Author Archives: The Open Group Blog

What I learnt at The Open Group Bangalore Conference last weekend

By Sreekanth Iyer, Executive IT Architect, IBM

It was quite a lot of learning on a Saturday attending The Open Group conference at Bangalore. Actually it was a two day program this year. I could not make it on Friday because of other work commitments. I heard from the people who attended that it was a great session on Friday. At least I knew about a fellow IBMer Jithesh Kozhipurath’s presentation on Friday. I’d the chance to look at that excellent material on applying TOGAF® practices for integrated IT Operations Enterprise Architecture which was his experience sharing of the lab infra optimization work that he was leading.

I started bit late on Saturday, thinking it was happening at the Leela Palace which was near to my home (Ah.. that was in 2008) Realized late that it was at the Philips Innovation Campus at Manyata. But managed to reach just on time before the start of the sessions.

The day started with an Architecture as a Service discussion. The presentation was short but there were lot of interesting questions and interactions post the session.  I was curious know more about the “self-service” aspect on that topic.

Then we had Jason Uppal of ClinicialMessage Inc. on stage (see picture below) , who gave a wonderful presentation on the human touch to the architecture and how to leverage EA to make disruptive changes without disrupting the working systems.

Jason bangaloreLots of take-aways from the session. Importantly the typical reasons why certain Architectures can fail… caused many a times we have a solution already in our mind and we are trying to fit that into the requirement. And most of these times if we look at the Requirements artifact we will be see that the problems are not rightly captured. Couldn’t agree more with the good practices that he discussed.

Starting with  “Identifying the Problem Right” – I thought that is definitely the first and important step in Architecture.  Then Jason talked about significance of communicating and engaging people and stakeholders in the architecture — point that he drove home with a good example from the health care industry. He talked about the criticality of communicating and engaging the stakeholders — engagement of course improves quality. Building the right levers in the architecture and solving the whole problem were some of the other key points that I noted down. More importantly the key message was as Architects, we have to go beyond drawing the lines and boxes to deliver the change, may be look to deliver things that can create an impact in 30 days balancing the short term and long term goals.

I got the stage for couple of minutes to update on the AEA Bangalore Chapter activities. My request to the attendees was to leverage the chapter for their own professional development – using that as a platform to share expertise, get answers to queries, connect with other professionals of similar interest and build the network. Hopefully will see more participation in the Bangalore chapter events this year.

On the security track, had multiple interesting sessions. Began with Jim Hietala of The Open Group discussing the Risk Management Framework. I’ve been attending a course on the subject. But this one provided a lot of insight on the taxonomy (O-RT) and the analysis part – more of taking a quantitative approach than a qualitative approach. Though the example was based on risks with regard to laptop thefts, there is no reason we can’t apply the principles to real issues like quantifying the threats for moving workloads to cloud. (that’s another to-do added to my list).

Then it was my session on the Best practices for moving workloads to cloud for Indian Banks. Talked about the progress so far with the whitepaper. The attendees were limited as there was Jason’s EA workshop happening in parallel. But those who attended were really interested in the subject. We did have a good discussion on the benefits, challenges and regulations with regard to the Indian Banking workloads and their movement to cloud.  We discussed few interesting case studies. There are areas that need more content and I’ve requested the people who attended the session to participate in the workgroup. We are looking at getting a first draft done in the next 30 days.

Finally, also sat in the presentation by Ajit A. Matthew on the security implementation at Intel. Everywhere the message is clear. You need to implement context based security and security intelligence to enable the new age innovation but at the same time protect your core assets.

It was a Saturday well spent. Added had some opportunities to connect with few new folks and understand their security challenges with cloud.  Looking to keep the dialog going and have an AEA Bangalore chapter event sometime during Q1. In that direction, I took the first step to write this up and share with my network.

Event Details:
The Open Group Bangalore, India
January 24-25, 2014

Sreekanth IyerSreekanth Iyer is an Executive IT Architect in IBM Security Systems CTO office and works on developing IBM’s Cloud Security Technical Strategy. He is an Open Group Certified Distinguished Architect and is a core member of the Bangalore Chapter of the Association of Enterprise Architects. He has over 18 years’ industry experience and has led several client solutions across multiple industries. His key areas of work include Information Security, Cloud Computing, SOA, Event Processing, and Business Process management. He has authored several technical articles, blogs and is a core contributor to multiple Open Group as well as IBM publications. He works out of the IBM India Software Lab Bangalore and you can follow him on Twitter @sreek.

Comments Off

Filed under Conference, Enterprise Architecture, Healthcare, TOGAF®

The ArchiMate® Certification for People Program 2014 Updates

By Andrew Josey, The Open Group

Following on from the news in December of the 1000th certification in the ArchiMate certification program, The Open Group has made some changes to the program that will make the certification program more accessible. As of January 2014, it is now possible to self study for both certification levels.  Previously to achieve the Level 2 certification, known as ArchiMate 2 Certified, attendance at a course was mandatory.

To accommodate this, a revised examination structure has been introduced as shown in the diagram below:ArchiMate_2_exam

There are two levels of certification:

  • ArchiMate Foundation: Knowledge of the notation, terminology, structure, and concepts of the ArchiMate modeling language.
  • ArchiMate Certified: In addition to Knowledge and comprehension, the ability to analyze and apply the ArchiMate modeling language.

Candidates are able to choose whether they wish to become certified in a stepwise manner by starting with ArchiMate 2 Foundation and then at a later date ArchiMate 2 Certified, or bypass ArchiMate 2 Foundation and go directly to ArchiMate 2 Certified.

For those going directly to ArchiMate 2 Certified there is a choice of taking the two examinations separately or a Combined examination. The advantage of taking the two examinations over the single Combined examination is that if you pass Part 1 but fail Part 2 you can still qualify for ArchiMate 2 Foundation.

The ArchiMate 2 Part 1 examination comprises 40 questions in simple multiple choice format. The ArchiMate 2 Part 2 examination comprises 8 question using a gradient scored, scenario based format. Practice examinations are included as part of an Accredited ArchiMate Training course and available with the Study Guide.

The examinations are delivered either at Prometric test centers or by Accredited Training Course Providers through The Open Group Internet Based Testing portal.

You can find an available accredited training course either by viewing the public Calendar of Accredited Training Courses or by contacting a provider using the Register of Accredited Training Courses.

The ArchiMate 2 Certification Self-Study Pack is available at http://www.opengroup.org/bookstore/catalog/b132.htm.

The hardcopy of the ArchiMate 2 Certification Study Guide is available to order from Van Haren Publishing at http://www.vanharen.net/9789401800020

ArchiMate is a registered trademark of The Open Group.

 Andrew Josey is Director of Standards within The Open Group. He is currently managing the standards process for The Open Group, and has recently led the standards development projects for TOGAF 9.1, ArchiMate 2.1, IEEE Std 1003.1-2008 (POSIX), and the core specifications of the Single UNIX Specification, Version 4. Previously, he has led the development and operation of many of The Open Group certification development projects, including industry-wide certification programs for the UNIX system, the Linux Standard Base, TOGAF, and IEEE POSIX. He is a member of the IEEE, USENIX, UKUUG, and the Association of Enterprise Architects.

Comments Off

Filed under ArchiMate®, Certifications, Enterprise Architecture

Future Shock: Why IT Needs to Embrace Agile Development or Be Left Behind

By Allen Brown, President and CEO, The Open Group

In his 1970 bestseller, Future Shock, futurist Alvin Toffler predicted that the rate of technological change and progress was beginning to accelerate at a rate faster than what people are often ready for or can handle. Looking over the course of history—from agrarian societies through the industrial age to our current post-industrial age in which more people work in service-oriented fields than agricultural ones—Toffler noted that the rapid changes brought on by technology often leave people in a state of “future shock.”

Future shock, Toffler argued, can cause not only disorientation for those who are caught up in it, but it can also induce a kind of paralysis brought on by being confronted with too many choices. In its worst form, future shock can lead to alienation and a breakdown of the social order due to “information overload” (a term originally coined by Toffler).

Toffler’s predictions were amazingly accurate for the time. We are most certainly in an era where we can barely keep up with the constant technological changes we are faced with on a daily basis. This is certainly true of how consumer technologies have changed our lives. Not only is the laptop or phone you buy today practically obsolete by the time you get it home, but we constantly struggle to keep up with our technologies and the volume of information—via email, text messages, the Internet, Twitter, etc.—that we consume on a daily basis. We are all likely suffering from some degree of information overload.

Similarly, technology change is accelerating business drivers at rates that are increasingly difficult for organizations to keep up with, not only for IT, but also for management. Trends such as Cloud, BYOD, Big Data and the Internet of Things are driving information overload for today’s enterprises putting intense pressure on lines of business to respond quickly to market drivers, data-driven imperatives and internal demands. Organizations are being forced to change—whether they are ready or not.

According to Toffler, the only way to combat future shock is to learn to adapt and to do so constantly. Toffler likens an inability to adapt to a new kind of illiteracy, with those who cannot adapt being left behind. “The illiterate of the 21st Century are not those who cannot read and write but those who cannot learn, unlearn and relearn” he said.

The problem is that most organizations today are not in a position to handle rapid change or to adapt quickly. In The Open Group Convergent Technologies Survey, only 52 percent of organizations surveyed felt they were equipped to deal with convergence of new technologies, while 27% said they were ill-prepared. Prepared or not, the tide of convergence is coming whether organizations like it or not. But to survive in our current economy, companies must learn to architect themselves in the moment.

Using Agile Development as a Model
Over the past ten years, agile software development has emerged as one of the ways for IT developers to adapt to the requirements of constant change. Based on a definition coined in the Manifesto for Agile Software Development in 2001, agile development is characterized by iterative, incremental and rapid development that evolves through collaboration. Rather than making development a process that takes years of painstaking planning before execution, the agile method puts a product out into the market at the earliest convenience, tests it with users and then adapts it accordingly. The process is then repeated with feedback and upgrades on a constant, iterative loop.

Agile development is driven by flexibility and the ability to respond rapidly to keep up with the endless change in the market. With agile principles, organizational focus shifts from processes and tools to individuals and interactions, the organization to the customer, from negotiation to collaboration, and to responding to change rather than sticking to rigid plans.

For many readers, “agile” is a loaded term and largely associated with solutions rather than the enterprise architecture but there are some appealing aspects to it.  An adaptation of the twelve principles of Agile Development to the discipline of Enterprise Architecture would be an interesting place to start.  I have just picked out half of the principles and adapted them here by way of example – using parenthesis to show possible deletions and adding a few words here and there in italics.

  •  Our highest priority is to satisfy the customer through early and continuous delivery of (valuable software) valuable architecture guidance to the enterprise
  •  Welcome changing requirements, even late in development. Agile processes harness change for the customer’s competitive advantage.
  • Business people and (developers) architects must work together (daily) throughout the project.
  • Simplicity–the art of maximizing the amount of work not done–is essential.
  • The best architectures, requirements, and designs emerge from self-organizing teams.
  • At regular intervals, the team reflects on how to become more effective, then tunes and adjusts its behavior accordingly.

What Organizations Can Learn from Agile Development
As Toffler predicted, the rate of business change is happening so quickly that if you take too much time to do anything, your organization is likely to lose out. Business schools have even taken a page from IT development and have begun teaching the principles of agile development to graduate students. As Toffler noted, “if you don’t have a strategy, you’re part of someone else’s strategy.” In business today, as in combatting “future shock,” adaptability must be at the core of every organization’s strategy.

Organizations that want to survive and thrive in this paradigm will need to take a page from IT, agile development and start-up cultures to become more nimble and move more quickly. Becoming agile will take significant shifts in culture for many organizations. Business and IT must work together in order to facilitate changes that will work for each organization. Enterprise architects and IT leaders can help lead the charge for change within their organizations by helping the C-Suite not only understand how to apply agile development principles to the business, but by showing the potential consequences of being slow to adapt and how business imperatives are the real drivers for these changes.

Architecting things as you go is a difficult thing for most organizations and most industries. Most of us are not used to that level of flexibility or a need to adapt that quickly. We are more comfortable with planning ahead and sticking to a well-thought out plan. Agility does not preclude planning or forethought—rather it is part of the process and action plan instead of being a precursor to action. Although many organizations are likely in for a large dose of “future” or culture shock, adaptation and business transformation is necessary for today’s organizations if they don’t want to be left behind in the face of constant change.

Allen BrownAllen Brown is President and CEO, The Open Group – a global consortium that enables the achievement of business objectives through IT standards.  For over 15 years Allen has been responsible for driving The Open Group’s strategic plan and day-to-day operations, including extending its reach into new global markets, such as China, the Middle East, South Africa and India. In addition, he was instrumental in the creation of the AEA, which was formed to increase job opportunities for all of its members and elevate their market value by advancing professional excellence.

