Monthly Archives: April 2011

The Open Group Conference, London: An open environment for challenging times

By Allen Brown, CEO, The Open Group

In little over a week, The Open Group will convene in London to debate some of today’s key IT issues such as Cloud Computing and Enterprise Architecture.

Our members span a range of companies and organisations, including Capgemini, HP, IBM, Oracle, Kingdee and SAP, and hail from around the globe. It’s not easy trying to get such a range of individuals to reach some sort of consensus; our conferences are vital in developing open standards and certifications. Our rich and varied membership certainly makes for interesting and lively debates. During the London Conference, May 9-13, we’ll hear plenty of opinions on a variety of topics including enterprise architecture (EA), business transformation, cyber-security, Cloud Computing, SOA and skills-based certifications.

We’ve got an excellent group of speakers attending the conference including Peter Edwards, Associate Director, IT & Communications Consulting, Arup, who’ll describe his experiences of being an Enterprise Architect in the land of Architects and Civil Engineers. His speech will discuss his position at Arup and some aspects of his role as Chief Enterprise Architect for the Olympic Delivery Authority (ODA)​. He’ll discuss examples from recent work on major airports, sports facilities, “smart cities” and efficient data centres, explaining how these all rely heavily and increasingly on complex, integrated systems and how the concepts, tools and techniques of enterprise architecture are helpful in planning and integrating such systems, and in helping to bridge the communication gap between the different types of stakeholders.

Other presenters will address the role of technical experts to investigate organised crime, Cloud vendor selection (how to pick the right combination of better, faster and cheaper), architecting Cloud Computing, securing the global supply chain and much more.

As the IT media is dominated by stories on Cloud and cyber-security, it will be refreshing to debate these in an open environment and discuss the many challenges we all face in navigating an increasingly complex IT world. I’d love to hear your views on the type of questions you’d like answered and any particular issues you feel passionate about.

The Open Group Conference, London, May 9-13 is almost here! Join us for best practices and case studies on Enterprise Architecture, Cloud, Security and more, presented by preeminent thought leaders in the industry.

Allen BrownAllen Brown is the President and CEO of The Open GroupFor more than ten years, he has been responsible for driving the organization’s strategic plan and day-to-day operations; he was also instrumental in the creation of The Association of Open Group Enterprise Architects (AOGEA). Allen is based in the U.K.

Comments Off

Filed under Cloud/SOA, Cybersecurity, Enterprise Architecture

Giving EA the much-needed business slant: some thoughts

By Raghuraman Krishnamurthy, Cognizant Technology Solutions

Recently, I had the opportunity to quickly look at Chris Potts’s absorbingly written book titled recrEAtion: Realizing the Extraordinary Contribution of Your Enterprise Architects. The best contribution of EA, the book illustrates through a fictitious story line told with finesse, is much beyond IT. Enterprise architects need to be thinking more of business and contribute to strategy coherence by being uniquely able to link business goals with IT.

The word ‘architecture’ has an unfortunate connation with IT resulting in lumping of any architecture into the IT/IS function. That EA is much more than IT/IS has been the uniform rallying point of the community of enterprise architects for several years. There is a degree of success in this effort: for instance, the importance of EA in planning, alignment and program management is well researched and there is evidence in industry of realizing benefits that EA provides in this direction. However, for EA to earn its glorious position of the overall enterprise wide architecture management function,  it needs business embracement.

Business architecture is part of enterprise architecture. Let us consider some of the challenges that have business ramification in equal (or perhaps more) measure as technology:

  • Gaining customer insight is no longer possible with internal systems alone. There are social sites where the views of the customers are shared and debated within the community. How would this challenge be addressed in business architecture?
  • Mobility is opening up enterprise’s business opportunities in innovative ways. Mobility gives the customer the power to do business truly anytime, anywhere. How an enterprise can improve the collaboration in novel ways and generate close customer touch using new channels like mobility? How is business going to measure the effectiveness of this channel and what type of architecture models will be relevant?
  • Business processes are keys to realizing business objectives. How the business process, the associated rules, performance of the business process itself can be modeled in business terms? How can workflows and the associated documents be modeled in business terms?

The above could be some areas that EA can focus on giving the business flavor.

‘Evolving EA to Architect the Business’ is a subject that will be discussed in depth during The Open Group Conference, London, May 9-13. Join us for best practices and case studies on Enterprise Architecture, Cloud, Security and more, presented by preeminent thought leaders in the industry.

