Category Archives: Professional Development

The Open Group Boston 2014 – Day One Highlights

By Loren K. Baynes, Director, Global Marketing Communications

The Open Group kicked off Enabling Boundaryless Information Flow™  July 21 at the spectacular setting of the Hyatt Boston Harbor. Allen Brown, CEO and President of The Open Group, welcomed over 150 people from 20 countries, including as far away as Australia, Japan, Saudi Arabia and India.

The first keynote speaker was Marshall Van Alstyne, Professor at Boston University School of Management & Researcher at MIT Center for Digital Business, known as a leading expert in business models. His presentation entitled Platform Shift – How New Open Business Models are Changing the Shape of Industry posed the questions “What does ‘openness’ mean? Why do platforms beat products every time?”.

Van AlstyneMarshall Van Alstyne

According to “InterBrand: 2014 Best Global Brands”, 13 of the top 31 companies are “platform companies”. To be a ‘platform’, a company needs embeddable functions or service and allow 3rd party access. Alystyne noted, “products have features, platforms have communities”. Great standalone products are not sufficient. Positive changes experienced by a platform company include pricing/profitability, supply chains, internal organization, innovation, decreased industry bottlenecks and strategy.

Platforms benefit from broad contributions, as long as there is control of the top several complements. Alstyne commented, “If you believe in the power of community, you need to embrace the platform.”

The next presentation was Open Platform 3.0™ – An Integrated Approach to the Convergence of Technology Platforms, by Dr. Chris Harding, Director for Interoperability, The Open Group. Dr. Harding discussed how society has developed a digital society.

1970 was considered the dawn of an epoch which saw the First RAM chip, IBM introduction of System/370 and a new operating system – UNIX®. Examples of digital progress since that era include driverless cars and Smart Cities (management of traffic, energy, water, communication).

Digital society enablers are digital structural change and corporate social media. The benefits are open innovation, open access, open culture, open government and delivering more business value.

Dr. Harding also noted, standards are essential to innovation and enable markets based on integration. The Open Group Open Platform 3.0™ is using ArchiMate®, an Open Group standard, to analyze the 30+ business use cases produced by the Forum. The development cycle is understanding, analysis, specification, iteration.

Dr. Harding emphasized the importance of Boundaryless Information Flow™, as an enabler of business objectives and efficiency through IT standards in the era of digital technology, and designed for today’s agile enterprise with direct involvement of business users.

Both sessions concluded with an interactive audience Q&A hosted by Allen Brown.

The last session of the morning’s plenary was a panel: The Internet of Things and Interoperability. Dana Gardner, Principal Analyst at Interarbor Solutions, moderated the panel. Participating in the panel were Said Tabet, CTO for Governance, Risk and Compliance Strategy, EMC; Penelope Gordon, Emerging Technology Strategist, 1Plug Corporation; Jean-Francois Barsoum, Senior Managing Consultant, Smarter Cities, Water & Transportation, IBM; and Dave Lounsbury, CTO, The Open Group.

IoT PanelIoT Panel – Gardner, Barsoum, Tabet, Lounsbury, Gordon

The panel explored the practical limits and opportunities of Internet of Things (IoT). The different areas discussed include obstacles to decision-making as big data becomes more prolific, openness, governance and connectivity of things, data and people which pertain to many industries such as smart cities, manufacturing and healthcare.

How do industries, organizations and individuals deal with IoT? This is not necessarily a new problem, but an accelerated one. There are new areas of interoperability but where does the data go and who owns the data? Openness is important and governance is essential.

What needs to change most to see the benefits of the IoT? The panel agreed there needs to be a push for innovation, increased education, move beyond models of humans managing the interface (i.e. machine-to-machine) and determine what data is most important, not always collecting all the data.

A podcast and transcript of the Internet of Things and Interoperability panel will be posted soon.

The afternoon was divided into several tracks: Boundaryless Information Flow™, Open Platform 3.0™ and Enterprise Architecture (EA) & Enterprise Transformation. Best Practices for Enabling Boundaryless Information Flow across the Government was presented by Syed Husain, Consultant Enterprise Architecture, Saudi Arabia E-government Authority. Robert K. Pucci, CTO, Communications Practice, Cognizant Technology Solutions discussed Business Transformation Justification Leveraging Business and Enterprise Architecture.

The evening concluded with a lively networking reception at the hotel.

Join the conversation #ogBOS!

Loren K. BaynesLoren K. Baynes, Director, Global Marketing Communications, joined The Open Group in 2013 and spearheads corporate marketing initiatives, primarily the website, blog and media relations. Loren has over 20 years experience in brand marketing and public relations and, prior to The Open Group, was with The Walt Disney Company for over 10 years. Loren holds a Bachelor of Business Administration from Texas A&M University. She is based in the US.

 

Leave a comment

Filed under ArchiMate®, Boundaryless Information Flow™, Business Architecture, Conference, Data management, Enterprise Architecture, Enterprise Transformation, Healthcare, Interoperability, Open Platform 3.0, Professional Development, Standards, Uncategorized

The Open Group Boston 2014 – Q&A with Proteus Duxbury, Connect for Health Colorado

By The Open Group

The U.S. healthcare industry is undergoing a major sea change right now due in part to the Affordable Care Act, as well as the need to digitize legacy systems that have remained largely paper-based in order to better facilitate information exchange.

Proteus Duxbury, the CTO for the state of Colorado’s health insurance exchange, Connect for Health Colorado, has a wide and varied background in healthcare IT ranging from IT consulting and helping to lead a virtual health medicine group to his current position running the supporting technologies operating the Colorado exchange. Duxbury joined Connect for Health Colorado early 2014 as the exchange was going through its first major enrollment period.

We spoke to Duxbury in advance of his keynote on July 22 at The Open Group Boston 2014 conference about the current state of healthcare IT and how Enterprise Architecture will play an integral part in the Connect for Health Colorado exchange moving forward as the organizations transitions from a start-up culture to a maintenance and run mode.

Below is a transcript of that conversation.

What factors went into making the roll-out of Connect for Health Colorado healthcare exchange a success?

There were three things. The first is we have an exceptional leadership team. The CEO, especially, is a fantastic leader and was able to create a strong vision and have her team rally quickly behind it. The executive team was empowered to make decisions quickly and there was a highly dedicated work force and a powerful start-up culture. In addition, there was a uniformly shared passion to see healthcare reform successfully implemented in Colorado.

The second reason for success was the flexibility and commitment of our core vendor—which is CGI—and their ability to effectively manage and be agile with rapidly changing regulatory requirements and rapidly changing needs. These systems had never been built anywhere else before; it really was a green field program of work. There was a shared commitment to achieving success and very strong contracting in place ensuring that we were fully protected throughout the whole process.

The third is our COTS (Commercial Off-The-Shelf) solution that was selected. Early on, we established an architecture principle of deploying out-of-the-box products rather than trying to build from scratch, so there was minimal customization and development effort. Scope control was tight. We implemented the hCentive package, which is one of the leading health insurance exchange software packages. Best-of-breed solutions were implemented around the edges where it was necessary to meet a niche need, but we try to build as much into the single product as we can. We have a highly resilient and available architecture. The technical architecture scales well and has been very robust and resilient through a couple of very busy periods at the end of open enrollment, particularly on March 31st and toward the end of December, as the deadline for enrollment in 2014 plans approached.

Why are you putting together an Enterprise Architecture for the exchange?

We’re extremely busy right now with a number of critical projects. We’re still implementing core functionality but we do have a bit of a breather on the horizon. Going into next year things will get lighter, and now is the time for a clear roadmap to achieve the IT strategic objectives that I have set for the organization.

We are trying to achieve a reduction in our M&O (maintenance and operations) expense because we need to be self-sustaining from a budgetary point of view. Our federal funding will be going away starting 2015 so we need to consolidate architecture and systems and gain additional efficiencies. We need to continue to meet our key SLAs, specifically around availability—we have a very public-facing set of systems. IT needs to be operationalized. We need to move from the existing start-up culture to the management of IT in a CMM (Capability Maturity Model) or ITIL-type fashion. And we also need to continue to grow and hold on to our customer base, as there is always a reasonable amount of churn and competing services in a relatively uncertain marketplace. We need to continue to grow our customer base so we can be self-sustaining. To support this, we need to have a more operationalized, robust and cost-efficient IT architecture, and we need a clear roadmap to get there. If you don’t have a roadmap or design that aligns with business priorities, then those things are difficult to achieve.

Finally, I am building up an IT team. To date, we’ve been highly reliant on contractors and consultants to get us to where we are now. In order to reduce our cost base, we are building out our internal IT team and a number of key management roles. That means we need to have a roadmap and something that we can all steer towards—a shared architecture roadmap.

What benefits do you expect to see from implementing the architecture?

Growing our customer base is a critical goal—we need to stabilize the foundations of our IT solution and use that as a platform for future growth and innovation. It’s hard to grow and innovate if you haven’t got your core IT platform stabilized. By making our IT systems easier to be maintained and updated we hope to see continued reduction in IT M&O. High availability is another benefit I expect to see, as well as closer alignment with business goals and business processes and capabilities.

Are there any particular challenges in setting up an Enterprise Architecture for a statewide health exchange? What are they?

I think there are some unique challenges. The first is budget. We do need to be self-sustaining, and there is not a huge amount of budget available for additional capital investments. There is some, but it has to be very carefully allocated, managed and spent diligently. We do work within a tightly controlled federal set of regulations and constraints and are frequently under the spotlight from auditors and others.

There are CMS (Center for Medicaid Services) regulations that define what we can and cannot do with our technology. We have security regulations that we have to exist within and a lot of IRS requirements that we have to meet and be compliant with. We have a complex set of partners to work with in Colorado and nationally—we have to work with Colorado state agencies such as the Department of Insurance and Medicaid (HCPF), we have to work very closely with a large number—we’ve currently got 17—of carriers. We have CMS and the federal marketplace (Federal Data Services Hub). We have one key vendor—CGI—but we are in a multi-vendor environment and all our projects involve having to manage multiple different organizations towards success.

The final challenge is that we’re very busy still building applications and implementing functionality, so my job is to continue to be focused on successful delivery of two very large projects, while ensuring our longer term architecture planning is completed, which is going to be critical for our long-term sustainability. That’s the classic Enterprise Architecture conundrum. I feel like we’ve got a handle on it pretty well here—because they’re both critical.

What are some of the biggest challenges that you see facing the Healthcare industry right now?

Number one is probably integration—the integration of data especially between different systems. A lot of EMR (electronic medical record) systems are relatively closed to the outside world, and it can be expensive and difficult to open them up. Even though there are some good standards out there like HL7 and EDI (Electronic Data Interchange), everyone seems to be implementing them differently.

Personal healthcare tech (mHealth and Telehealth) is not going to take off until there is more integration. For example, between whatever you’re using to track your smoking, blood pressure, weight, etc., it needs to be integrated seamlessly with your medical records and insurance provider. And until this data can be used for meaningful analytics and care planning, until they solve this integration nightmare, it’s going to be difficult really to make great strides.

Security is the second challenge. There’s a huge proliferation of new technology endpoints and there’s a lot of weak leaks around people, process and technology. The regulators are only really starting to catch up, and they’re one step behind. There’s a lot of personal data out there and it’s not always technology that’s the weak leak. We have that pretty tightly controlled here because we’re highly regulated and are technology is tightly controlled, but on the provider side especially, it’s a huge challenge and every week we see a new data breach.

The third challenge is ROI. There’s a lot of investment being made into personal health technology but because we’re in a private insurance market and a private provider market, until someone has really cracked what the ROI is for these initiatives, whether it’s tied to re-admissions or reimbursements, it’s never going to really become mainstream. And until it becomes part of the fabric of care delivery, real value is not going to be realized and health outcomes not significantly improved.

But models are changing—once the shift to outcome-based reimbursement takes hold, providers will be more incentivized to really invest in these kind of technologies and get them working. But that shift hasn’t really occurred yet, and I’ve yet to see really compelling ROI models for a lot of these new investments. I’m a believer that it really has to be the healthcare provider that drives and facilitates the engagement with patients on these new technologies. Ultimately, I believe, people, left to their own devices, will experiment and play with something for a while, but unless their healthcare provider is engaging them actively on it, it’s not something that they will persist in doing. A lot of the large hospital groups are dipping their toe in the water and seeing what sticks, but I don’t really see any system where these new technologies are becoming part of the norm of healthcare delivery.

Do you feel like there are other places that are seeing more success in this outside of the US?

I know in the UK, they’re having a lot of success with their Telehealth pilots. But their primary objective is to make people healthier, so it’s a lot easier in that environment to have a good idea, show that there’s some case for improving outcomes and get funding. In the US, proving outcomes currently isn’t enough. You have to prove that there’s some revenue to be made or cost to be saved. In some markets, they’ve experienced problems similar to the US and in some markets it’s probably been easier. That doesn’t mean they’ve had an easy time implementing them—the UK has had huge problems with integration and with getting EMR systems deployed and implemented nationally. But a lot of those are classical IT problems of change management, scope control and trying to achieve too much too quickly. The healthcare industry is about 20 years behind other industries. They’re going through all the pain with the EMR rollouts that most manufacturing companies went through with ERP 20 years ago and most banks went through 40 years ago.

How can organizations such as The Open Group and its Healthcare Forum better work with the Healthcare industry to help them achieve better results?

I think firstly bringing a perspective from other industries. Healthcare IT conferences and organizations tend to be largely made up of people who have been in healthcare most of their working lives. The Open Group brings in perspective from other industries. Also reference architectures—there’s a shortage of good reference architectures in the healthcare space and that’s something that is really The Open Group’s strong point. Models that span the entire healthcare ecosystem—including payers, providers, pharma and exchanges, IT process and especially IT architecture process—can be improved in healthcare. Healthcare IT departments aren’t as mature as other industries because the investment has not been there until now. They’re in a relative start-up mode. Enterprise Architecture—if you’re a large healthcare provider and you’re growing rapidly through M&O (like so many are right now), that’s a classic use case for having a structured Enterprise Architecture process.

Within the insurance marketplace movement, things have grown very quickly; it’s been tough work. A handful of the states have been very successful, and I think we’re not unique in that we’re a start-up organization and it’s going to be several years until we mature to fully functional, well measured l IT organization. Architecture rigor and process is key to achieving sustainability and maturity.

Join the conversation – #ogchat #ogBOS

duxbury_0Proteus Duxbury joined Connect for Health Colorado as Chief Technology Officer in February 2014, directing technology strategy and operations. Proteus previously served at Catholic Health Initiatives, where he led all IT activities for Virtual Health Services, a division responsible for deploying Telehealth solutions throughout the US. Prior to that, Proteus served as a Managing Consultant at the PA Consulting Group, leading technology change programs in the US and UK primarily in the healthcare and life science industry. He holds a Bachelor of Science in Information Systems Management from Bournemouth University.

 

 

Leave a comment

Filed under COTS, Enterprise Architecture, Healthcare, Professional Development, Strategy, Uncategorized

The Open Group Boston 2014 Preview: Talking People Architecture with David Foote

By The Open Group

Among all the issues that CIOs, CTOs and IT departments are facing today, staffing is likely near the top of the list of what’s keeping them up at night. Sure, there’s dealing with constant (and disruptive) technological changes and keeping up with the latest tech and business trends, such as having a Big Data, Internet of Things (IoT) or a mobile strategy, but without the right people with the right skills at the right time it’s impossible to execute on these initiatives.

Technology jobs are notoriously difficult to fill–far more difficult than positions in other industries where roles and skillsets may be much more static. And because technology is rapidly evolving, the roles for tech workers are also always in flux. Last year you may have needed an Agile developer, but today you may need a mobile developer with secure coding ability and in six months you might need an IoT developer with strong operations or logistics domain experience—with each position requiring different combinations of tech, functional area, solution and “soft” skillsets.

According to David Foote, IT Industry Analyst and co-founder of IT workforce research and advisory firm Foote Partners, the mash-up of HR systems and ad hoc people management practices most companies have been using for years to manage IT workers have become frighteningly ineffective. He says that to cope in today’s environment, companies need to architect their people infrastructure similar to how they have been architecting their technical infrastructure.

“People Architecture” is the term Foote has coined to describe the application of traditional architectural principles and practices that may already be in place elsewhere within an organization and applying them to managing the IT workforce. This includes applying such things as strategy and capability roadmaps, phase gate blueprints, benchmarks, performance metrics, governance practices and stakeholder management to human capital management (HCM).

HCM components for People Architecture typically include job definition and design, compensation, incentives and recognition, skills demand and acquisition, job and career paths, professional development and work/life balance.

Part of the dilemma for employers right now, Foote says, is that there is very little job title standardization in the marketplace and too many job titles floating around IT departments today. “There are too many dimensions and variability in jobs now that companies have gotten lost from an HR perspective. They’re unable to cope with the complexity of defining, determining pay and laying out career paths for all these jobs, for example. For many, serious retention and hiring problems are showing up for the first time. Work-around solutions used for years to cope with systemic weaknesses in their people management systems have stopped working,” says Foote. “Recruiters start picking off their best people and candidates are suddenly rejecting offers and a panic sets in. Tensions are palpable in their IT workforce. These IT realities are pervasive.”

Twenty-five years ago, Foote says, defining roles in IT departments was easier. But then the Internet exploded and technology became far more customer-facing, shifting basic IT responsibilities from highly technical people deep within companies to roles requiring more visibility and transparency within and outside the enterprise. Large chunks of IT budgets moved into the business lines while traditional IT became more of a business itself.

According to Foote, IT roles became siloed not just by technology but by functional areas such as finance and accounting, operations and logistics, sales, marketing and HR systems, and by industry knowledge and customer familiarity. Then the IT professional services industry rapidly expanded to compete with their customers for talent in the marketplace. Even the architect role changed: an Enterprise Architect today can specialize in applications, security or data architecture among others, or focus on a specific industry such as energy, retail or healthcare.

Foote likens the fragmentation of IT jobs and skillsets that’s happening now to the emergence of IT architecture 25 years ago. Just as technical architecture practices emerged to help make sense of the disparate systems rapidly growing within companies and how best to determine the right future tech investments, a people architecture approach today helps organizations better manage an IT workforce spread through the enterprise with roles ranging from architects and analysts to a wide variety of engineers, developers and project and program managers.

“Technical architecture practices were successful because—when you did them well—companies achieved an understanding of what they have systems-wise and then connected it to where they were going and how they were going to get there, all within a process inclusive of all the various stakeholders who shared the risk in the outcome. It helped clearly define enterprise technology capabilities and gave companies more options and flexibility going forward,” according to Foote.

“Right now employers desperately need to incorporate in human capital management systems and practice the same straightforward, inclusive architecture approaches companies are already using in other areas of their businesses. This can go a long way toward not just lessening staffing shortages but also executing more predictably and being more agile in face of constant uncertainties and the accelerating pace of change. Ultimately this translates into a more effective workforce whether they are full-timers or the contingent workforce of part-timers, consultants and contractors.

“It always comes down to your people. That’s not a platitude but a fact,” insists Foote. “If you’re not competitive in today’s labor marketplace and you’re not an employer where people want to work, you’re dead.”

One industry that he says has gotten it right is the consulting industry. “After all, their assets walk out the door every night. Consulting groups within firms such as IBM and Accenture have been good at architecting their staffing because it’s their job to get out in front of what’s coming technologically. Because these firms must anticipate customer needs before they get the call to implement services, they have to be ahead of the curve in already identifying and hiring the bench strength needed to fulfill demand. They do many things right to hire, develop and keep the staff they need in place.”

Unfortunately, many companies take too much of a just-in-time approach to their workforce so they are always managing staffing from a position of scarcity rather than looking ahead, Foote says. But, this is changing, in part due to companies being tired of never having the people they need and being able to execute predictably.