5 Comments

Filed under Open Platform 3.0

ArchiMate® 2 Certification reaches the 1000th certification milestone

By Andrew Josey, The Open Group

We’re pleased to announce that the ArchiMate Certification for People program has reached the significant milestone of 1,000 individual certifications and there are individuals certified in 30 different countries as shown in the world map below.

ArchiMate 1000

The top 10 countries are:

Netherlands 458 45.8%
UK 104 10.4%
Belgium 76 7.6%
Australia 35 3.5%
Germany 32 3.2%
Norway 30 3%
Sweden 30 3%
USA 27 2.7%
Poland 16 1.6%
Slovakia 13 1.3%
 

The vision for the ArchiMate 2 Certification Program is to define and promote a market-driven education and certification program to support the ArchiMate modeling language Standard.

More information on the program is available at the ArchiMate 2 Certification site at http://www.opengroup.org/certifications/archimate/

Details of the ArchiMate 2 Examinations are available at: http://www.opengroup.org/certifications/archimate/docs/exam

The calendar of Accredited ArchiMate 2 Training courses is available at: http://www.opengroup.org/archimate/training-calendar/

The ArchiMate 2 Certification register can be found at https://archimate-cert.opengroup.org/certified-individuals

ArchiMate is a registered trademark of The Open Group.

 Andrew Josey is Director of Standards within The Open Group. He is currently managing the standards process for The Open Group, and has recently led the standards development projects for TOGAF 9.1, ArchiMate 2.0, IEEE Std 1003.1-2008 (POSIX), and the core specifications of the Single UNIX Specification, Version 4. Previously, he has led the development and operation of many of The Open Group certification development projects, including industry-wide certification programs for the UNIX system, the Linux Standard Base, TOGAF, and IEEE POSIX. He is a member of the IEEE, USENIX, UKUUG, and the Association of Enterprise Architects.

Comments Off

Filed under ArchiMate®, Certifications, Enterprise Architecture

Measuring the Immeasurable: You Have More Data Than You Think You Do

By Jim Hietala, Vice President, Security, The Open Group

According to a recent study by the Ponemon Institute, the average U.S. company experiences more than 100 successful cyber-attacks each year at a cost of $11.6M. By enabling security technologies, those companies can reduce losses by nearly $4M and instituting security governance reduces costs by an average of $1.5M, according to the study.

In light of increasing attacks and security breaches, executives are increasingly asking security and risk professionals to provide analyses of individual company risk and loss estimates. For example, the U.S. healthcare sector has been required by the HIPAA Security rule to perform annual risk assessments for some time now. The recent HITECH Act also added security breach notification and disclosure requirements, increased enforcement in the form of audits and increased penalties in the form of fines. Despite federal requirements, the prospect of measuring risk and doing risk analyses can be a daunting task that leaves even the best of us with a case of “analysis paralysis.”

Many IT experts agree that we are nearing a time where risk analysis is not only becoming the norm, but when those risk figures may well be used to cast blame (or be used as part of a defense in a lawsuit) if and when there are catastrophic security breaches that cost consumers, investors and companies significant losses.

In the past, many companies have been reluctant to perform risk analyses due to the perception that measuring IT security risk is too difficult because it’s intangible. But if IT departments could soon become accountable for breaches, don’t you want to be able to determine your risk and the threats potentially facing your organization?

In his book, How to Measure Anything, father of Applied Information Economics Douglas Hubbard points out that immeasurability is an illusion and that organizations do, in fact, usually have the information they need to create good risk analyses. Part of the misperception of immeasurability stems from a lack of understanding of what measurement is actually meant to be. According to Hubbard, most people, and executives in particular, expect measurement and analysis to produce an “exact” number—as in, “our organization has a 64.5 percent chance of having a denial of service attack next year.”

Hubbard argues that, as risk analysts, we need to look at measurement more like how scientists look at things—measurement is meant to reduce uncertainty—not to produce certainty—about a quantity based on observation.  Proper measurement should not produce an exact number, but rather a range of possibility, as in “our organization has a 30-60 percent chance of having a denial of service attack next year.” Realistic measurement of risk is far more likely when expressed as a probability distribution with a range of outcomes than in terms of one number or one outcome.

The problem that most often produces “analysis paralysis” is not just the question of how to derive those numbers but also how to get to the information that will help produce those numbers. If you’ve been tasked, for instance, with determining the risk of a breach that has never happened to your organization before, perhaps a denial of service attack against your web presence, how can you make an accurate determination about something that hasn’t happened in the past? Where do you get your data to do your analysis? How do you model that analysis?

In an article published in CSO Magazine, Hubbard argues that organizations have far more data than they think they do and they actually need less data than they may believe they do in order to do proper analyses. Hubbard says that IT departments, in particular, have gotten so used to having information stored in databases that they can easily query, they forget there are many other sources to gather data from. Just because something hasn’t happened yet and you haven’t been gathering historical data on it and socking it away in your database doesn’t mean you either don’t have any data or that you can’t find what you need to measure your risk. Even in the age of Big Data, there is plenty of useful data outside of the big database.

You will still need to gather that data. But you just need enough to be able to measure it accurately not necessarily precisely. In our recently published Open Group Risk Assessment Standard (O-RA), this is called calibration of estimates. Calibration provides a method for making good estimates, which are necessary for deriving a measured range of probability for risk. Section 3 of the O-RA standard uses provides a comprehensive look at how best to come up with calibrated estimates, as well as how to determine other risk factors using the FAIR (Factor Analysis of Information Risk) model.

So where do you get your data if it’s not already stored and easily accessible in a database? There are numerous sources you can turn to, both externally and internally. You just have to do the research to find it. For example, even if your company hasn’t experienced a DNS attack, many others have—what was their experience when it happened? This information is out there online—you just need to search for it. Industry reports are another source of information. Verizon publishes its own annual Verizon Data Breach Investigations Report for one. DatalossDB publishes an open data beach incident database that provides information on data loss incidents worldwide. Many vendors publish annual security reports and issue regular security advisories. Security publications and analyst firms such as CSO, Gartner, Forrester or Securosis all have research reports that data can be gleaned from.

Then there’s your internal information. Chances are your IT department has records you can use—they likely count how many laptops are lost or stolen each year. You should also look to the experts within your company to help. Other people can provide a wealth of valuable information for use in your analysis. You can also look to the data you do have on related or similar attacks as a gauge.

Chances are, you already have the data you need or you can easily find it online. Use it.

With the ever-growing list of threats and risks organizations face today, we are fast reaching a time when failing to measure risk will no longer be acceptable—in the boardroom or even by governments.

Jim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT security and risk management programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

1 Comment

Filed under Cybersecurity, Data management, Information security, Open FAIR Certification, RISK Management, Uncategorized

ArchiMate® 2.1 Specification Maintenance Release

By Andrew Josey, The Open Group

We’re pleased to announce the latest release of the ArchiMate modeling language specification.

ArchiMate® 2.1, an Open Group standard, is a full updated release of the ArchiMate Specification addressing comments raised since the introduction of Issue 2.0 in 2012. It retains the major features and structure of ArchiMate 2.0 adding further detail and clarification, thereby preserving existing investment in the ArchiMate modeling language. In this blog, we take a brief look at what has changed[1].

The changes in this release are as follows:

  1. Additional explanatory text has been added in section 2.6 describing the ArchiMate Framework, its layers and aspects.
  2. Corrections have been made to figures throughout the specification for consistency with the text, including metamodel diagrams, concept diagrams and example models.
  3. An explanation has been added describing the use of colors within the specification. This makes it clear that the metamodel diagrams use colors to distinguish the different aspects of the ArchiMate Framework, and that within the models there are no formal semantics assigned to colors.
  4. Within the three layers, the concepts are now classified according to the aspects of the ArchiMate Framework: Active Structure Concepts (instead of Structural Concepts), Behavioral Concepts, and Passive Structure Concepts (instead of Informational Concepts).
  5. Duplicate text has been removed from the layers; for example meaning was defined in Section 3.4 and also in Section 3.4.2).
  6. In the Layers, a number of concept diagrams have been corrected to show all the permitted symbols for the concept; for example, Business Interface, Application Service, and Infrastructure Service.
  7. In the Architecture Viewpoints, the aspects for each viewpoint are now classified as per the ArchiMate Framework into Active Structure, Behavior, or Passive Structure.
  8. In the Architecture Viewpoints, a number of Concepts and Relationships diagrams have been updated to correct the relationships shown, similarly a number of example diagrams have corrections (for example use of a Communication Path to connect two nodes).
  9. In the Language Extension Mechanisms chapter, it has been made clear that specialization can also be applied to Relationships.
  10. In the Motivation Extension, it has been made clear that the association relationship can be used to connect motivation elements.
  11. The status of the appendices has been made clear; Appendix A is informative, whereas Appendix B is normative.
  12. Appendix B, the Relationship Tables has a number of corrections applied.

More information on the ArchiMate 2.1 Specification, including additional resources, can be obtained from The Open Group website here: http://www.opengroup.org/subjectareas/enterprise/archimate

[1] A detailed listing of the changes is available separately as Document U132, ArchiMate® 2.0 Technical Corrigendum 1 http://www.opengroup.org/bookstore/catalog/U132

Andrew Josey is Director of Standards within The Open Group. He is currently managing the standards process for The Open Group, and has recently led the standards development projects for TOGAF 9.1, ArchiMate 2.0, IEEE Std 1003.1-2008 (POSIX), and the core specifications of the Single UNIX Specification, Version 4. Previously, he has led the development and operation of many of The Open Group certification development projects, including industry-wide certification programs for the UNIX system, the Linux Standard Base, TOGAF, and IEEE POSIX. He is a member of the IEEE, USENIX, UKUUG, and the Association of Enterprise Architects.

1 Comment

Filed under ArchiMate®, Enterprise Architecture

Open Platform 3.0™ to Help Rally Organizations in Innovation and Development

by Andy Mulholland, Former Global CTO, Capgemini

The Open Platform 3.0™ initiative, launched by The Open Group, provides a forum in which organizations, including standards bodies, as much as users and product vendors, can coordinate their approach to new business models and new practices for use of IT, can define or identify common vendor-neutral standards, and can foster the adoption of those standards in a cohesive and aligned manner to ensure a integrated commercial viable set of solutions.

The goal is to enable effective business architectures, that support a new generation of interoperable business solutions, quickly, and at low cost using new technologies and provisioning methods, but with integration to existing IT environments.

Acting on behalf of its core franchise base of CIOs, and in association with the US and European CIO associations, Open Platform 3.0 will act as a rallying point for all involved in the development of technology solutions that new innovative business models and practices require.

There is a distinctive sea change in the way that organizations are adopting and using a range of new technologies, mostly relating to a front office revolution in how business is performed with their customers, suppliers and even within their markets. More than ever The Open Group mission of Boundaryless Information Flow™ through the mutual development of technology standards and methods is relevant to this change.

The competitive benefits are driving rapid Business adoption but mostly through a series of business management owned and driven pilots, usually with no long term thought as to scale, compliance, security, even data integrity. Rightly the CIO is concerned as to these issues, but too often in the absence of experience in this new environment and the ability to offer constructive approaches these concerns are viewed as unacceptable barriers.

This situation is further enflamed by the sheer variety of products and different groups, both technological and business, to try to develop workable standards for particular elements. Currently there is little, if any, overall coordination and alignment between all of these individually valuable elements towards a true ‘system’ approach with understandable methods to deliver the comprehensive enterprise approach in a manner that will truly serve the full business purposes.

The business imperatives supported by the teaching of Business Schools are focused on time as a key issue and advocate small fast projects built on externally provisioned, paid for against use, cloud services.  These are elements of the sea change that have to be accepted, and indeed will grow as society overall expects to do business and obtain their own requirements in the same way.

Much of these changes are outside the knowledge, experience of often power of current IT departments, yet they rightly understand that to continue in their essential role of maintaining the core internal operations and commercial stability this change must introduce a new generation of deployment, integration, and management methods. The risk is to continue the polarization that has already started to develop between the internal IT operations based on Client-Server Enterprise Applications versus the external operations of sales and marketing using Browser-Cloud based Apps and Services.

At best this will result in an increasingly decentralized and difficult to manage business, at worst Audit and Compliance management will report this business as being in breach of financial and commercial rules. This is being recognized by organizations introducing a new type of role supported by Business Schools and Universities termed a Business Architect. Their role in the application of new technology is to determine how to orchestrate complex business processes through Big Data and Big Process from the ‘Services’ available to users. This is in many ways a direct equivalent, though with different skills, to an Enterprise Architect in conventional IT who will focus on the data integrity from designing Applications and their integration.

