "I’ve recognized this. I acknowledge this is promise, but here’s why you have reason to believe that I can actually deliver on this and that when I have delivered on this, this thing itself will deliver these promised benefits."

But, you have to be able to make that argument and you have to be able to do it in the language of the audience that you're speaking to. This is probably one of the biggest problems that architects coming from a technical background have. They'll tell you about features and functions but never get around talking about benefits.

... Architects are ultimately charged with making sure that whatever it is that they're architecting is fit for purpose. Fitness for purpose involves not doing any more than you absolutely have to. ... The architect’s approach to dealing with the architectural way of problem solving means that agility and cost cutting sort of are not short-term focuses. They are just built into the idea of why we do architecture in the first place.

... My experience with businesspeople is they don’t really care how you do something. All they care is what results you're going to produce. What you do is just a black box. All they care about is whether or not the black box delivers all the promises that it made.

To convince somebody that you can actually do this, that the black box will actually solve this problem without going into the details of the intricacies and sort of trying to prove that if I just show you how it works then you’ll obviously come to the conclusion that it will do what I promise, you can’t do that that. For most audiences that just doesn’t work. That’s probably one of the most fundamental skills that architects need in order to work through this problem -- getting people to buy into what they are trying to sell.

The thing to recognize about business agility is that it’s a journey. You don’t want to start making your compelling business values something you can't deliver for three years.



Ross: The thing to recognize about business agility is that it’s a journey. You don’t want to start making your compelling business values something you can't deliver for three years. Many times the path to agility is through risk management, where you can demonstrate the ability of the IT unit to reduce downtime to increase security or lower cost. The IT unit can often find ways to lower IT cost or to lower operational cost through IT.

So, many times, the compelling value proposition for agility is down the road. We've already learned how to save money. Then, it’s an easier sell to say, "Oh, you know, we haven’t used IT all that well in the past, but now we can make you more agile." I just don’t think anybody is going to buy it.

It’s a matter of taking it a step at a time, showing the organization what IT can help them do, and then, over time, there's this natural transition. In fact, I'm guessing a lot of organizations say, "Look, we're more agile than we used to be." It wasn’t because they said they were going to be agile, but rather because they said they were going to keep doing things better day after day.

Hornford: If we're going to look at our sourcing options, using the word "component" as opposed to "platform," I can acquire a benefit. I can acquire a benefits engine as a service or I can build my own and manage my own processes, whether fully manual or digitized. Those choices come down to my value in the business.

Different organizations will have different things that matter to them. They will structure and compose their businesses for a different value chain for a different value proposition to their customers.

If we get back to the core of what an architect has to deliver, it’s understanding what is the business’s value, where are we delivering value to my customers?
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Sponsor: The Open Group.

You may also be interested in:

Wednesday, July 21, 2010

Open Group panel: Enterprise Architects increasingly join in common defense against cyber security threats

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Sponsor: The Open Group.

Welcome to a panel discussion that examines the need for improved common defenses -- including advancing cooperation between enterprise architects and chief security officers -- to jointly defend against burgeoning cyber security threats. The risks are coming from inside enterprises, as well as myriad external sources.

From the panel, at The Open Group Conference this week in Boston, we’ll learn more about the nature of these borderless, external, cyber security threats, as they emerge from criminal enterprises, globally competitive business sources, even state-based threats, and sometimes a combination of these. We’ll also hear recommendations on developing smarter processes for cyber security based on proven methods and pervasive policies.

To help broaden the scope of enterprise architecture, and to develop a leverage point for "mission architecture"-levels of security and defenses, we're joined by retired Air Force Lt. Gen. Harry D. Raduege Jr., chairman of the Deloitte Center for Cyber Innovation, and who co-chairs a cybersecurity commission under President Obama; Jim Hietala, Vice President of Security at the Open Group, and Usman Sindhu, researcher at Forrester Research. The panel is moderated by Dana Gardner, principal analyst at Interarbor Solutions.

Here are some excerpts:
Raduege: With openness, come these new threats. The vulnerabilities that we have of operating in cyberspace are magnified by ... identity theft, information manipulation, information theft, cyber crime, and insider threats that are prevalent in many of our organizations and companies today. Also, the threat of espionage, of losing lots of intellectual property from our businesses, and the cyber attacks that are taking place, the denial-of-service (DOS), and also the threat that we see on the horizon -- cyberterrorism.

There's now a tremendous opportunity for us to gain the benefits of being able to communicate, not only nationally, but also internationally, and across all borders, in the area of cyber security. This is an international problem, and so an opportunity for us to take advantage of it. We’re all in this together.

Many people are bringing best practices to the table. We’re learning from each other’s experiences. The international cooperation and the opportunity to meet and discuss these areas are very valuable to all of us individually, and to our companies and to our nations.