The key is to put a structure in place that addresses a strategy around what a company needs and when. This applies not just to the hiring process, but also to compensation, training and advancement.

“Architecting anything allows you to be able to, in a more organized way, be more agile in dealing with anything that comes at you. That’s the beauty of architecture. You plan for the fact that you’re going to continue to scale and continue to change systems, the world’s going to continue to change, but you have an orderly way to manage the governance, planning and execution of that, the strategy of that and the implementation of decisions knowing that the architecture provides a more agile and flexible modular approach,” he said.

Foote says organizations such as The Open Group can lend themselves to facilitating People Architecture in a couple different ways. First, through extending the principles of architecture to human capital management, and second through vendor-independent, expertise and experience driven certifications, such as TOGAF® or OpenCA and OpenCITS, that help companies define core competencies for people and that provide opportunities for training and career advancement.

“I’m pretty bullish on many vendor-independent certifications in general, particularly where a defined book of knowledge exists that’s achieved wide acceptance in the industry. And that’s what you’ve got with The Open Group. Nobody’s challenging the architectural framework supremacy of TOGAF that that I’m aware of. In fact, large vendors with their own certifications participated actively in developing the framework and applying it very successfully to their business models,” he said.

Although the process of implementing People Architecture can be difficult and may take several years to master (much like Enterprise Architecture), Foote says it is making a huge difference for companies that implement it.

To learn more about People Architecture and models for implementing it, plan to attend Foote’s session at The Open Group Boston 2014 on Tuesday July 22. Foote’s session will address how architectural principles are being applied to human capital so that organizations can better manage their workforces from hiring and training through compensation, incentives and advancement. He will also discuss how career paths for EAs can be architected. Following the conference, the session proceedings will be available to Open Group members and conference attendees at www.opengroup.org.

Join the conversation – #ogchat #ogBOS

footeDavid Foote is an IT industry research pioneer, innovator, and one of the most quoted industry analysts on global IT workforce trends and multiple facets of the human side of technology value creation. His two decades of groundbreaking deep research and analysis of IT-business cross-skilling and technology/business management integration and leading the industry in innovative IT skills demand and compensation benchmarking has earned him a place on a short list of thought leaders in IT human capital management.

A former Gartner and META Group analyst, David leads the research and analytical practice groups at Foote Partners that reach 2,300 customers on six continents.

Leave a comment

Filed under architecture, Conference, Open CA, Open CITS, Professional Development, Standards, TOGAF®, Uncategorized

The Enterprise Architecture Kaleidoscope

By Stuart Boardman, Senior Business Consultant, Business & IT Advisory, KPN Consulting

Last week I attended a Club of Rome (Netherlands) debate about a draft report on sustainability and social responsibility. The author of the report described his approach as being like a kaleidoscope, because the same set of elements can form quite different pictures.

EA 1

Some people had some difficulty with this. They wanted a single picture they could focus on. To me it felt quite natural, because that’s very much what we try to do in Enterprise Architecture (EA) – produce different views of the same whole for the benefit of different stakeholders. And suddenly I realized how to express the relationship between EA and a broader topic like sustainability. That matters to me, because sustainability is something I’m passionate about and I’d like my work to be some small contribution to achieving that.

Before that, I’d been thinking that EA obviously has a role to play in a sustainable enterprise but I hadn’t convinced myself that the relationship was so fundamental – it felt a bit too much like wishful thinking on my part.

When we talk about sustainability today, we need to be clear that we’re not just talking about environmental issues and we’re certainly not talking about “greenwashing”. There’s an increasing awareness that a change needs to occur (and is to some extent occurring) in how we work, how we do business, how we relate to and value each other and how we relate to and value our natural environment.

This is relevant too for The Open Group Open Platform 3.0™. Plenty is written these days about the role that the Internet of Things and Big Data Analytics can play in sustainability. A lot is actually happening. Too much of this fails to take any account of the kaleidoscope and offers a purely technological and resource centric view of a shining future. People are reduced to being the happy consumers of this particular soma. By bringing other factors and in particular social media and locating the discussion in The Open Group’s traditions of Enterprise Architecture (and see also The Open Group’s work on Identity), these rather dangerous limitations can be overcome.

EA 2

 

 

 

 

EA 3

 Source: Wikipedia

Success in any one of these areas is dependent on success in the others. That was really the message of the Club of Rome discussion.

And that’s where EA comes in – the architecture of a global enterprise. There are multiple stakeholders with multiple concerns. They range from a CEO with a company to keep afloat to a farming community, whose livelihood is threatened by a giant coal mine. They also include those whose livelihood is threatened by closing that mine and governments saddled with crippling national debt. They include the people working to achieve change. These people also have their own areas of focus within the overall picture. There are people designing the new solutions – technological or otherwise. There are the people who will have to operate the changed situation. There are the stewards for the natural environment and the non-human inhabitants of platform Earth.

Now Enterprise Architects are in a sense always concerned with sustainability, at least at the micro level of one organization or enterprise. We try to develop an architecture in which the whole enterprise (and all its parts) can achieve its goals – with a minimum of instability and with the ability to respond effectively to change. That in and of itself requires us to be aware of what’s going on in the world outside our organization’s direct sphere of influence, so it’s a small step to looking at a broader picture and wondering what the future of the enterprise might be in a non-sustainable world.

The next step is an obvious one for any Enterprise Architect – well actually any architect at all in any kind of enterprise. This isn’t a political or moral question (although architects have as much right as anyone to else to such considerations) but really just one of drawing conclusions, which are logical and obvious – unless one is merely driven by short-term considerations. What you do with those conclusions is up to you and constrained by your own situation. You do what you can. You can take the campaigning viewpoint or look for collateral lack of damage or just facilitate sustainability when it’s on the agenda – look for opportunities for re-use or repair. And if your situation is one where nothing is possible, you might want to be thinking about moving on.

Sustainability is not conservatism. Some things reach the end of their useful life or can’t survive unexpected and/or dramatic changes. Some things actually improve as a result of taking a serious knock – what Nicholas Nassim Taleb calls anti-fragility. That’s true in nature at both micro and macro levels and it’s particularly true in nature. It’s not surprising that the ideas of biomimicry are rapidly gaining traction in sustainability circles.

EA 4

 

 

 

 

 

Stickybot

In this sense, agile is really about sustainability. When we work with agile methods, we’re not trying to create something changeless. We’re trying to create a way of working in which our enterprise or some small part of it, can change and adapt so as to continue to fulfill its mission for so long as that remains relevant in the world.

So yes, there’s a lot an (enterprise) architect can do towards achieving a sustainable world and there are more than enough reasons that’s consistent with our role in the organizations and enterprises we serve.

Agreed? Not? Please comment one way or the other and let’s continue the discussion.

SONY DSCStuart Boardman is a Senior Business Consultant with KPN Consulting where he leads the Enterprise Architecture practice and consults to clients on Cloud Computing, Enterprise Mobility and The Internet of Everything. He is Co-Chair of The Open Group Open Platform 3.0™ Forum and was Co-Chair of the Cloud Computing Work Group’s Security for the Cloud and SOA project and a founding member of both The Open Group Cloud Computing Work Group and The Open Group SOA Work Group. Stuart is the author of publications by KPN, the Information Security Platform (PvIB) in The Netherlands and of his previous employer, CGI as well as several Open Group white papers, guides and standards. He is a frequent speaker at conferences on the topics of Open Platform 3.0 and Identity.

1 Comment

Filed under Enterprise Architecture, Enterprise Transformation, Identity Management, Professional Development, Uncategorized

The Open Group Boston 2014 to Explore How New IT Trends are Empowering Improvements in Business

By The Open Group

The Open Group Boston 2014 will be held on July 21-22 and will cover the major issues and trends surrounding Boundaryless Information Flow™. Thought-leaders at the event will share their outlook on IT trends, capabilities, best practices and global interoperability, and how this will lead to improvements in responsiveness and efficiency. The event will feature presentations from representatives of prominent organizations on topics including Healthcare, Service-Oriented Architecture, Security, Risk Management and Enterprise Architecture. The Open Group Boston will also explore how cross-organizational collaboration and trends such as big data and cloud computing are helping to make enterprises more effective.

The event will consist of two days of plenaries and interactive sessions that will provide in-depth insight on how new IT trends are leading to improvements in business. Attendees will learn how industry organizations are seeking large-scale transformation and some of the paths they are taking to realize that.

The first day of the event will bring together subject matter experts in the Open Platform 3.0™, Boundaryless Information Flow™ and Enterprise Architecture spaces. The day will feature thought-leaders from organizations including Boston University, Oracle, IBM and Raytheon. One of the keynotes is from Marshall Van Alstyne, Professor at Boston University School of Management & Researcher at MIT Center for Digital Business, which reveals the secret of internet-driven marketplaces. Other content:

• The Open Group Open Platform 3.0™ focuses on new and emerging technology trends converging with each other and leading to new business models and system designs. These trends include mobility, social media, big data analytics, cloud computing and the Internet of Things.
• Cloud security and the key differences in securing cloud computing environments vs. traditional ones as well as the methods for building secure cloud computing architectures
• Big Data as a service framework as well as preparing to deliver on Big Data promises through people, process and technology
• Integrated Data Analytics and using them to improve decision outcomes

The second day of the event will have an emphasis on Healthcare, with keynotes from Joseph Kvedar, MD, Partners HealthCare, Center for Connected Health, and Connect for Health Colorado CTO, Proteus Duxbury. The day will also showcase speakers from Hewlett Packard and Blue Cross Blue Shield, multiple tracks on a wide variety of topics such as Risk and Professional Development, and Archimate® tutorials. Key learnings include:

• Improving healthcare’s information flow is a key enabler to improving healthcare outcomes and implementing efficiencies within today’s delivery models
• Identifying the current state of IT standards and future opportunities which cover the healthcare ecosystem
• How Archimate® can be used by Enterprise Architects for driving business innovation with tried and true techniques and best practices
• Security and Risk Management evolving as software applications become more accessible through APIs – which can lead to vulnerabilities and the potential need to increase security while still understanding the business value of APIs

Member meetings will also be held on Wednesday and Thursday, June 23-24.

Don’t wait, register now to participate in these conversations and networking opportunities during The Open Group Boston 2014: http://www.opengroup.org/boston2014/registration

Join us on Twitter – #ogchat #ogBOS

Leave a comment

Filed under ArchiMate®, Boundaryless Information Flow™, Business Architecture, Cloud/SOA, Conference, Enterprise Architecture, Enterprise Transformation, Healthcare, Information security, Open Platform 3.0, Professional Development, RISK Management, Service Oriented Architecture, Standards, Uncategorized

ArchiMate® Users Group Meeting

By The Open Group

During a special ArchiMate® users group meeting on Wednesday, May 14 in Amsterdam, Andrew Josey, Director of Standards within The Open Group, presented on the ArchiMate certification program and adoption of the language. Andrew is currently managing the standards process for The Open Group, and has recently led the standards development projects for TOGAF® 9.1, ArchiMate 2.1, IEEE Std 1003.1-2008 (POSIX), and the core specifications of the Single UNIX Specification, Version 4.

ArchiMate®, a standard of The Open Group, is an open and independent modeling language for Enterprise Architecture that is supported by different vendors and consulting firms. ArchiMate provides instruments to enable Enterprise Architects to describe, analyze and visualize the relationships among business domains in an unambiguous way. ArchiMate is not an isolated development. The relationships with existing methods and techniques, like modeling languages such as UML and BPMN, and methods and frameworks like TOGAF and Zachman, are well-described.

In this talk, Andrew provided an overview of the ArchiMate 2 certification program, including information on the adoption of the ArchiMate modeling language. He gave an overview of the major milestones in the development of Archimate and referred to the Dutch origins of the language. The Dutch Telematica Institute created the Archimate language in the period 2002-2004 and the language is now widespread. There have been over 41,000 downloads of different versions of the ArchiMate specification from more than 150 countries. At 52%, The Netherlands is leading the “Top 10 Certifications by country”. However, the “Top 20 Downloads by country” is dominated by the USA (19%), followed by the UK (14%) and The Netherlands (12%). One of the tools developed to support ArchiMate is Archi, a free open-source tool created by Phil Beauvoir at the University of Bolton in the UK. Since its development, Archi also has grown from a relatively small, home-grown tool to become a widely used open-source resource that averages 3,000 downloads per month and whose community ranges from independent practitioners to Fortune 500 companies. It is no surprise that again, Archi is mostly downloaded in The Netherlands (17.67%), the United States (12.42%) and the United Kingdom (8.81%).

After these noteworthy facts and figures, Henk Jonkers took a deep dive into modeling risk and security. Henk Jonkers is a senior research consultant, involved in BiZZdesign’s innovations in the areas of Enterprise Architecture and engineering. He was one of the main developers of the ArchiMate language, an author of the ArchiMate 1.0 and 2.0 Specifications, and is actively involved in the activities of the ArchiMate Forum of The Open Group. In this talk, Henk showed several examples of how risk and security aspects can be incorporated in Enterprise Architecture models using the ArchiMate language. He also explained how the resulting models could be used to analyze risks and vulnerabilities in the different architectural layers, and to visualize the business impact that they have.

First Henk described the limitations of current approaches – existing information security and risk management methods do not systematically identify potential attacks. They are based on checklists, heuristics and experience. Security controls are applied in a bottom-up way and are not based on a thorough analysis of risks and vulnerabilities. There is no explicit definition of security principles and requirements. Existing systems only focus on IT security. They have difficulties in dealing with complex attacks on socio-technical systems, combining physical and digital access, and social engineering. Current approaches focus on preventive security controls, and corrective and curative controls are not considered. Security by Design is a must, and there is always a trade-off between the risk factor versus process criticality. Henk gave some arguments as to why ArchiMate provides the right building blocks for a solid risk and security architecture. ArchiMate is widely accepted as an open standard for modeling Enterprise Architecture and support is widely available. ArchiMate is also suitable as a basis for qualitative and quantitative analysis. And last but not least: there is a good fit with other Enterprise Architecture and security frameworks (TOGAF, Zachman, SABSA).

“The nice thing about standards is that there are so many to choose from”, emeritus professor Andrew Stuart Tanenbaum once said. Using this quote as a starting point, Gerben Wierda focused his speech on the relationship between the ArchiMate language and Business Process Model and Notation (BPMN). In particular he discussed Bruce Silver’s BPMN Method and Style. He stated that ArchiMate and BPMN can exist side by side. Why would you link BPMN and Archimate? According to Gerben there is a fundamental vision behind all of this. “There are unavoidably many ‘models’ of the enterprise that are used. We cannot reduce that to one single model because of fundamentally different uses. We even cannot reduce that to a single meta-model (or pattern/structure) because of fundamentally different requirements. Therefore, what we need to do is look at the documentation of the enterprise as a collection of models with different structures. And what we thus need to do is make this collection coherent.”

Gerben is Lead Enterprise Architect of APG Asset Management, one of the largest Fiduciary Managers (± €330 billion Assets under Management) in the world, with offices in Heerlen, Amsterdam, New York, Hong Kong and Brussels. He has overseen the construction of one of the largest single ArchiMate models in the world to date and is the author of the book “Mastering ArchiMate”, based on his experience in large scale ArchiMate modeling. In his speech, Gerben showed how the leading standards ArchiMate and BPMN (Business Process Modeling Notation, an OMG standard) can be used together, creating one structured logically coherent and automatically synchronized description that combines architecture and process details.

Marc Lankhorst, Managing Consultant and Service Line Manager Enterprise Architecture at BiZZdesign, presented on the topic of capability modeling in ArchiMate. As an internationally recognized thought leader on Enterprise Architecture, he guides the development of BiZZdesign’s portfolio of services, methods, techniques and tools in this field. Marc is also active as a consultant in government and finance. In the past, he has managed the development of the ArchiMate language for Enterprise Architecture modeling, now a standard of The Open Group. Marc is a certified TOGAF9 Enterprise Architect and holds an MSc in Computer Science from the University of Twente and a PhD from the University of Groningen in the Netherlands. In his speech, Marc discussed different notions of “capability” and outlined the ways in which these might be modeled in ArchiMate. In short, a business capability is something an enterprise does or can do, given the various resources it possesses. Marc described the use of capability-based planning as a way of translating enterprise strategy to architectural choices and look ahead at potential extensions of ArchiMate for capability modeling. Business capabilities provide a high-level view of current and desired abilities of the organization, in relation to strategy and environment. Enterprise Architecture practitioners design extensive models of the enterprise, but these are often difficult to communicate with business leaders. Capabilities form a bridge between the business leaders and the Enterprise Architecture practitioners. They are very helpful in business transformation and are the ratio behind capability based planning, he concluded.

For more information on ArchiMate, please visit:

http://www.opengroup.org/subjectareas/enterprise/archimate

For information on the Archi tool, please visit: http://www.archimatetool.com/

For information on joining the ArchiMate Forum, please visit: http://www.opengroup.org/getinvolved/forums/archimate

 

1 Comment

Filed under ArchiMate®, Certifications, Conference, Enterprise Architecture, Enterprise Transformation, Professional Development, Standards, TOGAF®

The Open Group Summit Amsterdam 2014 – Day One Highlights

By Loren K. Baynes, Director, Global Marketing Communications, The Open Group

The Open Group Summit Amsterdam, held at the historic Hotel Krasnapolsky, began on Monday, May 12 by highlighting how the industry is moving further towards Boundaryless Information Flow™. After the successful introduction of The Open Group Healthcare Forum in San Francisco, the Governing Board is now considering other vertical Forums such as the airline industry and utilities sector.

The morning plenary began with a welcome from Steve Nunn, COO of The Open Group and CEO of the Association of Enterprise Architects (AEA). He mentioned that Amsterdam has a special place in his heart because of the remembrance of the 2001 event also held in Amsterdam, just one month after the 9/11 attacks which shocked the world. Today, with almost 300 registrations and people from 29 different countries, The Open Group is still appealing to a wide range of nationalities.

Allen Brown, President and CEO of The Open Group, took the audience on a journey as he described the transformation process that The Open Group has been on over the last thirty years from its inception in 1984. After a radically financial reorganization and raising new working capital, The Open Group is flourishing more than ever and is in good financial health.

It is amazing that 40 percent of the staff of 1984 is still working for The Open Group. What is the secret? You should have the right people in the boat with shared values and commitment. “In 2014, The Open Group runs a business, but stays a not-for-profit organization, a consortium”, Brown emphasized. “Enterprise Architecture is not a commercial vehicle or a ‘trendy’ topic. The Open Group always has a positive attitude and will never criticize other organizations. Our certification programs are a differentiator compared to other organizations. We collaborate with other consortia and standard bodies like ISO and ITIL”, Brown said.

Now the world is much more complex. Technology risk is increasing. A common language based on common standards is needed more than ever. TOGAF®, an Open Group standard, was in its infancy in 1998 and now it is the common standard for Enterprise Architects all over the world. In 1984, the UNIX® platform was the first platform of The Open Group. The Open Group Open Platform 3.0™, launched last year, focuses on new and emerging technology trends like mobility, big data, cloud computing and the Internet of Things converging with each other and leading to new business models and system designs. “The Open Group is all about building relationships and networking”, Brown concluded.

Leonardo Ramirez, CEO of ARCA SG and Chair of AEA Colombia, talked about the role of interoperability and Enterprise Architecture in Latin America. Colombia is now a safe country and has the strongest economy in the region. In 2011 Colombia promoted the electronic government and TOGAF was selected as the best choice for Enterprise Architecture. Ramirez is determined to stimulate social economic development projects in Latin America with the help of Enterprise Architecture. There is a law in Colombia (Regulation Law 1712, 2014) that says that every citizen has the right to access all the public information without boundaries.

Dr. Jonas Ridderstråle, Chairman, Mgruppen and Visiting Professor, Ashridge (UK) and IE Business Schools (Spain), said in his keynote speech, “Womenomics rules, the big winners of the personal freedom movement will be women. Women are far more risk averse. What would have happened with Lehman Brothers if it was managed by women? ‘Lehman Sisters’ probably had the potential to survive. Now women can spend 80 percent of their time on other things than just raising kids.” Ridderstråle continued to discuss life-changing and game-changing events throughout his presentation. He noted that The Open Group Open Platform 3.0 for instance is a good example of a successful reinvention.

“Towards a European Interoperability Architecture” was the title of one of the afternoon sessions led by Mr. R. Abril Jimenez. Analysis during the first phase of the European Interoperability Strategy (EIS) found that, at conceptual level, architecture guidelines were missing or inadequate. In particular, there are no architectural guidelines for cross-border interoperability of building blocks. Concrete, reusable interoperability guidelines and rules and principles on standards and architecture are also lacking. Based on the results achieved and direction set in the previous phases of the action, the EIA project has moved into a more practical phase that consists of two main parts: Conceptual Reference Architecture and Cartography.

Other tracks featured Healthcare, Professional Development and Dependability through Assuredness™.

The evening concluded with a lively networking reception in the hotel’s Winter Garden ballroom.

For those of you who attended the summit, please give us your feedback!  https://www.surveymonkey.com/s/AMST2014

Leave a comment

Filed under Boundaryless Information Flow™, Conference, Dependability through Assuredness™, Enterprise Architecture, Enterprise Transformation, Healthcare, Open Platform 3.0, Professional Development, Standards, TOGAF®, Uncategorized

Improving Patient Care and Reducing Costs in Healthcare

By Jason Lee, Director of Healthcare and Security Forums, The Open Group

Recently, The Open Group Healthcare Forum hosted a tweet jam to discuss IT and Enterprise Architecture (EA) issues as they relate to two of the most persistent problems in healthcare: reducing costs and improving patient care. Below I summarize the key points that followed from a rather unique discussion. Unique how? Unique in that rather than address these issues from the perspective of “must do” priorities (including EHR implementation, transitioning to ICD-10, and meeting enhanced HIPAA security requirements), we focused on “should do” opportunities.

We asked how stakeholders in the healthcare system can employ “Boundaryless Information Flow™” and standards development through the application of EA approaches that have proven effective in other industries to add new insights and processes to reduce costs and improve quality.

Question 1: What barriers exist for collaboration among providers in healthcare, and what can be done to improve things?
• tetradian: Huge barriers of language, terminology, mindset, worldview, paradigm, hierarchy, role and much more
• jasonsleephd: Financial, organizational, structural, lack of enabling technology, cultural, educational, professional insulation
• jim_hietala: EHRs with proprietary interfaces represent a big barrier in healthcare
• Technodad: Isn’t question really what barriers exist for collaboration between providers and patients in healthcare?
• tetradian: Communication b/w patients and providers is only one (type) amongst very many
• Technodad: Agree. Debate needs to identify whose point of view the #healthcare problem is addressing.
• Dana_Gardner: Where to begin? A Tower of Babel exists on multiple levels among #healthcare ecosystems. Too complex to fix wholesale.
• EricStephens: Also, legal ramifications of sharing information may impede sharing
• efeatherston: Patient needs provider collaboration to see any true benefit (I don’t just go to one provider)
• Dana_Gardner: Improve first by identifying essential collaborative processes that have most impact, and then enable them as secure services.
• Technodad: In US at least, solutions will need to be patient-centric to span providers- Bring Your Own Wellness (BYOW™) for HC info.
• loseby: Lack of shared capabilities & interfaces between EHRs leads to providers w/o comprehensive view of patient
• EricStephens: Are incentives aligned sufficiently to encourage collaboration? + lack of technology integration.
• tetradian: Vast numbers of stakeholder-groups, many beyond medicine – e.g. pharma, university, politics, local care (esp. outside of US)
• jim_hietala: Gap in patient-centric information flow
• Technodad: I think patents will need to drive the collaboration – they have more incentive to manage info than providers.
• efeatherston: Agreed, stakeholder list could be huge
• EricStephens: High-deductible plans will drive patients (us) to own our health care experience
• Dana_Gardner: Take patient-centric approach to making #healthcare processes better: drives adoption, which drives productivity, more adoption
• jasonsleephd: Who thinks standards development and data sharing is an essential collaboration tool?
• tetradian: not always patient-centric – e.g. epidemiology /public-health is population centric – i.e. _everything_ is ‘the centre’
• jasonsleephd: How do we break through barriers to collaboration? For one thing, we need to create financial incentives to collaborate (e.g., ACOs)
• efeatherston: Agreed, the challenge is to get them to challenge (if that makes sense). Many do not question
• EricStephens: Some will deify those in a lab coat.
• efeatherston: Still do, especially older generations, cultural
• Technodad: Agree – also displaying, fusing data from different providers, labs, monitors etc.
• dianedanamac: Online collaboration, can be cost effective & promote better quality but must financially incented
• efeatherston: Good point, unless there is a benefit/incentive for provider, they may not be bothered to try
• tetradian: “must financially incented” – often other incentives work better – money can be a distraction – also who pays?

Participants identified barriers that are not atypical: financial disincentives, underpowered technology, failure to utilize existing capability, lack of motivation to collaborate. Yet all participants viewed more collaboration as key. Consensus developed around:
• The patient (and by one commenter, the population) as the main driver of collaboration, and
• The patient as the most important stakeholder at the center of information flow.

Question 2: Does implementing remote patient tele-monitoring and online collaboration drive better and more cost-effective patient care?
• EricStephens: “Hell yes” comes to mind. Why drag yourself into a dr. office when a device can send the information (w/ video)
• efeatherston: Will it? Will those with high deductible plans have ability/understanding/influence to push for it?
• EricStephens: Driving up participation could drive up efficacy
• jim_hietala: Big opportunities to improve patient care thru remote tele-monitoring
• jasonsleephd: Tele-ICUs can keep patients (and money) in remote settings while receiving quality care
• jasonsleephd: Remote monitoring of patients admitted with CHF can reduce rehospitalization w/i 6 months @connectedhealth.org
• Dana_Gardner: Yes! Pacemakers now uplink to centralized analysis centers, communicate trends back to attending doctor. Just scratches surface
• efeatherston: Amen. Do that now, monthly uplink, annual check in with doctor to discuss any trends he sees.
• tetradian: Assumes tele-monitoring options even exist – very wide range of device-capabilities, from very high to not-much, and still not common.
• tetradian: (General request to remember that there’s more to the world, and medicine, than just the US and its somewhat idiosyncratic systems?)
• efeatherston: Yes, I do find myself looking through the lens of my own experiences, forgetting the way we do things may not translate
• jasonsleephd: Amen to point about our idiosyncrasies! Still, we have to live with them, and we can do so much better with good information flow!
• Dana_Gardner: Governments should remove barriers so more remote patient tele-monitoring occurs. Need to address the malpractice risks issue.
• TerryBlevins: Absolutely. Just want the information to go to the right place!
• Technodad: . Isn’t “right place” someplace you & all your providers can access? Need interoperability!
• TerryBlevins: It requires interoperability yes – the info must flow to those that must know.
• Technodad: Many areas where continuous monitoring can help. Improved IoT (internet of things) sensors e.g. cardio, blood chemistry coming. http://t.co/M3xw3tNvv3
• tetradian: Ethical/privacy concerns re how/with-whom that data is shared – e.g. with pharma, research, epidemiology etc
• efeatherston: Add employers to that etc. list of how/who/what is shared

Participants agreed that remote patient monitoring and telemonitoring can improve collaboration, improve patient care, and put patients more in control of their own healthcare data. However, participants expressed concerns about lack of widespread availability and the related issue of high cost. In addition, they raised important questions about who has access to these data, and they addressed nagging privacy and liability concerns.

Question 3: Can a mobile strategy improve patient experience, empowerment and satisfaction? If so, how?
• jim_hietala: mobile is a key area where patient health information can be developed/captured
• EricStephens: Example: link blood sugar monitor to iPhone to MyFitnessPal + gamification to drive adherence (and drive $$ down?)
• efeatherston: Mobile along with #InternetOfThings, wearables linked to mobile. Contact lens measuring blood sugar in recent article as ex.
• TerryBlevins: Sick people, or people getting sick are on the move. In a patient centric world we must match need.
• EricStephens: Mobile becomes a great data acquisition point. Something as simple as SMS can drive adherence with complication drug treatments
• jasonsleephd: mHealth is a very important area for innovation, better collaboration, $ reduction & quality improvement. Google recent “Webby Awards & handheld devices”
• tetradian: Mobile can help – e.g. use of SMS for medicine in Africa etc
• Technodad: Mobile isn’t option any more. Retail, prescription IoT, mobile network & computing make this a must-have. http://t.co/b5atiprIU9
• dianedanamac: Providers need to be able to receive the information mHealth
• Dana_Gardner: Healthcare should go location-independent. Patient is anywhere, therefore so is care, data, access. More than mobile, IMHO.
• Technodad: Technology and mobile demand will outrun regional provider systems, payers, regulation
• Dana_Gardner: As so why do they need to be regional? Cloud can enable supply-demand optimization regardless of location for much.
• TerryBlevins: And the caregivers are also on the move!
• Dana_Gardner: Also, more machine-driven care, i.e. IBM Watson, for managing the routing and prioritization. Helps mitigate overload.
• Technodad: Agree – more on that later!
• Technodad: Regional providers are the reality in the US. Would love to have more national/global coverage.
• Dana_Gardner: Yes, let the market work its magic by making it a larger market, when information is the key.
• tetradian: “let the market do its work” – ‘the market’ is probably the quickest way to destroy trust! – not a good idea…
• Technodad: To me, problem is coordinating among multi providers, labs etc. My health info seems to move at glacial pace then.
• tetradian: “Regional providers are the reality in the US.” – people move around: get info follow them is _hard_ (1st-hand exp. there…)
• tetradian: danger of hype/fear-driven apps – may need regulation, or at least regulatory monitoring
• jasonsleephd: Regulators, as in FDA or something similar?
• tetradian: “Regulators as in FDA” etc – at least oversight of that kind, yes (cf. vitamins, supplements, health-advice services)
• jim_hietala: mobile, consumer health device innovation moving much faster than IT ability to absorb
• tetradian: also beware of IT-centrism and culture – my 90yr-old mother has a cell-phone, but has almost no idea how to use it!
• Dana_Gardner: Information and rely of next steps (in prevention or acute care) are key, and can be mobile. Bring care to the patient ASAP.

Participants began in full agreement. Mobile health is not even an option but a “given” now. Recognition that provider ability to receive information is lacking. Cloud viewed as means to overcome regionalization of data storage problems. When the discussion turned to further development of mHealth there was some debate on what can be left to the market and whether some form of regulatory action is needed.

Question 4: Does better information flow and availability in healthcare reduce operation cost, and free up resources for more patient care?
• tetradian: A4: should do, but it’s _way_ more complex than most IT-folks seem to expect or understand (e.g. repeated health-IT fails in UK)
• jim_hietala: A4: removing barriers to health info flow may reduce costs, but for me it’s mostly about opportunity to improve patient care
• jasonsleephd: Absolutely. Consider claims processing alone. Admin costs in private health ins. are 20% or more. In Medicare less than 2%.
• loseby: Absolutely! ACO model is proving it. Better information flow and availability also significantly reduces hospital admissions
• dianedanamac: I love it when the MD can access my x-rays and lab results so we have more time.
• efeatherston: I love it when the MD can access my x-rays and lab results so we have more time.
• EricStephens: More info flow + availability -> less admin staff -> more med staff.
• EricStephens: Get the right info to the ER Dr. can save a life by avoiding contraindicated medicines
• jasonsleephd: EricStephens GO CPOE!!
• TerryBlevins: @theopengroup. believe so, but ask the providers. My doctor is more focused on patient by using simple tech to improve info flow
• tetradian: don’t forget link b/w information-flows and trust – if trust fails, so does the information-flow – worse than where we started!
• jasonsleephd: Yes! Trust is really key to this conversation!
• EricStephens: processing a claim, in most cases, should be no more difficult than an expense report or online order. Real-time adjudication
• TerryBlevins: Great point.
• efeatherston: Agreed should be, would love to see it happen. Trust in the data as mentioned earlier is key (and the process)
• tetradian: A4: sharing b/w patient and MD is core, yes, but who else needs to access that data – or _not_ see it? #privacy
• TerryBlevins: A4: @theopengroup can’t forget that if info doesn’t flow sometimes the consequences are fatal, so unblocked the flow.
• tetradian: .@TerryBlevins A4: “if info doesn’t flow sometimes the consequences are fatal,” – v.important!
• Technodad: . @tetradian To me, problem is coordinating among multi providers, labs etc. My health info seems to move at glacial pace then.
• TerryBlevins: A4: @Technodad @tetradian I have heard that a patient moving on a gurney moves faster than the info in a hospital.
• Dana_Gardner: A4 Better info flow in #healthcare like web access has helped. Now needs to go further to be interactive, responsive, predictive.
• jim_hietala: A4: how about pricing info flow in healthcare, which is almost totally lacking
• Dana_Gardner: A4 #BigData, #cloud, machine learning can make 1st points of #healthcare contact a tech interface. Not sci-fi, but not here either.

Starting with the recognition that this is a very complicated issue, the conversation quickly produced a consensus view that mobile health is key, both to cost reduction and quality improvement and increased patient satisfaction. Trust that information is accurate, available and used to support trust in the provider-patient relationship emerged as a relevant issue. Then, naturally, privacy issues surfaced. Coordination of information flow and lack of interoperability were recognized as important barriers and the conversation finally turned somewhat abstract and technical with mentions of big data and the cloud and pricing information flows without much in the way of specifying how to connect the dots.

Question 5: Do you think payers and providers are placing enough focus on using technology to positively impact patient satisfaction?
• Technodad: A5: I think there are positive signs but good architecture is lacking. Current course will end w/ provider information stovepipes.
• TerryBlevins: A5: @theopengroup Providers are doing more. I think much more is needed for payers – they actually may be worse.
• theopengroup: @TerryBlevins Interesting – where do you see opportunities for improvements with payers?
• TerryBlevins: A5: @theopengroup like was said below claims processing – an onerous job for providers and patients – mostly info issue.
• tetradian: A5: “enough focus on using tech”? – no, not yet – but probably won’t until tech folks properly face the non-tech issues…
• EricStephens: A5 No. I’m not sure patient satisfaction (customer experience/CX?) is even a factor sometimes. Patients not treated like customers
• dianedanamac: .@EricStephens SO TRUE! Patients not treated like customers
• Technodad: . @EricStephens Amen to that. Stovepipe data in provider systems is barrier to understanding my health & therefore satisfaction.
• dianedanamac: “@mclark497: @EricStephens issue is the customer is treat as only 1 dimension. There is also the family experience to consider too
• tetradian: .@EricStephens A5: “Patients not treated like customers” – who _is_ ‘the customer’? – that’s a really tricky question…
• efeatherston: @tetradian @EricStephens Trickiest question. to the provider is the patient or the payer the customer?
• tetradian: .@efeatherston “patient or payer” – yeah, though it gets _way_ more complex than that once we explore real stakeholder-relations
• efeatherston: @tetradian So true.
• jasonsleephd: .@tetradian @efeatherston Very true. There are so many diff stakeholders. But to align payers and pts would be huge
• efeatherston: @jasonsleephd @tetradian re: aligning payers and patients, agree, it would be huge and a good thing
• jasonsleephd: .@efeatherston @tetradian @EricStephens Ideally, there should be no dividing line between the payer and the patient!
• efeatherston: @jasonsleephd @tetradian @EricStephens Ideally I agree, and long for that ideal world.
• EricStephens: .@jasonsleephd @efeatherston @tetradian the payer s/b a financial proxy for the patient. and nothing more
• TerryBlevins: @EricStephens @jasonsleephd @efeatherston @tetradian … got a LOL out of me.
• Technodad: . @tetradian @EricStephens That’s a case of distorted marketplace. #Healthcare architecture must cut through to patient.
• tetradian: .@Technodad “That’s a case of distorted marketplace.” – yep. now add in the politics of consultants and their hierarchies, etc?
• TerryBlevins: A5: @efeatherston @tetradian @EricStephens in patient cetric world it is the patient and or their proxy.
• jasonsleephd: A5: Not enough emphasis on how proven technologies and architectural structures in other industries can benefit healthcare
• jim_hietala: A5: distinct tension in healthcare between patient-focus and meeting mandates (a US issue)
• tetradian: .@jim_hietala A5: “meeting mandates (a US issue)” – UK NHS (national-health-service) may be even worse than US – a mess of ‘targets’
• EricStephens: A5 @jim_hietala …and avoiding lawsuits
• tetradian: A5: most IT-type tech still not well-suited to the level of mass-uniqueness inherent in the healthcare context
• Dana_Gardner: A5 They are using tech, but patient “satisfaction” not yet a top driver. We have a long ways to go on that. But it can help a ton.
• theopengroup: @Dana_Gardner Agree, there’s a long way to go. What would you say is the starting point for providers to tie the two together?
• Dana_Gardner: @theopengroup An incentive other than to avoid lawsuits. A transparent care ratings capability. Outcomes focus based on total health
• Technodad: A5: I’d be satisfied just to not have to enter my patient info & history on a clipboard in every different provider I go to!
• dianedanamac: A5 @tetradian Better data sharing & Collab. less redundancy, lower cost, more focus on patient needs -all possible w/ technology
• Technodad: A5: The patient/payer discussion is a red herring. If the patient weren’t there, rest of the system would be unnecessary.
• jim_hietala: RT @Technodad: The patient/payer discussion is a red herring. If the patient weren’t there, rest of system unnecessary. AMEN

Very interesting conversation. Positive signs of progress were noted but so too were indications that healthcare will remain far behind the technology curve in the foreseeable future. Providers were given higher “grades” than payers. Yet, claims processing would seemingly be one of the easiest areas for technology-assisted improvement. One discussant noted that there will not be enough focus on technology in healthcare “until the tech folks properly face the non-tech issues”. This would seem to open a wide door for EA experts to enter the healthcare domain! The barriers (and opportunities) to this may be the topic of another tweet jam, or Open Group White Paper.
Interestingly, part way into the discussion the topic turned to the lack of a real customer/patient focus in healthcare. Not enough emphasis on patient satisfaction. Not enough attention to patient outcomes. There needs to be a better/closer alignment between what motivates payers and the needs of patients.

Question 6: As some have pointed out, many of the EHR systems are highly proprietary, how can standards deliver benefits in healthcare?
• jim_hietala: A6: Standards will help by lowering the barriers to capturing data, esp. for mhealth, and getting it to point of care
• tetradian: .@jim_hietala “esp. for mhealth” – focus on mhealth may be a way to break the proprietary logjam, ‘cos it ain’t proprietary yet
• TerryBlevins: A6: @theopengroup So now I deal with at least 3 different EHR systems. All requiring me to be the info steward! Hmmm
• TerryBlevins: A6 @theopengroup following up if they shared data through standards maybe they can synchronize.
• EricStephens: A6 – Standards lead to better interoperability, increased viscosity of information which will lead to lowers costs, better outcomes.
• efeatherston: @EricStephens and greater trust in the info (as was mentioned earlier, trust in the information key to success)
• jasonsleephd: A6: Standards development will not kill innovation but rather make proprietary systems interoperable
• Technodad: A6: Metcalfe’s law rules! HC’s many providers-many patients structure means interop systems will be > cost effective in long run.
• tetradian: A6: the politics of this are _huge_, likewise the complexities – if we don’t face those issues right up-front, this is going nowhere

On his April 24, 2014 post at www.weblog.tetradian.com, Tom Graves provided a clearly stated position on the role of The Open Group in delivering standards to help healthcare improve. He wrote:

“To me, this is where The Open Group has an obvious place and a much-needed role, because it’s more than just an IT-standards body. The Open Group membership are mostly IT-type organisations, yes, which tends to guide towards IT-standards, and that’s unquestionably of importance here. Yet perhaps the real role for The Open Group as an organisation is in its capabilities and experience in building consortia across whole industries: EMMM™ and FACE are two that come immediately to mind. Given the maze of stakeholders and the minefields of vested-interests across the health-context, those consortia-building skills and experience are perhaps what’s most needed here.”

The Open Group is the ideal organization to engage in this work. There are many ways to collaborate. You can join The Open Group Healthcare Forum, follow the Forum on Twitter @ogHealthcare and connect on The Open Group Healthcare Forum LinkedIn Group.

Jason Lee headshotJason Lee, Director of Healthcare and Security Forums at The Open Group, has conducted healthcare research, policy analysis and consulting for over 20 years. He is a nationally recognized expert in healthcare organization, finance and delivery and applies his expertise to a wide range of issues, including healthcare quality, value-based healthcare, and patient-centered outcomes research. Jason worked for the legislative branch of the U.S. Congress from 1990-2000 — first at GAO, then at CRS, then as Health Policy Counsel for the Chairman of the House Energy and Commerce Committee (in which role the National Journal named him a “Top Congressional Aide” and he was profiled in the Almanac of the Unelected). Subsequently, Jason held roles of increasing responsibility with non-profit organizations — including AcademyHealth, NORC, NIHCM, and NEHI. Jason has published quantitative and qualitative findings in Health Affairs and other journals and his work has been quoted in Newsweek, the Wall Street Journal and a host of trade publications. He is a Fellow of the Employee Benefit Research Institute, was an adjunct faculty member at the George Washington University, and has served on several boards. Jason earned a Ph.D. in social psychology from the University of Michigan and completed two postdoctoral programs (supported by the National Science Foundation and the National Institutes of Health). He is the proud father of twins and lives outside of Boston.

Leave a comment

Filed under Boundaryless Information Flow™, Data management, Enterprise Architecture, Enterprise Transformation, Healthcare, Professional Development, Standards

The Open Group Summit Amsterdam – ArchiMate® Day – May 14, 2014

By Andrew Josey, Director of Standards, The Open Group

The Open Group Summit 2014 Amsterdam features an all day track on the ArchiMate® modeling language, followed by an ArchiMate Users Group meeting in the evening. The meeting attendees include the core developers of the ArchiMate language, users and tool developers.

The sessions include tutorials, a panel session on the past, present and future of the language and case studies. The Users Group meeting follows in the evening. The evening session is free and open to all — whether attending the rest of the conference or not — and starts at 6pm with free beer and pizza!

The timetable for ArchiMate Day is as follows:

• Tutorials (09:00 – 10:30), Henry Franken, CEO, BiZZdesign, and Alan Burnett, COO & Consulting Head, Corso

Henry Franken will show how the TOGAF® and ArchiMate® standards can be used to provide an actionable EA capability. Alan Burnett will present on how the ArchiMate language can be extended to support roadmapping, which is a fundamental part of strategic planning and enterprise architecture.

• Panel Discussion (11:00 – 12:30), Moderator: Henry Franken, Chair of The Open Group ArchiMate Forum

The  topic for the Panel Discussion is the ArchiMate Language — Past, Present and Future. The panel is comprised of key developers and users of the ArchiMate® language, including Marc Lankhorst and Henk Jonkers from the ArchiMate Core team, Jan van Gijsen from SNS REAAL, a Dutch financial institution, and Gerben Wierda author of Mastering ArchiMate. The session will include brief updates on current status from the panel members (30 minutes) and a 60-minute panel discussion with questions from the moderator and audience.

• Case Studies (14:00 – 16:00), Geert Van Grootel, Senior Researcher, Department of Economy, Science & Innovation, Flemish Government; Patrick Derde, Consultant, Envizion; and Pieter De Leenheer, Co-Founder and Research Director, Collibra. Walter Zondervan, Member – Architectural Board, ASL-BiSL Foundation. Adina Aldea, BiZZdesign.

There are three case studies:

Geert Van Grootel, Patrick Derde, and Pieter De Leenheer will present on how you can manage your business meta data by means of the use of data model patterns and an Integrated Information Architecture approach supported by a standard formal architecture language ArchiMate.

Walter Zondervan will present an ArchiMate reference architecture for governance, based on BiSL.

Adina Aldea will present on how high level strategic models can be used and modelled based on the Strategizer method.

• ArchiMate Users Group Meeting (18:00 – 21:00)

The evening session is free and open to all — whether attending the rest of the conference or not. It will start at 6pm with free beer and pizza. Invited speakers for the Users Group Meeting include: Andrew Josey, Henk Jonkers,  Marc Lankhorst and Gerben Wierda:

- Andrew Josey will present on the ArchiMate certification program and adoption of the language
- Henk Jonkers will present on modeling risk and security
- Marc Lankhorst will present about capability modeling in ArchiMate
- Gerben Wierda will present about relating ArchiMate and BPMN

Why should you attend?
• Spend time interacting directly with other ArchiMate users and tool providers in a relaxed, engaging environment
• Opportunity to listen and understand how ArchiMate can be used to develop solutions to common industry problems
• Learn about the future directions and meet with key users and developers of the language and tools
• Interact with peers to broaden your expertise and knowledge in the ArchiMate language

For detailed information, see the ArchiMate Day agenda at http://www.opengroup.org/amsterdam2014/archimate / or our YouTube event video at http://youtu.be/UVARza3uZZ4

How to register

Registration for the ArchiMate® Users Group meeting is independent of The Open Group Conference registration. There is no fee but registration is required. Please register here, select one-day pass for pass type, insert the promotion code (AMST14-AUG), tick the box against Wednesday May 14th and select ArchiMate Users Group from the conference session list. You will then be registered for the event and should not be charged.  Please note that this promotion code should only be used for those attending only the evening meeting from 6:00 p.m. Anyone attending the conference or just the ArchiMate Day will have to pay the applicable registration fee.  User Group members who want to attend The Open Group conference and who are not members of The Open Group can register using the affiliate code AMST14-AFFIL.

 Andrew Josey is Director of Standards within The Open Group. He is currently managing the standards process for The Open Group, and has recently led the standards development projects for TOGAF® 9.1, ArchiMate 2.1, IEEE Std 1003.1-2008 (POSIX), and the core specifications of the Single UNIX Specification, Version 4. Previously, he has led the development and operation of many of The Open Group certification development projects, including industry-wide certification programs for the UNIX system, the Linux Standard Base, TOGAF, and IEEE POSIX. He is a member of the IEEE, USENIX, UKUUG, and the Association of Enterprise Architects.

Leave a comment

Filed under ArchiMate®, Enterprise Architecture, Professional Development, Standards, TOGAF®, Uncategorized

The Financial Incentive for Health Information Exchanges

By Jim Hietala, VP, Security, The Open Group

Health IT professionals have always known that interoperability would be one of the most important aspects of the Affordable Care Act (ACA). Now doctors have financial incentive to be proactive in taking part in the process of exchange information between computer systems.

According to a recent article in MedPage Today, doctors are now “clamoring” for access to patient information ahead of the deadlines for the government’s “meaningful use” program. Doctors and hospitals will get hit with fines for not knowing about patients’ health histories, for patient readmissions and unnecessary retesting. “Meaningful use” refers to provisions in the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act, which authorized incentive payments through Medicare and Medicaid to clinicians and hospitals that use electronic health records in a meaningful way that significantly improves clinical care.
Doctors who accept Medicare will find themselves penalized for not adopting or successfully demonstrating meaningful use of a certified electronic health record (EHR) technology by 2015. Health professionals’ Medicare physician fee schedule amount for covered professional services will be adjusted down by 1% each year for certain categories.  If less than 75% of Eligible Professionals (EPs) have become meaningful users of EHRs by 2018, the adjustment will change by 1% point each year to a maximum of 5% (95% of Medicare covered amount).

With the stick, there’s also a carrot. The Medicare and Medicaid EHR Incentive Programs provide incentive payments to eligible professionals, eligible hospitals and critical access hospitals (CAHs) as they adopt, implement, upgrade or demonstrate meaningful use of certified EHR technology. Eligible professionals can receive up to $44,000 through the Medicare EHR Incentive Program and up to $63,750 through the Medicaid EHR Incentive Program.

According to HealthIT.Gov, interoperability is essential for applications that interact with users (such as e-prescribing), systems that communicate with each other (such as messaging standards) information processes and management (such as health information exchange) how consumer devices integrate with other systems and applications (such as tablet, smart phones and PCs).

The good news is that more and more hospitals and doctors are participating in data exchanges and sharing patient information. On January 30th, the eHealth Exchange, formerly the Nationwide Health Information Network, and operated by Healtheway, reported a surge in network participation numbers and increases in secure online transactions among members.

According to the news release, membership in the eHealth Exchange is currently pegged at 41 participants who together represent some 800 hospitals, 6,000 mid-to-large medical groups, 800 dialysis centers and 850 retail pharmacies nationwide. Some of the earliest members to sign on with the exchange were the Veterans Health Administration, Department of Defense, Kaiser Permanente, the Social Security Administration and Dignity Health.

While the progress in health information exchanges is good, there is still much work to do in defining standards, so that the right information is available at the right time and place to enable better patient care. Devices are emerging that can capture continuous information on our health status. The information captured by these devices can enable better outcomes, but only if the information is made readily available to medical professionals.

The Open Group recently formed The Open Group Healthcare Forum, which focuses on bringing  Boundaryless Information Flow™ to the healthcare industry enabling data to flow more easily throughout the complete healthcare ecosystem.  By leveraging the discipline and principles of Enterprise Architecture, including TOGAF®, an Open Group standard, the forum aims to develop standardized vocabulary and messaging that will result in higher quality outcomes, streamlined business practices and innovation within the industry.

62940-hietalaJim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT security, risk management and healthcare programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

1 Comment

Filed under Boundaryless Information Flow™, Enterprise Architecture, Healthcare, Professional Development, Standards, TOGAF®, Uncategorized

Accrediting the Global Supply Chain: A Conversation with O-TTPS Recognized Assessors Fiona Pattinson and Erin Connor

By The Open Group 

At the recent San Francisco 2014 conference, The Open Group Trusted Technology Forum (OTTF) announced the launch of the Open Trusted Technology Provider™ Standard (O-TTPS) Accreditation Program.

The program is one the first accreditation programs worldwide aimed at assuring the integrity of commercial off-the-shelf (COTS) information and communication technology (ICT) products and the security of their supply chains.

In three short years since OTTF launched, the forum has grown to include more than 25 member companies dedicated to safeguarding the global supply chain against the increasing sophistication of cybersecurity attacks through standards. Accreditation is yet another step in the process of protecting global technology supply chains from maliciously tainted and counterfeit products.

As part of the program, third-party assessor companies will be employed to assess organizations applying for accreditation, with The Open Group serving as the vendor-neutral Accreditation Authority that operates the program.  Prior to the launch, the forum conducted a pilot program with a number of member companies. It was announced at the conference that IBM is the first company to becoming accredited, earning accreditation for its Application, Infrastructure and Middleware (AIM), software business division for its product integrity and supply chain practices.

We recently spoke with OTTF members Fiona Pattinson, director of strategy and business development at Atsec Information Security, and Erin Connor, director at EWA-Canada, at the San Francisco conference to learn more about the assessment process and the new program.

The O-TTPS focus is on securing the technology supply chain. What would you say are the biggest threats facing the supply chain today?

Fiona Pattinson (FP): I think in the three years since the forum began certainly all the members have discussed the various threats quite a lot. It was one of things we discussed as an important topic early on, and I don’t know if it’s the ‘biggest threat,’ but certainly the most important threats that we needed to address initially were those of counterfeit and maliciously tainted products. We came to that through both discussion with all the industry experts in the forum and also through research into some of the requirements from government, so that’s exactly how we knew which threats [to start with].

Erin Connor (EC):  And the forum benefits from having both sides of the acquisition process, both acquirers, and the suppliers and vendors. So they get both perspectives.

How would you define maliciously tainted and counterfeit products?

FP:  They are very carefully defined in the standard—we needed to do that because people’s understanding of that can vary so much.

EC: And actually the concept of ‘maliciously’ tainted was incorporated close to the end of the development process for the standard at the request of members on the acquisition side of the process.

[Note: The standard precisely defines maliciously tainted and counterfeit products as follows:

"The two major threats that acquirers face today in their COTS ICT procurements, as addressed in this Standard, are defined as:

1. Maliciously tainted product – the product is produced by the provider and is acquired

through a provider’s authorized channel, but has been tampered with maliciously.

2. Counterfeit product – the product is produced other than by, or for, the provider, or is

supplied to the provider by other than a provider’s authorized channel and is presented as being legitimate even though it is not."]

The OTTF announced the Accreditation Program for the OTTP Standard at the recent San Francisco conference. Tell us about the standard and how the accreditation program will help ensure conformance to it?

EC: The program is intended to provide organizations with a way to accredit their lifecycle processes for their product development so they can prevent counterfeit or maliciously tainted components from getting into the products they are selling to an end user or into somebody else’s supply chain. It was determined that a third-party type of assessment program would be used. For the organizations, they will know that we Assessors have gone through a qualification process with The Open Group and that we have in place all that’s required on the management side to properly do an assessment. From the consumer side, they have confidence the assessment has been completed by an independent third-party, so they know we aren’t beholden to the organizations to give them a passing grade when perhaps they don’t deserve it. And then of course The Open Group is in position to oversee the whole process and award the final accreditation based on the recommendation we provide.  The Open Group will also be the arbiter of the process between the assessors and organizations if necessary. 

FP:  So The Open Group’s accreditation authority is validating the results of the assessors.

EC: It’s a model that is employed in many, many other product or process assessment and evaluation programs where the actual accreditation authority steps back and have third parties do the assessment.

FP: It is important that the assessor companies are working to the same standard so that there’s no advantage in taking one assessor over the other in terms of the quality of the assessments that are produced.

How does the accreditation program work?

FP: Well, it’s brand new so we don’t know if it is perfect yet, but having said that, we have worked over several months on defining the process, and we have drawn from The Open Group’s existing accreditation programs, as well as from the forum experts who have worked in the accreditation field for many years. We have been performing pilot accreditations in order to check out how the process works. So it is already tested.

How does it actually work? Well, first of all an organization will feel the need to become accredited and at that point will apply to The Open Group to get the accreditation underway. Once their scope of accreditation – which may be as small as one product or theoretically as large as a whole global company – and once the application is reviewed and approved by The Open Group, then they engage an assessor.

There is a way of sampling a large scope to identify the process variations in a larger scope using something we term ‘selective representative products.’ It’s basically a way of logically sampling a big scope so that we capture the process variations within the scope and make sure that the assessment is kept to a reasonable size for the organization undergoing the assessment, but it also gives good assurance to the consumers that it is a representative sample. The assessment is performed by the Recognized Assessor company, and a final report is written and provided to The Open Group for their validation. If everything is in order, then the company will be accredited and their scope of conformance will be added to the accreditation register and trademarked.

EC: So the customers of that organization can go and check the registration for exactly what products are covered by the scope.

FP: Yes, the register is public and anybody can check. So if IBM says WebSphere is accredited, you can go and check that claim on The Open Group web site.

How long does the process take or does it vary?

EC: It will vary depending on how large the scope to be accredited is in terms of the size of the representative set and the documentation evidence. It really does depend on what the variations in the processes are among the product lines as to how long it takes the assessor to go through the evidence and then to produce the report. The other side of the coin is how long it takes the organization to produce the evidence. It may well be that they might not have it totally there at the outset and will have to create some of it.

FP: As Erin said, it varies by the complexity and the variation of the processes and hence the number of selected representative products. There are other factors that can influence the duration. There are three parties influencing that: The applicant Organization, The Open Group’s Accreditation Authority and the Recognized Assessor.

For example, we found that the initial work by the Organization and the Accreditation Authority in checking the scope and the initial documentation can take a few weeks for a complex scope, of course for the pilots we were all new at doing that. In this early part of the project it is vital to get the scope both clearly defined and approved since it is key to a successful accreditation.

It is important that an Organization assigns adequate resources to help keep this to the shortest time possible, both during the initial scope discussions, and during the assessment. If the Organization can provide all the documentation before they get started, then the assessors are not waiting for that and the duration of the assessment can be kept as short as possible.

Of course the resources assigned by the Recognized Assessor also influences how long an assessment takes. A variable for the assessors is how much documentation do they have to read and review? It might be small or it might be a mountain.

The Open Group’s final review and oversight of the assessment takes some time and is influenced by resource availability within that organization. If they have any questions it may take a little while to resolve.

What kind of safeguards does the accreditation program put in place for enforcing the standard?

FP: It is a voluntary standard—there’s no requirement to comply. Currently some of the U.S. government organizations are recommending it. For example, NASA in their SEWP contract and some of the draft NIST documents on Supply Chain refer to it, too.

EC: In terms of actual oversight, we review what their processes are as assessors, and the report and our recommendations are based on that review. The accreditation expires after three years so before the three years is up, the organization should actually get the process underway to obtain a re-accreditation.  They would have to go through the process again but there will be a few more efficiencies because they’ve done it before. They may also wish to expand the scope to include the other product lines and portions of the company. There aren’t any periodic ‘spot checks’ after accreditation to make sure they’re still following the accredited processes, but part of what we look at during the assessment is that they have controls in place to ensure they continue doing the things they are supposed to be doing in terms of securing their supply chain.

FP:  And then the key part is the agreement the organizations signs with The Open Group includes the fact the organization warrant and represent that they remain in conformance with the standard throughout the accreditation period. So there is that assurance too, which builds on the more formal assessment checks.

What are the next steps for The Open Group Trusted Technology Forum?  What will you be working on this year now that the accreditation program has started?

FP: Reviewing the lessons we learned through the pilot!

EC: And reviewing comments from members on the standard now that it’s publicly available and working on version 1.1 to make any corrections or minor modifications. While that’s going on, we’re also looking ahead to version 2 to make more substantial changes, if necessary. The standard is definitely going to be evolving for a couple of years and then it will reach a steady state, which is the normal evolution for a standard.

For more details on the O-TTPS accreditation program, to apply for accreditation, or to learn more about becoming an O-TTPS Recognized Assessor visit the O-TTPS Accreditation page.

For more information on The Open Group Trusted Technology Forum please visit the OTTF Home Page.

The O-TTPS standard and the O-TTPS Accreditation Policy they are freely available from the Trusted Technology Section in The Open Group Bookstore.

For information on joining the OTTF membership please contact Mike Hickey – m.hickey@opengroup.org

Fiona Pattinson Fiona Pattinson is responsible for developing new and existing atsec service offerings.  Under the auspices of The Open Group’s OTTF, alongside many expert industry colleagues, Fiona has helped develop The Open Group’s O-TTPS, including developing the accreditation program for supply chain security.  In the past, Fiona has led service developments which have included establishing atsec’s US Common Criteria laboratory, the CMVP cryptographic module testing laboratory, the GSA FIPS 201 TP laboratory, TWIC reader compliance testing, NPIVP, SCAP, PCI, biometrics testing and penetration testing. Fiona has responsibility for understanding a broad range of information security topics and the application of security in a wide variety of technology areas from low-level design to the enterprise level.