The Open Group’s massive experience in the development of TOGAF®, together with its wide spread global acceptability, lead to a deep understanding of the problem, the issues, and how to develop a solution both for Business Architecture, as well as for its integration with Enterprise Architecture.

The Open Group believes that it is uniquely positioned to play this role due to its extensive experience in the development of standards on behalf of user enterprises to enable Boundaryless Information Flow including its globally recognized Enterprise Architecture standard TOGAF. Moreover it believes from feedback received from many directions this move will be welcomed by many of those involved in the various aspects of this exciting period of change.

mulhollandAndy joined Capgemini in 1996, bringing with him thirteen years of experience from previous senior IT roles across all major industry sectors.

In his former role as Global Chief Technology Officer, Andy was a member of the Capgemini Group management board and advised on all aspects of technology-driven market changes, as well as serving on the technology advisory boards of several organizations and enterprises.

A popular speaker with many appearances at major events all around the World, and frequently quoted by the press, in 2009 Andy was voted one of the top 25 most influential CTOs in the world by InfoWorld USA, and in 2010 his CTOblog was voted best Blog for Business Managers and CIOs for the third third year running by Computing Weekly UK. Andy retired in June 2012, but still maintains an active association with the Capgemini Group and his activities across the Industry lead to his achieving 29th place in 2012 in the prestigious USA ExecRank ratings category ‘Top CTOs’.

Comments Off

Filed under Open Platform 3.0, TOGAF

Do Androids Dream of Electric Sheep?

By Stuart Boardman, KPN

What does the apocalyptic vision of Blade Runner have to do with The Open Group’s Open Platform 3.0™ Forum?

Throughout history, from the ancient Greeks and the Talmud, through The Future Eve and Metropolis to I Robot and Terminator, we seem to have been both fascinated and appalled by the prospect of an autonomous “being” with its own consciousness and aspirations.

Hal-2001

But right now it’s not the machines that bother me. It’s how we try to do what we try to do with them. What we try to do is to address problems of increasingly critical economic, social and environmental importance. It bothers me because, like it or not, these problems can only be addressed by a partnership of man and (intelligent) machine and yet we seem to want to take the intelligence out of both partners.

Two recent posts that came my way via Twitter this week provoked me to write this blog. One is a GE Report that looks very thoroughly, if somewhat uncritically at what it calls the Industrial Internet. The other, by Forrester analyst Sarah Rotman Epps, appeared in Forbes under the title There Is No Internet of Things and laments the lack of interconnectedness in most “Smart” technologies.hammer

What disturbs me about both of those pieces is the suggestion that if we sort out some interoperability and throw masses of computing power and smart algorithms at a problem, everything will be dandy.

Actually it could just make things worse. Technically everything will work but the results will be a matter of chance. The problem lies in the validity of the models we use. And our ability to effectively model complex problems is at best unproven. If the model is faulty and the calculation perfect, the results will be wrong. In fact, when the systems we try to model are complex or chaotic, no deterministic model can deliver correct results other than by accident. But we like deterministic models, because they make us feel like we’re in control. I discussed this problem and its effects in more detail in my article on Ashby’s Law Of Requisite Variety. There’s also an important article by Joyce Hostyn, which explains how a simplistic view of objectivity leads to (at best) biased results. “Data does not lie. It just does not (always) mean what you think it does” (Claudia Perlich, Chief Scientist at Dstillery via CMSWire).

Now that doesn’t detract from the fact that developing a robot vacuum cleaner that actually “learns” the layout of a room is pretty impressive. That doesn’t mean that the robot is aware that it is a vacuum cleaner and that it has a (single) purpose in life. And just as well. It might get upset about us continually moving the furniture and decide to get revenge by crashing into our best antique glass cabinet.

With the Internet of Things (IoT) and Big Data in particular, we’re deploying machines to carry out analyses and take decisions that can be critical for the success of some human endeavor. If the models are wrong or only sometimes right, the consequences can be disastrous for health, the environment or the economy. In my Ashby piece I showed how unexpected events can result in an otherwise good model leading to fundamentally wrong reactions. In a world where IoT and Big Data combine with Mobility (multiple device types, locations and networks) and Cloud, the level of complexity is obviously high and there’s scope for a large number of unexpected events.
IoT Society

If we are to manage the volume of information coming our way and the speed with which it comes or with which we must react we need to harness the power of machine intelligence. In an intelligent manner. Which brings me to Cognitive Computing Systems.

On the IBM Research Cognitive Computing page I found this statement: “Far from replacing our thinking, cognitive systems will extend our cognition and free us to think more creatively.”  Cognitive Computing means allowing the computer to say “listen guys, I’m not really sure about this but here are the options”. Or even “I’ve actually never seen one of these before, so maybe you’d like to see what you can make of it”. And if the computer is really really not sure, maybe we’d better ride the storm for a while and figure out what this new thing is. Cognitive Computing means that we can, in a manner of speaking, discuss this with the computer.

It’s hard to say how far we are from commercially viable implementations of this technology. Watson has a few children but the family is still at the stage of applied research. But necessity is the mother of invention and, if the technologies we’re talking about in Platform 3.0 really do start collectively to take on the roles we have envisaged for them, that could just provide the necessary incentive to develop economically feasible solutions.

spacemenIn the meantime, we need to put ourselves more in the centre of things, to make the optimal use of the technologies we do have available to us but not shirk our responsibilities as intelligent human beings to use that intelligence and not seek easy answers to wicked problems.

 

 

I’ll leave you with 3 minutes and 12 seconds of genius:
marshalldavisjones
Marshall Davis Jones: “Touchscreen”


Stuart BoardmanStuart Boardman is a Senior Business Consultant with KPN where he co-leads the Enterprise Architecture practice as well as the Cloud Computing solutions group. He is co-lead of The Open Group Cloud Computing Work Group’s Security for the Cloud and SOA project and a founding member of both The Open Group Cloud Computing Work Group and The Open Group SOA Work Group. Stuart is the author of publications by the Information Security Platform (PvIB) in The Netherlands and of his previous employer, CGI. He is a frequent speaker at conferences on the topics of Cloud, SOA, and Identity.

Comments Off

Filed under Cloud, Cloud/SOA, Open Platform 3.0, Platform 3.0

Evolving Business and Technology Toward an Open Platform 3.0™

By Dave Lounsbury, Chief Technical Officer, The Open Group

The role of IT within the business is one that constantly evolves and changes. If you’ve been in the technology industry long enough, you’ve likely had the privilege of seeing IT grow to become integral to how businesses and organizations function.

In his recent keynote “Just Exactly What Is Going On in Business and Technology?” at The Open Group London Conference in October, Andy Mulholland, former Global Chief Technology Officer at Capgemini, discussed how the role of IT has changed from being traditionally internally focused (inside the firewall, proprietary, a few massive applications, controlled by IT) to one that is increasingly externally focused (outside the firewall, open systems, lots of small applications, increasingly controlled by users). This is due to the rise of a number of disruptive forces currently affecting the industry such as BYOD, Cloud, social media tools, Big Data, the Internet of Things, cognitive computing. As Mulholland pointed out, IT today is about how people are using technology in the front office. They are bringing their own devices, they are using apps to get outside of the firewall, they are moving further and further away from traditional “back office” IT.

Due to the rise of the Internet, the client/server model of the 1980s and 1990s that kept everything within the enterprise is no more. That model has been subsumed by a model in which development is fast and iterative and information is constantly being pushed and pulled primarily from outside organizations. The current model is also increasingly mobile, allowing users to get the information they need anytime and anywhere from any device.

At the same time, there is a push from business and management for increasingly rapid turnaround times and smaller scale projects that are, more often than not, being sourced via Cloud services. The focus of these projects is on innovating business models and acting in areas where the competition does not act. These forces are causing polarization within IT departments between internal IT operations based on legacy systems and new external operations serving buyers in business functions that are sourcing their own services through Cloud-based apps.

Just as UNIX® provided a standard platform for applications on single computers and the combination of servers, PCs and the Internet provided a second platform for web apps and services, we now need a new platform to support the apps and services that use cloud, social, mobile, big data and the Internet of Things. Rather than merely aligning with business goals or enabling business, the next platform will be embedded within the business as an integral element bringing together users, activity and data. To work properly, this must be a standard platform so that these things can work together effectively and at low cost, providing vendors a worthwhile market for their products.

Industry pundits have already begun to talk about this layer of technology. Gartner calls it the “Nexus of Forces.” IDC calls it the “third platform.” At the The Open Group, we refer to it as Open Platform 3.0™, and we announced a new Forum to address how organizations can address and support these technologies earlier this year. Open Platform 3.0 is meant to enable organizations (including standards bodies, users and vendors) coordinate their approaches to the new business models and IT practices driving the new platform to support a new generation of interoperable business solutions.

As is always the case with technologies, a point is reached where technical innovation must transition to business benefit. Open Platform 3.0 is, in essence, the next evolution of computing. To help the industry sort through these changes and create vendor-neutral standards that foster the cohesive adoption of new technologies, The Open Group must also evolve its focus and standards to respond to where the industry is headed.

The work of the Open Platform 3.0 Forum has already begun. Initial actions for the Forum have been identified and were shared during the London conference.  Our recent survey on Convergent Technologies confirmed the need to address these issues. Of those surveyed, 95 percent of respondents felt that converged technologies were an opportunity for business, and 84 percent of solution providers are already dealing with two or more of these technologies in combination. Respondents also saw vendor lock-in as a potential hindrance to using these technologies underscoring the need for an industry standard that will address interoperability. In addition to the survey, the Forum has also produced an initial Business Scenario to begin to address these industry needs and formulate requirements for this new platform.

If you have any questions about Open Platform 3.0 or if you would like to join the new Forum, please contact Chris Harding (c.harding@opengroup.org) for queries regarding the Forum or Chris Parnell (c.parnell@opengroup.org) for queries regarding membership.

 

Dave LounsburyDave is Chief Technical Officer (CTO) and Vice President, Services for The Open Group. As CTO, he ensures that The Open Group’s people and IT resources are effectively used to implement the organization’s strategy and mission.  As VP of Services, Dave leads the delivery of The Open Group’s proven collaboration processes for collaboration and certification both within the organization and in support of third-party consortia. Dave holds a degree in Electrical Engineering from Worcester Polytechnic Institute, and is holder of three U.S. patents.

 

 

1 Comment

Filed under Cloud, Data management, Future Technologies, Open Platform 3.0, Standards, Uncategorized, UNIX

Three Things We Learned at The Open Group, London

By Manuel Ponchaux, Senior Consultant, Corso

The Corso team recently visited London for The Open Group’s “Business Transformation in Finance, Government & Healthcare” conference (#ogLON). The event was predominantly for learning how experts address organisational change when aligning business needs with information technology – something very relevant in today’s climate. Nonetheless, there were a few other things we learnt as well…

1. Lean Enterprise Architecture

We were told that Standard Frameworks are too complex and multidimensional – people were interested in how we use them to provide simple working guidelines to the architecture team.

There were a few themes that frequently popped up, one of them being the measurement of Enterprise Architecture (EA) complexity. There seemed to be a lot of talk about Lean Enterprise Architecture as a solution to complexity issues.

2. Risk Management was popular

Clearly the events of the past few years e.g. financial crisis, banking regulations and other business transformations mean that managing risk is increasingly more important. So, it was no surprise that the Risk Management and EA sessions were very popular and probably attracted the biggest crowd. The Corso session showcasing our IBM/CIO case study was successful with 40+ attending!

3. Business challenges

People visited our stand and told us they were having trouble generating up to date heat maps. There was also a large number of attendee’s interested in Software as a Service as an alternative to traditional on-premise licensing.

So what did we learn from #ogLON?

Attendees are attracted to the ease of use of Corso’s ArchiMate plugin. http://www.corso3.com/products/archimate/

Together with the configurable nature of System Architect, ArchiMate® is a simple framework to use and makes a good starting point for supporting Lean Architecture.

Roadmapping and performing impact analysis reduces the influence of risk when executing any business transformation initiative.

We also learnt that customers in the industry are starting to embrace the concept of SaaS offerings as it provides them with a solution that can get them up and running quickly and easily – something we’re keen to pursue – which is why we’re now offering IBM Rational tools on the Corso cloud. Visit our website at http://www.corsocloud.com

http://info.corso3.com/blog/bid/323481/3-interesting-things-we-learned-at-The-Open-Group-London

Manuel Poncheau Manuel Ponchaux, Senior Consultant, Corso

1 Comment

Filed under ArchiMate®, Enterprise Architecture, Standards, Uncategorized

Introducing Two New Security Standards for Risk Analysis—Part II – Risk Analysis Standard

By Jim Hietala, VP Security, The Open Group

Last week we took a look at one of the new risk standards recently introduced by The Open Group® Security Forum at the The Open Group London Conference 2013, the Risk Taxonomy Technical Standard 2.0 (O-RT). Today’s blog looks at its sister standard, the Risk Analysis (O-RA) Standard, which provides risk professionals the tools they need to perform thorough risk analyses within their organizations for better decision-making about risk.

Risk Analysis (O-RA) Standard

The new Risk Analysis Standard provides a comprehensive guide for performing effective analysis scenarios within organizations using the Factor Analysis of Information Risk (FAIR™) framework. O-RA is geared toward managing the frequency and magnitude of loss that can arise from a threat, whether human, animal or a natural event–in other words “how often bad things happened and how bad they are when they occur.” Used together, the O-RT and O-RA Standards provide organizations with a way to perform consistent risk modeling, that can not only help thoroughly explain risk factors to stakeholders but allow information security professionals to strengthen existing or create better analysis methods. O-RA may also be used in conjunction with other risk frameworks to perform risk analysis.

The O-RA standard is also meant to provide something more than a mere assessment of risk. Many professionals within the security industry often fail to distinguish between “assessing” risk vs. “analysis” of risk. This standard goes beyond assessment by supporting effective analyses so that risk statements are less vulnerable to problems and are more meaningful and defensible than assessments that provide only the broad risk-ratings (“this is a 4 on a scale of 1-to-5”) normally used in assessments.

O-RA also lays out standard process for approaching risk analysis that can help organizations streamline the way they approach risk measurement. By focusing in on these four core process elements, organizations are able to perform more effective analyses:

  • Clearly identifying and characterizing the assets, threats, controls and impact/loss elements at play within the scenario being assessed
  • Understanding the organizational context for analysis (i.e. what’s at stake from an organizational perspective)
  • Measuring/estimating various risk factors
  • Calculating risk using a model that represents a logical, rational, and useful view of what risk is and how it works.

Because measurement and calculation are essential elements of properly analyzing risk variables, an entire chapter of the standard is dedicated to how to measure and calibrate risk. This chapter lays out a number of useful approaches for establishing risk variables, including establishing baseline risk estimates and ranges; creating distribution ranges and most likely values; using Monte Carlo simulations; accounting for uncertainty; determining accuracy vs. precision and subjective vs. objective criteria; deriving vulnerability; using ordinal scales; and determining diminishing returns.

Finally, a practical, real-world example is provided to take readers through an actual risk analysis scenario. Using the FAIR model, the example outlines the process for dealing with an threat in which an HR executive at a large bank has left the user name and password that allow him access to all the company’s HR systems on a Post-It note tacked onto his computer in his office in clear view of anyone (other employees, cleaning crews, etc.) who comes into the office.

The scenario outlines four stages in assessing this risk:

  1. .    Stage 1: Identify Scenario Components (Scope the Analysis)
  2. .    Stage 2: Evaluate Loss Event Frequency (LEF)
  3. .    Stage 3: Evaluate Loss Magnitude (LM)
  4. .    Stage 4: Derive and Articulate Risk

Each step of the risk analysis process is thoroughly outlined for the scenario to provide Risk Analysts an example of how to perform an analysis process using the FAIR framework. Considerable guidance is provided for stages 2 and 3, in particular, as those are the most critical elements in determining organizational risk.

Ultimately, the O-RA is a guide to help organizations make better decisions about which risks are the most critical for the organization to prioritize and pay attention to versus those that are less important and may not warrant attention. It is critical for Risk Analysts and organizations to become more consistent in this practice because lack of consistency in determining risk among information security professionals has been a major obstacle in allowing security professionals a more legitimate “seat at the table” in the boardroom with other business functions (finance, HR, etc.) within organizations.

For our profession to evolve and grow, consistency and accurate measurement is key. Issues and solutions must be identified consistently and comparisons and measurement must be based on solid foundations, as illustrated below.

Risk2

Chained Dependencies

O-RA can help organizations arrive at better decisions through consistent analysis techniques as well as provide more legitimacy within the profession.  Without a foundation from which to manage information risk, Risk Analysts and information security professionals may rely too heavily on intuition, bias, commercial or personal agendas for their analyses and decision making. By outlining a thorough foundation for Risk Analysis, O-RA provides not only a common foundation for performing risk analyses but the opportunity to make better decisions and advance the security profession.

For more on the O-RA Standard or to download it, please visit: https://www2.opengroup.org/ogsys/catalog/C13G.

Jim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT security and risk management programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

Comments Off

Filed under Conference, Open FAIR Certification, RISK Management, Security Architecture

Introducing Two New Security Standards for Risk Analysis—Part I – Risk Taxonomy Technical Standard 2.0

By Jim Hietala, VP Security, The Open Group

At the The Open Group London 2013 Conference, The Open Group® announced three new initiatives related to the Security Forum’s work around Risk Management. The first of these was the establishment of a new certification program for Risk Analysts working within the security profession, the Open FAIR Certification Program.  Aimed at providing a professional certification for Risk Analysts, the program will bring a much-needed level of assuredness to companies looking to hire Risk Analysts, certifying that analysts who have completed the Open FAIR program understand the fundamentals of risk analysis and are qualified to perform that analysis.

Forming the basis of the Open FAIR certification program are two new Open Group standards, version 2.0 of the Risk Taxonomy (O-RT) standard originally introduced by the Security Forum in 2009, and a new Risk Analysis (O-RA) Standard, both of which were also announced at the London conference. These standards are the result of ongoing work around risk analysis that the Security Forum has been conducting for a number of years now in order to help organizations better understand and identify their exposure to risk, particularly when it comes to information security risk.

The Risk Taxonomy and Risk Analysis standards not only form the basis and body of knowledge for the Open FAIR certification, but provide practical advice for security practitioners who need to evaluate and counter the potential threats their organization may face.

Today’s blog will look at the first standard, the Risk Taxonomy Technical Standard, version 2.0. Next week, we’ll look at the other standard for Risk Analysis.

Risk Taxonomy (O-RT) Technical Standard 2.0

Originally, published in January 2009, the O-RT is intended to provide a common language and references for security and business professionals who need to understand or analyze risk conditions, providing a common language for them to use when discussing those risks. Version 2.0 of the standard contains a number of updates based both on feedback provided by professionals that have been using the standard and as a result of research conducted by Security Forum member CXOWARE.

The majority of the changes to Version 2.0 are refinements in terminology, including changes in language that better reflect what each term encompasses. For example, the term “Control Strength” in the original standard has now been changed to “Resistance Strength” to reflect that controls used in that part of the taxonomy must be resistive in nature.

More substantive changes were made to the portion of the taxonomy that discusses how Loss Magnitude is evaluated.

Why create a taxonomy for risk?  For two reasons. First, the taxonomy provides a foundation from which risk analysis can be performed and talked about. Second, a tightly defined taxonomy reduces the inability to effectively measure or estimate risk scenarios, leading to better decision making, as illustrated by the following “risk management stack.”

Effective Management


↑

Well-informed Decisions

Effective Comparisons


↑

Meaningful Measurements

Accurate Risk Model

The complete Risk Taxonomy is comprised of two branches: Loss Event Frequency (LEF) and Loss Magnitude (LM), illustrated here:

Risk1

Focusing solely on pure risk (which only results in loss) rather than speculative risk (which might result in either loss or profit), the O-RT is meant to help estimate the probable frequency and magnitude of future loss.

Traditionally LM has been far more difficult to determine than LEF, in part because organizations don’t always perform analyses on their losses or they just stick to evaluating “low hanging fruit” variables rather than delve into determining more complex risk factors. The new taxonomy takes a deep dive into the Loss Magnitude branch of the risk analysis taxonomy providing guidance that will allow Risk Analysts to better tackle the difficult task of determining LM. It includes terminology outlining six specific forms of loss an organization can experience (productivity, response, replacement, fines and judgments, competitive advantage, reputation) as well as how to determine Loss Flow, a new concept in this standard.

The Loss Flow analysis helps identify how a loss may affect both primary (owners, employees, etc.) and secondary (customers, stockholders, regulators, etc.) stakeholders as a result of a threat agent’s action on an asset. The new standard provides a thorough overview on how to assess Loss Flow and identify the loss factors of any given threat.

Finally, the standard also includes a practical, real-world scenario to help analysts understand how to put the taxonomy to use in within their organizations. O-RT provides a common linguistic foundation that will allow security professionals to then perform the risk analyses as outlined in the O-RA Standard.

For more on the Risk Taxonomy Standard or to download it, visit: https://www2.opengroup.org/ogsys/catalog/C13K.

Jim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT security and risk management programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

Comments Off

Filed under Conference, Open FAIR Certification, RISK Management, Security Architecture

Jericho Forum declares “success” and sunsets

By Ian Dobson & Jim Hietala, The Open Group
Ten years ago, the Jericho Forum set out on a mission to evangelise the issues, problems, solutions and provide thought-leadership around the emerging business and security issues of de-perimeterisation, with the aim of one day being able to declare “job-done”.

That day has now arrived.  Today, de-perimeterisation is an established “fact” – touching not just information security but all areas of modern business, including the bring your own IT phenomenon (devices, IDs, services) as well as all forms of cloud computing. It’s widely understood and quoted by the entire industry.  It has become part of today’s computing and security lexicon.

With our de-perimeterisation mission accomplished, the Jericho Forum has decided the time has come to “declare success”, celebrate it as a landmark victory in the evolution of information security, and sunset as a separate Forum in The Open Group.

Our “declare success and sunset” victory celebration on Monday 21st Oct 2013 at the Central Hall Westminster, London UK, was our valedictory announcement that the Jericho Forum will formally sunset on 1st Nov 2013.  The event included many past leading Jericho Forum members attending as guests, with awards of commemorative plaques to those whose distinctive leadership steered the information security mind-set change success that the Jericho Forum has now achieved.

For those who missed the live-streamed event, you can watch it on the livestream recording at http://new.livestream.com/opengroup/Lon13

We are fortunate to be able to pass our Jericho Forum legacy of de-perimeterisation achievements and publications to the good care of The Open Group’s Security Forum, which has undertaken to maintain the Jericho Forum’s deliverables, protect it’s legacy from mis-representation, and perhaps adopt and evolve Jericho’s thought-leadership approach on future information security challenges.

Ian Dobson, Director Jericho Forum
Jim Hietala, VP Security
The Open Group
21st October 2013


Ian Dobson is the director of the Security Forum and the Jericho Forum for The Open Group, coordinating and facilitating the members to achieve their goals in our challenging information security world. In the Security Forum, his focus is on supporting development of open standards and guides on security architectures and management of risk and security, while in the Jericho Forum he works with members to anticipate the requirements for the security solutions we will need in future.

Jim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT security and risk management programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

Comments Off

Filed under Conference, Security Architecture

Secure Integration of Convergent Technologies – a Challenge for Open Platform™

By Dr. Chris Harding, The Open Group

The results of The Open Group Convergent Technologies survey point to secure integration of the technologies as a major challenge for Open Platform 3.0.  This and other input is the basis for the definition of the platform, where the discussion took place at The Open Group conference in London.

Survey Highlights

Here are some of the highlights from The Open Group Convergent Technologies survey.

  • 95% of respondents felt that the convergence of technologies such as social media, mobility, cloud, big data, and the Internet of things represents an opportunity for business
  • Mobility currently has greatest take-up of these technologies, and the Internet of things has least.
  • 84% of those from companies creating solutions want to deal with two or more of the technologies in combination.
  • Developing the understanding of the technologies by potential customers is the first problem that solution creators must overcome. This is followed by integrating with products, services and solutions from other suppliers, and using more than one technology in combination.
  • Respondents saw security, vendor lock-in, integration and regulatory compliance as the main problems for users of software that enables use of these convergent technologies for business purposes.
  • When users are considered separately from other respondents, security and vendor lock-in show particularly strongly as issues.

The full survey report is available at: https://www2.opengroup.org/ogsys/catalog/R130

Open Platform 3.0

Analysts forecast that convergence of technical phenomena including mobility, cloud, social media, and big data will drive the growth in use of information technology through 2020. Open Platform 3.0 is an initiative that will advance The Open Group vision of Boundaryless Information Flow™ by helping enterprises to use them.

The survey confirms the value of an open platform to protect users of these technologies from vendor lock-in. It also shows that security is a key concern that must be addressed, that the platform must make the technologies easy to use, and that it must enable them to be used in combination.

Understanding the Requirements

The Open Group is conducting other work to develop an understanding of the requirements of Open Platform 3.0. This includes:

  • The Open Platform 3.0 Business Scenario, that was recently published, and is available from https://www2.opengroup.org/ogsys/catalog/R130
  • A set of business use cases, currently in development
  • A high-level round-table meeting to gain the perspective of CIOs, who will be key stakeholders.

The requirements input have been part of the discussion at The Open Group Conference, which took place in London this week. Monday’s keynote presentation by Andy Mulholland, Former Global CTO at Capgemini on “Just Exactly What Is Going on in Business and Technology?” included the conclusions from the round-table meeting. This week’s presentation and panel discussion on the requirements for Open Platform 3.0 covered all the inputs.

Delivering the Platform

Review of the inputs in the conference was followed by a members meeting of the Open Platform 3.0 Forum, to start developing the architecture of Open Platform 3.0, and to plan the delivery of the platform definition. The aim is to have a snapshot of the definition early in 2014, and to deliver the first version of the standard a year later.

Meeting the Challenge

Open Platform 3.0 will be crucial to establishing openness and interoperability in the new generation of information technologies. This is of first importance for everyone in the IT industry.

Following the conference, there will be an opportunity for everyone to input material and ideas for the definition of the platform. If you want to be part of the community that shapes the definition, to work on it with like-minded people in other companies, and to gain early insight of what it will be, then your company must join the Open Platform 3.0 Forum. (For more information on this, contact Chris Parnell – c.parnell@opengroup.org)

Providing for secure integration of the convergent technologies, and meeting the other requirements for Open Platform 3.0, will be a difficult but exciting challenge. I’m looking forward to continue to tackle the challenge with the Forum members.

Dr. Chris Harding

Dr. Chris Harding is Director for Interoperability and SOA at The Open Group. He has been with The Open Group for more than ten years, and is currently responsible for managing and supporting its work on interoperability, including SOA and interoperability aspects of Cloud Computing, and the Open Platform 3.0 Forum. He is a member of the BCS, the IEEE and the AEA, and is a certified TOGAF® practitioner.

1 Comment

Filed under Cloud/SOA, Conference, Data management, Future Technologies, Open Platform 3.0, Semantic Interoperability, Service Oriented Architecture, Standards

The Open Group London – Day Two Highlights

By Loren K. Baynes, Director, Global Marketing Communications

We eagerly jumped into the second day of our Business Transformation conference in London on Tuesday October 22nd!  The setting is the magnificent Central Hall Westminster.

Steve Nunn, COO of The Open Group and CEO of Association of Enterprise Architects (AEA), started off the morning introducing our plenary based on Healthcare Transformation.  Steve noted that the numbers in healthcare spend are huge and bringing Enterprise Architecture (EA) to healthcare will help with efficiencies.

The well-renowned Dr. Peter Sudbury, Healthcare Specialist with HP Enterprise Services, discussed the healthcare crisis (dollars, demand, demographics), the new healthcare paradigm, barriers to change and innovation. Dr. Sudbury also commented on the real drivers of healthcare costs: healthcare inflation is higher intrinsically; innovation increases cost; productivity improvements lag other industries.

IMG_sudburyDr. Peter Sudbury

Dr. Sudbury, Larry Schmidt (Chief Technologist, HP) and Roar Engen (Head of Enterprise Architecture, Helse Sør-Øst RHF, Norway) participated in the Healthcare Transformation Panel, moderated by Steve Nunn.  The group discussed opportunities for improvement by applying EA in healthcare.  They mentioned that physicians, hospitals, drug manufacturers, nutritionists, etc. should all be working together and using Boundaryless Information Flow™ to ensure data is smoothly shared across all entities.  It was also stated that TOGAF® is beneficial for efficiencies.

Following the panel, Dr. Mario Tokoro (Founder & Executive Advisor of Sony Computer Science Laboratories, Inc. Japanese Science & Technology Agency, DEOS Project Leader) reviewed the Dependability through Assuredness™ standard, a standard of The Open Group.

The conference also offered many sessions in Finance/Commerce, Government and Tutorials/Workshops.

Margaret Ford, Consult Hyperion, UK and Henk Jonkers of BIZZdesign, Netherlands discussed “From Enterprise Architecture to Cyber Security Risk Assessment”.  The key takeaways were: complex cyber security risks require systematic, model-based risk assessment; attack navigators can provide this by linking ArchiMate® to the Risk Taxonomy.

“Applying Service-Oriented Architecture within a Business Technology Environment in the Finance Sector” was presented by Gerard Peters, Managing Consultant, Capgemini, The Netherlands. This case study is part of a white paper on Service-Oriented Architecture for Business Technology (SOA4BT).

You can view all of the plenary and many of the track presentations at livestream.com.  And for those who attended, full conference proceedings will be available.

The night culminated with a spectacular experience on the London Eye, the largest Ferris wheel in Europe located on the River Thames.

Comments Off

Filed under ArchiMate®, Cloud/SOA, Enterprise Architecture, Enterprise Transformation, Healthcare, Professional Development, Service Oriented Architecture, TOGAF®

The Open Group London 2013 – Day One Highlights

By Loren K. Baynes, Director, Global Marketing Communications

On Monday October 21st, The Open Group kicked off the first day of our Business Transformation conference in London!  Over 275 guests attended many engaging presentations by subject matter experts in finance, healthcare and government.  Attendees from around the globe represented 28 countries including those from as far away as Columbia, Philippines, Australia, Japan and South Africa.

Allen Brown, President and CEO of The Open Group, welcomed the prestigious group.  Allen announced that The Open Group has 67 new member organizations so far this year!

The plenary launched with “Just Exactly What is Going On in Business and Technology?” by Andy Mulholland, Former Global CTO of Capgemini, who was named one of the top 25 influential CTOs by InfoWorld.  Andy’s key topics regarding digital disruption included real drivers of change, some big and fundamental implications, business model innovation, TOGAF® and the Open Platform 3.0™ initiative.

Next up was Judith Jones, CEO, Architecting the Enterprise Ltd., with a presentation entitled “One World EA Framework for Governments – The Way Forward”.  Judith shared findings from the World Economic Forum, posing the question “what keeps 1000 global leaders awake at night”? Many stats were presented with over 50 global risks – economical, societal, environmental, geopolitical and technological.

Jim Hietala, VP, Security of The Open Group announced the launch of the Open FAIR Certification for People Program.  The new program brings a much-needed certification to the market which focuses on risk analysis. Key partners include CXOWARE, Architecting the Enterprise, SNA Technologies and The Unit bv.

Richard Shreeve, Consultancy Director, IPL and Angela Parratt, Head of Transformation and joint CIO, Bath and North East Somerset Council presented “Using EA to Inform Business Transformation”.  Their case study addressed the challenges of modeling complexity in diverse organizations and the EA-led approach to driving out cost and complexity while maintaining the quality of service delivery.

Allen Brown announced that the Jericho Forum® leaders together with The Open Group management have concluded that the Jericho Forum has achieved its original mission – to establish “de-perimeterization” that touches all areas of modern business.  In declaring this mission achieved, we are now in the happy position to celebrate a decade of success and move to ensuring that the legacy of the Jericho Forum is both maintained within The Open Group and continues to be built upon.  (See photo below.)

Following the plenary, the sessions were divided into tracks – Finance/Commerce, Healthcare and Tutorials/Workshops.

During the Healthcare track, one of the presenters, Larry Schmidt, Chief Technologist with HP, discussed “Challenges and Opportunities for Big Data in Healthcare”. Larry elaborated on the 4 Vs of Big Data – value, velocity, variety and voracity.

Among the many presenters in the Finance/Commerce track, Omkhar Arasaratnam, Chief Security Architect, TD Bank Group, Canada, featured “Enterprise Architecture – We Do That?: How (not) to do Enterprise Architecture at a Bank”.  Omkhar provided insight as to how he took traditional, top down, center-based architectural methodologies and applied it to a highly federated environment.

Tutorials/workshops consisted of EA Practice and Architecture Methods and Techniques.

You can view all of the plenary and many of the track presentations at livestream.com.  For those who attended, please stay tuned for the full conference proceedings.

The evening concluded with a networking reception at the beautiful and historic and Central Hall Westminster.  What an interesting, insightful, collaborative day it was!

IMG_1311

Comments Off

Filed under Business Architecture, Certifications, Cloud, Cloud/SOA, Conference, Cybersecurity, Information security, Open Platform 3.0, Professional Development, RISK Management, Security Architecture, Standards, TOGAF®

Open FAIR Certification Launched

By Jim Hietala, The Open Group, VP of Security

The Open Group today announced the new Open FAIR Certification Program aimed at Risk Analysts, bringing a much-needed professional certification to the market that is focused on the practice of risk analysis. Both the Risk Taxonomy and Risk Analysis standards, standards of The Open Group, constitute the body of knowledge for the certification program, and they advance the risk analysis profession by defining a standard taxonomy for risk, and by describing the process aspects of a rigorous risk analysis.

We believe that this new risk analyst certification program will bring significant value to risk analysts, and to organizations seeking to hire qualified risk analysts. Adoption of these two risk standards from The Open Group will help produce more effective and useful risk analysis. This program clearly represents the growing need in our industry for professionals who understand risk analysis fundamentals.  Furthermore, the mature processes and due diligence The Open Group applies to our standards and certification programs will help make organizations comfortable with the ground breaking concepts and methods underlying FAIR. This will also help professionals looking to differentiate themselves by demonstrating the ability to take a “business perspective” on risk.

In order to become certified, Risk Analysts must pass an Open FAIR certification exam. All certification exams are administered through Prometric, Inc. Exam candidates can start the registration process by visiting Prometric’s Open Group Test Sponsor Site www.prometric.com/opengroup.  With 4,000 testing centers in its IT channel, Prometric brings Open FAIR Certification to security professionals worldwide. For more details on the exam requirements visit http://www.opengroup.org/certifications/exams.

Training courses will be delivered through an Open Group accredited channel. The accreditation of Open FAIR training courses will be available from November 1st 2013.

Our thanks to all of the members of the risk certification working group who worked tirelessly over the past 15 months to bring this certification program, along with a new risk analysis standard and a revised risk taxonomy standard to the market. Our thanks also to the sponsors of the program, whose support is important to building this program. The Open FAIR program sponsors are Architecting the Enterprise, CXOWARE, SNA, and The Unit.

Lastly, if you are involved in risk analysis, we encourage you to consider becoming Open FAIR certified, and to get involved in the risk analysis program at The Open Group. We have plans to develop an advanced level of Open FAIR certification, and we also see a great deal of best practices guidance that is needed by the industry.

For more information on the Open FAIR certification program visit http://www.opengroup.org/certifications/openfair

You may also wish to attend a webcast scheduled for 7th November, 4pm BST that will provide an overview of the Open FAIR certification program, as well as an overview of the two risk standards. You can register here

.62940-hietala

Jim Hietala, CISSP, GSEC, is Vice President, Security for The Open Group, where he manages all security and risk management programs and standards activities, including the Security Forum and the Jericho Forum.  He has participated in the development of several industry standards including O-ISM3, O-ESA, Risk Taxonomy Standard, and O-ACEML. He also led the development of compliance and audit guidance for the Cloud Security Alliance v2 publication.

Jim is a frequent speaker at industry conferences. He has participated in the SANS Analyst/Expert program, having written several research white papers and participated in several webcasts for SANS. He has also published numerous articles on information security, risk management, and compliance topics in publications including CSO, The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

An IT security industry veteran, he has held leadership roles at several IT security vendors.

Jim holds a B.S. in Marketing from Southern Illinois University.

Comments Off

Filed under Conference, Cybersecurity, Open FAIR Certification, Standards

New Brunswick Leverages TOGAF®

The OCIO of GNB Announces an Ambitious EA Roadmap using TOGAF® and Capability-Based Thinking

On Wednesday September 25th, the Office of the Chief Information Officer (OCIO) for the Government of New Brunswick (GNB) held an Enterprise Architecture (EA) Symposium for the vendor community at the Delta Fredericton. This event drew well over a hundred plus attendees from the vendor community across the province, the Atlantic area and parts of Canada.

During this event, Christian Couturier, GNB CIO, announced an EA roadmap across the domains of Information, Application, Technology and Security; areas of mandate for the OCIO. He presented a vision for transformation at GNB that would make its departments more efficient and effective by standardizing their practice and services around TOGAF® and capability-based thinking. Christian also shed valuable insights into how the vendor community can engage with GNB and support the OCIO for their EA vision and roadmap.

TOGAF® and capability-based thinking were prominent themes throughout the symposium and were alluded to and shown throughout the presentation by Christian and his extended EA team. The OCIO has also created a strong governance structure that positions itself as an influential stakeholder in provisioning solutions across its domains. In the near term, vendors will need to show how their solutions not only meet functional requirements but demonstrate improvement in capability performance explicitly. This will help GNB to improve the definition and management of contracts with third party vendors.

Each Architecture Domain Chief presented the roadmap for their area in breakout sessions and answered questions from vendors. These sessions offered further insight into the EA roadmap and impact on particular areas within GNB such as current efforts being made in Service Oriented Architecture.

Here is a summary of the benefits Christian Couturier strived to achieve:

  • Improve transparency and accountability of investment in information technology across government departments
  • Rationalize portfolios of technologies and applications across GNB departments
  • Improve GNB’s ability to respond to citizen needs faster and more cost effectively
  • Develop internal resource competencies for achieving self-sufficiency

QRS has been working with the OCIO and GNB departments since March 2013 to enhance their TOGAF and capability-based thinking competencies. QRS will continue to work with the OCIO and GNB and look forward to their successes as both a corporate citizen and individual residents that benefit from its services.

Originally posted on the QRS blog. See http://www.qrs3e.com/gnb_ocio_togaf/

Christian CouturierChristian Couturier is Chief Information Officer of the Government of New Brunswick (GNB) which leads, enables and oversees the Information Management and Information Communication Technology (IM&ICT) investments for the enterprise.  Christian’s leadership has been recognized by several awards including Canada’s “Top 40 Under 40.” His research team’s success continues to be celebrated through many international, national and local awards including the 2007 Canadian Information Productivity Awards (CIPA) Gold Award of Excellence for innovation in the Health Care Sector.

LinkedIn Profile <http://ca.linkedin.com/pub/christian-couturier/46/b55/713/>

1 Comment

Filed under Enterprise Architecture, Service Oriented Architecture, Standards, TOGAF®

The Open Group TweetJam on Digital-Disruption – by Tom Graves

On 2 October 2013, the Open Group ran one of its occasional ‘TweetJam’ Twitter-discussions – also known as an #ogChat. This time it was on digital disruption – disruption to existing business-models, typically (but, as we will see, not only) by changes in technology.

I think I captured almost all of the one-hour conversation – all tweets tagged with the #ogChat hashtag – but I may well have missed a few here and there. I’ve also attempted to bring the cross-chat (@soandso references) into correct sense-order, but I’ll admit I’m likely to have made more errors there. Each text-line is essentially as published on Twitter, minus the RT @ prefix and the identifying #ogChat tag.

The legal bit: Copyright of each statement is as per Twitter’s published policy: I make no claim whatsoever to any of the tweets here other than my own (i.e. tetradian). The material is re-published here under ‘fair-use’ rules for copyright, as a public service to the enterprise-architecture community.

The TweetJam was split into seven sections, each guided by a question previously summarised on the Open Group website – see Open Group, ‘Leading Business Disruption Strategy with Enterprise Architecture‘. I’ve also added a few extra comments of my own after each section.

Introductions

(The TweetJam started with a request for each person to introduce themselves, which also serves as a useful cross-reference between name and Twitter-ID. Not every who joined in the TweetJam did this, but most did so – enough to help make sense of the conversation, anyway.)

  • theopengroup: Please introduce yourself and get ready for question 1, identified by “Q1″ …and so on. You may respond with “A1″ and so on using #ogChat // And do tweet your agreement/disagreement with other participants’ views using #ogChat, we’re interested to hear from all sides #EntArch
  • enterprisearchs: Hi all, from Hugh Evans, Enterprise Architects (@enterprisearchs), CEO and Founder
  • tetradian: Tom Graves (tetradian)
  • eatraining: Craig Martin
  • TheWombatWho: Andrew Gallagher – Change Strategy / Business Architect
  • chrisjharding: Hi from Chris Harding, The Open Group Forum Director for Open Platform 3.0
  • dianedanamac: Good day! Social Media Manager, Membership & Events at @theopengroup   I’m your contact if you have questions on The Open Group.
  • InfoRacer: Chris Bradley
  • David_A_OHara: Hi all, Dave O’Hara here, enteprise/biz architect
  • TalmanAJ: Aarne Talman – IT Startegy/EA consultant at Accenture
  • zslayton: Good morning.  Zach Slayton here from Collaborative Consulting @consultcollab
  • efeatherston: Good morning. Ed Featherston, Enterprise Arch from Collaborative Consulting
  • filiphdr: Filip Hendrickx, business architect @AE_NV
  • Frustin_Jetwell: Hello, I’m late, Justin Fretwell here, technical enterprise architecture

Question 1: What is ‘disruption’?

  • theopengroup: Let’s kick things off: Q1 What is #Disruption? #EntArch
  • TheWombatWho: A1 Disruption is normality
  • enterprisearchs: A1 Disruptors offer a new #BizModel that defines a different frontier of value
  • enterprisearchs: A1 Disruptors often introduce new technologies or processes that set them apart
  • chrisjharding: A1 Could be many things. Cloud, mobile, social, and other new technologies are disrupting the relation between business and IT
  • tetradian: A1: anything that changes business-as-usual (scale from trivial to world-shaking)
  • enterprisearchs: A1 Disruptors offer equal or better performance at prices incumbents can’t match
  • TheWombatWho: A1 agree with @tetradian but add that it is normal state of things.
  • David_A_OHara: A1,  not just tech-led disruption, but consumers actively driving innovation by finding new ways to use tech in work & social lives
  • zslayton: A1:  Disruptors are anything that breaks a norm or widely-held paradigm
  • enterprisearchs: A1 #Disruption begins when the entrant catches up to incumbents
  • InfoRacer: A1 Disruption is inevitable & BAU for many organisations these day
  • chrisjharding: @TheWombatWho Yes we live in disruptive (and interesting) times.
  • enterprisearchs: A1 Thanks to disruptive forces business models now have a much shorter shelf-life
  • DadaBeatnik: A1: To disrupt doesn’t mean more of the same. Example – iPhone was a true disrupter – no more Blackberry!
  • TalmanAJ: A1: Business disruptors offer new business model(s).
  • eatraining: A1 Innovation that creates a new value network or reorganized value system
  • TheWombatWho: A1 Disruptors can be global mega trends but can be localised.  Localised can provide ‘canary down the mine’ opportunity
  • TalmanAJ: A1: IT disruptors fundamentally change the way IT supports business models or change the business model
  • tetradian: .@TheWombatWho: A1 “…but add that [disruption] is normal state of things” – problem is that many folks don’t recognise that! :-)
  • chrisjharding: @David_A_OHara and disrupting traditional organization because they want to use it hands on, not through IT department
  • efeatherston: @chrisjharding good point on the bypassing IT, thats the #mobile disruption in full force
  • DadaBeatnik: Re: “disruption” read http://t.co/y0HrM3fcKH
  • eatraining: A1 Digital allows a far more effective entrepreneur and innovator environment, putting disruptive pressures on incumbents

Note an important point that’s perhaps easily missed (as some responders in fact do): that ‘disruption’ may include technology, or may be driven by technology – but that’s not always the case at all. Consider, for example, the huge disruption – on a literally global scale – caused by financial deregulation in the US in the 1980s and beyond: changes in law, not technology.

And, yes, as several people commented above, significant disruptions are becoming more common and more intense – a trend that most of us in EA would probably accept is only accelerating. As some might suggest, “you ain’t seen nothin’ yet…”: certainly the old stable-seeming business-models and seeming-guaranteed ‘sustainable competitive-advantage’ and the like would seem to be like pleasant fantasies from a fast-fading past…

Question 2: What is ‘digital disruption’?

  • theopengroup: Q2 Some interesting views on disruption, but what then, is #DigitalDisruption?
  • efeatherston: A2: disruption that is focused/based on technology issue, changes in technology, how things are done
  • enterprisearchs: A2 Disruptive business models that leverage digital capabilities to create, distribute or market their offerings
  • enterprisearchs: A2 Commonly applies #Cloud, #Mobile, #Social and or #BigData capabilities
  • efeatherston: A2: yes, #SMAC is the latest #digitaldisruption
  • TheWombatWho: A2 key with digital is not the medium it is the shift of power & control to the end user.  Digital enables it but its power shift
  • tetradian: A2: ‘digital’ used to mean technology, also to mean e.g. social/mobile (i.e. not solely technology) or more open business generally
  • enterprisearchs: A2 Many incumbents defend #digitaldisruption by moving to customer centric #BizModel
  • chrisjharding: A2 Disruption caused by digital technology – the main source of enterprise disruption today
  • enterprisearchs: A2 #digitaldisruption is seeing a convergence of business, technology and marketing disciplines
  • eatraining: A1&A2 Disruption not always digital but is it always technological? JEEP disruption on modern warfare
  • zslayton: @TheWombatWho Agreed…excellent point.  Shift towards user is key for #SMAC especially
  • Technodad: @TalmanAJ Agree – but digital disruption also invalidates existing business models.
  • enterprisearchs: A2 #Cloud enables ubiquitous access and effortless scalability
  • enterprisearchs: A2 #Mobile offers access anywhere, anytime and opens up previously untapped socioeconomic segments
  • enterprisearchs: A2 #Social accelerates viral uptake of demand and opinion, creating brand opportunities and threats
  • chrisjharding: @efeatherston They do what works for the business
  • TheWombatWho: A2 @enterprisearchs is it really marketing?  That discipline is going through fundamental change – hardly recognisable old vs new
  • David_A_OHara: @eatraining  real disruption now social rather than purely technical but enabled by seamless integration of tech in daily life
  • zslayton: @enterprisearchs #cloud = effortless scalability…a bit of an over-simplification but I do get your point.
  • efeatherston: @chrisjharding agree completely, just changes the paradigm for IT who are struggling to adapt
  • enterprisearchs: A2 #BigData enables ultra-personalisation of customer experience and powerful market insights
  • InfoRacer: A2 Digital Disruption also means avoiding blind alleys & the “me too” chase after some trends.  Eg #BigData isn’t necessarily…
  • TheWombatWho: @enterprisearchs its where work of Marshall McLuhan is worth a revisit.
  • chrisjharding: @David_A_OHara @eatraining social disruption caused by tech-based social media
  • DadaBeatnik: Some of these answers sound like they come from one of those buzzword phrase generators!
  • InfoRacer: @DadaBeatnik Like Predictive big cloud master data governance ;-) Surely the next big thang!
  • David_A_OHara: @enterprisearchs easier to deploy mobile internet vs fixed in growing economies: demand from developing world is uncharted territory
  • eatraining: A2 Digital reduces barriers to entry and blurs category boundaries
  • efeatherston: @David_A_OHara @eatraining #socialmedia definitely having impact, how people interact with tech in personal now fully into business
  • zslayton: @David_A_OHara @enterprisearchs Business models in developing world also uncharted.  New opportunities and challenges
  • David_A_OHara: @chrisjharding @eatraining yup, we have lived through a rapid (tech-enabled) social revolution almost without realising!
  • TheWombatWho: A2 its not the ‘technology’ it’s what ‘they do with it’ that changes everything.  Old IT paradigms are yet to adapt to this
  • Technodad: @David_A_OHara Agree – Near-ubiquitous global-scale communication channels changes balance between customer and enterprise.
  • chrisjharding: @David_A_OHara @eatraining yes – and it’s not finished yet!
  • InfoRacer: @TheWombatWho Right, it’s not just the technology.  #BigData 3 Vs but without 4th V (value) then big data = little information
  • David_A_OHara: @TheWombatWho Bang on!  so there’s the real challenge for EA, right? Changing the traditional IT mindset…?
  • afigueiredo: A2 Development that transforms lives, businesses, causing impact to global economy

To me there are two quite different things going on, but which are often blurred together:

– ‘digital-disruption proper’ – disruptions within which existing and/or new digital-based technologies are explicitly the core drivers

– ‘disruption-with-digital’: ‘digital’ as a catch-all for sociotechnical changes in which digital-based technologies are, at most, an important yet never the sole enabler – in other words, where the social side of ‘sociotechnical’ is more central than the technology itself

In my experience and understanding, most of so-called ‘digital disruption’ is more correctly in the latter category, not the former. Hence, for example, my comment about the [UK] Government Digital Service: it’s actually far more about changes in the nature of government-services itself – in effect, a much more ‘customer-centric’ view of service – rather than a focus on ‘going digital’ for digital’s sake. This is not to say that the technology doesn’t matter – for example, I do understand and agree with Andrew McAfee’s complaint about critiques of his ‘Enterprise 2.0′ concept, that “it’s not not about the technology” – but again, it’s more sociotechnical, not merely technical as such, and that distinction is often extremely important.

Interestingly, most of the examples cited above as ‘digital-disruptions – the often-overhyped ‘cloud’ and ‘big-data’ and suchlike – are ultimately more sociotechnical issues than technical. By contrast, most of the themes I’d see as ‘digital-disruption proper’ – for example, the rapidly-expanding developments around ‘smart-materials’, ‘smart-cities’ and ‘the internet of things’ – don’t get a mention here at all. Odd…

 Question 3: What are good examples of disruptive business-models?

  • theopengroup: Q3 Bearing these points in mind, what are good examples of disruptive #Bizmodels? #EntArch
  • enterprisearchs: A3 @Airbnb: Disrupting the hotel industry with a #Cloud & #Social based model to open up lodging capacity for people seeking accom
  • enterprisearchs: A3 @Uber: leveraging #Cloud and #Mobile to release existing capacity in the personal transport industry http://t.co/31Xmj7LwQ6
  • enterprisearchs: A3 @99designs: Rethinking how we access good design through #Social, #Cloud and competitive #crowdsourcing
  • enterprisearchs: A3 @Groupon: re-architecting retail to provide #Social buying power, reducing cost per unit and increasing vendor volumes
  • eatraining: @zslayton Reverse innovation in developing countries producing disruption in developed nations
  • chrisjharding: A3: marketing using social media
  • TheWombatWho: @InfoRacer and combined with behavioural sciences & predictive analytics
  • efeatherston: A3: Netflix is a disruptive business model, they threw the whole cable/broadcast/rental industry on its ears
  • enterprisearchs: A3 @iTunesMusic: creating a #Cloud based platform to lock in customers and deliver #Digital content
  • eatraining: Reverse Innovation in Tech Startups: The Story of Capillary Technologies – @HarvardBiz http://t.co/Ud7UN7ZxzQ
  • TheWombatWho: @David_A_OHara not just mindset but also disciplines around portfolio & programme planning, aspects of project mgmt etc
  • enterprisearchs: A3 @facebook: Using #Social #Cloud #Mobile and #BigData to get you & 1 billion other people to generate their product: your updates
  • David_A_OHara: @enterprisearchs @Groupon Here’s retail disruption: why cant I just walk into store, scan stuff on my phone and walk out with it?
  • zslayton: @efeatherston Absolutely.  Discussed this in a recent blog posts:  http://t.co/zWzzAN4Fsn
  • Technodad: @David_A_OHara @TheWombatWho Don’t assume enterprises lead or control change. Many examples imposed externally, e.g. Music industry
  • eatraining: @efeatherston Agree – @netflix: Shifting the #ValueProposition to low-cost on demand video content from the #Cloud
  • tetradian: A3 (also A2): UK Government Digital Service (GDS) – is ‘digital’, but change of business-service/paradigm is even more important
  • mjcavaretta: Value from #BigData primarily from…  RT @TheWombatWho: @InfoRacer behavioural sciences & #predictive #analytics
  • zslayton: @Technodad @David_A_OHara @TheWombatWho Spot on.  External event triggers change.  Org treats as opportunity/threat. IT must adapt
  • InfoRacer: A3 Expedia, Travelocity etc … where are High st travel agents now?
  • enterprisearchs: A3 ING Direct: delivering a simple #ValueProposition of no-frills and trusted high returns for depositors
  • Technodad: @enterprisearchs Disagree. ITunes was the enterprise consolidation -original disruption was peer-to-peer delivery of ripped music.
  • chrisjharding: @David_A_OHara @enterprisearchs @Groupon or plan a mixed bus/train journey on my ‘phone and download tickets to it?
  • eatraining: A3 DELL – game changing cost structures
  • TheWombatWho: @tetradian Great example.  UK Gov digital is fascinating.  Take that approach & apply it to competitive commercial enviro.
  • eatraining: A3 MOOC Platforms disrupting education? Scalability disruption
  • eatraining: A3 Nespresso – getting us to pay 8 times more for a cup of coffee.
  • tetradian: A3: many non-IT-oriented technologies – nanotechnology, micro-satellites, materials-science (water-filtration etc)
  • filiphdr: @chrisjharding @David_A_OHara @enterprisearchs @Groupon bus/train combo: yes – download tickets: no
  • zslayton: @Technodad @enterprisearchs Maybe.  But now with Google, spotify etc, a new model has emerged.

Some good examples, but I’ll admit that I find it disappointing that almost all of them focus primarily on shunting data around in the ‘social/local/mobile’ space – yes, all of them valid, but a very narrow subset of the actual ‘digital-disruption’ that’s going on these days. (Near the end, there is a good example of the broader view: “Nespresso – getting us to pay 8 times more for a cup of coffee”.)

As enterprise-architects and business-architects, we really do need to break out of the seemingly-reflex assumptions of IT-centrism, and learn instead to look at the contexts from a much broader perspective. For example, a common illustration I use is that the key competition for Netflix is not some other streaming-video provider, but booksellers, bars and restaurants – other types of services entirely, but that compete for the same social/time-slots in potential-customers’ lives.

Question 4: What is the role of enterprise-architecture in driving and responding to disruption?

  • enterprisearchs: A4 #EntArch will identify which capabilities will be needed, and when, to enable disruptive strategies
  • efeatherston: A4: #entArch is key to surviving tech disruption, need the high level view/impact on the business
  • chrisjharding: A4: #EntArch must be business-led, not technology-led
  • InfoRacer: A4 #EntArch can play an orchestration, impact analysis and sanity check role
  • efeatherston: Agree 100%, its all about the impact to the business RT @chrisjharding: A4: #EntArch must be business-led, not technology-led
  • enterprisearchs: A4 #EntArch will lead enterprise response to #disruption by plotting the execution path to winning strategies http://t.co/FdgqXOVKug
  • chrisjharding: A4: and #Entarch must be able to focus on business differentiation not common technology
  • enterprisearchs: A4 #EntArch will lead enterprise response to #disruption by plotting the execution path to winning strategies http://t.co/FdgqXOVKug
  • afigueiredo: A4 #entarch should be flexible to accommodate/support #disruption caused by new advances and changes
  • TheWombatWho: A4 help clarify & stick to intent of business.  It is key in choosing the critical capabilities vs non essential capabilities
  • enterprisearchs: A4 #EntArch will provide the strategic insights to identify what business changes are viable
  • chrisjharding: @InfoRacer or enable business users to orchestrate – give them the tools
  • enterprisearchs: A4 #EntArch will provide the strategic infrastructure to bring cohesion to business change
  • TalmanAJ: A4: identify existing and needed business and IT capabilities and ensure agility to respond to disruption #entarch
  • efeatherston: a4: #entarch needs to work with business to determine how to leverage/use/survive  #disruption to help the business processes
  • David_A_OHara: @enterprisearchs so you need very business-savvy and creative EAs (no longer a tech discipline but sustainable biz innovation role?)
  • InfoRacer: RT @enterprisearchs: A4 #EntArch will provide the strategic insights to identify what business changes are viable
  • TheWombatWho: A4 have to travel light so linking intent to critical capability is essential if Biz is to remain flexible & adaptable
  • zslayton: A4 #EntArch must steer the IT ship to adapt in the new world.  steady hand on the tiller!
  • TheWombatWho: A4 have to travel light so linking intent to critical capability is essential if Biz is to remain flexible & adaptable
  • TheWombatWho: @enterprisearchs agree
  • chrisjharding: @David_A_OHara @enterprisearchs Yup!
  • efeatherston: @David_A_OHara @enterprisearchs Agree, EA’S need both business and tech, act as the bridge for the business to help them respond
  • enterprisearchs: A4 #EntArch will assist in managing lifecycles at the #BizModel, market model, product & service and operating model levels
  • zslayton: @chrisjharding Absolutely.  Focus on commoditized tech will lead to lagging IT.  Focus on differentiators is key.
  • eatraining: A4 Business design and architecture will facilitate a more structured approach to business prototyping
  • tetradian: A4: identifying/describing the overall shared-enterprise space (tech + human); also lean-startup style ‘jobs to be done’ etc
  • Technodad: @TheWombatWho yes, but a tough job- how would #entarch have advised Tower Records in face of digital music disruption, loss of ROE?
  • David_A_OHara: @Technodad @TheWombatWho good challenge: same question can be posed re: Game and HMV in the UK…
  • eatraining: A4 Business model prototyping is the conversation we have with our ideas – @tomwujec
  • tetradian: @eatraining re business-prototyping – yes, strong agree
  • tetradian: A4 for ‘digital disruption’, crucial that #entarch covers a much broader space than just IT – pref. out to entire shared-enterprise
  • enterprisearchs: @tetradian agree – the boundaries of the enterprise are defined by the value discipline orientation, not by the balance sheet

In contradiction to what I said just above, that too-common predominance of IT-centrism in current EA is not so much in evidence here. It’s a pleasant contrast, but it doesn’t last…

Question 5: Why is enterprise-architecture well placed to respond to disruption?

  • theopengroup: Q5 And on a similar note, what is the role of #EntArch in driving and responding to #disruption?
  • enterprisearchs: A5 #EntArch has a unique appreciation of existing and required business capabilities to execute strategy
  • enterprisearchs: A5 Speed to change is now a competitive advantage. #EntArch can map the shortest path to deliver business outcomes
  • filiphdr: A5 Keep short term decisions in line w/ long term vision
  • enterprisearchs: A5 #EntArch provides the tools to better manage investment lifecycles, helping to time capability deployment and divestment
  • InfoRacer: A5 Advising, giving informed analysis, recommendations & impact so the Business officers can make decision with their eyes open!
  • enterprisearchs: A5 #EntArch is the only discipline that stitches strategic and business management disciplines together in a coherent manner
  • enterprisearchs: A5 Speed of response requires a clear mandate and execution plan. #EntArch will deliver this
  • zslayton: @enterprisearchs Agreed.  Toss in leadership and we may have something!
  • TheWombatWho: @Technodad key is “why was tower special?”  Advice, passion & knowledge…..still relevant?  Not the music – was the knowledge.
  • efeatherston: @enterprisearchs well said #entarch
  • enterprisearchs: A5 #EntArch provides vital information about which capabilities currently exist and which need to be acquired or built
  • chrisjharding: A5: Set principles and standards to give consistent use of disruptive technologies in enterprise
  • eatraining: @Technodad @TheWombatWho A few cycles of business model prototyping might have revealed a an opportunity to respond better
  • zslayton: @Technodad @TheWombatWho Netflix again a good example.  Cannibalized their soon to be dying biz to innovate in new biz.
  • TalmanAJ: A5: #entarch should be the tool to drive/respond to disruptions in a controlled manner
  • enterprisearchs: A5 #ArchitectureThinking provides a robust approach to optimise change initiatives and accelerate delivery
  • David_A_OHara: @Technodad @TheWombatWho consider future of games consoles i.e. there will be NO consoles: smart TV will access all digital content
  • TheWombatWho: @David_A_OHara @Technodad HMV interesting – wasn’t  retail store a response to original disruption?
  • chrisjharding: A5: and ensure solutions comply with legal constraints and enterprise obligations
  • zslayton: @David_A_OHara @Technodad @TheWombatWho SmartTV is just a big ole, vertical tablet. #mobile
  • TheWombatWho: @zslayton @David_A_OHara @Technodad and value opportunity is how to keep finger prints off the screen!!!!
  • TheWombatWho: @David_A_OHara @Technodad so accessing content is not where value is?  Where is the value in that arena?
  • enterprisearchs: A5 #EntArch offers insight into which technology capabilities can be strategically applied
  • eatraining: A5 #EntArch can offer an extended value proposition not just into capability mixes but product and market mixes as well
  • TheWombatWho: @enterprisearchs @Technodad yes, yes, yes and yes.  I agree
  • Technodad: @zslayton Exactly. Decision to dump physical & go all-in on digital delivery & content was key. Wonder if #entarch led change?
  • David_A_OHara: @TheWombatWho @Technodad not much if U R console manuf!  Content IS the value, right? Smart TV democratises access to content
  • mjcavaretta: Value from #BigData primarily from…  RT @TheWombatWho: @InfoRacer behavioural sciences & #predictive #analytics
  • TheWombatWho: @enterprisearchs @Technodad getting Biz to talk through canvas & over-laying their discussions with IT choices is essential
  • zslayton: @Technodad I’m guessing product but #entarch had to rapidly adapt IT enviro to enable the product e.g. respond to the disruption
  • efeatherston: @zslayton @Technodad  Netflix seems to thrive on disruption, look at their testing model, chaos monkey , hope #entarch is involved

In a sense, the same as for Question 4: the too-usual IT-centrism is not so much in apparent evidence. Yet actually it is: I don’t think there’s a single example that moves more than half a step outside of some form of IT. Where are the references to EA for smart-materials, smart-sensors, nanotechnologies, changes in law, custom, even religion? – they’re conspicuous only by their absence. Again, we need to stop using IT as ‘the centre of everything’, because it really isn’t in the real-world: instead, we need to rethink our entire approach to architecture, shifting towards a more realistic awareness that “everything and nothing is ‘the centre’ of the architecture, all at the same time”.