Raghuraman Krishnamurthy works as a Principal Architect at Cognizant Technology Solutions and is based in India. He can be reached at Raghuraman.krishnamurthy2@cognizant.com.

2 Comments

Filed under Enterprise Architecture

Challenges of Emergent Architecture

By Balasubramanian Somasundram, Honeywell Technology Solutions Ltd.

In 2009, Gartner had coined a term called ‘Emergent Architecture’ advocating the need for a re-orientation in Enterprise Architecture practice. According to this paradigm, Gartner suggests Enterprise Architects must adopt a new style of Enterprise Architecture to respond to a growing variety and complexity in markets, economics, nations, networks and companies. Gartner had also listed some of the characteristics of such an Emergent Architecture and the kind of changes that we can foresee in near future.

After two years, I wanted to take a closer look at this observation and correlate some of my personal experiences from Enterprise IT.

To set the context, would like to quote the emergence of situational applications. In simple terms, situational applications solve immediate business challenges by addressing a situation in hand. The key characteristics of situational applications are – unique situation, highly personalized, immediate and time-sensitive nature of business scenario.  A “situational application” is a broader term that includes concrete implementations such as Mashups and Composite applications.

So far, Enterprise IT has been busy with ERP/CRM and packaged applications and custom developed web applications. Now, that era of “hand coding” is almost saturated and hit a plateau due to couple of reasons such as – Enterprise roll-outs of ERP/CRM are complete, custom developed applications are rationalized and consolidated with ERP suites and demands for new custom developed applications are challenged for solid business cases.

However, the unique business situations still demand for small/nimble IT solutions that wouldn’t wait for long lead times, big business cases. What is the solution?

Situational Applications can help.

The key characteristic of these situational applications is that business doesn’t have the details about the requirements or responses. All it has is the outcome that needs to be achieved. Sometimes, business just wants to experiment with multiple options before zeroing on one solution. In some cases, business wants to build just a pilot, scaled-down version of the actual solution and eventually evolve it to an enterprise-class solution. Sound familiar?

I would say this is one of the categories of emergence scenarios that Enterprise Architecture needs to deal with, for both business and IT stakeholders.

In contrast to what Gartner states, the key challenges that EA needs help solving are not just macro issues such as geopolitical risks or outsourcing governance etc., but micro issues that would help executing day-to-day projects much more effectively. This will build the credibility of EA groups at grassroots level and drive some real changes in business/IT. I would like to list some of those challenges to be solved:

  1. Given the uncertainty in requirements and technologies, what is the best way to cater to these business requests for building situational applications? Certainly, agile methods can help to certain extent. But the scenarios that revolve around situational applications are much more dynamic and need much faster results. Another way to look at this challenge is, how do these unique business situations fit in the overall business architecture?
  2. How do we engage business users to gather requirements in creative ways, especially when business users themselves may not have all the data upfront?
  3. If we need to build nimble, simple IT solutions, we need to have a solid architecture foundation. How can EA help both segments? – foundational and situational
  4. How do we make sure we create an ecosystem where the new architecture ‘evolves” as the requirements and solutions themselves evolve over a period of time?  How do we make sure architecture not only evolves, but translatable to an enterprise-scale solution?

Thanks to The Open Group, we have robust frameworks and methodologies for building deterministic enterprise architectures. It will be interesting to see how The Open Group addresses the demands and challenges of nondeterministic/emergent enterprise architectures as stated above, in the future.

Enterprise Architecture is a subject that will be discussed in depth during The Open Group Conference, London, May 9-13. Join us for best practices and case studies on Enterprise Architecture, Cloud, Security and more, presented by preeminent thought leaders in the industry.

Balasubramanian Somasundaram is an Enterprise Architect with Honeywell Technology Solutions Ltd, Bangalore, a division of Honeywell Inc, USA. Bala has been with Honeywell Technology Solutions for the past five years and contributed in several technology roles. His current responsibilities include Architecture/Technology Planning and Governance, Solution Architecture Definition for business-critical programs, and Technical oversight/Review for programs delivered from Honeywell IT India center. With more than 12 years of experience in the IT services industry, Bala has worked with variety of technologies with a focus on IT architecture practice.  His current interests include Enterprise Architecture, Cloud Computing and Mobile Applications. He periodically writes about emerging technology trends that impact the Enterprise IT space on his blog. Bala holds a Master of Science in Computer Science from MKU University, India.