This is the significance of this type of a gathering, to talk about the real benefits of cyberspace, but also to talk about the issues of cyber security that are facing us all. The importance of the underlying foundational aspects of having a great enterprise architecture is pointing more toward a mission architecture for business success.

Organizations like The Open Group are working on the common standards that are so important for the international community to comply with and to have as guiding factors. Education is very important, developing a cyber mindset across all people of the world, not only in the government organizations, but for industry, and also the individual users at home.

The aspects of education and training and awareness of what’s going on there in cyber is paramount for proper operation, but also for the protection of your critical information.



The aspects of education and training and awareness of what’s going on there in cyber is paramount for proper operation, but also for the protection of your critical information.

Sindhu: Traditionally, security has been a point technology. Even in the government space, there has been a lot of focus around just technologies. We have seen saw how the importance of point technologies has been overemphasized, rather than risk analysis and process.

Today, many organizations, including the public and private sector, are waking up to the fact that technology alone is not the answer. It’s the process and people as well. That’s where deriving these best practices would be a key in collaborating with the private and public sector and bringing in an architecture.

As far as this interconnectivity is concerned, you'll see lot of different business-to-business (B2B) and business-to-consumer (B2C) interactions. It happens today. Today, business partners and distributors do business on the go, on social media, either Twitter feeds or Facebook, or something I call ad-hoc communication through their mobile devices. This is the nature of today’s interaction. This is the nature of B2C and B2B interactions.

... And in the 21st Century we'll have a lot more innovations and more technology adoption in a much more accelerated fashion.

The smart concept

That’s where the smart concept comes in. This entails smartening our physical infrastructure, our critical infrastructures like utility, healthcare, financial services, transportation, public safety, and also city administrations, down to the IT system itself.

It will use of lot of IT enablement from either the cloud or communication infrastructure, things like RFID technologies, 4G technologies, and solar technologies, to embed lot of situational awareness, analytics, and locationing into the systems.

This is a smart kind of a concept that embeds itself into smart city infrastructure where all the different components embed all the IT technologies together. There are other initiatives like smart grid or smart healthcare that are embedding these IT technologies as well.

That's a great way to start the 21st Century with this innovation, but the need for security arises at the same time. As Gen. Raduege mentioned, cyberspace is a new frontier, or information security in the cyber world, is a new frontier.

Today, many organizations, including the public and private sector, are waking up to the fact that technology alone is not the answer.



That’s where we have to address lot of different issues and problems around policy, architecture, and best practices. It’s only going to get more serious, as we connect a lot of different systems that were not connected in the past.

One of the key aspects of smartness is cross-industry and cross-team collaboration. Today, when we start to look at some of the smart deployments, either in the vertical sectors like utilities, healthcare, or even other private-sector industries, we see more and more that security is getting attention from the board-level and C-level executive.

Similarly, enterprise architecture is getting its attention as well. Going forward, we see a great emphasis on combining these two initiatives, even though it’s still a very nascent stage at the board-level talks and C-level talks. We're not seeing a huge focus on cyber security in some instances, but of course it’s changing. It’s increasing.

It's fair to say that the security and enterprise architecture will play a key role, as both concepts mingle together to bring about best practices in architecture in the early phases into planning, deployment, and delivery of the smart services.

Hietala: It’s still early in the process of really bringing enhanced security into the professional enterprise architecture. So, in The Open Group Architecture Framework (TOGAF), three of the nine iterations of it, we've added significant security information and content that enterprise architecture need to bear in mind in developing architectures.

But that work is ongoing. We have a couple of projects both to enhance the security of TOGAF, and also to work to collaborate with the Sherwood Applied Business Security Architecture (SABSA) folks, another security architecture development methodology, to harmonize those two approaches.

There's a lot of work ongoing there, and there's a lot of work needed in developing reference architectures outside of purely IT. We have a document that we are updating called Enterprise Security Architecture. It will be published this fall, and updates some work that was done five or six years ago, sort of an IT reference architecture.

From an enterprise perspective, looking at mission success and thinking about cyber security really is the Chief Information Security Officer (CISO) role inside a given enterprise. That probably is most relevant to address the issues. The interesting thing is that many of the new developments that we’re looking at -- whether it's smarter hospitals, smarter medical devices, smarter electrical grid -- are industry specific and they require a lot of cooperation between organizations in an industry.

There's a role for standards and industry organizations to pull together and come up with some common standards to facilitate better security.



There's a role for standards and industry organizations to pull together and come up with some common standards to facilitate better security, maybe better frameworks or things like that, that can be leveraged across an entire industry.

We see a need, as you start to look at cyber security and the different kinds of architectures, to develop new reference architectures to address some of these new applications of IT technology to everyday life. If you think about networks in cars or networks of smart devices comprising the power grid, what does security look like for those things? Our membership is starting to look at some of those and trying to determine where we can add some value for the industry.