Question 6: Who are the key stakeholders enterprise-architecture needs to engage when developing a disruption strategy?

  • theopengroup: Q6 So who are the key stakeholders #EntArch needs to engage when developing a #Disruption strategy?
  • filiphdr: A6 Customers
  • enterprisearchs: A6 #Disruption is the concern of the entire executive team and the board of directors – this is where #EntArch should be aiming
  • TalmanAJ: A6: Business leaders first, IT leaders second
  • chrisjharding: A6: CIOs
  • InfoRacer: A6 Customers, Shareholders, Investors, Partners
  • enterprisearchs: A6 Clearly the CEO is the key stakeholder for #EntArch to reach when contemplating new #BizModels
  • eatraining: A6 Welcome the arrival of the CDO. The chief digital officer. Is this the new sponsor for EA?
  • efeatherston: A6: As has been said, the C-level (not just CIO), as the focus must always be the business drivers, and what impact that has
  • zslayton: @Technodad emphasizing partnership and alignment between Tech #entarch and Biz entarch.
  • eatraining: A6 The Customer!!??
  • Technodad: @mjcavaretta Do you think replacement of knowledge workers by machine learning is next big disruption?
  • InfoRacer: @eatraining Hmm Chief Data Officer, because lets be honest the CIO mostly isn’t a Chief INFORMATION Officer anymore
  • TheWombatWho: A6 starts with biz, increasingly should include customers & suppliers & then IT
  • tetradian: A6: _all_ stakeholder-groups – that’s the whole point! (don’t centre it around any single stakeholder – all are ‘equal citizens’)
  • TheWombatWho: @tetradian A6 agree with Tom.  My bent is Biz 1st but you mine intel from all – whenever opportunity arrives.  Continual engagement

I’ll say straight off that I was shocked at most of the above: a sad mixture of IT-centrism and/or organisation-centrism, with only occasional indications – such as can be seen in Craig Martin’s plea of “The Customer!!??” – of much of a wider awareness. What we perhaps need to hammer home to the entire EA/BA ‘trade’ is that whilst we create an architecture for an organisation, it must be about the ‘enterprise’ or ecosystem within which that organisation operates. Crucial to this is the awareness that the enterprise is much larger than the organisation, and hence we’d usually be wise to start ‘outside-in‘ or even ‘outside-out’, rather than the literally self-centric ‘inside-in’ or ‘inside-out’.

Question 7: What current gaps in enterprise-architecture must be filled to effectively lead disruption strategy?

  • theopengroup: Q7, last one guys! What current gaps in #EntArch must be filled to effectively lead #Disruption strategy?
  • enterprisearchs: #EntArch should engage the biz to look at what sustaining & disruptive innovations are viable with the existing enterprise platform
  • zslayton: @efeatherston @Technodad Proactive disruption!  Technical tools to enable and anticipate change.  Great example.
  • enterprisearchs: A7 #EntArch needs to move beyond an IT mandate
  • enterprisearchs: A7 #EntArch needs to be recognised as a key guide in strategic business planning
  • InfoRacer: A7 Engage with biz.  Get away from tech.  Treat Information as real asset, get CDO role
  • eatraining: A7 The #EntArch mandate needs to move out of the IT space
  • chrisjharding: A7: #EntArch needs a new platform to deploy disruptive technologies – Open Platform 3.0
  • zslayton: A7 #entarch involvement during the idea stage of biz, not just the implementation.  True knight at the round table.
  • TheWombatWho: @enterprisearchs @Technodad its one of my best friends.  Evan the discipline of thought process sans formality of canvas
  • enterprisearchs: A7 #EntArchs need to improve their business engagement skills and vocabulary
  • zslayton: @eatraining Agreed!  Balance Biz #entarch with Tech #entarch.
  • efeatherston: A7: #entarch MUST be part of the business planning process, they are the connecting tissue between business drivers and IT
  • David_A_OHara: @theopengroup creative business modelling inc. hypothetical models, not simple IT response to mid term view based on today’s probs
  • TalmanAJ: A7: #entArch needs to move from its IT and technical focus to more business strategy focus
  • eatraining: @efeatherston Agreed
  • efeatherston: A7: #entarch  needs to get business to understand, they are not just the tech guys
  • eatraining: A7 There is room to expand into the products and services space as well as market model space
  • InfoRacer: A7 Common vocabulary eg by exploiting Conceptual model; Information is the lingua franca
  • enterprisearchs: A7 #EntArchs need to be more business-outcome oriented
  • chrisjharding: A7: Open Platform 3.0 #ogP3 will let architects worry about the business, not the technology
  • enterprisearchs: A7 #EntArchs need to be recruited from business domains and taught robust architecture practises
  • Technodad: A7 #EntArch can’t lose role of tracking/anticipating tech change, or business will be blindsided by next disruption.
  • filiphdr: @efeatherston Very true, and that’s a skills & communication challenge
  • eatraining: A7 Architects must focus more on becoming super mixers than on architecture utility development
  • enterprisearchs: A7 #EntArchs need to be experts in the application of #Cloud, #Mobile, #Social, #BigData and #Digital strategy
  • zslayton: @enterprisearchs Agreed.  We tend to have to push process more than models.  That is often the “ah ha”.  #entarch
  • eatraining: A7 Architecture must focus on actual change in helping design solutions that shift and change behavior as well
  • tetradian: A7: kill off the obsession with IT!!! :-) #entarch needs to cover the whole scope, not the trivial subset that is ‘digital’ alone…
  • enterprisearchs: @tetradian Disagree – Digital is a huge accelerant to #Disruption and #EntArchs in the near term need to have a v strong grip
  • tetradian: RT @enterprisearchs: A7 #EntArch needs to move beyond an IT mandate -> yes yes yes!!!
  • TalmanAJ: @tetradian Yes. Technology is just one aspect of the enterprise. Processes, strategies and people etc. are too.
  • scmunk: @tetradian this shows non-IT importance of #EntArch, also a pipeline for changes http://t.co/O4Cm4D5G7q
  • enterprisearchs: A7 #EntArchs need to be able to clearly articulate business context and motivation http://t.co/Sf4Ci8Ob7P
  • eatraining: @TheWombatWho Roadmap and plans implemented don’t show the true value because stakeholders shift back to old behavior habits.
  • TheWombatWho: A7 need to be evangelist for the ‘value’ in the Biz model not the hierarchy or structure or status quo
  • TheWombatWho: @eatraining agree.  Roadmap is point in time.  Need to establish principles, & links across value chain rather than structural links
  • DadaBeatnik: Never did understand the obsession with IT in #Entarch. Why is this? Not all biz IT-centric. Because of tools/language?
  • TheWombatWho: @DadaBeatnik accident of history?
  • TalmanAJ: @DadaBeatnik Could be historical. Origins of EA are in IT, EA function usually is in IT and EA people usually have IT background.

At least here we did see more awareness of the need to break out of the IT-centric box: it’s just that so many of the responses to the previous questions indicated that much of EA is still very much stuck there. Oh well. But, yeah, good signs that some moves are solidly underway now, at least.

One point I do need to pick up on from the tweets above. Yes, I’ll admit I somewhat dropped back to my usual rant – “kill off the obsession with IT!!! :-) ” – but please, please note that I do still very much include all forms of IT within the enterprise-architecture. I’m not objecting to IT at all: all that I’m saying is that we should not reflexively elevate IT above everything else. In other words, we need to start from an awareness – a strictly conventional, mainstream systemic-awareness – that in a viable ‘architecture of the enterprise, everything in that ‘ecosystem-as-system’ is necessary to that system, and hence necessarily an ‘equal citizen’ with everything else. Hence I do understand where Hugh Evans (@enterprisearchs) is coming from, in his riposte of “Disagree – Digital is a huge accelerant to #Disruption and #EntArchs in the near term need to have a v strong grip”: in a sense, he’s absolutely right. But the danger – and I’m sorry, but it is a huge danger – is that there’s still such as strong pull towards IT-centrism in current EA that we do need to be explicit in mitigating against it at just every step of the way. Yes, “digital is a huge accelerant to disruption”, and yes, we do need to be aware of the potential affordances offered by each new technology, yet we must always to start from the overall potential-disruption opportunity/risk first – and not from the technology.

Wrap-up

(This consisted of various people saying ‘thank you’, and ‘goodbye’, which is nice and socially-important and suchlike, yet not particularly central to the content of the TweetJam itself: I’ve dropped them from the record here, but you can chase them up on Twitter if you really need them. However, there were a couple of tweets pointing to further resources that might be helpful to some folks, so I’ll finish here with those.)

  • enterprisearchs: Look out for our upcoming webinar: http://t.co/lWvJ630BVJ ‘Leading Business Disruption Strategy with #EntArch’ Oct 10
  • dianedanamac: Thanks for joining! Continue the conversation at #ogLON, The Open Group London event Oct. 21-24

That’s it. Hope that’s been useful, anyways: over to you?

GravesTom_sq Tom Graves has been an independent consultant for more than three decades, in business transformation, enterprise architecture and knowledge management. His clients in Europe, Australasia and the Americas cover a broad range of industries including banking, utilities, manufacturing, logistics, engineering, media, telecoms, research, defence and government. He has a special interest in architecture for non-IT-centric enterprises, and integration between IT-based and non-IT-based services.

1 Comment

Filed under Business Architecture, Cloud, Enterprise Architecture, Open Platform 3.0

Talking Points on Rationale for Vendors Participation in Standards Efforts

By Terence Blevins, Portfolio Manager, The MITRE Corporation

The following are simple communication messages responding to two high level questions; what messages are useful when trying to get a company to decide on engaging in a standards effort, and next, what type of people should get engaged?

Regarding what messages are useful when trying to get a company to decide on engaging in a standards effort? I have used 5 key points:

  1. Marketing – if a company has openness and/or interoperability as part of its messaging, it is important to be seen as participating in open standards consortia. It demonstrates corporate commitment – without participation customers will not really believe the company is walking the talk
  2. Cost of selling – if a company does not support industry standards they are constantly asked to rationalize why they do not support industry standards, which increases the time and cost to sell. Sometimes you don’t even get on the short list. When you have products that are certified and have the label this becomes less an issue.
  3. Cost of developing interface standards – interface standards are just plain expensive to develop; if you become involved with an industry group, like The Open Group, you are leveraging others to get a standard done that is likely to have a long healthy shelf life at a lower cost than developing it yourself.
  4. Cost of developing solutions – again by implementing a standard, it is cheaper than developing and testing an interface on your own.
  5. Ability to set the standard – if one already has a product suite that is connected with sound interface specifications; a Platinum member of The Open Group can submit that as the standard in the fast track and actually be seen as setting the standard. This promotes the company in the leadership position and commitment to the interoperability message.

To the other question what type of people should get engaged? I typically emphasize the following:

  • There are 2 roles – the high level participation at the board and then the standards detail role.
  • The high level role needs to be filled by someone with the strategic view of the company, and the participant needs to be promoting true interoperability and demonstrating a willingness to cooperate with others.
  • The standards detail role needs to be filled by someone close to the architecture and engineering side of the house and should be someone that can contribute to the standards process – whether standards development or establishing the certification program.

©2013-The MITRE Corporation. All rights reserved.

blevins_1 Mr. Blevins is a department head at MITRE. He is a Board Member of The Open Group, representing the Customer Council.

He has been involved with the architecture discipline since the 80s, much of which was done while he was Director of Strategic Architecture at NCR Corporation. He has been involved with The Open Group since 1996 when he first was introduced to the Architecture Forum. He was co-chair of the Architecture Forum and frequent contributor of content to TOGAF including the Business Scenario Method.

Mr. Blevins was Vice President and CIO of The Open Group where he contributed to The Open Group Vision of Boundaryless Information Flow™

He holds undergraduate and Masters degrees in Mathematics from Youngstown State University. He is TOGAF 8 certified.

Comments Off

Filed under Certifications, Standards