9 Comments

Filed under Enterprise Architecture

Is Enterprise Architecture a Profession?

By Jason Uppal, QRS

I have been involved with the Enterprise Architecture (EA) industry for the past 12 years. If the number of open positions for Enterprise Architects is any indication, there are a great many vacancies for EA opportunities that are going unfulfilled. Every time we discuss how to close this supply and demand gap for architects, the same question arises time and time again – is Enterprise Architecture a profession or discipline? Having some insight to this question – if not a complete answer – will help us further define the curriculum, mentoring and process to develop architects.

The purpose of this blog is to discuss what makes a profession and how to apply this to Enterprise Architecture. The July-August 2010 Harvard Business Review explored a similar subject – Is management a profession or discipline? I would like to apply the same thinking to Enterprise Architecture and would welcome your comments.

What makes a Profession?

The HBR article outlined the following characteristics of a profession:

  • Professions are made up of particular categories of people from whom we seek advice and services because they have knowledge and skills that we do not.
  • We cannot judge the quality of information ourselves even after the actions according to the advice and/or service has been implemented.
  • Since a professional is an expert and we are not, there is always an asymmetry of knowledge.


Scenario for Medicine as a Profession

Let’s apply these characteristics to a well-known profession such as a physician. After a four-year hiatus from marathon running, I asked my family doctor for advice on how to approach my training, the goal being that I just wanted to complete the marathon in less than four hours. He reviewed my physical condition, training plan and demeanour from past records and provided me with a training plan, nutrition plan and regular checkup schedule. During the training, he helped me understand how best to use the tools he provided. The final result, I completed the run in 3 hours and 45 minutes, without injuring myself, and still had enough strength to celebrate afterwards.

Situation Diagnostics – Could another physician have given me a different plan that would achieve the same results? The answer is perhaps yes, but as an information seeker I would have never known. I needed to trust my physician as the expert and that I did not have the expertise to judge the quality of his advice. This information asymmetry will permanently exist.

Scenario for an Enterprise Architecture as a Profession

Let’s apply similar scenario to an Enterprise Architect. Three years ago, I was asked by a manufacturing VP (George) to help upgrade his company’s aging manufacturing production infrastructure with a financially viable business case. For simplicity, let’s ignore other constraints for now. I studied the current situation, defined the target state, quantified the business benefit of being at the target state, validated it with key stakeholders, defined the transition map, created the architecture  — including total cost, benefits, risk and impact of the change on people. We presented the architecture and business case to the CEO in three slides and in seven minutes. He looked at both of us and said, “Are you telling me that you can solve the production problems at that price” – which was half of the anticipated price – “and deliver these benefits by this schedule?” The answer came, “Yes sir”. He immediately said, “George, we should do this program.”

Situation Diagnostics: I framed the problem, defined, implemented and exploited the capabilities to deliver the results at a certain cost and risk appetite. Would George – given his own abilities – be able to determine that the problem could have been solved for half the costs and less risk and impact to the organization? The answer is no, unless he asks another architect for a second review of the problem. This option is not very realistic in practice.

In conclusion, I would like to say that Enterprise Architecture is a profession where we define the role of Enterprise Architect as a person who takes responsibility for the definition and development of necessary Enterprise Capabilities required to achieve the goals and provide expertise based in leading the exploitation of those capabilities until the intended outcome is achieved. This is no different from what I asked my physician in the scenario above.

Are we ready to define and accept Enterprise Architect’s role as above? I welcome all feedback … negative and positive.

This post was originally posted to the QRS blog on April 16.

The profession of Enterprise Architecture is a subject that will be discussed in depth during The Open Group Conference, London, May 9-13, both in public sessions and during The Open Group Architecture Forum meetings. Join us in London for best practices and case studies on Enterprise Architecture, Cloud, Security and more, presented by preeminent thought leaders in the industry.