ErinConnorErin Connor is the Director at EWA-Canada responsible for EWA-Canada’s Information Technology Security Evaluation & Testing Facility, which includes a Common Criteria Test Lab, a Cryptographic & Security Test Lab (FIPS 140 and SCAP), a Payment Assurance Test Lab (device testing for PCI PTS POI & HSM, Australian Payment Clearing Association and Visa mPOS) and an O-TTPS Assessor lab Recognized by the Open Group.  Erin participated with other expert members of the Open Group Trusted Technology Forum (OTTF) in the development of The Open Group Trusted Technology Provider Standard for supply chain security and its accompanying Accreditation Program.  Erin joined EWA-Canada in 1994 and his initial activities in the IT Security and Infrastructure Assurance field included working on the team fielding a large scale Public Key Infrastructure system, Year 2000 remediation and studies of wireless device vulnerabilities.  Since 2000, Erin has been working on evaluations of a wide variety of products including hardware security modules, enterprise security management products, firewalls, mobile device and management products, as well as system and network vulnerability management products.  He was also the only representative of an evaluation lab in the Biometric Evaluation Methodology Working Group, which developed a proposed methodology for the evaluation of biometric technologies under the Common Criteria.

Comments Off

Filed under Accreditations, Cybersecurity, OTTF, Professional Development, Standards, Supply chain risk

The Open Group and APMG Work Together to Promote TOGAF® and ArchiMate®

The APM Group (APMG) and The Open Group have announced a new partnership whereby APMG will support the accreditation services of The Open Group’s products. The arrangement will initially focus on TOGAF® and ArchiMate®, both standards of The Open Group.

APMG’s team of global assessors will be supporting The Open Group’s internal accreditation team in conducting their assessment activities. The scope of the assessments will focus on organizations, materials and training delivery.

“A significant value to The Open Group in this new venture is the ability to utilize APMG’s team of experienced multi-lingual assessors who are based throughout the world.  This will help The Open Group establish new markets and ensure quality support of existing markets, “ said James de Raeve, Vice President of Certification at The Open Group.

Richard Pharro, CEO of APMG said, “This agreement presents an excellent opportunity to APMG Accredited Training Organizations which are interested in training in The Open Group’s products, as their existing APMG accredited status will be recognized by The Open Group. We believe our global network will significantly enhance the awareness and take up of TOGAF and ArchiMate.”

About The Open Group

The Open Group is an international vendor- and technology-neutral consortium upon which organizations rely to lead the development of IT standards and certifications, and to provide them with access to key industry peers, suppliers and best practices. The Open Group provides guidance and an open environment in order to ensure interoperability and vendor neutrality. Further information on The Open Group can be found at http://opengroup.org.

About APM Group

The APM Group is one of the world’s largest certification bodies for knowledge based workers. As well as the certifications mentioned above, we offer competency-based assessments for specialist roles in the security and aerospace industries. We work with government agencies to help develop people who can achieve great things for the organizations they work for.

4 Comments

Filed under ArchiMate®, Certifications, Professional Development, Standards, TOGAF®

The Open Group London – Day Two Highlights

By Loren K. Baynes, Director, Global Marketing Communications

We eagerly jumped into the second day of our Business Transformation conference in London on Tuesday October 22nd!  The setting is the magnificent Central Hall Westminster.

Steve Nunn, COO of The Open Group and CEO of Association of Enterprise Architects (AEA), started off the morning introducing our plenary based on Healthcare Transformation.  Steve noted that the numbers in healthcare spend are huge and bringing Enterprise Architecture (EA) to healthcare will help with efficiencies.

The well-renowned Dr. Peter Sudbury, Healthcare Specialist with HP Enterprise Services, discussed the healthcare crisis (dollars, demand, demographics), the new healthcare paradigm, barriers to change and innovation. Dr. Sudbury also commented on the real drivers of healthcare costs: healthcare inflation is higher intrinsically; innovation increases cost; productivity improvements lag other industries.

IMG_sudburyDr. Peter Sudbury

Dr. Sudbury, Larry Schmidt (Chief Technologist, HP) and Roar Engen (Head of Enterprise Architecture, Helse Sør-Øst RHF, Norway) participated in the Healthcare Transformation Panel, moderated by Steve Nunn.  The group discussed opportunities for improvement by applying EA in healthcare.  They mentioned that physicians, hospitals, drug manufacturers, nutritionists, etc. should all be working together and using Boundaryless Information Flow™ to ensure data is smoothly shared across all entities.  It was also stated that TOGAF® is beneficial for efficiencies.

Following the panel, Dr. Mario Tokoro (Founder & Executive Advisor of Sony Computer Science Laboratories, Inc. Japanese Science & Technology Agency, DEOS Project Leader) reviewed the Dependability through Assuredness™ standard, a standard of The Open Group.

The conference also offered many sessions in Finance/Commerce, Government and Tutorials/Workshops.

Margaret Ford, Consult Hyperion, UK and Henk Jonkers of BIZZdesign, Netherlands discussed “From Enterprise Architecture to Cyber Security Risk Assessment”.  The key takeaways were: complex cyber security risks require systematic, model-based risk assessment; attack navigators can provide this by linking ArchiMate® to the Risk Taxonomy.

“Applying Service-Oriented Architecture within a Business Technology Environment in the Finance Sector” was presented by Gerard Peters, Managing Consultant, Capgemini, The Netherlands. This case study is part of a white paper on Service-Oriented Architecture for Business Technology (SOA4BT).

You can view all of the plenary and many of the track presentations at livestream.com.  And for those who attended, full conference proceedings will be available.

The night culminated with a spectacular experience on the London Eye, the largest Ferris wheel in Europe located on the River Thames.

Comments Off

Filed under ArchiMate®, Cloud/SOA, Enterprise Architecture, Enterprise Transformation, Healthcare, Professional Development, Service Oriented Architecture, TOGAF®

The Open Group London 2013 – Day One Highlights

By Loren K. Baynes, Director, Global Marketing Communications

On Monday October 21st, The Open Group kicked off the first day of our Business Transformation conference in London!  Over 275 guests attended many engaging presentations by subject matter experts in finance, healthcare and government.  Attendees from around the globe represented 28 countries including those from as far away as Columbia, Philippines, Australia, Japan and South Africa.

Allen Brown, President and CEO of The Open Group, welcomed the prestigious group.  Allen announced that The Open Group has 67 new member organizations so far this year!

The plenary launched with “Just Exactly What is Going On in Business and Technology?” by Andy Mulholland, Former Global CTO of Capgemini, who was named one of the top 25 influential CTOs by InfoWorld.  Andy’s key topics regarding digital disruption included real drivers of change, some big and fundamental implications, business model innovation, TOGAF® and the Open Platform 3.0™ initiative.

Next up was Judith Jones, CEO, Architecting the Enterprise Ltd., with a presentation entitled “One World EA Framework for Governments – The Way Forward”.  Judith shared findings from the World Economic Forum, posing the question “what keeps 1000 global leaders awake at night”? Many stats were presented with over 50 global risks – economical, societal, environmental, geopolitical and technological.

Jim Hietala, VP, Security of The Open Group announced the launch of the Open FAIR Certification for People Program.  The new program brings a much-needed certification to the market which focuses on risk analysis. Key partners include CXOWARE, Architecting the Enterprise, SNA Technologies and The Unit bv.

Richard Shreeve, Consultancy Director, IPL and Angela Parratt, Head of Transformation and joint CIO, Bath and North East Somerset Council presented “Using EA to Inform Business Transformation”.  Their case study addressed the challenges of modeling complexity in diverse organizations and the EA-led approach to driving out cost and complexity while maintaining the quality of service delivery.

Allen Brown announced that the Jericho Forum® leaders together with The Open Group management have concluded that the Jericho Forum has achieved its original mission – to establish “de-perimeterization” that touches all areas of modern business.  In declaring this mission achieved, we are now in the happy position to celebrate a decade of success and move to ensuring that the legacy of the Jericho Forum is both maintained within The Open Group and continues to be built upon.  (See photo below.)

Following the plenary, the sessions were divided into tracks – Finance/Commerce, Healthcare and Tutorials/Workshops.

During the Healthcare track, one of the presenters, Larry Schmidt, Chief Technologist with HP, discussed “Challenges and Opportunities for Big Data in Healthcare”. Larry elaborated on the 4 Vs of Big Data – value, velocity, variety and voracity.

Among the many presenters in the Finance/Commerce track, Omkhar Arasaratnam, Chief Security Architect, TD Bank Group, Canada, featured “Enterprise Architecture – We Do That?: How (not) to do Enterprise Architecture at a Bank”.  Omkhar provided insight as to how he took traditional, top down, center-based architectural methodologies and applied it to a highly federated environment.

Tutorials/workshops consisted of EA Practice and Architecture Methods and Techniques.

You can view all of the plenary and many of the track presentations at livestream.com.  For those who attended, please stay tuned for the full conference proceedings.

The evening concluded with a networking reception at the beautiful and historic and Central Hall Westminster.  What an interesting, insightful, collaborative day it was!

IMG_1311

Comments Off

Filed under Cybersecurity, Cloud/SOA, TOGAF®, Certifications, Information security, Standards, Security Architecture, Cloud, Business Architecture, Conference, Professional Development, Open Platform 3.0, RISK Management

Gaining Dependability Across All Business Activities Requires Standard of Standards to Tame Dynamic Complexity, Says The Open Group CEO

By Dana Gardner, Interarbor Solutions

Listen to the recorded podcast here

Hello, and welcome to a special BriefingsDirect Thought Leadership

Interview series, coming to you in conjunction with The Open Group Conference on July 15, in Philadelphia.

88104-aaadanaI’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator throughout these discussions on enterprise transformation in the finance, government, and healthcare sector.

We’re here now with the President and CEO of The Open Group, Allen Brown, to explore the increasingly essential role of standards, in an undependable, unpredictable world. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

Welcome back, Allen.

Allen Brown: It’s good to be here, Dana. abrown

Gardner: What are the environmental variables that many companies are facing now as they try to improve their businesses and assess the level of risk and difficulty? It seems like so many moving targets.

 Brown: Absolutely. There are a lot of moving targets. We’re looking at a situation where organizations are having to put in increasingly complex systems. They’re expected to make them highly available, highly safe, highly secure, and to do so faster and cheaper. That’s kind of tough.

Gardner: One of the ways that organizations have been working towards a solution is to have a standardized approach, perhaps some methodologies, because if all the different elements of their business approach this in a different way, we don’t get too far too quickly, and it can actually be more expensive.

Perhaps you could paint for us the vision of an organization like The Open Group in terms of helping organizations standardize and be a little bit more thoughtful and proactive towards these changed elements?

Brown: With the vision of The Open Group, the headline is “Boundaryless Information Flow.” That was established back in 2002, at a time when organizations were breakingdown the stovepipes or the silos within and between organizations and getting people to work together across functioning. They found, having done that, or having made some progress towards that, that the applications and systems were built for those silos. So how can we provide integrated information for all those people?

As we have moved forward, those boundaryless systems have become bigger

and much more complex. Now, boundarylessness and complexity are giving everyone different types of challenges. Many of the forums or consortia that make up The Open Group are all tackling it from their own perspective, and it’s all coming together very well.

We have got something like the Future Airborne Capability Environment (FACE) Consortium, which is a managed consortium of The Open Group focused on federal aviation. In the federal aviation world they’re dealing with issues like weapons systems.

New weapons

Over time, building similar weapons is going to be more expensive, inflation happens. But the changing nature of warfare is such that you’ve then got a situation where you’ve got to produce new weapons. You have to produce them quickly and you have to produce them inexpensively.

So how can we have standards that make for more plug and play? How can the avionics within a cockpit of whatever airborne vehicle be more interchangeable, so that they can be adapted more quickly and do things faster and at lower cost.

After all, cost is a major pressure on government departments right now.

We’ve also got the challenges of the supply chain. Because of the pressure on costs, it’s critical that large, complex systems are developed using a global supply chain. It’s impossible to do it all domestically at a cost. Given that, countries around the world, including the US and China, are all concerned about what they’re putting into their complex systems that may have tainted or malicious code or counterfeit products.

The Open Group Trusted Technology Forum (OTTF) provides a standard that ensures that, at each stage along the supply chain, we know that what’s going into the products is clean, the process is clean, and what goes to the next link in the chain is clean. And we’re working on an accreditation program all along the way.

We’re also in a world, which when we mention security, everyone is concerned about being attacked, whether it’s cybersecurity or other areas of security, and we’ve got to concern ourselves with all of those as we go along the way.

Our Security Forum is looking at how we build those things out. The big thing about large, complex systems is that they’re large and complex. If something goes wrong, how can you fix it in a prescribed time scale? How can you establish what went wrong quickly and how can you address it quickly?

If you’ve got large, complex systems that fail, it can mean human life, as it did with the BP oil disaster at Deepwater Horizon or with Space Shuttle Challenger. Or it could be financial. In many organizations, when something goes wrong, you end up giving away service.

An example that we might use is at a railway station where, if the barriers don’t work, the only solution may be to open them up and give free access. That could be expensive. And you can use that analogy for many other industries, but how can we avoid that human or financial cost in any of those things?

A couple of years after the Space Shuttle Challenger disaster, a number of criteria were laid down for making sure you had dependable systems, you could assess risk, and you could know that you would mitigate against it.

What The Open Group members are doing is looking at how you can get dependability and assuredness through different systems. Our Security Forum has done a couple of standards that have got a real bearing on this. One is called Dependency Modeling, and you can model out all of the dependencies that you have in any system.

Simple analogy

A very simple analogy is that if you are going on a road trip in a car, you’ve got to have a competent driver, have enough gas in the tank, know where you’re going, have a map, all of those things.

What can go wrong? You can assess the risks. You may run out of gas or you may not know where you’re going, but you can mitigate those risks, and you can also assign accountability. If the gas gauge is going down, it’s the driver’s accountability to check the gauge and make sure that more gas is put in.

We’re trying to get that same sort of thinking through to these large complex systems. What you’re looking at doing, as you develop or evolve large, complex systems, is to build in this accountability and build in understanding of the dependencies, understanding of the assurance cases that you need, and having these ways of identifying anomalies early, preventing anything from failing. If it does fail, you want to minimize the stoppage and, at the same time, minimize the cost and the impact, and more importantly, making sure that that failure never happens again in that system.

The Security Forum has done the Dependency Modeling standard. They have also provided us with the Risk Taxonomy. That’s a separate standard that helps us analyze risk and go through all of the different areas of risk.

Now, the Real-time & Embedded Systems Forum has produced the Dependability through Assuredness, a standard of The Open Group, that brings all of these things together. We’ve had a wonderful international endeavor on this, bringing a lot of work from Japan, working with the folks in the US and other parts of the world. It’s been a unique activity.

Dependability through Assuredness depends upon having two interlocked cycles. The first is a Change Management Cycle that says that, as you look at requirements, you build out the dependencies, you build out the assurance cases for those dependencies, and you update the architecture. Everything has to start with architecture now.

You build in accountability, and accountability, importantly, has to be accepted. You can’t just dictate that someone is accountable. You have to have a negotiation. Then, through ordinary operation, you assess whether there are anomalies that can be detected and fix those anomalies by new requirements that lead to new dependabilities, new assurance cases, new architecture and so on.

The other cycle that’s critical in this, though, is the Failure Response Cycle. If there is a perceived failure or an actual failure, there is understanding of the cause, prevention of it ever happening again, and repair. That goes through the Change Accommodation Cycle as well, to make sure that we update the requirements, the assurance cases, the dependability, the architecture, and the accountability.

So the plan is that with a dependable system through that assuredness, we can manage these large, complex systems much more easily.

Gardner: Allen, many of The Open Group activities have been focused at the enterprise architect or business architect levels. Also with these risk and security issues, you’re focusing at chief information security officers or governance, risk, and compliance (GRC), officials or administrators. It sounds as if the Dependability through Assuredness standard shoots a little higher. Is this something a board-level mentality or leadership should be thinking about, and is this something that reports to them?

Board-level issue

Brown: In an organization, risk is a board-level issue, security has become a board-level issue, and so has organization design and architecture. They’re all up at that level. It’s a matter of the fiscal responsibility of the board to make sure that the organization is sustainable, and to make sure that they’ve taken the right actions to protect their organization in the future, in the event of an attack or a failure in their activities.

The risks to an organization are financial and reputation, and those risks can be very real. So, yes, they should be up there. Interestingly, when we’re looking at areas like business architecture, sometimes that might be part of the IT function, but very often now we’re seeing as reporting through the business lines. Even in governments around the world, the business architects are very often reporting up to business heads.

Gardner: Here in Philadelphia, you’re focused on some industry verticals, finance, government, health. We had a very interesting presentation this morning by Dr. David Nash, who is the Dean of the Jefferson School of Population Health, and he had some very interesting insights about what’s going on in the United States vis-à-vis public policy and healthcare.

One of the things that jumped out at me was, at the end of his presentation, he was saying how important it was to have behavior modification as an element of not only individuals taking better care of themselves, but also how hospitals, providers, and even payers relate across those boundaries of their organization.

That brings me back to this notion that these standards are very powerful and useful, but without getting people to change, they don’t have the impact that they should. So is there an element that you’ve learned and that perhaps we can borrow from Dr. Nash in terms of applying methods that actually provoke change, rather than react to change?

Brown: Yes, change is a challenge for many people. Getting people to change is like taking a horse to water, but will it drink? We’ve got to find methods of doing that.

One of the things about The Open Group standards is that they’re pragmatic and practical standards. We’ve seen’ in many of our standards’ that where they apply to product or service, there is a procurement pull through. So the FACE Consortium, for example, a $30 billion procurement means that this is real and true.

In the case of healthcare, Dr. Nash was talking about the need for boundaryless information sharing across the organizations. This is a major change and it’s a change to the culture of the organizations that are involved. It’s also a change to the consumer, the patient, and the patient advocates.

All of those will change over time. Some of that will be social change, where the change is expected and it’s a social norm. Some of that change will change as people and generations develop. The younger generations are more comfortable with authority that they perceive with the healthcare professionals, and also of modifying the behavior of the professionals.

The great thing about the healthcare service very often is that we have professionals who want to do a number of things. They want to improve the lives of their patients, and they also want to be able to do more with less.

Already a need

There’s already a need. If you want to make any change, you have to create a need, but in healthcare, there is already a pent-up need that people see that they want to change. We can provide them with the tools and the standards that enable it to do that, and standards are critically important, because you are using the same language across everyone.

It’s much easier for people to apply the same standards if they are using the same language, and you get a multiplier effect on the rate of change that you can achieve by using those standards. But I believe that there is this pent-up demand. The need for change is there. If we can provide them with the appropriate usable standards, they will benefit more rapidly.

Gardner: Of course, measuring the progress with the standards approach helps as well. We can determine where we are along the path as either improvements are happening or not happening. It gives you a common way of measuring.

The other thing that was fascinating to me with Dr. Nash’s discussion was that he was almost imploring the IT people in the crowd to come to the rescue. He’s looking for a cavalry and he’d really seemed to feel that IT, the data, the applications, the sharing, the collaboration, and what can happen across various networks, all need to be brought into this.

How do we bring these worlds together? There is this policy, healthcare and population statisticians are doing great academic work, and then there is the whole IT world. Is this something that The Open Group can do — bridge these large, seemingly unrelated worlds?

Brown: At the moment, we have the capability of providing the tools for them to do that and the processes for them to do that. Healthcare is a very complex world with the administrators and the healthcare professionals. You have different grades of those in different places. Each department and each organization has its different culture, and bringing them together is a significant challenge.