Raduege: The Internet has changed our world, and the way we operate. For years, we've had enterprise architects who have been working down the hall or in the basements of organizations, and who have been trying to figure out the best way of technically aligning the Internet and all of the interconnected networks to make it work as best it could.

Now that this world of cyber has really come upon us, it has really elevated the importance of the enterprise architect into the higher levels of an organization, just because of the threats that are constantly coming upon us in our business operations and our mission success.

The enterprise architect has now gotten the attention of the C-suite executives and organization leadership. But, they don’t like to think as much about enterprise architecture, because it really has that technical connotation as my colleagues here have mentioned, we're really talking and focusing more now on the people and the process aspects of running the business properly.

The front-office people, the C-suite executives and leaders of organizations, instead of thinking about enterprise architecture from a technical aspect, are becoming much more interested in a mission architecture.

In other words, what's the architecture needed to complete my mission so that I can have success -- whatever your mission is, if it’s government activity or whether it’s industry. Mission architecture has taken on new meaning that takes into account the technical architecture, but also adds the workforce domain and the process elements of the organization.

Architecture is important, but there is no silver bullet to it. Since the smart concept is industry-wide and is global, there could be many references to architectures that could go in.



So, mission architecture is really pointing toward business success, whatever your business is, whether it’s government operations or industry.

Sindhu: Architecture is important, but there is no silver bullet to it. Since the smart concept is industry-wide and is global, there could be many references to architectures that could go in. Some things have started to happen.

For example, the Department of Homeland Security came over to IT risk baseline about a year-and-a-half ago. It collaborated with the IT vendors and IT sector in general and started to create this risk baseline, which comes about in the earlier phases of architecture.

As you develop a framework, you take feeds from the various industry standards and regulatory compliance mandates and you start to create a risk baseline, a risk profile that touches every single silo of people, process, and technology. Over the time, you do the collaboration, internally, but externally as well.

Hietala: Definitely there is a need for increased public-sector and private-industry cooperation. We have an initiative here, The Open Group's Acquisition Cybersecurity (ACS) Initiative. It was brought to us by the Department of Defense as a consulting effort. They wanted an organization to pull together private industry and try to drive some standards looking at the supply chains to the major IT suppliers. That work is ongoing and that would be a good reference of an initiative like that.

Sindhu: The role of the architecture and security has to be involved right from the planning phase, where you manifest the value of security being built in, either to the products or in general to the architecture? That has to be the first step -- that we acknowledge the need to embed that into the overall process.
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Sponsor: The Open Group.

You may also be interested in:

Wednesday, July 7, 2010

HP virtual conferences tackle data center transformation trends, methods, solutions

Learn more about Data Center Transformation via free HP virtual conferences:
Europe, Middle East, Asia -- July 13
Americas -- July 14
Asia Pacific Japan -- July 15

HP is continuing its series of free virtual conferences, giving IT professionals online access to briefings on business and technology trends about data center transformation (DCT) from HP executives and third-party experts. During the newest upcoming events, which run July 13-15, those attending will have the opportunity to listen to, and chat with, technology experts from HP, as well as hundreds of other IT professionals.

Hosted by Helen Tang, HP WW Data Center Transformation Lead for HP Enterprise Business, this virtual conference series features top HP executives describing how DCT helps companies respond quickly to changing business needs and shift spending from maintenance to innovation. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

The free, half-day virtual events, organized by region, explore IT strategies and solutions to avoid performance pitfalls and to achieve more predictable results. They discuss DCT and explore approaches for delivering significantly higher data center results in a shorter time-frame. The purely online events also provide keynotes and other "auditorium" sessions, an exhibit area, and an opportunity to network online.

Keynote speaker Donna Scott, Vice President and Distinguished Analyst with Gartner research, will present “Choosing the right data center and IT architecture to meet the needs of the business.”

Other sessions include:
  • Three signs that it’s time to transform your data center

  • Building a converged infrastructure environment to overcome application and IT sprawl in the data center

  • Data center facilities optimization strategies for design, reliability and environmental efficiency

  • Closing keynote case study: Data center transformation results in billion dollar annual savings.
Speakers include: Hande Sahin-Bahceci, Data Center Transformation Manager, HP Technology Services; Bob Meyer, HP's Worldwide Solutions Lead; Duncan Campbell, VP of HP's Worldwide Marketing; Peter Gross, Vice President and General Manager of HP Critical Facilities Services; Jay Mellman, Sernior Director for Worldwide Marketing HP Networking; and Pete Karolczak, Senior Vice President and General Manager of HP Enterprise Services.

The conference will be offered for Europe, The Middle East and Asia on July 13, the Americas on July 14, and Asia Pacific and Japan on July 15. Follow the links in the below box to learn more and register.

Learn more about Data Center Transformation via free HP virtual conferences:
Europe, Middle East, Asia -- July 13
Americas -- July 14
Asia Pacific Japan -- July 15


You may also be interested in: