Monthly Archives: October 2013

Introducing Two New Security Standards for Risk Analysis—Part II – Risk Analysis Standard

By Jim Hietala, VP Security, The Open Group

Last week we took a look at one of the new risk standards recently introduced by The Open Group® Security Forum at the The Open Group London Conference 2013, the Risk Taxonomy Technical Standard 2.0 (O-RT). Today’s blog looks at its sister standard, the Risk Analysis (O-RA) Standard, which provides risk professionals the tools they need to perform thorough risk analyses within their organizations for better decision-making about risk.

Risk Analysis (O-RA) Standard

The new Risk Analysis Standard provides a comprehensive guide for performing effective analysis scenarios within organizations using the Factor Analysis of Information Risk (FAIR™) framework. O-RA is geared toward managing the frequency and magnitude of loss that can arise from a threat, whether human, animal or a natural event–in other words “how often bad things happened and how bad they are when they occur.” Used together, the O-RT and O-RA Standards provide organizations with a way to perform consistent risk modeling, that can not only help thoroughly explain risk factors to stakeholders but allow information security professionals to strengthen existing or create better analysis methods. O-RA may also be used in conjunction with other risk frameworks to perform risk analysis.

The O-RA standard is also meant to provide something more than a mere assessment of risk. Many professionals within the security industry often fail to distinguish between “assessing” risk vs. “analysis” of risk. This standard goes beyond assessment by supporting effective analyses so that risk statements are less vulnerable to problems and are more meaningful and defensible than assessments that provide only the broad risk-ratings (“this is a 4 on a scale of 1-to-5”) normally used in assessments.

O-RA also lays out standard process for approaching risk analysis that can help organizations streamline the way they approach risk measurement. By focusing in on these four core process elements, organizations are able to perform more effective analyses:

  • Clearly identifying and characterizing the assets, threats, controls and impact/loss elements at play within the scenario being assessed
  • Understanding the organizational context for analysis (i.e. what’s at stake from an organizational perspective)
  • Measuring/estimating various risk factors
  • Calculating risk using a model that represents a logical, rational, and useful view of what risk is and how it works.

Because measurement and calculation are essential elements of properly analyzing risk variables, an entire chapter of the standard is dedicated to how to measure and calibrate risk. This chapter lays out a number of useful approaches for establishing risk variables, including establishing baseline risk estimates and ranges; creating distribution ranges and most likely values; using Monte Carlo simulations; accounting for uncertainty; determining accuracy vs. precision and subjective vs. objective criteria; deriving vulnerability; using ordinal scales; and determining diminishing returns.

Finally, a practical, real-world example is provided to take readers through an actual risk analysis scenario. Using the FAIR model, the example outlines the process for dealing with an threat in which an HR executive at a large bank has left the user name and password that allow him access to all the company’s HR systems on a Post-It note tacked onto his computer in his office in clear view of anyone (other employees, cleaning crews, etc.) who comes into the office.

The scenario outlines four stages in assessing this risk:

  1. .    Stage 1: Identify Scenario Components (Scope the Analysis)
  2. .    Stage 2: Evaluate Loss Event Frequency (LEF)
  3. .    Stage 3: Evaluate Loss Magnitude (LM)
  4. .    Stage 4: Derive and Articulate Risk

Each step of the risk analysis process is thoroughly outlined for the scenario to provide Risk Analysts an example of how to perform an analysis process using the FAIR framework. Considerable guidance is provided for stages 2 and 3, in particular, as those are the most critical elements in determining organizational risk.

Ultimately, the O-RA is a guide to help organizations make better decisions about which risks are the most critical for the organization to prioritize and pay attention to versus those that are less important and may not warrant attention. It is critical for Risk Analysts and organizations to become more consistent in this practice because lack of consistency in determining risk among information security professionals has been a major obstacle in allowing security professionals a more legitimate “seat at the table” in the boardroom with other business functions (finance, HR, etc.) within organizations.

For our profession to evolve and grow, consistency and accurate measurement is key. Issues and solutions must be identified consistently and comparisons and measurement must be based on solid foundations, as illustrated below.

Risk2

Chained Dependencies

O-RA can help organizations arrive at better decisions through consistent analysis techniques as well as provide more legitimacy within the profession.  Without a foundation from which to manage information risk, Risk Analysts and information security professionals may rely too heavily on intuition, bias, commercial or personal agendas for their analyses and decision making. By outlining a thorough foundation for Risk Analysis, O-RA provides not only a common foundation for performing risk analyses but the opportunity to make better decisions and advance the security profession.

For more on the O-RA Standard or to download it, please visit: https://www2.opengroup.org/ogsys/catalog/C13G.

Jim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT security and risk management programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

Comments Off

Filed under Conference, Open FAIR Certification, RISK Management, Security Architecture

Introducing Two New Security Standards for Risk Analysis—Part I – Risk Taxonomy Technical Standard 2.0

By Jim Hietala, VP Security, The Open Group

At the The Open Group London 2013 Conference, The Open Group® announced three new initiatives related to the Security Forum’s work around Risk Management. The first of these was the establishment of a new certification program for Risk Analysts working within the security profession, the Open FAIR Certification Program.  Aimed at providing a professional certification for Risk Analysts, the program will bring a much-needed level of assuredness to companies looking to hire Risk Analysts, certifying that analysts who have completed the Open FAIR program understand the fundamentals of risk analysis and are qualified to perform that analysis.

Forming the basis of the Open FAIR certification program are two new Open Group standards, version 2.0 of the Risk Taxonomy (O-RT) standard originally introduced by the Security Forum in 2009, and a new Risk Analysis (O-RA) Standard, both of which were also announced at the London conference. These standards are the result of ongoing work around risk analysis that the Security Forum has been conducting for a number of years now in order to help organizations better understand and identify their exposure to risk, particularly when it comes to information security risk.

The Risk Taxonomy and Risk Analysis standards not only form the basis and body of knowledge for the Open FAIR certification, but provide practical advice for security practitioners who need to evaluate and counter the potential threats their organization may face.

Today’s blog will look at the first standard, the Risk Taxonomy Technical Standard, version 2.0. Next week, we’ll look at the other standard for Risk Analysis.

Risk Taxonomy (O-RT) Technical Standard 2.0

Originally, published in January 2009, the O-RT is intended to provide a common language and references for security and business professionals who need to understand or analyze risk conditions, providing a common language for them to use when discussing those risks. Version 2.0 of the standard contains a number of updates based both on feedback provided by professionals that have been using the standard and as a result of research conducted by Security Forum member CXOWARE.

The majority of the changes to Version 2.0 are refinements in terminology, including changes in language that better reflect what each term encompasses. For example, the term “Control Strength” in the original standard has now been changed to “Resistance Strength” to reflect that controls used in that part of the taxonomy must be resistive in nature.

More substantive changes were made to the portion of the taxonomy that discusses how Loss Magnitude is evaluated.

Why create a taxonomy for risk?  For two reasons. First, the taxonomy provides a foundation from which risk analysis can be performed and talked about. Second, a tightly defined taxonomy reduces the inability to effectively measure or estimate risk scenarios, leading to better decision making, as illustrated by the following “risk management stack.”

Effective Management


↑

Well-informed Decisions

Effective Comparisons


↑

Meaningful Measurements

Accurate Risk Model

The complete Risk Taxonomy is comprised of two branches: Loss Event Frequency (LEF) and Loss Magnitude (LM), illustrated here:

Risk1

Focusing solely on pure risk (which only results in loss) rather than speculative risk (which might result in either loss or profit), the O-RT is meant to help estimate the probable frequency and magnitude of future loss.

Traditionally LM has been far more difficult to determine than LEF, in part because organizations don’t always perform analyses on their losses or they just stick to evaluating “low hanging fruit” variables rather than delve into determining more complex risk factors. The new taxonomy takes a deep dive into the Loss Magnitude branch of the risk analysis taxonomy providing guidance that will allow Risk Analysts to better tackle the difficult task of determining LM. It includes terminology outlining six specific forms of loss an organization can experience (productivity, response, replacement, fines and judgments, competitive advantage, reputation) as well as how to determine Loss Flow, a new concept in this standard.