In some of that processes, certainly, you start with understanding what it is you’re trying to address. You start with what are the pain points, what are the challenges, what are the blockages, and how can we overcome those blockages? It’s a way of bringing people together in workshops. TOGAF, a standard of The Open Group, has the business scenario method, bringing people together, building business scenarios, and understanding what people’s pain points are.

As long as we can then follow through with the solutions and not disappoint people, there is the opportunity for doing that. The reality is that you have to do that in small areas at a time. We’re not going to take the entire population of the United States and get everyone in the workshop and work altogether.

But you can start in pockets and then generate evangelists, proof points, and successful case studies. The work will then start emanating out to all other areas.

Gardner: It seems too that, with a heightened focus on vertical industries, there are lessons that could be learned in one vertical industry and perhaps applied to another. That also came out in some of the discussions around big data here at the conference.

The financial industry recognized the crucial role that data plays, made investments, and brought the constituencies of domain expertise in finance with the IT domain expertise in data and analysis, and came up with some very impressive results.

Do you see that what has been the case in something like finance is now making its way to healthcare? Is this an enterprise or business architect role that opens up more opportunity for those individuals as business and/or enterprise architects in healthcare? Why don’t we see more enterprise architects in healthcare?

Good folks

Brown: I don’t know. We haven’t run the numbers to see how many there are. There are some very competent enterprise architects within the healthcare industry around the world. We’ve got some good folks there.

The focus of The Open Group for the last couple of decades or so has always been on horizontal standards, standards that are applicable to any industry. Our focus is always about pragmatic standards that can be implemented and touched and felt by end-user consumer organizations.

Now, we’re seeing how we can make those even more pragmatic and relevant by addressing the verticals, but we’re not going to lose the horizontal focus. We’ll be looking at what lessons can be learned and what we can build on. Big data is a great example of the fact that the same kind of approach of gathering the data from different sources, whatever that is, and for mixing it up and being able to analyze it, can be applied anywhere.

The challenge with that, of course, is being able to capture it, store it, analyze it, and make some sense of it. You need the resources, the storage, and the capability of actually doing that. It’s not just a case of, “I’ll go and get some big data today.”

I do believe that there are lessons learned that we can move from one industry to another. I also believe that, since some geographic areas and some countries are ahead of others, there’s also a cascading of knowledge and capability around the world in a given time scale as well.

Gardner: Well great. I’m afraid we’ll have to leave it there. We’ve been talking about the increasingly essential role of standards in a complex world, where risk and dependability become even more essential. We have seen how The Open Group is evolving to meet these challenges through many of its activities and through many of the discussions here at the conference.

Please join me now in thanking our guest, Allen Brown, President and CEO of The Open Group. Thank you.

Brown: Thanks for taking the time to talk to us, Dana.

Comments Off

Filed under ArchiMate®, Business Architecture, Cloud, Conference, Enterprise Architecture, Healthcare, Open Platform 3.0, Professional Development, Service Oriented Architecture, TOGAF, TOGAF®

Speaking the Language of Business with TOGAF®

By Glenn Evans, Senior Consultant at Enterprise Architects

TOGAF-A-personal-journey

I remember as a young child coming from a ‘non-sports obsessed’ family, I didn’t know what a yorker was, didn’t know what ‘LBW’ meant, or why Dennis Lillee or Geoffrey Boycott were such legends. I was ill equipped to join in on those all-important schoolboy conversations – the Monday morning autopsy of the weekend’s sporting events. Similarly, 30 years later, enterprise architecture presented me with the same dilemma. 

I remember as a junior IT engineer, I’d hear the technology choice made by the customer was for ‘business reasons’, not what was logical in my technical view of the world. I now see ‘Architecture’ was influencing the project decisions, it was the source of the ‘business reasons’.

In my early days as an Architect, it was like being back at primary school; I struggled with the conversation. There was a level of assumed knowledge with respect to the conversation and the process that was not readily accessible to me. So, I learnt the long and hard way.

Fast forward a decade or so… As a mandatory requirement of my new role with Enterprise Architects I recently attended our TOGAF® training. To be honest, I anticipated another dry, idealistic framework that, whilst relevant to the work that I do, would probably not be all that practical and would be difficult to apply to a real world situation. How wrong was I?

Don’t misunderstand! The TOGAF® manual is dry! Yes it is “another framework” and yes you do need to tailor it to the situation you are in, but this is one of its greatest strengths, this is what makes it so flexible and therefore relevant and applicable to real world situations. But it’s not the framework itself that has me excited. It’s what it enables.

To me TOGAF®:

  • Is a common language, linking the discovery from each of the domains together and to the business requirements, across different levels of the business in an iterative process.
  • Provides a toolset to articulate the complex, simply. 
  • Provides a backstop, giving traceable, auditable decision support for those difficult conversations.
  • Allows the development of focused visual models of complex and disparate sets of data.

This was clearly demonstrated to me on a recent engagement. I was deep in thought, staring at a collection of printed Architecture Models displayed on a wall. One of the admin staff with no IT or business background asked me what “it all meant”. I spent a few minutes explaining that these were models of the business and the technology used in it. Not only did they immediately understand the overall concept of what they were looking at, they were actually able to start extracting real insights from the models.

In my mind, it doesn’t get any better than that. I wish I had known about TOGAF® a decade ago, I would have been a better architect – and a lot sooner.

Glenn EvansGlenn Evans is a Senior Consultant for Enterprise Architects and is based in Melbourne, Australia.

This is an extract from Glenn’s recent blog post on the Enterprise Architects web site which you can view here.

2 Comments

Filed under Certifications, Enterprise Architecture, Enterprise Transformation, Professional Development, TOGAF, TOGAF®

The Open Group Conference to Emphasize Healthcare as Key Sector for Ecosystem-Wide Interactions

By Dana Gardner, Interarbor Solutions

Listen to the recorded podcast here

Dana Gardner: Hello, and welcome to a special BriefingsDirect Thought Leadership Interview series, coming to you in conjunction with The Open Group Conference on July 15, in Philadelphia. Registration to the conference remains open. Follow the conference on Twitter at #ogPHL.

Gardner

I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator throughout these discussions on enterprise transformation in the finance, government, and healthcare sector.

We’re here now with a panel of experts to explore how new IT trends are empowering improvements, specifically in the area of healthcare. We’ll learn how healthcare industry organizations are seeking large-scale transformation and what are some of the paths they’re taking to realize that.

We’ll see how improved cross-organizational collaboration and such trends as big data and cloud computing are helping to make healthcare more responsive and efficient.

With that, please join me in welcoming our panel, Jason Uppal, Chief Architect and Acting CEO at clinicalMessage. Welcome, Jason.

Jason Uppal: Thank you, Dana.

Inside of healthcare and inside the healthcare ecosystem, information either doesn’t flow well or it only flows at a great cost.

Gardner: And we’re also joined by Larry Schmidt, Chief Technologist at HP for the Health and Life Sciences Industries. Welcome, Larry.

Larry Schmidt: Thank you.

Gardner: And also, Jim Hietala, Vice President of Security at The Open Group. Welcome back, Jim. [Disclosure: The Open Group and HP are sponsors of BriefingsDirect podcasts.]

Jim Hietala: Thanks, Dana. Good to be with you.

Gardner: Let’s take a look at this very interesting and dynamic healthcare sector, Jim. What, in particular, is so special about healthcare and why do things like enterprise architecture and allowing for better interoperability and communication across organizational boundaries seem to be so relevant here?

Hietala: There’s general acknowledgement in the industry that, inside of healthcare and inside the healthcare ecosystem, information either doesn’t flow well or it only flows at a great cost in terms of custom integration projects and things like that.

Fertile ground

From The Open Group’s perspective, it seems that the healthcare industry and the ecosystem really is fertile ground for bringing to bear some of the enterprise architecture concepts that we work with at The Open Group in order to improve, not only how information flows, but ultimately, how patient care occurs.

Gardner: Larry Schmidt, similar question to you. What are some of the unique challenges that are facing the healthcare community as they try to improve on responsiveness, efficiency, and greater capabilities?

Schmidt: There are several things that have not really kept up with what technology is able to do today.

For example, the whole concept of personal observation comes into play in what we would call “value chains” that exist right now between a patient and a doctor. We look at things like mobile technologies and want to be able to leverage that to provide additional observation of an individual, so that the doctor can make a more complete diagnosis of some sickness or possibly some medication that a person is on.

We want to be able to see that observation in real life, as opposed to having to take that in at the office, which typically winds up happening. I don’t know about everybody else, but every time I go see my doctor, oftentimes I get what’s called white coat syndrome. My blood pressure will go up. But that’s not giving the doctor an accurate reading from the standpoint of providing great observations.

Technology has advanced to the point where we can do that in real time using mobile and other technologies, yet the communication flow, that information flow, doesn’t exist today, or is at best, not easily communicated between doctor and patient.

There are plenty of places that additional collaboration and communication can improve the whole healthcare delivery model.

If you look at the ecosystem, as Jim offered, there are plenty of places that additional collaboration and communication can improve the whole healthcare delivery model.

That’s what we’re about. We want to be able to find the places where the technology has advanced, where standards don’t exist today, and just fuel the idea of building common communication methods between those stakeholders and entities, allowing us to then further the flow of good information across the healthcare delivery model.

Gardner: Jason Uppal, let’s think about what, in addition to technology, architecture, and methodologies can bring to bear here? Is there also a lag in terms of process thinking in healthcare, as well as perhaps technology adoption?

Uppal: I’m going to refer to a presentation that I watched from a very well-known surgeon from Harvard, Dr. Atul Gawande. His point was is that, in the last 50 years, the medical industry has made great strides in identifying diseases, drugs, procedures, and therapies, but one thing that he was alluding to was that medicine forgot the cost, that everything is cost.

At what price?

Today, in his view, we can cure a lot of diseases and lot of issues, but at what price? Can anybody actually afford it?

Uppal

His view is that if healthcare is going to change and improve, it has to be outside of the medical industry. The tools that we have are better today, like collaborative tools that are available for us to use, and those are the ones that he was recommending that we need to explore further.

That is where enterprise architecture is a powerful methodology to use and say, “Let’s take a look at it from a holistic point of view of all the stakeholders. See what their information needs are. Get that information to them in real time and let them make the right decisions.”

Therefore, there is no reason for the health information to be stuck in organizations. It could go with where the patient and providers are, and let them make the best decision, based on the best practices that are available to them, as opposed to having siloed information.

So enterprise-architecture methods are most suited for developing a very collaborative environment. Dr. Gawande was pointing out that, if healthcare is going to improve, it has to think about it not as medicine, but as healthcare delivery.

There are definitely complexities that occur based on the different insurance models and how healthcare is delivered across and between countries.

Gardner: And it seems that not only are there challenges in terms of technology adoption and even operating more like an efficient business in some ways. We also have very different climates from country to country, jurisdiction to jurisdiction. There are regulations, compliance, and so forth.

Going back to you, Larry, how important of an issue is that? How complex does it get because we have such different approaches to healthcare and insurance from country to country?

Schmidt: There are definitely complexities that occur based on the different insurance models and how healthcare is delivered across and between countries, but some of the basic and fundamental activities in the past that happened as a result of delivering healthcare are consistent across countries.

As Jason has offered, enterprise architecture can provide us the means to explore what the art of the possible might be today. It could allow us the opportunity to see how innovation can occur if we enable better communication flow between the stakeholders that exist with any healthcare delivery model in order to give us the opportunity to improve the overall population.

After all, that’s what this is all about. We want to be able to enable a collaborative model throughout the stakeholders to improve the overall health of the population. I think that’s pretty consistent across any country that we might work in.

Ongoing work

Gardner: Jim Hietala, maybe you could help us better understand what’s going on within The Open Group and, even more specifically, at the conference in Philadelphia. There is the Population Health Working Group and there is work towards a vision of enabling the boundaryless information flow between the stakeholders. Any other information and detail you could offer would be great.[Registration to the conference remains open. Follow the conference on Twitter at #ogPHL.]

Hietala: On Tuesday of the conference, we have a healthcare focus day. The keynote that morning will be given by Dr. David Nash, Dean of the Jefferson School of Population Health. He’ll give what’s sure to be a pretty interesting presentation, followed by a reactors’ panel, where we’ve invited folks from different stakeholder constituencies.

Hietala

We are going to have clinicians there. We’re going to have some IT folks and some actual patients to give their reaction to Dr. Nash’s presentation. We think that will be an interesting and entertaining panel discussion.

The balance of the day, in terms of the healthcare content, we have a workshop. Larry Schmidt is giving one of the presentations there, and Jason and myself and some other folks from our working group are involved in helping to facilitate and carry out the workshop.

The goal of it is to look into healthcare challenges, desired outcomes, the extended healthcare enterprise, and the extended healthcare IT enterprise and really gather those pain points that are out there around things like interoperability to surface those and develop a work program coming out of this.

We want to be able to enable a collaborative model throughout the stakeholders to improve the overall health of the population.

So we expect it to be an interesting day if you are in the healthcare IT field or just the healthcare field generally, it would definitely be a day well spent to check it out.

Gardner: Larry, you’re going to be talking on Tuesday. Without giving too much away, maybe you can help us understand the emphasis that you’re taking, the area that you’re going to be exploring.

Schmidt: I’ve titled the presentation “Remixing Healthcare through Enterprise Architecture.” Jason offered some thoughts as to why we want to leverage enterprise architecture to discipline healthcare. My thoughts are that we want to be able to make sure we understand how the collaborative model would work in healthcare, taking into consideration all the constituents and stakeholders that exist within the complete ecosystem of healthcare.

This is not just collaboration across the doctors, patients, and maybe the payers in a healthcare delivery model. This could be out as far as the drug companies and being able to get drug companies to a point where they can reorder their raw materials to produce new drugs in the case of an epidemic that might be occurring.

Real-time model

It would be a real-time model that allows us the opportunity to understand what’s truly happening, both to an individual from a healthcare standpoint, as well as to a country or a region within a country and so on from healthcare. This remixing of enterprise architecture is the introduction to that concept of leveraging enterprise architecture into this collaborative model.

Then, I would like to talk about some of the technologies that I’ve had the opportunity to explore around what is available today in technology. I believe we need to have some type of standardized messaging or collaboration models to allow us to further facilitate the ability of that technology to provide the value of healthcare delivery or betterment of healthcare to individuals. I’ll talk about that a little bit within my presentation and give some good examples.

It’s really interesting. I just traveled from my company’s home base back to my home base and I thought about something like a body scanner that you get into in the airport. I know we’re in the process of eliminating some of those scanners now within the security model from the airports, but could that possibly be something that becomes an element within healthcare delivery? Every time your body is scanned, there’s a possibility you can gather information about that, and allow that to become a part of your electronic medical record.

There is a lot of information available today that could be used in helping our population to be healthier.

Hopefully, that was forward thinking, but that kind of thinking is going to play into the art of the possible, with what we are going to be doing, both in this presentation and talking about that as part of the workshop.

Gardner: Larry, we’ve been having some other discussions with The Open Group around what they call Open Platform 3.0™, which is the confluence of big data, mobile, cloud computing, and social.

One of the big issues today is this avalanche of data, the Internet of things, but also the Internet of people. It seems that the more work that’s done to bring Open Platform 3.0 benefits to bear on business decisions, it could very well be impactful for centers and other data that comes from patients, regardless of where they are, to a medical establishment, regardless of where it is.

So do you think we’re really on the cusp of a significant shift in how medicine is actually conducted?

Schmidt: I absolutely believe that. There is a lot of information available today that could be used in helping our population to be healthier. And it really isn’t only the challenge of the communication model that we’ve been speaking about so far. It’s also understanding the information that’s available to us to take that and make that into knowledge to be applied in order to help improve the health of the population.

As we explore this from an as-is model in enterprise architecture to something that we believe we can first enable through a great collaboration model, through standardized messaging and things like that, I believe we’re going to get into even deeper detail around how information can truly provide empowered decisions to physicians and individuals around their healthcare.

So it will carry forward into the big data and analytics challenges that we have talked about and currently are talking about with The Open Group.

Healthcare framework

Gardner: Jason Uppal, we’ve also seen how in other business sectors, industries have faced transformation and have needed to rely on something like enterprise architecture and a framework like TOGAF® in order to manage that process and make it something that’s standardized, understood, and repeatable.

It seems to me that healthcare can certainly use that, given the pace of change, but that the impact on healthcare could be quite a bit larger in terms of actual dollars. This is such a large part of the economy that even small incremental improvements can have dramatic effects when it comes to dollars and cents.

So is there a benefit to bringing enterprise architect to healthcare that is larger and greater than other sectors because of these economics and issues of scale?

Uppal: That’s a great way to think about this thing. In other industries, applying enterprise architecture to do banking and insurance may be easily measured in terms of dollars and cents, but healthcare is a fundamentally different economy and industry.

It’s not about dollars and cents. It’s about people’s lives, and loved ones who are sick, who could very easily be treated, if they’re caught in time and the right people are around the table at the right time. So this is more about human cost than dollars and cents. Dollars and cents are critical, but human cost is the larger play here.

Whatever systems and methods are developed, they have to work for everybody in the world.

Secondly, when we think about applying enterprise architecture to healthcare, we’re not talking about just the U.S. population. We’re talking about global population here. So whatever systems and methods are developed, they have to work for everybody in the world. If the U.S. economy can afford an expensive healthcare delivery, what about the countries that don’t have the same kind of resources? Whatever methods and delivery mechanisms you develop have to work for everybody globally.

That’s one of the things that a methodology like TOGAF brings out and says to look at it from every stakeholder’s point of view, and unless you have dealt with every stakeholder’s concerns, you don’t have an architecture, you have a system that’s designed for that specific set of audience.

The cost is not this 18 percent of the gross domestic product in the U.S. that is representing healthcare. It’s the human cost, which is many multitudes of that. That’s is one of the areas where we could really start to think about how do we affect that part of the economy, not the 18 percent of it, but the larger part of the economy, to improve the health of the population, not only in the North America, but globally.

If that’s the case, then what really will be the impact on our greater world economy is improving population health, and population health is probably becoming our biggest problem in our economy.

We’ll be testing these methods at a greater international level, as opposed to just at an organization and industry level. This is a much larger challenge. A methodology like TOGAF is a proven and it could be stressed and tested to that level. This is a great opportunity for us to apply our tools and science to a problem that is larger than just dollars. It’s about humans.

All “experts”

Gardner: Jim Hietala, in some ways, we’re all experts on healthcare. When we’re sick, we go for help and interact with a variety of different services to maintain our health and to improve our lifestyle. But in being experts, I guess that also means we are witnesses to some of the downside of an unconnected ecosystem of healthcare providers and payers.

One of the things I’ve noticed in that vein is that I have to deal with different organizations that don’t seem to communicate well. If there’s no central process organizer, it’s really up to me as the patient to pull the lines together between the different services — tests, clinical observations, diagnosis, back for results from tests, sharing the information, and so forth.

Have you done any studies or have anecdotal information about how that boundaryless information flow would be still relevant, even having more of a centralized repository that all the players could draw on, sort of a collaboration team resource of some sort? I know that’s worked in other industries. Is this not a perfect opportunity for that boundarylessness to be managed?

Hietala: I would say it is. We all have experiences with going to see a primary physician, maybe getting sent to a specialist, getting some tests done, and the boundaryless information that’s flowing tends to be on paper delivered by us as patients in all the cases.

So the opportunity to improve that situation is pretty obvious to anybody who’s been in the healthcare system as a patient. I think it’s a great place to be doing work. There’s a lot of money flowing to try and address this problem, at least here in the U.S. with the HITECH Act and some of the government spending around trying to improve healthcare.