Jason Uppal, P.Eng. is the Chief Architect at QRS and was the first Master IT Architect certified by The Open Group, by direct review, in October 2005. He holds an undergraduate degree in Mechanical Engineering, graduate degree in Economics and a post graduate diploma in Computer Science. Jason’s commitment to Enterprise Architecture Life Cycle (EALC) has led him to focus on training (TOGAF®), education (UOIT) and mentoring services to his clients as well as being the responsible individual for both Architecture and Portfolio & Project Management for a number of major projects. Jason has found that education is only beneficial to those companies who can industrialize the EALC process – staff must be able to implement what they have learned. To that end, he lead a team of java software developers to develop an end to end industrialization product which encapsulates Enterprise Architecture, Portfolio and Project Management, Project Management and  IT Services Management processes. Implementing this software product, ITO, (www.itoProcesses.com.) permits companies to take full advantage of TOGAF® and any other custom processes which might already be in place within their organization.

1 Comment

Filed under Enterprise Architecture

“Making Standards Work®”

By Andrew Josey, The Open Group

Next month as part of the ongoing process of “Making Standards Work®,” we will be setting standards and policy with those attending the member meetings at The Open Group Conference, London, (May 9-12, Central Hall Westminster). The standards development activities include a wide range of subject areas from Cloud Computing, Tools and People certification, best practices for Trusted Technology, SOA and Quantum Lifecycle Management, as well as maintenance of existing standards such as TOGAF® and ArchiMate®. The common link with all these activities is that all of these are open standards developed by members of The Open Group.

Why do our members invest their time and efforts in development of open standards? The key reasons as I see them are as follows:

  1. Open standards are a core part of today’s infrastructure
  2. Open standards allow vendors to differentiate their offerings by offering a level of openness (portable interfaces and interoperability)
  3. Open standards establish a baseline from which competitors can innovate
  4. Open standards backed with certification enable customers to buy with increased confidence

This is all very well, you say — but what differentiates The Open Group from other standards organizations? Well, when The Open Group develops a new standard, we take an end-to-end view of the ecosystem all the way through from customer requirements, developing consensus standards to certification and procurement. We aim to deliver standards that meet a need in the marketplace and then back those up with certification that delivers an assurance about the products or in the case of people certification, their knowledge or skills and experience. We then take regular feedback on our standards, maintain them and evolve them according to marketplace needs. We also have a deterministic, timely process for developing our standards that helps to avoid the stalemate that can occur in some standards development.

Let’s look briefly at two of the most well known Open Group standards:  UNIX® and TOGAF®,. The UNIX® and TOGAF® standards are both examples of where a full ecosystem has been developed around the standard.

The UNIX® standard for operating systems has been around since 1995 and is now in its fourth major iteration. High reliability, availability and scalability are all attributes associated with certified UNIX® systems. As well as the multi-billion-dollar annual market in server systems from HP, Oracle, IBM and Fujitsu, there is an installed base of 50 million users* using The Open Group certified UNIX® systems on the desktop.

TOGAF® is the standard enterprise architecture method and framework. It encourages use with other frameworks and adoption of best practices for enterprise architecture. Now in its ninth iteration, it is freely available for internal use by any organization globally and is widely adopted with over 60% of the Fortune 50 and more than 80% of the Global Forbes 50. The TOGAF® certification program now has more than 15,000 certified individuals, including over 6,000 for TOGAF® 9.

If you are able to join us in London in May, I hope you will be able to also join us at the member meetings to continue making standards work. If you are not yet a member then I hope you will attend the conference itself and network with the members to find out more and consider joining us in Making Standards Work®!

For more information on The Open Group Standards Process visit http://www.opengroup.org/standardsprocess/

(*) Apple estimated number from Briefing October 2010. Mac OS X is certified to the UNIX 03 standard.

Standards development will be part of member meetings taking place at The Open Group Conference, London, May 9-13. Join us for best practices and case studies on Enterprise Architecture, Cloud, Security and more, presented by preeminent thought leaders in the industry.

Andrew Josey is Director of Standards within The Open Group, responsible for the Standards Process across the organization. Andrew leads the standards development activities within The Open Group Architecture Forum, including the development and maintenance of TOGAF® 9, and the TOGAF® 9 People certification program. He also chairs the Austin Group, the working group responsible for development and maintenance the POSIX 1003.1 standard that forms the core volumes of the Single UNIX® Specification. He is the ISO project editor for ISO/IEC 9945 (POSIX). He is a member of the IEEE Computer Society’s Golden Core and is the IEEE P1003.1 chair and the IEEE PASC Functional chair of Interpretations. Andrew is based in the UK.