The Loss Flow analysis helps identify how a loss may affect both primary (owners, employees, etc.) and secondary (customers, stockholders, regulators, etc.) stakeholders as a result of a threat agent’s action on an asset. The new standard provides a thorough overview on how to assess Loss Flow and identify the loss factors of any given threat.

Finally, the standard also includes a practical, real-world scenario to help analysts understand how to put the taxonomy to use in within their organizations. O-RT provides a common linguistic foundation that will allow security professionals to then perform the risk analyses as outlined in the O-RA Standard.

For more on the Risk Taxonomy Standard or to download it, visit: https://www2.opengroup.org/ogsys/catalog/C13K.

Jim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT security and risk management programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

Comments Off

Filed under Conference, Open FAIR Certification, RISK Management, Security Architecture

Jericho Forum declares “success” and sunsets

By Ian Dobson & Jim Hietala, The Open Group
Ten years ago, the Jericho Forum set out on a mission to evangelise the issues, problems, solutions and provide thought-leadership around the emerging business and security issues of de-perimeterisation, with the aim of one day being able to declare “job-done”.

That day has now arrived.  Today, de-perimeterisation is an established “fact” – touching not just information security but all areas of modern business, including the bring your own IT phenomenon (devices, IDs, services) as well as all forms of cloud computing. It’s widely understood and quoted by the entire industry.  It has become part of today’s computing and security lexicon.

With our de-perimeterisation mission accomplished, the Jericho Forum has decided the time has come to “declare success”, celebrate it as a landmark victory in the evolution of information security, and sunset as a separate Forum in The Open Group.

Our “declare success and sunset” victory celebration on Monday 21st Oct 2013 at the Central Hall Westminster, London UK, was our valedictory announcement that the Jericho Forum will formally sunset on 1st Nov 2013.  The event included many past leading Jericho Forum members attending as guests, with awards of commemorative plaques to those whose distinctive leadership steered the information security mind-set change success that the Jericho Forum has now achieved.

For those who missed the live-streamed event, you can watch it on the livestream recording at http://new.livestream.com/opengroup/Lon13

We are fortunate to be able to pass our Jericho Forum legacy of de-perimeterisation achievements and publications to the good care of The Open Group’s Security Forum, which has undertaken to maintain the Jericho Forum’s deliverables, protect it’s legacy from mis-representation, and perhaps adopt and evolve Jericho’s thought-leadership approach on future information security challenges.

Ian Dobson, Director Jericho Forum
Jim Hietala, VP Security
The Open Group
21st October 2013


Ian Dobson is the director of the Security Forum and the Jericho Forum for The Open Group, coordinating and facilitating the members to achieve their goals in our challenging information security world. In the Security Forum, his focus is on supporting development of open standards and guides on security architectures and management of risk and security, while in the Jericho Forum he works with members to anticipate the requirements for the security solutions we will need in future.

Jim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT security and risk management programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

Comments Off

Filed under Conference, Security Architecture

Secure Integration of Convergent Technologies – a Challenge for Open Platform™

By Dr. Chris Harding, The Open Group

The results of The Open Group Convergent Technologies survey point to secure integration of the technologies as a major challenge for Open Platform 3.0.  This and other input is the basis for the definition of the platform, where the discussion took place at The Open Group conference in London.

Survey Highlights

Here are some of the highlights from The Open Group Convergent Technologies survey.

  • 95% of respondents felt that the convergence of technologies such as social media, mobility, cloud, big data, and the Internet of things represents an opportunity for business
  • Mobility currently has greatest take-up of these technologies, and the Internet of things has least.
  • 84% of those from companies creating solutions want to deal with two or more of the technologies in combination.
  • Developing the understanding of the technologies by potential customers is the first problem that solution creators must overcome. This is followed by integrating with products, services and solutions from other suppliers, and using more than one technology in combination.
  • Respondents saw security, vendor lock-in, integration and regulatory compliance as the main problems for users of software that enables use of these convergent technologies for business purposes.
  • When users are considered separately from other respondents, security and vendor lock-in show particularly strongly as issues.

The full survey report is available at: https://www2.opengroup.org/ogsys/catalog/R130

Open Platform 3.0

Analysts forecast that convergence of technical phenomena including mobility, cloud, social media, and big data will drive the growth in use of information technology through 2020. Open Platform 3.0 is an initiative that will advance The Open Group vision of Boundaryless Information Flow™ by helping enterprises to use them.

The survey confirms the value of an open platform to protect users of these technologies from vendor lock-in. It also shows that security is a key concern that must be addressed, that the platform must make the technologies easy to use, and that it must enable them to be used in combination.

Understanding the Requirements

The Open Group is conducting other work to develop an understanding of the requirements of Open Platform 3.0. This includes:

  • The Open Platform 3.0 Business Scenario, that was recently published, and is available from https://www2.opengroup.org/ogsys/catalog/R130
  • A set of business use cases, currently in development
  • A high-level round-table meeting to gain the perspective of CIOs, who will be key stakeholders.

The requirements input have been part of the discussion at The Open Group Conference, which took place in London this week. Monday’s keynote presentation by Andy Mulholland, Former Global CTO at Capgemini on “Just Exactly What Is Going on in Business and Technology?” included the conclusions from the round-table meeting. This week’s presentation and panel discussion on the requirements for Open Platform 3.0 covered all the inputs.

Delivering the Platform

Review of the inputs in the conference was followed by a members meeting of the Open Platform 3.0 Forum, to start developing the architecture of Open Platform 3.0, and to plan the delivery of the platform definition. The aim is to have a snapshot of the definition early in 2014, and to deliver the first version of the standard a year later.

Meeting the Challenge

Open Platform 3.0 will be crucial to establishing openness and interoperability in the new generation of information technologies. This is of first importance for everyone in the IT industry.

Following the conference, there will be an opportunity for everyone to input material and ideas for the definition of the platform. If you want to be part of the community that shapes the definition, to work on it with like-minded people in other companies, and to gain early insight of what it will be, then your company must join the Open Platform 3.0 Forum. (For more information on this, contact Chris Parnell – c.parnell@opengroup.org)

Providing for secure integration of the convergent technologies, and meeting the other requirements for Open Platform 3.0, will be a difficult but exciting challenge. I’m looking forward to continue to tackle the challenge with the Forum members.

Dr. Chris Harding

Dr. Chris Harding is Director for Interoperability and SOA at The Open Group. He has been with The Open Group for more than ten years, and is currently responsible for managing and supporting its work on interoperability, including SOA and interoperability aspects of Cloud Computing, and the Open Platform 3.0 Forum. He is a member of the BCS, the IEEE and the AEA, and is a certified TOGAF® practitioner.

1 Comment

Filed under Cloud/SOA, Conference, Data management, Future Technologies, Open Platform 3.0, Semantic Interoperability, Service Oriented Architecture, Standards

The Open Group London – Day Two Highlights

By Loren K. Baynes, Director, Global Marketing Communications

We eagerly jumped into the second day of our Business Transformation conference in London on Tuesday October 22nd!  The setting is the magnificent Central Hall Westminster.

Steve Nunn, COO of The Open Group and CEO of Association of Enterprise Architects (AEA), started off the morning introducing our plenary based on Healthcare Transformation.  Steve noted that the numbers in healthcare spend are huge and bringing Enterprise Architecture (EA) to healthcare will help with efficiencies.

The well-renowned Dr. Peter Sudbury, Healthcare Specialist with HP Enterprise Services, discussed the healthcare crisis (dollars, demand, demographics), the new healthcare paradigm, barriers to change and innovation. Dr. Sudbury also commented on the real drivers of healthcare costs: healthcare inflation is higher intrinsically; innovation increases cost; productivity improvements lag other industries.

IMG_sudburyDr. Peter Sudbury

Dr. Sudbury, Larry Schmidt (Chief Technologist, HP) and Roar Engen (Head of Enterprise Architecture, Helse Sør-Øst RHF, Norway) participated in the Healthcare Transformation Panel, moderated by Steve Nunn.  The group discussed opportunities for improvement by applying EA in healthcare.  They mentioned that physicians, hospitals, drug manufacturers, nutritionists, etc. should all be working together and using Boundaryless Information Flow™ to ensure data is smoothly shared across all entities.  It was also stated that TOGAF® is beneficial for efficiencies.

Following the panel, Dr. Mario Tokoro (Founder & Executive Advisor of Sony Computer Science Laboratories, Inc. Japanese Science & Technology Agency, DEOS Project Leader) reviewed the Dependability through Assuredness™ standard, a standard of The Open Group.

The conference also offered many sessions in Finance/Commerce, Government and Tutorials/Workshops.

Margaret Ford, Consult Hyperion, UK and Henk Jonkers of BIZZdesign, Netherlands discussed “From Enterprise Architecture to Cyber Security Risk Assessment”.  The key takeaways were: complex cyber security risks require systematic, model-based risk assessment; attack navigators can provide this by linking ArchiMate® to the Risk Taxonomy.

“Applying Service-Oriented Architecture within a Business Technology Environment in the Finance Sector” was presented by Gerard Peters, Managing Consultant, Capgemini, The Netherlands. This case study is part of a white paper on Service-Oriented Architecture for Business Technology (SOA4BT).

You can view all of the plenary and many of the track presentations at livestream.com.  And for those who attended, full conference proceedings will be available.

The night culminated with a spectacular experience on the London Eye, the largest Ferris wheel in Europe located on the River Thames.

Comments Off

Filed under ArchiMate®, Cloud/SOA, Enterprise Architecture, Enterprise Transformation, Healthcare, Professional Development, Service Oriented Architecture, TOGAF®

The Open Group London 2013 – Day One Highlights

By Loren K. Baynes, Director, Global Marketing Communications

On Monday October 21st, The Open Group kicked off the first day of our Business Transformation conference in London!  Over 275 guests attended many engaging presentations by subject matter experts in finance, healthcare and government.  Attendees from around the globe represented 28 countries including those from as far away as Columbia, Philippines, Australia, Japan and South Africa.

Allen Brown, President and CEO of The Open Group, welcomed the prestigious group.  Allen announced that The Open Group has 67 new member organizations so far this year!

The plenary launched with “Just Exactly What is Going On in Business and Technology?” by Andy Mulholland, Former Global CTO of Capgemini, who was named one of the top 25 influential CTOs by InfoWorld.  Andy’s key topics regarding digital disruption included real drivers of change, some big and fundamental implications, business model innovation, TOGAF® and the Open Platform 3.0™ initiative.

Next up was Judith Jones, CEO, Architecting the Enterprise Ltd., with a presentation entitled “One World EA Framework for Governments – The Way Forward”.  Judith shared findings from the World Economic Forum, posing the question “what keeps 1000 global leaders awake at night”? Many stats were presented with over 50 global risks – economical, societal, environmental, geopolitical and technological.

Jim Hietala, VP, Security of The Open Group announced the launch of the Open FAIR Certification for People Program.  The new program brings a much-needed certification to the market which focuses on risk analysis. Key partners include CXOWARE, Architecting the Enterprise, SNA Technologies and The Unit bv.

Richard Shreeve, Consultancy Director, IPL and Angela Parratt, Head of Transformation and joint CIO, Bath and North East Somerset Council presented “Using EA to Inform Business Transformation”.  Their case study addressed the challenges of modeling complexity in diverse organizations and the EA-led approach to driving out cost and complexity while maintaining the quality of service delivery.

Allen Brown announced that the Jericho Forum® leaders together with The Open Group management have concluded that the Jericho Forum has achieved its original mission – to establish “de-perimeterization” that touches all areas of modern business.  In declaring this mission achieved, we are now in the happy position to celebrate a decade of success and move to ensuring that the legacy of the Jericho Forum is both maintained within The Open Group and continues to be built upon.  (See photo below.)

Following the plenary, the sessions were divided into tracks – Finance/Commerce, Healthcare and Tutorials/Workshops.

During the Healthcare track, one of the presenters, Larry Schmidt, Chief Technologist with HP, discussed “Challenges and Opportunities for Big Data in Healthcare”. Larry elaborated on the 4 Vs of Big Data – value, velocity, variety and voracity.

Among the many presenters in the Finance/Commerce track, Omkhar Arasaratnam, Chief Security Architect, TD Bank Group, Canada, featured “Enterprise Architecture – We Do That?: How (not) to do Enterprise Architecture at a Bank”.  Omkhar provided insight as to how he took traditional, top down, center-based architectural methodologies and applied it to a highly federated environment.

Tutorials/workshops consisted of EA Practice and Architecture Methods and Techniques.

You can view all of the plenary and many of the track presentations at livestream.com.  For those who attended, please stay tuned for the full conference proceedings.

The evening concluded with a networking reception at the beautiful and historic and Central Hall Westminster.  What an interesting, insightful, collaborative day it was!

IMG_1311

Comments Off

Filed under Business Architecture, Certifications, Cloud, Cloud/SOA, Conference, Cybersecurity, Information security, Open Platform 3.0, Professional Development, RISK Management, Security Architecture, Standards, TOGAF®

Open FAIR Certification Launched

By Jim Hietala, The Open Group, VP of Security

The Open Group today announced the new Open FAIR Certification Program aimed at Risk Analysts, bringing a much-needed professional certification to the market that is focused on the practice of risk analysis. Both the Risk Taxonomy and Risk Analysis standards, standards of The Open Group, constitute the body of knowledge for the certification program, and they advance the risk analysis profession by defining a standard taxonomy for risk, and by describing the process aspects of a rigorous risk analysis.

We believe that this new risk analyst certification program will bring significant value to risk analysts, and to organizations seeking to hire qualified risk analysts. Adoption of these two risk standards from The Open Group will help produce more effective and useful risk analysis. This program clearly represents the growing need in our industry for professionals who understand risk analysis fundamentals.  Furthermore, the mature processes and due diligence The Open Group applies to our standards and certification programs will help make organizations comfortable with the ground breaking concepts and methods underlying FAIR. This will also help professionals looking to differentiate themselves by demonstrating the ability to take a “business perspective” on risk.

In order to become certified, Risk Analysts must pass an Open FAIR certification exam. All certification exams are administered through Prometric, Inc. Exam candidates can start the registration process by visiting Prometric’s Open Group Test Sponsor Site www.prometric.com/opengroup.  With 4,000 testing centers in its IT channel, Prometric brings Open FAIR Certification to security professionals worldwide. For more details on the exam requirements visit http://www.opengroup.org/certifications/exams.

Training courses will be delivered through an Open Group accredited channel. The accreditation of Open FAIR training courses will be available from November 1st 2013.

Our thanks to all of the members of the risk certification working group who worked tirelessly over the past 15 months to bring this certification program, along with a new risk analysis standard and a revised risk taxonomy standard to the market. Our thanks also to the sponsors of the program, whose support is important to building this program. The Open FAIR program sponsors are Architecting the Enterprise, CXOWARE, SNA, and The Unit.

Lastly, if you are involved in risk analysis, we encourage you to consider becoming Open FAIR certified, and to get involved in the risk analysis program at The Open Group. We have plans to develop an advanced level of Open FAIR certification, and we also see a great deal of best practices guidance that is needed by the industry.

For more information on the Open FAIR certification program visit http://www.opengroup.org/certifications/openfair

You may also wish to attend a webcast scheduled for 7th November, 4pm BST that will provide an overview of the Open FAIR certification program, as well as an overview of the two risk standards. You can register here

.62940-hietala

Jim Hietala, CISSP, GSEC, is Vice President, Security for The Open Group, where he manages all security and risk management programs and standards activities, including the Security Forum and the Jericho Forum.  He has participated in the development of several industry standards including O-ISM3, O-ESA, Risk Taxonomy Standard, and O-ACEML. He also led the development of compliance and audit guidance for the Cloud Security Alliance v2 publication.