We’ll be testing these methods at a greater international level, as opposed to just at an organization and industry level.

You’ve got healthcare information exchanges that are starting to develop, and you have got lots of pain points for organizations in terms of trying to share information and not having standards that enable them to do it. It seems like an area that’s really a great opportunity area to bring lots of improvement.

Gardner: Let’s look for some examples of where this has been attempted and what the success brings about. I’ll throw this out to anyone on the panel. Do you have any examples that you can point to, either named organizations or anecdotal use case scenarios, of a better organization, an architectural approach, leveraging IT efficiently and effectively, allowing data to flow, putting in processes that are repeatable, centralized, organized, and understood. How does that work out?

Uppal: I’ll give you an example. One of the things that happens when a patient is admitted to hospital and in hospital is that they get what’s called a high-voltage care. There is staff around them 24×7. There are lots of people around, and every specialty that you can think of is available to them. So the patient, in about two or three days, starts to feel much better.

When that patient gets discharged, they get discharged to home most of the time. They go from very high-voltage care to next to no care. This is one of the areas where in one of the organizations we work with is able to discharge the patient and, instead of discharging them to the primary care doc, who may not receive any records from the hospital for several days, they get discharged to into a virtual team. So if the patient is at home, the virtual team is available to them through their mobile phone 24×7.

Connect with provider

If, at 3 o’clock in the morning, the patient doesn’t feel right, instead of having to call an ambulance to go to hospital once again and get readmitted, they have a chance to connect with their care provider at that time and say, “This is what the issue is. What do you want me to do next? Is this normal for the medication that I am on, or this is something abnormal that is happening?”

When that information is available to that care provider who may not necessarily have been part of the care team when the patient was in the hospital, that quick readily available information is key for keeping that person at home, as opposed to being readmitted to the hospital.

We all know that the cost of being in a hospital is 10 times more than it is being at home. But there’s also inconvenience and human suffering associated with being in a hospital, as opposed to being at home.

Those are some of the examples that we have, but they are very limited, because our current health ecosystem is a very organization specific, not  patient and provider specific. This is the area there is a huge room for opportunities for healthcare delivery, thinking about health information, not in the context of the organization where the patient is, as opposed to in a cloud, where it’s an association between the patient and provider and health information that’s there.

Extending that model will bring infinite value to not only reducing the cost, but improving the cost and quality of care.

In the past, we used to have emails that were within our four walls. All of a sudden, with Gmail and Yahoo Mail, we have email available to us anywhere. A similar thing could be happening for the healthcare record. This could be somewhere in the cloud’s eco setting, where it’s securely protected and used by only people who have granted access to it.

Those are some of the examples where extending that model will bring infinite value to not only reducing the cost, but improving the cost and quality of care.

Schmidt: Jason touched upon the home healthcare scenario and being able to provide touch points at home. Another place that we see evolving right now in the industry is the whole concept of mobile office space. Both countries, as well as rural places within countries that are developed, are actually getting rural hospitals and rural healthcare offices dropped in by helicopter to allow the people who live in those communities to have the opportunity to talk to a doctor via satellite technologies and so on.

The whole concept of a architecture around and being able to deal with an extension of what truly lines up being telemedicine is something that we’re seeing today. It would be wonderful if we could point to things like standards that allow us to be able to facilitate both the communication protocols as well as the information flows in that type of setting.

Many corporations can jump on the bandwagon to help the rural communities get the healthcare information and capabilities that they need via the whole concept of telemedicine.

That’s another area where enterprise architecture has come into play. Now that we see examples of that working in the industry today, I am hoping that as part of this working group, we’ll get to the point where we’re able to facilitate that much better, enabling innovation to occur for multiple companies via some of the architecture or the architecture work we are planning on producing.

Single view

Gardner: It seems that we’ve come a long way on the business side in many industries of getting a single view of the customer, as it’s called, the customer relationship management, big data, spreading the analysis around among different data sources and types. This sounds like a perfect fit for a single view of the patient across their life, across their care spectrum, and then of course involving many different types of organizations. But the government also needs to have a role here.

Jim Hietala, at The Open Group Conference in Philadelphia, you’re focusing on not only healthcare, but finance and government. Regarding the government and some of the agencies that you all have as members on some of your panels, how well do they perceive this need for enterprise architecture level abilities to be brought to this healthcare issue?

Hietala: We’ve seen encouraging signs from folks in government that are encouraging to us in bringing this work to the forefront. There is a recognition that there needs to be better data flowing throughout the extended healthcare IT ecosystem, and I think generally they are supportive of initiatives like this to make that happen.

Gardner: Of course having conferences like this, where you have a cross pollination between vertical industries, will perhaps allow some of the technical people to talk with some of the government people too and also have a conversation with some of the healthcare people. That’s where some of these ideas and some of the collaboration could also be very powerful.

We’ve seen encouraging signs from folks in government that are encouraging to us in bringing this work to the forefront.

I’m afraid we’re almost out of time. We’ve been talking about an interesting healthcare transition, moving into a new phase or even era of healthcare.

Our panel of experts have been looking at some of the trends in IT and how they are empowering improvement for how healthcare can be more responsive and efficient. And we’ve seen how healthcare industry organizations can take large scale transformation using cross-organizational collaboration, for example, and other such tools as big data, analytics, and cloud computing to help solve some of these issues.

This special BriefingsDirect discussion comes to you in conjunction with The Open Group Conference this July in Philadelphia. Registration to the conference remains open. Follow the conference on Twitter at #ogPHL, and you will hear more about healthcare or Open Platform 3.0 as well as enterprise transformation in the finance, government, and healthcare sectors.

With that, I’d like to thank our panel. We’ve been joined today by Jason Uppal, Chief Architect and Acting CEO at clinicalMessage. Thank you so much, Jason.

Uppal: Thank you, Dana.

Gardner: And also Larry Schmidt, Chief Technologist at HP for the Health and Life Sciences Industries. Thanks, Larry.

Schmidt: You bet, appreciate the time to share my thoughts. Thank you.

Gardner: And then also Jim Hietala, Vice President of Security at The Open Group. Thanks so much.

Hietala: Thank you, Dana.

Gardner: This is Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator throughout these thought leader interviews. Thanks again for listening and come back next time.

Comments Off

Filed under ArchiMate®, Business Architecture, Cloud, Conference, Enterprise Architecture, Healthcare, Open Platform 3.0, Professional Development, Service Oriented Architecture, TOGAF, TOGAF®

As Platform 3.0 ripens, expect agile access and distribution of actionable intelligence across enterprises, says The Open Group panel

By Dana Gardner, Interarbor Solutions

Listen to the recorded podcast here

This latest BriefingsDirect discussion, leading into the The Open Group Conference on July 15 in Philadelphia, brings together a panel of experts to explore the business implications of the current shift to so-called Platform 3.0.

Known as the new model through which big data, cloud, and mobile and social — in combination — allow for advanced intelligence and automation in business, Platform 3.0 has so far lacked standards or even clear definitions.

The Open Group and its community are poised to change that, and we’re here now to learn more how to leverage Platform 3.0 as more than a IT shift — and as a business game-changer. It will be a big topic at next week’s conference.

The panel: Dave Lounsbury, Chief Technical Officer at The Open Group; Chris Harding, Director of Interoperability at The Open Group, and Mark Skilton, Global Director in the Strategy Office at Capgemini. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.

This special BriefingsDirect thought leadership interview comes in conjunction with The Open Group Conference, which is focused on enterprise transformation in the finance, government, and healthcare sectors. Registration to the conference remains open. Follow the conference on Twitter at #ogPHL. [Disclosure: The Open Group is a sponsor of this and other BriefingsDirect podcasts.]

Here are some excerpts:

Gardner: A lot of people are still wrapping their minds around this notion of Platform 3.0, something that is a whole greater than the sum of the parts. Why is this more than an IT conversation or a shift in how things are delivered? Why are the business implications momentous?

Lounsbury: Well, Dana, there are lot of IT changes or technical changes going on that are bringing together a lot of factors. They’re turning into this sort of super-saturated solution of ideas and possibilities and this emerging idea that this represents a new platform. I think it’s a pretty fundamental change.

Lounsbury

If you look at history, not just the history of IT, but all of human history, you see that step changes in societies and organizations are frequently driven by communication or connectedness. Think about the evolution of speech or the invention of the alphabet or movable-type printing. These technical innovations that we’re seeing are bringing together these vast sources of data about the world around us and doing it in real time.

Further, we’re starting to see a lot of rapid evolution in how you turn data into information and presenting the information in a way such that people can make decisions on it. Given all that we’re starting to realize, we’re on the cusp of another step of connectedness and awareness.

Fundamental changes

This really is going to drive some fundamental changes in the way we organize ourselves. Part of what The Open Group is doing, trying to bring Platform 3.0 together, is to try to get ahead of this and make sure that we understand not just what technical standards are needed, but how businesses will need to adapt and evolve what business processes they need to put in place in order to take maximum advantage of this to see change in the way that we look at the information.

Harding: Enterprises have to keep up with the way that things are moving in order to keep their positions in their industries. Enterprises can’t afford to be working with yesterday’s technology. It’s a case of being able to understand the information that they’re presented, and make the best decisions.

Harding

We’ve always talked about computers being about input, process, and output. Years ago, the input might have been through a teletype, the processing on a computer in the back office, and the output on print-out paper.

Now, we’re talking about the input being through a range of sensors and social media, the processing is done on the cloud, and the output goes to your mobile device, so you have it wherever you are when you need it. Enterprises that stick in the past are probably going to suffer.

Gardner: Mark Skilton, the ability to manage data at greater speed and scale, the whole three Vs — velocity, volume, and value — on its own could perhaps be a game changing shift in the market. The drive of mobile devices into lives of both consumers and workers is also a very big deal.

Of course, cloud has been an ongoing evolution of emphasis towards agility and efficiency in how workloads are supported. But is there something about the combination of how these are coming together at this particular time that, in your opinion, substantiates The Open Group’s emphasis on this as a literal platform shift?

Skilton: It is exactly that in terms of the workloads. The world we’re now into is the multi-workload environment, where you have mobile workloads, storage and compute workloads, and social networking workloads. There are many different types of data and traffic today in different cloud platforms and devices.

Skilton

It has to do with not just one solution, not one subscription model — because we’re now into this subscription-model era … the subscription economy, as one group tends to describe it. Now, we’re looking for not only just providing the security, the infrastructure, to deliver this kind of capability to a mobile device, as Chris was saying. The question is, how can you do this horizontally across other platforms? How can you integrate these things? This is something that is critical to the new order.

So Platform 3.0 addressing this point by bringing this together. Just look at the numbers. Look at the scale that we’re dealing with — 1.7 billion mobile devices sold in 2012, and 6.8 billion subscriptions estimated according to the International Telecommunications Union (ITU) equivalent to 96 percent of the world population.

Massive growth

We had massive growth in scale of mobile data traffic and internet data expansion. Mobile data is increasing 18 percent fold from 2011 to 2016 reaching 130 exabytes annually.  We passed 1 zettabyte of global online data storage back in 2010 and IP data traffic predicted to pass 1.3 zettabytes by 2016, with internet video accounting for 61 percent of total internet data according to Cisco studies.

These studies also predict data center traffic combining network and internet based storage will reach 6.6 zettabytes annually, and nearly two thirds of this will be cloud based by 2016.  This is only going to grow as social networking is reaching nearly one in four people around the world with 1.7 billion using at least one form of social networking in 2013, rising to one in three people with 2.55 billion global audience by 2017 as another extraordinary figure from an eMarketing.com study.

It is not surprising that many industry analysts are seeing growth in technologies of mobility, social computing, big data and cloud convergence at 30 to 40 percent and the shift to B2C commerce passing $1 trillion in 2012 is just the start of a wider digital transformation.

These numbers speak volumes in terms of the integration, interoperability, and connection of the new types of business and social realities that we have today.

Gardner: Why should IT be thinking about this as a fundamental shift, rather than a modest change?

Lounsbury: A lot depends on how you define your IT organization. It’s useful to separate the plumbing from the water. If we think of the water as the information that’s flowing, it’s how we make sure that the water is pure and getting to the places where you need to have the taps, where you need to have the water, etc.

But the plumbing also has to be up to the job. It needs to have the capacity. It needs to have new tools to filter out the impurities from the water. There’s no point giving someone data if it’s not been properly managed or if there’s incorrect information.

What’s going to happen in IT is not only do we have to focus on the mechanics of the plumbing, where we see things like the big database that we’ve seen in the open-source  role and things like that nature, but there’s the analytics and the data stewardship aspects of it.

We need to bring in mechanisms, so the data is valid and kept up to date. We need to indicate its freshness to the decision makers. Furthermore, IT is going to be called upon, whether as part of the enterprise IP or where end users will drive the selection of what they’re going to do with analytic tools and recommendation tools to take the data and turn it into information. One of the things you can’t do with business decision makers is overwhelm them with big rafts of data and expect them to figure it out.

You really need to present the information in a way that they can use to quickly make business decisions. That is an addition to the role of IT that may not have been there traditionally — how you think about the data and the role of what, in the beginning, was called data scientist and things of that nature.

Shift in constituency

Skilton: I’d just like to add to Dave’s excellent points about, the shape of data has changed, but also about why should IT get involved. We’re seeing that there’s a shift in the constituency of who is using this data.

We have the Chief Marketing Officer and the Chief Procurement Officer and other key line of business managers taking more direct control over the uses of information technology that enable their channels and interactions through mobile, social and data analytics. We’ve got processes that were previously managed just by IT and are now being consumed by significant stakeholders and investors in the organization.

We have to recognize in IT that we are the masters of our own destiny. The information needs to be sorted into new types of mobile devices, new types of data intelligence, and ways of delivering this kind of service.

I read recently in MIT Sloan Management Review an article that asked what is the role of the CIO. There is still the critical role of managing the security, compliance, and performance of these systems. But there’s also a socialization of IT, and this is where  the  positioning architectures which are cross platform is key to  delivering real value to the business users in the IT community.

Gardner: How do we prevent this from going off the rails?

Harding: This a very important point. And to add to the difficulties, it’s not only that a whole set of different people are getting involved with different kinds of information, but there’s also a step change in the speed with which all this is delivered. It’s no longer the case, that you can say, “Oh well, we need some kind of information system to manage this information. We’ll procure it and get a program written” that a year later that would be in place in delivering reports to it.

Now, people are looking to make sense of this information on the fly if possible. It’s really a case of having the platforms be the standard technology platform and also the systems for using it, the business processes, understood and in place.

Then, you can do all these things quickly and build on learning from what people have gone in the past, and not go out into all sorts of new experimental things that might not lead anywhere. It’s a case of building up the standard platform in the industry best practice. This is where The Open Group can really help things along by being a recipient and a reflector of best practice and standard.

Skilton: Capgemini has been doing work in this area. I break it down into four levels of scalability. It’s the platform scalability of understanding what you can do with your current legacy systems in introducing cloud computing or big data, and the infrastructure that gives you this, what we call multiplexing of resources. We’re very much seeing this idea of introducing scalable platform resource management, and you see that a lot with the heritage of virtualization.

Going into networking and the network scalability, a lot of the customers have who inherited their old telecommunications networks are looking to introduce new MPLS type scalable networks. The reason for this is that it’s all about connectivity in the field. I meet a number of clients who are saying, “We’ve got this cloud service,” or “This service is in a certain area of my country. If I move to another parts of the country or I’m traveling, I can’t get connectivity.” That’s the big issue of scaling.

Another one is application programming interfaces (APIs). What we’re seeing now is an explosion of integration and application services using API connectivity, and these are creating huge opportunities of what Chris Anderson of Wired used to call the “long tail effect.” It is now a reality in terms of building that kind of social connectivity and data exchange that Dave was talking about.

Finally, there are the marketplaces. Companies needs to think about what online marketplaces they need for digital branding, social branding, social networks, and awareness of your customers, suppliers, and employees. Customers can see that these four levels are where they need to start thinking about for IT strategy, and Platform 3.0 is right on this target of trying to work out what are the strategies of each of these new levels of scalability.

Gardner: We’re coming up on The Open Group Conference in Philadelphia very shortly. What should we expect from that? What is The Open Group doing vis-à-vis Platform 3.0, and how can organizations benefit from seeing a more methodological or standardized approach to some way of rationalizing all of this complexity? [Registration to the conference remains open. Follow the conference on Twitter at #ogPHL.]

Lounsbury: We’re still in the formational stages of  “third platform” or Platform 3.0 for The Open Group as an industry. To some extent, we’re starting pretty much at the ground floor with that in the Platform 3.0 forum. We’re leveraging a lot of the components that have been done previously by the work of the members of The Open Group in cloud, services-oriented architecture (SOA), and some of the work on the Internet of things.

First step

Our first step is to bring those things together to make sure that we’ve got a foundation to depart from. The next thing is that, through our Platform 3.0 Forum and the Steering Committee, we can ask people to talk about what their scenarios are for adoption of Platform 3.0?

That can range from things like the technological aspects of it and what standards are needed, but also to take a clue from our previous cloud working group. What are the best business practices in order to understand and then adopt some of these Platform 3.0 concepts to get your business using them?

What we’re really working toward in Philadelphia is to set up an exchange of ideas among the people who can, from the buy side, bring in their use cases from the supply side, bring in their ideas about what the technology possibilities are, and bring those together and start to shape a set of tracks where we can create business and technical artifacts that will help businesses adopt the Platform 3.0 concept.

Harding: We certainly also need to understand the business environment within which Platform 3.0 will be used. We’ve heard already about new players, new roles of various kinds that are appearing, and the fact that the technology is there and the business is adapting to this to use technology in new ways.

For example, we’ve heard about the data scientist. The data scientist is a new kind of role, a new kind of person, that is playing a particular part in all this within enterprises. We’re also hearing about marketplaces for services, new ways in which services are being made available and combined.

We really need to understand the actors in this new kind of business scenario. What are the pain points that people are having? What are the problems that need to be resolved in order to understand what kind of shape the new platform will have? That is one of the key things that the Platform 3.0 Forum members will be getting their teeth into.

Gardner: Looking to the future, when we think about the ability of the data to be so powerful when processed properly, when recommendations can be delivered to the right place at the right time, but we also recognize that there are limits to a manual or even human level approach to that, scientist by scientist, analysis by analysis.

When we think about the implications of automation, it seems like there were already some early examples of where bringing cloud, data, social, mobile, interactions, granularity of interactions together, that we’ve begun to see that how a recommendation engine could be brought to bear. I’m thinking about the Siri capability at Apple and even some of the examples of the Watson Technology at IBM.

So to our panel, are there unknown unknowns about where this will lead in terms of having extraordinary intelligence, a super computer or data center of super computers, brought to bear almost any problem instantly and then the result delivered directly to a center, a smart phone, any number of end points?

It seems that the potential here is mind boggling. Mark Skilton, any thoughts?

Skilton: What we’re talking about is the next generation of the Internet.  The advent of IPv6 and the explosion in multimedia services, will start to drive the next generation of the Internet.

I think that in the future, we’ll be talking about a multiplicity of information that is not just about services at your location or your personal lifestyle or your working preferences. We’ll see a convergence of information and services across multiple devices and new types of “co-presence services” that interact with your needs and social networks to provide predictive augmented information value.

When you start to get much more information about the context of where you are, the insight into what’s happening, and the predictive nature of these, it becomes something that becomes much more embedding into everyday life and in real time in context of what you are doing.

I expect to see much more intelligent applications coming forward on mobile devices in the next 5 to 10 years driven by this interconnected explosion of real time processing data, traffic, devices and social networking we describe in the scope of platform 3.0. This will add augmented intelligence and is something that’s really exciting and a complete game changer. I would call it the next killer app.