Comments Off

Filed under Standards, UNIX, TOGAF

The Open Group Announces New Information Security Management Standard: O-ISM3

By Jim Hietala, The Open Group

The Open Group yesterday announced the approval of a new standard in information security, O-ISM3. This standard, which derives its name from The Open Group Information Security Management Maturity Model, aims to help information security managers and practitioners to more effectively manage information security. Information security management is one of two focus areas for The Open Group Security Forum (security architecture being the other).

The development of the O-ISM3 standard has been in process in the Security Forum for the past 18 months. Like all Open Group standards, O-ISM3 was developed through an open, consensus-based process. The O-ISM3 standard leverages work previously done by the ISM3 consortium to produce the ISM3 version 2.3 document.

O-ISM3 brings some fresh thinking to information security management. O-ISM3:

  • Provides a framework to align security objectives and security targets to overall business objectives
  • Delivers a much-needed continuous improvement approach to the management of information security
  • Expresses security outcomes in positive terms

O-ISM3 can be implemented as a top-down methodology to manage an entire information security program, or it can be deployed more tactically, starting with just a few information security processes. As such, it can deliver value to information security organizations of varying sizes, maturity levels, and in different industries.

The O-ISM3 standard is available free on The Open Group website (registration required), and on Kindle. The standard provides an approach which is complementary to ISO 27001/2, as well as to ITIL and COBIT.

The Open Group is conducting a series of webcasts on the O-ISM3 standard in April and May. Details and registration may be found here.

Many thanks to the many members of The Open Group who worked hard over the past 18 months to make O-ISM3 a reality. Many had a hand in developing O-ISM3 in the Security Forum, and I thank them all; however, I would be remiss if I did not recognize the leadership of workgroup chair Vicente Aceituno, who brought this work to The Open Group, and who has continued to work tirelessly to make O-ISM3 an important standard for information security.

The working group will in the coming months be developing maturity levels for O-ISM3, and exploring certification programs. If you have interest in O-ISM3 and these future developments, please contact us at ogsecurity-interest@opengroup.org and we will help you get involved.

Jim HietalaAn IT security industry veteran, Jim is Vice President of Security at The Open Group, where he is responsible for security programs and standards activities. He holds the CISSP and GSEC certifications. Jim is based in the U.S.

2 Comments

Filed under Information security, Standards

TOGAF® and ArchiMate®: Learning from academia

By Garry Doherty, The Open Group

Entitled “Just enough EA”, a set of case studies has been published by the Joint Information Systems Committee (JISC), made up of senior managers, academics and technology experts working in UK further and higher education. These experts determine JISC’s programme of work to reflect the present and future needs of the education and research communities.

Case studies from Staffordshire University, Roehampton University, Liverpool John Moores University and Leeds Metropolitan University delve briefly into their experiences with many aspects TOGAF® and ArchiMate®, and look at the “Do’s and Don’ts” of engaging with Enterprise Architecture… It’s certainly worth a look. Read the case studies here.

Garry DohertyGarry Doherty is an experienced product marketer and product manager with a background in the IT and telecommunications industries. Garry is the TOGAF® Product Manager and theArchiMate® Forum Director at The Open Group. Garry is based in the U.K.

1 Comment

Filed under Enterprise Architecture, TOGAF®, ArchiMate®

Creation of a strategy for the consumption and management of Cloud Services in the TOGAF® Preliminary Phase

By Serge Thorn, Architecting the Enterprise

In an article on my blog, Cloud Computing requires Enterprise Architecture and TOGAF 9 can show the way I described the need to define a strategy as an additional step in the TOGAF 9 Preliminary Phase. This article describes in more detail what could be the content of such a document, specifically, what are the governance activities related to the Consumption and Management of Cloud Services.

Before deciding to switch over to Cloud Computing, companies should first fully understand the concepts and implications of an internal IT investment or buying this as a service. There are different approaches, which may have to be considered from an enterprise level when Cloud Computing is considered: Public Cloud vs. Private Clouds vs. Hybrid Clouds. Despite the fact that many people already know what the differences are, below are some summaries of the various models:

  • A public Cloud is one in which the consumer of Cloud services and the provider of Cloud services exist in separate enterprises. The ownership of the assets used to deliver Cloud services remains with the provider
  • A private Cloud is one in which both the consumer of Cloud services and the provider of those services exist within the same enterprise. The ownership of the Cloud assets resides within the same enterprise providing and consuming Cloud services. It is really a description of a highly virtualized, on-premise data center that is behaving as if it were that of a public Cloud provider
  • A hybrid Cloud combines multiple elements of public and private Cloud, including any combination of providers and consumers

Once the major Business stakeholders understand the concepts, some initial decisions may have to be made and included in that document. The same may also apply to the various Cloud Computing categorisations such as diagrammed below:

The categories the enterprise may be interested in related to existing problems can already be included as a section in the document.