Jim is a frequent speaker at industry conferences. He has participated in the SANS Analyst/Expert program, having written several research white papers and participated in several webcasts for SANS. He has also published numerous articles on information security, risk management, and compliance topics in publications including CSO, The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

An IT security industry veteran, he has held leadership roles at several IT security vendors.

Jim holds a B.S. in Marketing from Southern Illinois University.

Comments Off

Filed under Conference, Cybersecurity, Open FAIR Certification, Standards

New Brunswick Leverages TOGAF®

The OCIO of GNB Announces an Ambitious EA Roadmap using TOGAF® and Capability-Based Thinking

On Wednesday September 25th, the Office of the Chief Information Officer (OCIO) for the Government of New Brunswick (GNB) held an Enterprise Architecture (EA) Symposium for the vendor community at the Delta Fredericton. This event drew well over a hundred plus attendees from the vendor community across the province, the Atlantic area and parts of Canada.

During this event, Christian Couturier, GNB CIO, announced an EA roadmap across the domains of Information, Application, Technology and Security; areas of mandate for the OCIO. He presented a vision for transformation at GNB that would make its departments more efficient and effective by standardizing their practice and services around TOGAF® and capability-based thinking. Christian also shed valuable insights into how the vendor community can engage with GNB and support the OCIO for their EA vision and roadmap.

TOGAF® and capability-based thinking were prominent themes throughout the symposium and were alluded to and shown throughout the presentation by Christian and his extended EA team. The OCIO has also created a strong governance structure that positions itself as an influential stakeholder in provisioning solutions across its domains. In the near term, vendors will need to show how their solutions not only meet functional requirements but demonstrate improvement in capability performance explicitly. This will help GNB to improve the definition and management of contracts with third party vendors.

Each Architecture Domain Chief presented the roadmap for their area in breakout sessions and answered questions from vendors. These sessions offered further insight into the EA roadmap and impact on particular areas within GNB such as current efforts being made in Service Oriented Architecture.

Here is a summary of the benefits Christian Couturier strived to achieve:

  • Improve transparency and accountability of investment in information technology across government departments
  • Rationalize portfolios of technologies and applications across GNB departments
  • Improve GNB’s ability to respond to citizen needs faster and more cost effectively
  • Develop internal resource competencies for achieving self-sufficiency

QRS has been working with the OCIO and GNB departments since March 2013 to enhance their TOGAF and capability-based thinking competencies. QRS will continue to work with the OCIO and GNB and look forward to their successes as both a corporate citizen and individual residents that benefit from its services.

Originally posted on the QRS blog. See http://www.qrs3e.com/gnb_ocio_togaf/

Christian CouturierChristian Couturier is Chief Information Officer of the Government of New Brunswick (GNB) which leads, enables and oversees the Information Management and Information Communication Technology (IM&ICT) investments for the enterprise.  Christian’s leadership has been recognized by several awards including Canada’s “Top 40 Under 40.” His research team’s success continues to be celebrated through many international, national and local awards including the 2007 Canadian Information Productivity Awards (CIPA) Gold Award of Excellence for innovation in the Health Care Sector.

LinkedIn Profile <http://ca.linkedin.com/pub/christian-couturier/46/b55/713/>

1 Comment

Filed under Enterprise Architecture, Service Oriented Architecture, Standards, TOGAF®

The Open Group TweetJam on Digital-Disruption – by Tom Graves

On 2 October 2013, the Open Group ran one of its occasional ‘TweetJam’ Twitter-discussions – also known as an #ogChat. This time it was on digital disruption – disruption to existing business-models, typically (but, as we will see, not only) by changes in technology.

I think I captured almost all of the one-hour conversation – all tweets tagged with the #ogChat hashtag – but I may well have missed a few here and there. I’ve also attempted to bring the cross-chat (@soandso references) into correct sense-order, but I’ll admit I’m likely to have made more errors there. Each text-line is essentially as published on Twitter, minus the RT @ prefix and the identifying #ogChat tag.

The legal bit: Copyright of each statement is as per Twitter’s published policy: I make no claim whatsoever to any of the tweets here other than my own (i.e. tetradian). The material is re-published here under ‘fair-use’ rules for copyright, as a public service to the enterprise-architecture community.

The TweetJam was split into seven sections, each guided by a question previously summarised on the Open Group website – see Open Group, ‘Leading Business Disruption Strategy with Enterprise Architecture‘. I’ve also added a few extra comments of my own after each section.

Introductions

(The TweetJam started with a request for each person to introduce themselves, which also serves as a useful cross-reference between name and Twitter-ID. Not every who joined in the TweetJam did this, but most did so – enough to help make sense of the conversation, anyway.)

  • theopengroup: Please introduce yourself and get ready for question 1, identified by “Q1″ …and so on. You may respond with “A1″ and so on using #ogChat // And do tweet your agreement/disagreement with other participants’ views using #ogChat, we’re interested to hear from all sides #EntArch
  • enterprisearchs: Hi all, from Hugh Evans, Enterprise Architects (@enterprisearchs), CEO and Founder
  • tetradian: Tom Graves (tetradian)
  • eatraining: Craig Martin
  • TheWombatWho: Andrew Gallagher – Change Strategy / Business Architect
  • chrisjharding: Hi from Chris Harding, The Open Group Forum Director for Open Platform 3.0
  • dianedanamac: Good day! Social Media Manager, Membership & Events at @theopengroup   I’m your contact if you have questions on The Open Group.
  • InfoRacer: Chris Bradley
  • David_A_OHara: Hi all, Dave O’Hara here, enteprise/biz architect
  • TalmanAJ: Aarne Talman – IT Startegy/EA consultant at Accenture
  • zslayton: Good morning.  Zach Slayton here from Collaborative Consulting @consultcollab
  • efeatherston: Good morning. Ed Featherston, Enterprise Arch from Collaborative Consulting
  • filiphdr: Filip Hendrickx, business architect @AE_NV
  • Frustin_Jetwell: Hello, I’m late, Justin Fretwell here, technical enterprise architecture

Question 1: What is ‘disruption’?

  • theopengroup: Let’s kick things off: Q1 What is #Disruption? #EntArch
  • TheWombatWho: A1 Disruption is normality
  • enterprisearchs: A1 Disruptors offer a new #BizModel that defines a different frontier of value
  • enterprisearchs: A1 Disruptors often introduce new technologies or processes that set them apart
  • chrisjharding: A1 Could be many things. Cloud, mobile, social, and other new technologies are disrupting the relation between business and IT
  • tetradian: A1: anything that changes business-as-usual (scale from trivial to world-shaking)
  • enterprisearchs: A1 Disruptors offer equal or better performance at prices incumbents can’t match
  • TheWombatWho: A1 agree with @tetradian but add that it is normal state of things.
  • David_A_OHara: A1,  not just tech-led disruption, but consumers actively driving innovation by finding new ways to use tech in work & social lives
  • zslayton: A1:  Disruptors are anything that breaks a norm or widely-held paradigm
  • enterprisearchs: A1 #Disruption begins when the entrant catches up to incumbents
  • InfoRacer: A1 Disruption is inevitable & BAU for many organisations these day
  • chrisjharding: @TheWombatWho Yes we live in disruptive (and interesting) times.
  • enterprisearchs: A1 Thanks to disruptive forces business models now have a much shorter shelf-life
  • DadaBeatnik: A1: To disrupt doesn’t mean more of the same. Example – iPhone was a true disrupter – no more Blackberry!
  • TalmanAJ: A1: Business disruptors offer new business model(s).
  • eatraining: A1 Innovation that creates a new value network or reorganized value system
  • TheWombatWho: A1 Disruptors can be global mega trends but can be localised.  Localised can provide ‘canary down the mine’ opportunity
  • TalmanAJ: A1: IT disruptors fundamentally change the way IT supports business models or change the business model
  • tetradian: .@TheWombatWho: A1 “…but add that [disruption] is normal state of things” – problem is that many folks don’t recognise that! :-)
  • chrisjharding: @David_A_OHara and disrupting traditional organization because they want to use it hands on, not through IT department
  • efeatherston: @chrisjharding good point on the bypassing IT, thats the #mobile disruption in full force
  • DadaBeatnik: Re: “disruption” read http://t.co/y0HrM3fcKH
  • eatraining: A1 Digital allows a far more effective entrepreneur and innovator environment, putting disruptive pressures on incumbents

Note an important point that’s perhaps easily missed (as some responders in fact do): that ‘disruption’ may include technology, or may be driven by technology – but that’s not always the case at all. Consider, for example, the huge disruption – on a literally global scale – caused by financial deregulation in the US in the 1980s and beyond: changes in law, not technology.

And, yes, as several people commented above, significant disruptions are becoming more common and more intense – a trend that most of us in EA would probably accept is only accelerating. As some might suggest, “you ain’t seen nothin’ yet…”: certainly the old stable-seeming business-models and seeming-guaranteed ‘sustainable competitive-advantage’ and the like would seem to be like pleasant fantasies from a fast-fading past…

Question 2: What is ‘digital disruption’?

  • theopengroup: Q2 Some interesting views on disruption, but what then, is #DigitalDisruption?
  • efeatherston: A2: disruption that is focused/based on technology issue, changes in technology, how things are done
  • enterprisearchs: A2 Disruptive business models that leverage digital capabilities to create, distribute or market their offerings
  • enterprisearchs: A2 Commonly applies #Cloud, #Mobile, #Social and or #BigData capabilities
  • efeatherston: A2: yes, #SMAC is the latest #digitaldisruption
  • TheWombatWho: A2 key with digital is not the medium it is the shift of power & control to the end user.  Digital enables it but its power shift
  • tetradian: A2: ‘digital’ used to mean technology, also to mean e.g. social/mobile (i.e. not solely technology) or more open business generally
  • enterprisearchs: A2 Many incumbents defend #digitaldisruption by moving to customer centric #BizModel
  • chrisjharding: A2 Disruption caused by digital technology – the main source of enterprise disruption today
  • enterprisearchs: A2 #digitaldisruption is seeing a convergence of business, technology and marketing disciplines
  • eatraining: A1&A2 Disruption not always digital but is it always technological? JEEP disruption on modern warfare
  • zslayton: @TheWombatWho Agreed…excellent point.  Shift towards user is key for #SMAC especially
  • Technodad: @TalmanAJ Agree – but digital disruption also invalidates existing business models.
  • enterprisearchs: A2 #Cloud enables ubiquitous access and effortless scalability
  • enterprisearchs: A2 #Mobile offers access anywhere, anytime and opens up previously untapped socioeconomic segments
  • enterprisearchs: A2 #Social accelerates viral uptake of demand and opinion, creating brand opportunities and threats
  • chrisjharding: @efeatherston They do what works for the business
  • TheWombatWho: A2 @enterprisearchs is it really marketing?  That discipline is going through fundamental change – hardly recognisable old vs new
  • David_A_OHara: @eatraining  real disruption now social rather than purely technical but enabled by seamless integration of tech in daily life
  • zslayton: @enterprisearchs #cloud = effortless scalability…a bit of an over-simplification but I do get your point.
  • efeatherston: @chrisjharding agree completely, just changes the paradigm for IT who are struggling to adapt
  • enterprisearchs: A2 #BigData enables ultra-personalisation of customer experience and powerful market insights
  • InfoRacer: A2 Digital Disruption also means avoiding blind alleys & the “me too” chase after some trends.  Eg #BigData isn’t necessarily…
  • TheWombatWho: @enterprisearchs its where work of Marshall McLuhan is worth a revisit.
  • chrisjharding: @David_A_OHara @eatraining social disruption caused by tech-based social media
  • DadaBeatnik: Some of these answers sound like they come from one of those buzzword phrase generators!
  • InfoRacer: @DadaBeatnik Like Predictive big cloud master data governance ;-) Surely the next big thang!
  • David_A_OHara: @enterprisearchs easier to deploy mobile internet vs fixed in growing economies: demand from developing world is uncharted territory
  • eatraining: A2 Digital reduces barriers to entry and blurs category boundaries
  • efeatherston: @David_A_OHara @eatraining #socialmedia definitely having impact, how people interact with tech in personal now fully into business
  • zslayton: @David_A_OHara @enterprisearchs Business models in developing world also uncharted.  New opportunities and challenges
  • David_A_OHara: @chrisjharding @eatraining yup, we have lived through a rapid (tech-enabled) social revolution almost without realising!
  • TheWombatWho: A2 its not the ‘technology’ it’s what ‘they do with it’ that changes everything.  Old IT paradigms are yet to adapt to this
  • Technodad: @David_A_OHara Agree – Near-ubiquitous global-scale communication channels changes balance between customer and enterprise.
  • chrisjharding: @David_A_OHara @eatraining yes – and it’s not finished yet!
  • InfoRacer: @TheWombatWho Right, it’s not just the technology.  #BigData 3 Vs but without 4th V (value) then big data = little information
  • David_A_OHara: @TheWombatWho Bang on!  so there’s the real challenge for EA, right? Changing the traditional IT mindset…?
  • afigueiredo: A2 Development that transforms lives, businesses, causing impact to global economy

To me there are two quite different things going on, but which are often blurred together:

– ‘digital-disruption proper’ – disruptions within which existing and/or new digital-based technologies are explicitly the core drivers

– ‘disruption-with-digital’: ‘digital’ as a catch-all for sociotechnical changes in which digital-based technologies are, at most, an important yet never the sole enabler – in other words, where the social side of ‘sociotechnical’ is more central than the technology itself

In my experience and understanding, most of so-called ‘digital disruption’ is more correctly in the latter category, not the former. Hence, for example, my comment about the [UK] Government Digital Service: it’s actually far more about changes in the nature of government-services itself – in effect, a much more ‘customer-centric’ view of service – rather than a focus on ‘going digital’ for digital’s sake. This is not to say that the technology doesn’t matter – for example, I do understand and agree with Andrew McAfee’s complaint about critiques of his ‘Enterprise 2.0′ concept, that “it’s not not about the technology” – but again, it’s more sociotechnical, not merely technical as such, and that distinction is often extremely important.

Interestingly, most of the examples cited above as ‘digital-disruptions – the often-overhyped ‘cloud’ and ‘big-data’ and suchlike – are ultimately more sociotechnical issues than technical. By contrast, most of the themes I’d see as ‘digital-disruption proper’ – for example, the rapidly-expanding developments around ‘smart-materials’, ‘smart-cities’ and ‘the internet of things’ – don’t get a mention here at all. Odd…

 Question 3: What are good examples of disruptive business-models?