Quality Management

There is need of a system for evaluating performance, whether in the delivery of Cloud services or the quality of products provided to consumers, or customers. This may include:

  • A test planning and a test asset management from business requirements to defects
  • A Project governance and release decisions based on some standards such as Prince 2/PMI and ITIL
  • A Data quality control (all data uploaded to a Cloud Computing service provider must ensure it fits the requirements of the provider). This should be detailed and provided by the provider
  • Detailed and documented Business Processes as defined in ISO 9001:
    • Systematically defining the activities necessary to obtain a desired result
    • Establishing clear responsibility and accountability for managing key activities
    • Analyzing and measuring of the capability of key activities
    • Identifying the interfaces of key activities within and between the functions of the organization
    • Focusing on the factors such as resources, methods, and materials that will improve key activities of the organization
    • Evaluating risks, consequences and impacts of activities on customers, suppliers and other interested parties

Security Management

This would address and document specific topics such as:

  • Eliminating the need to constantly reconfigure static security infrastructure for a dynamic computing environment
  • Define how services are able to securely connect and reliably communicate with internal IT services and other public services
  • Penetration security checks
  • How a Security Management/System Management/Network Management teams monitor that security and the availability

Semantic Management

The amount of unstructured electronic information in an enterprise environment is growing rapidly. Business people have to collaboratively realise the reconciliation of their heterogeneous metadata and consequently the application of the derived business semantic patterns to establish alignment between the underlying data structures. The way this will be handled may also be included.

IT Service Management (ITIL)

IT Service Management or IT Operations teams will have to address many new challenges due to the Cloud. This will need to be addressed for some specific processes such as:

  • Incident Management
    • The Cloud provider must ensure that all outages or exceptions to normal operations are resolved as quickly as possible while capturing all of the details for the actions that were taken and are communicated to the customer.
  • Change Management
    • Strict change management practices must be adhered to and all changes implemented during approved maintenance windows must be tracked, monitored, and validated.
  • Configuration Management (Service Asset and…)
    • Companies who have a CMDB must provide this to the Cloud providers with detailed descriptions of the relationships between configuration items (CI)
    • CI relationships empowers change and incident managers need to determine that a modification to one service may impact several other related services and the components of those services
    • This provides more visibility into the Cloud environment, allowing consumers and providers to make more informed decisions not only when preparing for a change but also when diagnosing incidents and problems
  • Problem Management
    • The Cloud provider needs to identify the root cause analysis in case of problems

  • Service Level Management
    • Service Level Agreements (or Underpinning contracts) must be transparent and accessible to the end users.  The business representatives should be negotiating these agreements. They will need to effectively negotiate commercial, technical, and legal terms. It will be important to establish these concrete, measurable Service Level Agreements (SLAs). Without these, and  an effective means for verifying compliance, the damage from poor service levels will only be exacerbated
  • Vendor Management
    • Relationship between a vendor and their customers changes
    • Contractual arrangements
  • Capacity Management  and Availability Management
    • Reporting on performance

Other activities must be documented such as:

Monitoring

  • Monitoring will be a very important activity and should be described in the Strategy document. The assets and infrastructure that make up the Cloud service is not within the enterprise. They are owned by the Cloud providers, which will most likely have a focus on maximizing their revenue, not necessarily optimizing the performance and availability of the enterprise’s services. Establishing sound monitoring practices for the Cloud services from the outset will bring significant benefits in the long term. Outsourcing delivery of service does not necessarily imply that we can outsource the monitoring of that service. Besides, today very few Cloud providers are offering any form of service level monitoring to their customers. Quite often, they are providing the Cloud service but not proving that they are providing that service.
  • The resource usage and consumption must be monitored and managed in order to support strategic decision making
  • Whenever possible, the Cloud providers should furnish the relevant tools for management and reporting and take away the onerous tasks of patch management, version upgrades, high availability, disaster recovery and the like. This obviously will impact IT Service Continuity for the enterprise.
  • Service Measurement, Service Reporting and Service Improvement processes must be considered

Consumption and costs

  • Service usage (when and how) to determine the intrinsic value that the service is providing to the Business, and IT can also use this information to compute the Return On Investment for their Cloud Computing initiatives and related services. This would be related to the process IT Financial Management.

Risk Management

The TOGAF 9 risk management method should be considered to address the various risks associated such as:

  • Ownership, Cost, Scope, Provider relationship, Complexity, Contractual, Client acceptance, etc
  • Other risks should also be considered such as : Usability, Security (obviously…) and Interoperability

Asset Management and License Management

When various Cloud approaches are considered (services on-premise via the Cloud), hardware and software license management should be defined to ensure companies can meet their governance and contractual requirements

Transactions

Ensuring the safety of confidential data is a mission critical aspect of the business. Cloud Computing gives them concerns over the lack of control that they will have over company data, and does not enable them to monitor the processes used to organize the information.

Being able to manage the transactions in the Cloud is vital and Business transaction safety should be considered (recording, tracking, alerts, electronic signatures, etc…).

There may be other aspects, which should be integrated in this Strategy document that may vary according to the level of maturity of the enterprise or existing best practices in use.

When considering Cloud Computing, the Preliminary phase will include in the definition of the Architecture Governance Framework most of the touch points with other processes as described above. At completion, touch-points and impacts should be clearly understood and agreed by all relevant stakeholders.

This article has previously appeared in Serge Thorn’s personal blog.

Cloud will be a topic of discussion at The Open Group Conference, London, May 9-13. Join us for best practices, case studies and the future of information security, presented by preeminent thought leaders in the industry.

Serge Thorn is CIO of Architecting the Enterprise.  He has worked in the IT Industry for over 25 years, in a variety of roles, which include; Development and Systems Design, Project Management, Business Analysis, IT Operations, IT Management, IT Strategy, Research and Innovation, IT Governance, Architecture and Service Management (ITIL). He has more than 20 years of experience in Banking and Finance and 5 years of experience in the Pharmaceuticals industry. Among various roles, he has been responsible for the Architecture team in an international bank, where he gained wide experience in the deployment and management of information systems in Private Banking, Wealth Management, and also in IT architecture domains such as the Internet, dealing rooms, inter-banking networks, and Middle and Back-office. He then took charge of IT Research and Innovation (a function which consisted of motivating, encouraging creativity, and innovation in the IT Units), with a mission to help to deploy a TOGAF based Enterprise Architecture, taking into account the company IT Governance Framework. He also chaired the Enterprise Architecture Governance worldwide program, integrating the IT Innovation initiative in order to identify new business capabilities that were creating and sustaining competitive advantage for his organization. Serge has been a regular speaker at various conferences, including those by The Open Group. His topics have included, “IT Service Management and Enterprise Architecture”, “IT Governance”, “SOA and Service Management”, and “Innovation”. Serge has also written several articles and whitepapers for different magazines (Pharma Asia, Open Source Magazine). He is the Chairman of the itSMF (IT Service Management forum) Swiss chapter and is based in Geneva, Switzerland.

8 Comments

Filed under Cloud/SOA, TOGAF®

The Open Group Events in Arabia and India

By Jim Hietala, The Open Group

One of the real benefits of working for The Open Group is the opportunity to meet with leading organizations around the world, and to hear their views and concerns around architecture, IT and security issues. I had the great pleasure of participating recently in The Open Group Conferences in Abu Dhabi (United Arab Emirates) and in Chennai, Hyderabad, and Pune (India).

From a personal standpoint, The Open Group team had nothing but great experiences in both India and UAE, and The Open Group partners in each region (Shift Technologies in Arabia, and Capgemini in India) did an outstanding job of organizing the events and providing real value to attendees.

It was interesting to engage with customer organizations in both countries, and to hear their pressing concerns around IT security, enterprise architecture, and Cloud Computing. While there are differences between regions — including adoption rates for Cloud Computing and other factors — I was struck to a much greater degree by how similar the concerns are.

Specific to IT security, the world is indeed flat, and the threats being faced as well as the security concerns and approaches in India and UAE mirror those in the US, Europe, and elsewhere. The combination of ubiquitous, global network access and highly motivated cyber-adversaries has brought new meaning to the old security maxim “there’s no security in obscurity”.

Security will be a major topic of discussion at The Open Group Conference, London, May 9-13. Join us for best practices, case studies and the future of information security, presented by preeminent thought leaders in the industry.