  • theopengroup: Q3 Bearing these points in mind, what are good examples of disruptive #Bizmodels? #EntArch
  • enterprisearchs: A3 @Airbnb: Disrupting the hotel industry with a #Cloud & #Social based model to open up lodging capacity for people seeking accom
  • enterprisearchs: A3 @Uber: leveraging #Cloud and #Mobile to release existing capacity in the personal transport industry http://t.co/31Xmj7LwQ6
  • enterprisearchs: A3 @99designs: Rethinking how we access good design through #Social, #Cloud and competitive #crowdsourcing
  • enterprisearchs: A3 @Groupon: re-architecting retail to provide #Social buying power, reducing cost per unit and increasing vendor volumes
  • eatraining: @zslayton Reverse innovation in developing countries producing disruption in developed nations
  • chrisjharding: A3: marketing using social media
  • TheWombatWho: @InfoRacer and combined with behavioural sciences & predictive analytics
  • efeatherston: A3: Netflix is a disruptive business model, they threw the whole cable/broadcast/rental industry on its ears
  • enterprisearchs: A3 @iTunesMusic: creating a #Cloud based platform to lock in customers and deliver #Digital content
  • eatraining: Reverse Innovation in Tech Startups: The Story of Capillary Technologies – @HarvardBiz http://t.co/Ud7UN7ZxzQ
  • TheWombatWho: @David_A_OHara not just mindset but also disciplines around portfolio & programme planning, aspects of project mgmt etc
  • enterprisearchs: A3 @facebook: Using #Social #Cloud #Mobile and #BigData to get you & 1 billion other people to generate their product: your updates
  • David_A_OHara: @enterprisearchs @Groupon Here’s retail disruption: why cant I just walk into store, scan stuff on my phone and walk out with it?
  • zslayton: @efeatherston Absolutely.  Discussed this in a recent blog posts:  http://t.co/zWzzAN4Fsn
  • Technodad: @David_A_OHara @TheWombatWho Don’t assume enterprises lead or control change. Many examples imposed externally, e.g. Music industry
  • eatraining: @efeatherston Agree – @netflix: Shifting the #ValueProposition to low-cost on demand video content from the #Cloud
  • tetradian: A3 (also A2): UK Government Digital Service (GDS) – is ‘digital’, but change of business-service/paradigm is even more important
  • mjcavaretta: Value from #BigData primarily from…  RT @TheWombatWho: @InfoRacer behavioural sciences & #predictive #analytics
  • zslayton: @Technodad @David_A_OHara @TheWombatWho Spot on.  External event triggers change.  Org treats as opportunity/threat. IT must adapt
  • InfoRacer: A3 Expedia, Travelocity etc … where are High st travel agents now?
  • enterprisearchs: A3 ING Direct: delivering a simple #ValueProposition of no-frills and trusted high returns for depositors
  • Technodad: @enterprisearchs Disagree. ITunes was the enterprise consolidation -original disruption was peer-to-peer delivery of ripped music.
  • chrisjharding: @David_A_OHara @enterprisearchs @Groupon or plan a mixed bus/train journey on my ‘phone and download tickets to it?
  • eatraining: A3 DELL – game changing cost structures
  • TheWombatWho: @tetradian Great example.  UK Gov digital is fascinating.  Take that approach & apply it to competitive commercial enviro.
  • eatraining: A3 MOOC Platforms disrupting education? Scalability disruption
  • eatraining: A3 Nespresso – getting us to pay 8 times more for a cup of coffee.
  • tetradian: A3: many non-IT-oriented technologies – nanotechnology, micro-satellites, materials-science (water-filtration etc)
  • filiphdr: @chrisjharding @David_A_OHara @enterprisearchs @Groupon bus/train combo: yes – download tickets: no
  • zslayton: @Technodad @enterprisearchs Maybe.  But now with Google, spotify etc, a new model has emerged.

Some good examples, but I’ll admit that I find it disappointing that almost all of them focus primarily on shunting data around in the ‘social/local/mobile’ space – yes, all of them valid, but a very narrow subset of the actual ‘digital-disruption’ that’s going on these days. (Near the end, there is a good example of the broader view: “Nespresso – getting us to pay 8 times more for a cup of coffee”.)

As enterprise-architects and business-architects, we really do need to break out of the seemingly-reflex assumptions of IT-centrism, and learn instead to look at the contexts from a much broader perspective. For example, a common illustration I use is that the key competition for Netflix is not some other streaming-video provider, but booksellers, bars and restaurants – other types of services entirely, but that compete for the same social/time-slots in potential-customers’ lives.

Question 4: What is the role of enterprise-architecture in driving and responding to disruption?

  • enterprisearchs: A4 #EntArch will identify which capabilities will be needed, and when, to enable disruptive strategies
  • efeatherston: A4: #entArch is key to surviving tech disruption, need the high level view/impact on the business
  • chrisjharding: A4: #EntArch must be business-led, not technology-led
  • InfoRacer: A4 #EntArch can play an orchestration, impact analysis and sanity check role
  • efeatherston: Agree 100%, its all about the impact to the business RT @chrisjharding: A4: #EntArch must be business-led, not technology-led
  • enterprisearchs: A4 #EntArch will lead enterprise response to #disruption by plotting the execution path to winning strategies http://t.co/FdgqXOVKug
  • chrisjharding: A4: and #Entarch must be able to focus on business differentiation not common technology
  • enterprisearchs: A4 #EntArch will lead enterprise response to #disruption by plotting the execution path to winning strategies http://t.co/FdgqXOVKug
  • afigueiredo: A4 #entarch should be flexible to accommodate/support #disruption caused by new advances and changes
  • TheWombatWho: A4 help clarify & stick to intent of business.  It is key in choosing the critical capabilities vs non essential capabilities
  • enterprisearchs: A4 #EntArch will provide the strategic insights to identify what business changes are viable
  • chrisjharding: @InfoRacer or enable business users to orchestrate – give them the tools
  • enterprisearchs: A4 #EntArch will provide the strategic infrastructure to bring cohesion to business change
  • TalmanAJ: A4: identify existing and needed business and IT capabilities and ensure agility to respond to disruption #entarch
  • efeatherston: a4: #entarch needs to work with business to determine how to leverage/use/survive  #disruption to help the business processes
  • David_A_OHara: @enterprisearchs so you need very business-savvy and creative EAs (no longer a tech discipline but sustainable biz innovation role?)
  • InfoRacer: RT @enterprisearchs: A4 #EntArch will provide the strategic insights to identify what business changes are viable
  • TheWombatWho: A4 have to travel light so linking intent to critical capability is essential if Biz is to remain flexible & adaptable
  • zslayton: A4 #EntArch must steer the IT ship to adapt in the new world.  steady hand on the tiller!
  • TheWombatWho: A4 have to travel light so linking intent to critical capability is essential if Biz is to remain flexible & adaptable
  • TheWombatWho: @enterprisearchs agree
  • chrisjharding: @David_A_OHara @enterprisearchs Yup!
  • efeatherston: @David_A_OHara @enterprisearchs Agree, EA’S need both business and tech, act as the bridge for the business to help them respond
  • enterprisearchs: A4 #EntArch will assist in managing lifecycles at the #BizModel, market model, product & service and operating model levels
  • zslayton: @chrisjharding Absolutely.  Focus on commoditized tech will lead to lagging IT.  Focus on differentiators is key.
  • eatraining: A4 Business design and architecture will facilitate a more structured approach to business prototyping
  • tetradian: A4: identifying/describing the overall shared-enterprise space (tech + human); also lean-startup style ‘jobs to be done’ etc
  • Technodad: @TheWombatWho yes, but a tough job- how would #entarch have advised Tower Records in face of digital music disruption, loss of ROE?
  • David_A_OHara: @Technodad @TheWombatWho good challenge: same question can be posed re: Game and HMV in the UK…
  • eatraining: A4 Business model prototyping is the conversation we have with our ideas – @tomwujec
  • tetradian: @eatraining re business-prototyping – yes, strong agree
  • tetradian: A4 for ‘digital disruption’, crucial that #entarch covers a much broader space than just IT – pref. out to entire shared-enterprise
  • enterprisearchs: @tetradian agree – the boundaries of the enterprise are defined by the value discipline orientation, not by the balance sheet

In contradiction to what I said just above, that too-common predominance of IT-centrism in current EA is not so much in evidence here. It’s a pleasant contrast, but it doesn’t last…

Question 5: Why is enterprise-architecture well placed to respond to disruption?

  • theopengroup: Q5 And on a similar note, what is the role of #EntArch in driving and responding to #disruption?
  • enterprisearchs: A5 #EntArch has a unique appreciation of existing and required business capabilities to execute strategy
  • enterprisearchs: A5 Speed to change is now a competitive advantage. #EntArch can map the shortest path to deliver business outcomes
  • filiphdr: A5 Keep short term decisions in line w/ long term vision
  • enterprisearchs: A5 #EntArch provides the tools to better manage investment lifecycles, helping to time capability deployment and divestment
  • InfoRacer: A5 Advising, giving informed analysis, recommendations & impact so the Business officers can make decision with their eyes open!
  • enterprisearchs: A5 #EntArch is the only discipline that stitches strategic and business management disciplines together in a coherent manner
  • enterprisearchs: A5 Speed of response requires a clear mandate and execution plan. #EntArch will deliver this
  • zslayton: @enterprisearchs Agreed.  Toss in leadership and we may have something!
  • TheWombatWho: @Technodad key is “why was tower special?”  Advice, passion & knowledge…..still relevant?  Not the music – was the knowledge.
  • efeatherston: @enterprisearchs well said #entarch
  • enterprisearchs: A5 #EntArch provides vital information about which capabilities currently exist and which need to be acquired or built
  • chrisjharding: A5: Set principles and standards to give consistent use of disruptive technologies in enterprise
  • eatraining: @Technodad @TheWombatWho A few cycles of business model prototyping might have revealed a an opportunity to respond better
  • zslayton: @Technodad @TheWombatWho Netflix again a good example.  Cannibalized their soon to be dying biz to innovate in new biz.
  • TalmanAJ: A5: #entarch should be the tool to drive/respond to disruptions in a controlled manner
  • enterprisearchs: A5 #ArchitectureThinking provides a robust approach to optimise change initiatives and accelerate delivery
  • David_A_OHara: @Technodad @TheWombatWho consider future of games consoles i.e. there will be NO consoles: smart TV will access all digital content
  • TheWombatWho: @David_A_OHara @Technodad HMV interesting – wasn’t  retail store a response to original disruption?
  • chrisjharding: A5: and ensure solutions comply with legal constraints and enterprise obligations
  • zslayton: @David_A_OHara @Technodad @TheWombatWho SmartTV is just a big ole, vertical tablet. #mobile
  • TheWombatWho: @zslayton @David_A_OHara @Technodad and value opportunity is how to keep finger prints off the screen!!!!
  • TheWombatWho: @David_A_OHara @Technodad so accessing content is not where value is?  Where is the value in that arena?
  • enterprisearchs: A5 #EntArch offers insight into which technology capabilities can be strategically applied
  • eatraining: A5 #EntArch can offer an extended value proposition not just into capability mixes but product and market mixes as well
  • TheWombatWho: @enterprisearchs @Technodad yes, yes, yes and yes.  I agree
  • Technodad: @zslayton Exactly. Decision to dump physical & go all-in on digital delivery & content was key. Wonder if #entarch led change?
  • David_A_OHara: @TheWombatWho @Technodad not much if U R console manuf!  Content IS the value, right? Smart TV democratises access to content
  • mjcavaretta: Value from #BigData primarily from…  RT @TheWombatWho: @InfoRacer behavioural sciences & #predictive #analytics
  • TheWombatWho: @enterprisearchs @Technodad getting Biz to talk through canvas & over-laying their discussions with IT choices is essential
  • zslayton: @Technodad I’m guessing product but #entarch had to rapidly adapt IT enviro to enable the product e.g. respond to the disruption
  • efeatherston: @zslayton @Technodad  Netflix seems to thrive on disruption, look at their testing model, chaos monkey , hope #entarch is involved

In a sense, the same as for Question 4: the too-usual IT-centrism is not so much in apparent evidence. Yet actually it is: I don’t think there’s a single example that moves more than half a step outside of some form of IT. Where are the references to EA for smart-materials, smart-sensors, nanotechnologies, changes in law, custom, even religion? – they’re conspicuous only by their absence. Again, we need to stop using IT as ‘the centre of everything’, because it really isn’t in the real-world: instead, we need to rethink our entire approach to architecture, shifting towards a more realistic awareness that “everything and nothing is ‘the centre’ of the architecture, all at the same time”.

Question 6: Who are the key stakeholders enterprise-architecture needs to engage when developing a disruption strategy?

  • theopengroup: Q6 So who are the key stakeholders #EntArch needs to engage when developing a #Disruption strategy?
  • filiphdr: A6 Customers
  • enterprisearchs: A6 #Disruption is the concern of the entire executive team and the board of directors – this is where #EntArch should be aiming
  • TalmanAJ: A6: Business leaders first, IT leaders second
  • chrisjharding: A6: CIOs
  • InfoRacer: A6 Customers, Shareholders, Investors, Partners
  • enterprisearchs: A6 Clearly the CEO is the key stakeholder for #EntArch to reach when contemplating new #BizModels
  • eatraining: A6 Welcome the arrival of the CDO. The chief digital officer. Is this the new sponsor for EA?
  • efeatherston: A6: As has been said, the C-level (not just CIO), as the focus must always be the business drivers, and what impact that has
  • zslayton: @Technodad emphasizing partnership and alignment between Tech #entarch and Biz entarch.
  • eatraining: A6 The Customer!!??
  • Technodad: @mjcavaretta Do you think replacement of knowledge workers by machine learning is next big disruption?
  • InfoRacer: @eatraining Hmm Chief Data Officer, because lets be honest the CIO mostly isn’t a Chief INFORMATION Officer anymore
  • TheWombatWho: A6 starts with biz, increasingly should include customers & suppliers & then IT
  • tetradian: A6: _all_ stakeholder-groups – that’s the whole point! (don’t centre it around any single stakeholder – all are ‘equal citizens’)
  • TheWombatWho: @tetradian A6 agree with Tom.  My bent is Biz 1st but you mine intel from all – whenever opportunity arrives.  Continual engagement

I’ll say straight off that I was shocked at most of the above: a sad mixture of IT-centrism and/or organisation-centrism, with only occasional indications – such as can be seen in Craig Martin’s plea of “The Customer!!??” – of much of a wider awareness. What we perhaps need to hammer home to the entire EA/BA ‘trade’ is that whilst we create an architecture for an organisation, it must be about the ‘enterprise’ or ecosystem within which that organisation operates. Crucial to this is the awareness that the enterprise is much larger than the organisation, and hence we’d usually be wise to start ‘outside-in‘ or even ‘outside-out’, rather than the literally self-centric ‘inside-in’ or ‘inside-out’.

Question 7: What current gaps in enterprise-architecture must be filled to effectively lead disruption strategy?