Thanks to Jim Hietala, contributor of The Open Group Blog’s 50th post!

Jim HietalaAn IT security industry veteran, Jim is Vice President of Security at The Open Group, where he is responsible for security programs and standards activities. He holds the CISSP and GSEC certifications. Jim is based in the U.S.

Comments Off

Filed under Information security

The Cloud, multiple Platforms within Platforms

By Mark Skilton, Capgemini

I recently attended The Open Group India Conference in March. This was the first time that The Open Group India had launched such an event, and they had the ambitious target of visiting three cities in the week. The event itself was a platform for discussion of Indian perspectives on all aspects of Architect Best Practices, and in particular, the India market on Enterprise Architecture and Cloud Computing. It drew a significant cross section of public and private industry sector professionals at all the venues, with keen debate and presentations demonstrating industry-leading thought leadership and case study.

The highly successful event raised important questions and discussion on significant topics of the moment in architecture and the Indian perspective. One that stands out in Cloud Computing was the development of Cloud Architectures and the role of Cloud as a platform for services.

Significant Cloud Computing commentary from the Cloud panel sessions included:

  • The role Indian government IT services strategy development could play in applying Cloud Computing, Grid and SOA concepts to the public sector services to the federated and regional citizenship
  • How the Indian market could exploit the SMB and youth demographic that see the Cloud as a rapid resource delivery platform, and huge potential for services in the Cloud to local and international markets
  • The evolution of Cloud services, notably in Big Data and content as a service and in applications software development in the Cloud using PaaS. Both need further focus on master data semantics and interoperability standards to help versioning, persistence of data and support of multiple Cloud virtual environments to drive the potential reality going forward

The debate of Cloud Architectures and Platforms ran throughout the three-city Conference, with notable observations and lessons learnt, including:

  • Support of multiple locations by “location-aware Clouds” was an interesting aspect when developing shared platforms that need to recognize the delivery and localization of “last mile logistics” and end-user experience of the service. One-size-fits-all needed some abstraction of end point use in enabling adoption flexibility and relevancy
  • Cloud Architectures had to be “platforms” that “evolved” like the ecosystem that made up its internal and external components and services. This was a fact as many Clouds and integration adaptor strategies using open source and proprietary technologies where driving ahead with different standards and speeds of development. Understanding the solution options needed to “design for change” was a matter of urgency in architectural design practice for Cloud
  • Mobile Cloud, including the Internet of things (IoT) and the spread of mobile channel services everywhere, drew considerable interest as a strong potential second wave of the Cloud as it enters the next stage of added-value services, virtual communities and multi-Cloud service marketplaces

The underlying theme seemed to be the emergence of service platforms and services enabled by the Cloud and its pervasiveness into social media and social networks underpinned by Cloud infrastructure and data centers. Platforms enabling other platforms in a distributed regional, wireless, global bandwidth enabled world.

I remembered that, at the same time as the Indian event, there was a shining example of technological inspiration right above our heads orbiting 200 miles around the Earth: the STS133 mission and final space flight of the Space Shuttle Discovery. This in itself was an inspiring magnificent achievement. The shuttle had flown more missions than any other — 39 in the 25-year flight history — but that was not the whole picture. Discovery was the platform that launched another platform, the Hubble Space Telescope, into the heavens. And look what discoveries came of that: the first pictures of the now-famous Eagle Nebula stellar nurseries, new insights into the distribution of galaxies and the universal constant, and the list goes on. One platform borne upon another; how much further will our children see tomorrow?

Cloud Computing will be a topic of discussion at The Open Group Conference, London, May 9-13. Join us for best practices, case studies and the future of information security, presented by preeminent thought leaders in the industry.

Mark Skilton, Director, Capgemini, is the Co-Chair of The Open Group Cloud Computing Work Group. He has been involved in advising clients and developing of strategic portfolio services in Cloud Computing and business transformation. His recent contributions include the publication of Return on Investment models on Cloud Computing widely syndicated that achieved 50,000 hits on CIO.com and in the British Computer Society 2010 Annual Review. His current activities include development of a new Cloud Computing Model standards and best practices on the subject of Cloud Computing impact on Outsourcing and Off-shoring models and contributed to the second edition of the Handbook of Global Outsourcing and Off-shoring published through his involvement with Warwick Business School UK Specialist Masters Degree Program in Information Systems Management.

1 Comment

Filed under Cloud/SOA