  • theopengroup: Q7, last one guys! What current gaps in #EntArch must be filled to effectively lead #Disruption strategy?
  • enterprisearchs: #EntArch should engage the biz to look at what sustaining & disruptive innovations are viable with the existing enterprise platform
  • zslayton: @efeatherston @Technodad Proactive disruption!  Technical tools to enable and anticipate change.  Great example.
  • enterprisearchs: A7 #EntArch needs to move beyond an IT mandate
  • enterprisearchs: A7 #EntArch needs to be recognised as a key guide in strategic business planning
  • InfoRacer: A7 Engage with biz.  Get away from tech.  Treat Information as real asset, get CDO role
  • eatraining: A7 The #EntArch mandate needs to move out of the IT space
  • chrisjharding: A7: #EntArch needs a new platform to deploy disruptive technologies – Open Platform 3.0
  • zslayton: A7 #entarch involvement during the idea stage of biz, not just the implementation.  True knight at the round table.
  • TheWombatWho: @enterprisearchs @Technodad its one of my best friends.  Evan the discipline of thought process sans formality of canvas
  • enterprisearchs: A7 #EntArchs need to improve their business engagement skills and vocabulary
  • zslayton: @eatraining Agreed!  Balance Biz #entarch with Tech #entarch.
  • efeatherston: A7: #entarch MUST be part of the business planning process, they are the connecting tissue between business drivers and IT
  • David_A_OHara: @theopengroup creative business modelling inc. hypothetical models, not simple IT response to mid term view based on today’s probs
  • TalmanAJ: A7: #entArch needs to move from its IT and technical focus to more business strategy focus
  • eatraining: @efeatherston Agreed
  • efeatherston: A7: #entarch  needs to get business to understand, they are not just the tech guys
  • eatraining: A7 There is room to expand into the products and services space as well as market model space
  • InfoRacer: A7 Common vocabulary eg by exploiting Conceptual model; Information is the lingua franca
  • enterprisearchs: A7 #EntArchs need to be more business-outcome oriented
  • chrisjharding: A7: Open Platform 3.0 #ogP3 will let architects worry about the business, not the technology
  • enterprisearchs: A7 #EntArchs need to be recruited from business domains and taught robust architecture practises
  • Technodad: A7 #EntArch can’t lose role of tracking/anticipating tech change, or business will be blindsided by next disruption.
  • filiphdr: @efeatherston Very true, and that’s a skills & communication challenge
  • eatraining: A7 Architects must focus more on becoming super mixers than on architecture utility development
  • enterprisearchs: A7 #EntArchs need to be experts in the application of #Cloud, #Mobile, #Social, #BigData and #Digital strategy
  • zslayton: @enterprisearchs Agreed.  We tend to have to push process more than models.  That is often the “ah ha”.  #entarch
  • eatraining: A7 Architecture must focus on actual change in helping design solutions that shift and change behavior as well
  • tetradian: A7: kill off the obsession with IT!!! :-) #entarch needs to cover the whole scope, not the trivial subset that is ‘digital’ alone…
  • enterprisearchs: @tetradian Disagree – Digital is a huge accelerant to #Disruption and #EntArchs in the near term need to have a v strong grip
  • tetradian: RT @enterprisearchs: A7 #EntArch needs to move beyond an IT mandate -> yes yes yes!!!
  • TalmanAJ: @tetradian Yes. Technology is just one aspect of the enterprise. Processes, strategies and people etc. are too.
  • scmunk: @tetradian this shows non-IT importance of #EntArch, also a pipeline for changes http://t.co/O4Cm4D5G7q
  • enterprisearchs: A7 #EntArchs need to be able to clearly articulate business context and motivation http://t.co/Sf4Ci8Ob7P
  • eatraining: @TheWombatWho Roadmap and plans implemented don’t show the true value because stakeholders shift back to old behavior habits.
  • TheWombatWho: A7 need to be evangelist for the ‘value’ in the Biz model not the hierarchy or structure or status quo
  • TheWombatWho: @eatraining agree.  Roadmap is point in time.  Need to establish principles, & links across value chain rather than structural links
  • DadaBeatnik: Never did understand the obsession with IT in #Entarch. Why is this? Not all biz IT-centric. Because of tools/language?
  • TheWombatWho: @DadaBeatnik accident of history?
  • TalmanAJ: @DadaBeatnik Could be historical. Origins of EA are in IT, EA function usually is in IT and EA people usually have IT background.

At least here we did see more awareness of the need to break out of the IT-centric box: it’s just that so many of the responses to the previous questions indicated that much of EA is still very much stuck there. Oh well. But, yeah, good signs that some moves are solidly underway now, at least.

One point I do need to pick up on from the tweets above. Yes, I’ll admit I somewhat dropped back to my usual rant – “kill off the obsession with IT!!! :-) ” – but please, please note that I do still very much include all forms of IT within the enterprise-architecture. I’m not objecting to IT at all: all that I’m saying is that we should not reflexively elevate IT above everything else. In other words, we need to start from an awareness – a strictly conventional, mainstream systemic-awareness – that in a viable ‘architecture of the enterprise, everything in that ‘ecosystem-as-system’ is necessary to that system, and hence necessarily an ‘equal citizen’ with everything else. Hence I do understand where Hugh Evans (@enterprisearchs) is coming from, in his riposte of “Disagree – Digital is a huge accelerant to #Disruption and #EntArchs in the near term need to have a v strong grip”: in a sense, he’s absolutely right. But the danger – and I’m sorry, but it is a huge danger – is that there’s still such as strong pull towards IT-centrism in current EA that we do need to be explicit in mitigating against it at just every step of the way. Yes, “digital is a huge accelerant to disruption”, and yes, we do need to be aware of the potential affordances offered by each new technology, yet we must always to start from the overall potential-disruption opportunity/risk first – and not from the technology.

Wrap-up

(This consisted of various people saying ‘thank you’, and ‘goodbye’, which is nice and socially-important and suchlike, yet not particularly central to the content of the TweetJam itself: I’ve dropped them from the record here, but you can chase them up on Twitter if you really need them. However, there were a couple of tweets pointing to further resources that might be helpful to some folks, so I’ll finish here with those.)

  • enterprisearchs: Look out for our upcoming webinar: http://t.co/lWvJ630BVJ ‘Leading Business Disruption Strategy with #EntArch’ Oct 10
  • dianedanamac: Thanks for joining! Continue the conversation at #ogLON, The Open Group London event Oct. 21-24

That’s it. Hope that’s been useful, anyways: over to you?

GravesTom_sq Tom Graves has been an independent consultant for more than three decades, in business transformation, enterprise architecture and knowledge management. His clients in Europe, Australasia and the Americas cover a broad range of industries including banking, utilities, manufacturing, logistics, engineering, media, telecoms, research, defence and government. He has a special interest in architecture for non-IT-centric enterprises, and integration between IT-based and non-IT-based services.

1 Comment

Filed under Business Architecture, Cloud, Enterprise Architecture, Open Platform 3.0

Talking Points on Rationale for Vendors Participation in Standards Efforts

By Terence Blevins, Portfolio Manager, The MITRE Corporation

The following are simple communication messages responding to two high level questions; what messages are useful when trying to get a company to decide on engaging in a standards effort, and next, what type of people should get engaged?

Regarding what messages are useful when trying to get a company to decide on engaging in a standards effort? I have used 5 key points:

  1. Marketing – if a company has openness and/or interoperability as part of its messaging, it is important to be seen as participating in open standards consortia. It demonstrates corporate commitment – without participation customers will not really believe the company is walking the talk
  2. Cost of selling – if a company does not support industry standards they are constantly asked to rationalize why they do not support industry standards, which increases the time and cost to sell. Sometimes you don’t even get on the short list. When you have products that are certified and have the label this becomes less an issue.
  3. Cost of developing interface standards – interface standards are just plain expensive to develop; if you become involved with an industry group, like The Open Group, you are leveraging others to get a standard done that is likely to have a long healthy shelf life at a lower cost than developing it yourself.
  4. Cost of developing solutions – again by implementing a standard, it is cheaper than developing and testing an interface on your own.
  5. Ability to set the standard – if one already has a product suite that is connected with sound interface specifications; a Platinum member of The Open Group can submit that as the standard in the fast track and actually be seen as setting the standard. This promotes the company in the leadership position and commitment to the interoperability message.

To the other question what type of people should get engaged? I typically emphasize the following:

  • There are 2 roles – the high level participation at the board and then the standards detail role.
  • The high level role needs to be filled by someone with the strategic view of the company, and the participant needs to be promoting true interoperability and demonstrating a willingness to cooperate with others.
  • The standards detail role needs to be filled by someone close to the architecture and engineering side of the house and should be someone that can contribute to the standards process – whether standards development or establishing the certification program.

©2013-The MITRE Corporation. All rights reserved.

blevins_1 Mr. Blevins is a department head at MITRE. He is a Board Member of The Open Group, representing the Customer Council.

He has been involved with the architecture discipline since the 80s, much of which was done while he was Director of Strategic Architecture at NCR Corporation. He has been involved with The Open Group since 1996 when he first was introduced to the Architecture Forum. He was co-chair of the Architecture Forum and frequent contributor of content to TOGAF including the Business Scenario Method.

Mr. Blevins was Vice President and CIO of The Open Group where he contributed to The Open Group Vision of Boundaryless Information Flow™

He holds undergraduate and Masters degrees in Mathematics from Youngstown State University. He is TOGAF 8 certified.

Comments Off

Filed under Certifications, Standards