First-mover benefits

Gardner: There’s this notion of intelligence brought to bear rapidly in context, at a manageable cost. This seems to me a big change for businesses. We could, of course, go into the social implications as well, but just for businesses, that alone to me would be an incentive to get thinking and acting on this. So any thoughts about where businesses that do this well would be able to have significant advantage and first mover benefits?

Harding: Businesses always are taking stock. They understand their environments. They understand how the world that they live in is changing and they understand what part they play in it. It will be down to individual businesses to look at this new technical possibility and say, “So now this is where we could make a change to our business.” It’s the vision moment where you see a combination of technical possibility and business advantage that will work for your organization.

It’s going to be different for every business, and I’m very happy to say this, it’s something that computers aren’t going to be able to do for a very long time yet. It’s going to really be down to business people to do this as they have been doing for centuries and millennia, to understand how they can take advantage of these things.

So it’s a very exciting time, and we’ll see businesses understanding and developing their individual business visions as the starting point for a cycle of business transformation, which is what we’ll be very much talking about in Philadelphia. So yes, there will be businesses that gain advantage, but I wouldn’t point to any particular business, or any particular sector and say, “It’s going to be them” or “It’s going to be them.”

Gardner: Dave Lounsbury, a last word to you. In terms of some of the future implications and vision, where could this could lead in the not too distant future?

Lounsbury: I’d disagree a bit with my colleagues on this, and this could probably be a podcast on its own, Dana. You mentioned Siri, and I believe IBM just announced the commercial version of its Watson recommendation and analysis engine for use in some customer-facing applications.

I definitely see these as the thin end of the wedge on filling that gap between the growth of data and the analysis of data. I can imagine in not in the next couple of years, but in the next couple of technology cycles, that we’ll see the concept of recommendations and analysis as a service, to bring it full circle to cloud. And keep in mind that all of case law is data and all of the medical textbooks ever written are data. Pick your industry, and there is huge amount of knowledge base that humans must currently keep on top of.

This approach and these advances in the recommendation engines driven by the availability of big data are going to produce profound changes in the way knowledge workers produce their job. That’s something that businesses, including their IT functions, absolutely need to stay in front of to remain competitive in the next decade or so.

Comments Off

Filed under ArchiMate®, Business Architecture, Cloud, Cloud/SOA, Conference, Data management, Enterprise Architecture, Platform 3.0, Professional Development, TOGAF®

The Open Group July Conference Emphasizes Value of Placing Structure and Agility Around Enterprise Risk Reduction Efforts

By Dana Gardner, Interarbor Solutions

Listen to the recorded podcast here

Dana Gardner: Hello, and welcome to a special BriefingsDirect Thought Leadership Interview series, coming to you in conjunction with The Open Group Conference on July 15 in Philadelphia.

I’m Dana Gardner, Principal Analyst at Interarbor Solutions, and I’ll be your host and moderator throughout these discussions on Enterprise Transformation in the finance, government, and healthcare sector.

We’re here now with a panel of experts to explore new trends and solutions in the area of anticipating risk and how to better manage organizations with that knowledge. We’ll learn how enterprises are better delivering risk assessment and, one hopes, defenses, in the current climate of challenging cyber security. And we’ll see how predicting risks and potential losses accurately, is an essential ingredient in enterprise transformation.

With that, please join me in welcoming our panel, we’re here with Jack Freund, the Information Security Risk Assessment Manager at TIAA-CREF. Jack has spent over 14 years in enterprise IT, is a visiting professor at DeVry University, and also chairs a Risk-Management Subcommittee for the ISACA. Welcome back, Jack.

Jack Freund: Glad to be here, Dana. Thanks for having me.

Gardner: We’re also here with Jack Jones. He is the Principal at CXOWARE, and he has more than nine years of experience as a Chief Information Security Officer (CISO). He is also an inventor of the FAIR, risk analysis framework. Welcome, Jack.

Jack Jones: Thank you very much.

Gardner: We’re also here with Jim Hietala. He is the Vice President, Security, at The Open Group. Welcome, Jim.

Jim Hietala: Thanks, Dana, good to be here.

Gardner: Let’s start with you, Jim. It’s been about six months since we spoke about these issues around risk assessment and understanding risk accurately, and it’s hard to imagine things getting any better in the last six months. There’s been a lot of news and interesting developments in the cyber-security landscape.

So has this heightened interest? What are The Open Group and others are doing in this field of risk assessment and accuracy and determining what your losses might be and how that can be a useful tool?

Hietala: I would say it has. Certainly, in the cyber security world in the past six or nine months, we’ve seen more and more discussion of the threats that are out there. We’ve got nation-state types of threats that are very concerning, very serious, and that organizations have to consider.

With what’s happening, you’ve seen that the US Administration and President Obama direct the National Institute of Standards and Technology (NIST) to develop a new cybersecurity framework. Certainly on the government side of things, there is an increased focus on what can we do to increase the level of cybersecurity throughout the country in critical infrastructure. So my short answer would be yes, there is more interest in coming up with ways to accurately measure and assess risk so that we can then deal with it.

Gardner: Jack Jones, do you also see a maturity going on, or are we just hearing more in the news and therefore there is a perception shift? How do you see things? How have things changed, in your perception, over the last six to nine months?

Jones: I continue to see growth and maturity, especially in areas of understanding the fundamental nature of risk and exploration of quantitative methods for it. A few years ago, that would have seemed unrealistic at best, and outlandish at worst in many people’s eyes. Now, they’re beginning to recognize that it is not only pragmatic, but necessary in order to get a handle on much of what we have to do from a prioritization perspective.

Gardner: Jack Freund are you seeing an elevation in the attention being paid to risk issues inside companies in larger organizations? Is this something that’s getting the attention of all the people it should?

Freund: We’re entering a phase where there is going to be increased regulatory oversights over very nearly everything. When that happens, all eyes are going to turn to IT and IT risk management functions to answer the question of whether we’re handling the right things. Without quantifying risk, you’re going to have a very hard time saying to your board of directors that you’re handling the right things the way a reasonable company should.

As those regulators start to see and compare among other companies, they’ll find that these companies over here are doing risk quantification, and you’re not. You’re putting yourself at a competitive disadvantage by not being able to provide those same sorts of services.

Gardner: So you’re saying that the market itself hasn’t been enough to drive this, and that regulation is required?

Freund: It’s probably a stronger driver than market forces at this point. The market is always going to be able to help push that to a more prominent role, but especially in information security. If you’re not experiencing primary losses as a result of these sorts of things, then you have to look to economic externalities, which are largely put in play by regulatory forces here in the United States.

Jones: To support Jack’s statement that regulators are becoming more interested in this too, just in the last 60 days, I’ve spent time training people at two regulatory agencies on FAIR. So they’re becoming more aware of these quantitative methods, and their level of interest is rising.

Gardner: Jack Jones, this is probably a good time for us to explain a little bit more about FAIR. For those listeners who might not be that familiar with it, please take a moment to give us the high-level overview of what FAIR is.

Jones: Sure, just thumbnail sketch of it. It’s, first and foremost, a model for what risk is and how it works. It’s a decomposition of the factors that make up risk. If you can measure or estimate the value of those factors, you can derive risk quantitatively in dollars and cents.

You see a lot of “risk quantification” based on ordinal scales — 1, 2, 3, 4, 5 scales, that sort of thing. But that’s actually not quantitative. If you dig into it, there’s no way you could defend a mathematical analysis based on those ordinal approaches. So FAIR is this model for risk that enables true quantitative analysis in a very pragmatic way.

Gardner: FAIR stands for a Factor Analysis of Information Risk. Is that correct?

Jones: That is correct.

Gardner: Jim Hietala, we also have in addition to a very interesting and dynamic cybersecurity landscape a major trend getting traction in big data, cloud computing, and mobile. There’s lots going on in the IT world. Perhaps IT’s very nature, the roles and responsibilities, are shifting. Is doing risk assessment and management becoming part and parcel of core competency of IT, and is that a fairly big departure from the past?

Hietala: As to the first question, it’s having to become kind of a standard practice within IT. When you look at outsourcing your IT operations to a cloud-service provider, you have to consider the security risks in that environment. What do they look like and how do we measure them?

It’s the same thing for things like mobile computing. You really have to look at the risks of folks carrying tablets and smart phones, and understand the risks associated with those same things for big data. For any of these large-scale changes to our IT infrastructure you’ve got to understand what it means from a security and risk standpoint.

Gardner: Jack Freund or Jack Jones, any thoughts about the changing role of IT as a service and service-level agreement brokering aspects of IT aligned with risk assessment?

Freund: I read an interesting article this morning around a school district that is doing something they call bring your own technology (BYOT). For anybody who has been involved in these sort of efforts in the corporate world that should sound very familiar. But I want to think culturally around this. When you have students wondering how to do these sorts of things and becoming accustomed to being able to bring current technology, oh my gosh. When they get to the corporate world and start to work, they’re going to expect the same sorts of levels of service.

To answer to your earlier question, absolutely. We have to find a way to embed risk assessment, which is really just a way to inform decision making and how we adapt all of these technological changes to increase market position and to make ourselves more competitive. That’s important.

Whether that’s an embedded function within IT or it’s an overarching function that exists across multiple business units, there are different models that work for different size companies and companies of different cultural types. But it has to be there. It’s absolutely critical.

Gardner: Jack Jones, how do you come down this role of IT shifting in the risk assessment issues, something that’s their responsibility. Are they embracing that or  maybe wishing it away?

Jones: It depends on whom you talk to. Some of them would certainly like to wish it away. I don’t think IT’s role in this idea for risk assessment and such has really changed. What is changing is the level of visibility and interest within the organization, the business side of the organization, in the IT risk position.

Previously, they were more or less tucked away in a dark corner. People just threw money at it and hoped bad things didn’t happen. Now, you’re getting a lot more board-level interest in IT risk, and with that visibility comes a responsibility, but also a certain amount of danger. If they’re doing it really badly, they’re incredibly immature in how they approach risk.

They’re going to look pretty foolish in front of the board. Unfortunately, I’ve seen that play out. It’s never pretty and it’s never good news for the IT folks. They’re realizing that they need to come up to speed a little bit from a risk perspective, so that they won’t look the fools when they’re in front of these executives.

They’re used to seeing quantitative measures of opportunities and operational issues of risk of various natures. If IT comes to the table with a red, yellow, green chart, the board is left to wonder, first how to interpret that, and second, whether these guys really get it. I’m not sure the role has changed, but I think the responsibilities and level of expectations are changing.

Gardner: Part of what FAIR does in risk analysis in general is to identify potential losses and put some dollars on what potential downside there is. That provides IT with the tool, the ability, to rationalize investments that are needed. Are you seeing the knowledge of potential losses to be an incentive for spending on modernization?

Jones: Absolutely. One organization I worked with recently had certain deficiencies from the security perspective that they were aware of, but that were going to be very problematic to fix. They had identified technology and process solutions that they thought would take them a long way towards a better risk position. But it was a very expensive proposition, and they didn’t have money in the IT or information security budget for it.

So, we did a current-state analysis using FAIR, how much loss exposure they had on annualized basis. Then, we said, “If you plug this solution into place, given how it affects the frequency and magnitude of loss that you’d expect to experience, here’s what’s your new annualized loss exposure would be.” It turned out to be a multimillion dollar reduction in annualized loss exposure for a few hundred thousand dollars cost.

When they took that business case to management, it was a no-brainer, and management signed the check in a hurry. So they ended up being in a much better position.

If they had gone to executive management saying, “Well, we’ve got a high risk and if we buy this set of stuff we’ll have low or medium risk,” it would’ve been a much less convincing and understandable business case for the executives. There’s reason to expect that it would have been challenging to get that sort of funding given how tight their corporate budgets were and that sort of thing. So, yeah, it can be incredibly effective in those business cases.

Gardner: Correct me if I am wrong, but you have a book out since we last spoke. Jack, maybe you could tell a bit about of that and how that comes to bear on these issues?

Freund: Well, the book is currently being written. Jack Jones and I have entered into a contract with Elsevier and we’re also going to be preparing the manuscript here over the summer and winter. Probably by second quarter next year, we’ll have something that we can share with everybody. It’s something that has been a long time coming. For Jack, I know he has wanted to write this for a long time.

We wanted to build a conversational book around how to assess risk using FAIR, and that’s an important distinction from other books in the market today. You really want to dig into a lot of the mathematical stuff. I’m speaking personally here, but I wanted to build a book that gave people tools, gave practitioners the risk tools to be able to handle common challenges and common opposition to what they are doing every day, and just understand how to apply concepts in FAIR in a very tangible way.

Gardner: Very good. What about the conference itself. We’re coming up very rapidly on The Open Group Conference. What should we expect in terms of some of your presentations and training activities?

Jones: I think it will be a good time. People would be pleased to have the quality of the presentations and some of the new information that they’ll get to see and experience. As you said, we’re offering FAIR training as a part of a conference. It’s a two-day session with an opportunity afterwards to take the certification exam.

If history is any indication, people will go through the training. We get a lot of very positive remarks about a number of different things. One, they never imagined that risk could be interesting. They’re also surprised that it’s not, as one friend of mine calls it “rocket surgery.” It’s relatively straightforward and intuitive stuff. It’s just that as a profession, we haven’t had this framework for reference, as well as some of the methods that we apply to make it practical and defensible before.

So we’ve gotten great feedback in the past, and I think people will be pleasantly surprised at what they experienced.

Freund: One of the things I always say about FAIR training is it’s a real red pill-blue pill moment — in reference to the old Matrix movies. I took FAIR training several years ago with Jack. I always tease Jack that it’s ruined me for other risk assessment methods. Once you learn how to do it right, it’s very obvious which are the wrong methods and why you can’t use them to assess risk and why it’s problematic.

I’m joking. It’s really great and valuable training, and now I use it every day. It really does open your eyes to the problems and the risk assessment portion of IT today, and gives a very practical and actionable things to do in order to be able to fix that, and to provide value to your organization.

Gardner: Jim Hietala, the emphasis in terms of vertical industries at the conference is on finance, government and healthcare. They seem to be the right groups to be factoring more standardization and understanding of risk. Tell me how it comes together. Why is The Open Group looking at vertical industries at this time?

Hietala: Specific to risk, if I can talk about that for a second, the healthcare world, at least here in the US, has new security rules, and one of the first few requirements is perform an annual risk assessment. So it’s currently relevant to that industry.

It’s the same thing with finance. One of the regulations around financial organizations tells them that, in terms of information security, they need to do a risk assessment. In government, clearly there has been a lot of emphasis on understanding risk and mitigating it throughout various government sectors.

In terms of The Open Group and verticals, we’ve done lots of great work in the area of Enterprise Architecture, security, and all the areas for which we’ve done work. In terms of our conferences, we’ve evolved things over the last year or so to start to look at what are the things that are unique in verticals.

It started in the mining industry. We set up a mining metals and exploration forum that looked at IT and architecture issues related specifically to that sector. We started that work several years ago and now we’re looking at other industries and starting to assess the unique things in healthcare, for example. We’ve got a one day workshop at Philadelphia on the Tuesday of the conference, looking at IT and transformation opportunities in the healthcare sector.

That’s how we got to this point, and we’ll see more of that from The Open Group in the future.

Gardner: Are there any updates that we should be aware of in terms of activities within The Open Group and other organizations working on standards, taxonomy, and definitions when it comes to risk?

Hietala: I’ll take that and dive into that. We at The Open Group originally published a risk taxonomy standard based on FAIR four years ago. Over time, we’ve seen greater adoption by large companies and we’ve also seen the need to extend what we’re doing there. So we’re updating the risk taxonomy standard, and the new version of that should be published by the end of this summer.

We also saw within the industry the need for a certification program for risk analysts, and so they’d be trained in quantitative risk assessment using FAIR. We’re working on that program and we’ll be talking more about it in Philadelphia.

Along the way, as we were building the certification program, we realized that there was a missing piece in terms of the body of knowledge. So we created a second standard that is a companion to the taxonomy. That will be called the Risk Analysis Standard that looks more at some of that the process issues and how to do risk analysis using FAIR. That standard will also be available by the end of the summer and, combined, those two standards will form the body of knowledge that we’ll be testing against in the certification program when it goes live later this year.

Gardner: Jack Freund, it seems that between regulatory developments, the need for maturity in these enterprises, and the standardization that’s being brought to bear by such groups as The Open Group, it’s making this quite a bit more of the science and less of an art.

What does that bring to organizations in terms of a bottom-line effect? I wonder if there is a use case or even an example that you could mention and explain that would help people better understand of what they get back when they go through these processes and they get this better maturity around risk?

Freund: I’m not an attorney, but I have had a lot of lawyers tell me — I think Jim had mentioned before in his vertical conversation — that a lot of the regulations start with performing annual risk assessment and then choose controls based upon that. They’re not very prescriptive that way.

One of the things that it drives in organizations is a sense of satisfaction that we’ve got things covered more than anything else. When you have your leadership in these organizations understanding that you’re doing what a regular reasonable company would do to manage risk this way, you have fewer fire drills. Nobody likes to walk into work and have to deal with hundred different things.

We’re moving hard drives out of printers and fax machines, what are we doing around scanning and vulnerabilities, and all of those various things that every single day can inundate you with worry, as opposed to focusing on the things that matter.

I like a folksy saying that sort of sums things up pretty well — a dime holding up a dollar. You have all these little bitty squabbly issues that get in the way of really focusing on reducing risk in your organization in meaningful ways and focusing on the things that matter.

Using approaches like FAIR, drives a lot of value into your organization, because you’re freeing up mind share in your executives to focus on things that really matter.

Gardner: Jack Jones, a similar question, any examples that exemplify the virtues of doing the due diligence and having some of these systems and understanding in place?

Jones: I have an example to Jack Freund’s point about being able to focus and prioritize. One organization I was working with had identified a significant risk issue and they were considering three different options for risk mitigation that had been proposed. One was “best practice,” and the other two were less commonly considered for that particular issue.

An analysis showed with real clarity that option B, one of the not-best practice options, should reduce risk every bit as effectively as best practice, but had a whole lot lower cost. The organization then got to make an informed decision about whether they were going to be herd followers or whether they were going to be more cost-effective in risk management.

Unfortunately, there’s always danger in not following the herd. If something happens downstream, and you didn’t follow best practice, you’re often asked to explain why you didn’t follow the herd.

That was part of the analysis too, but at the end of the day, management got to make a decision on how they wanted to behave. They chose to not follow best practice and be more cost-effective in using their money. When I asked them why they felt comfortable with that, they said, “Because we’re comfortable with the rigor in your analysis.”

To your question earlier about art-versus-science, first of all, in most organization there would have been no question. They would have said, “We must follow best practice.” They wouldn’t even examine the options, and management wouldn’t have had the opportunity to make that decision.

Furthermore, even if they had “examined” those options using a more subjective, artistic approach, somebody’s wet finger in the air, management almost certainly would not have felt comfortable with a non-best practice approach. So, the more scientific, more rigorous, approach that something like FAIR provides, gives you all kinds of opportunity to make informed decisions and to feel more comfortable about those decisions.

Gardner: It really sounds as if there’s a synergistic relationship between a lot of the big-data and analytics investments that are being made for a variety of reasons, and also this ability to bring more science and discipline to risk analysis.

How do those come together, Jack Jones? Are we seeing the dots being connected in these large organizations that they can take more of what they garner from big data and business intelligence (BI) and apply that to these risk assessment activities, is that happening yet?

Jones: It’s just beginning to. It’s very embryonic, and there are only probably a couple of organizations out there that I would argue are doing that with any sort of effectiveness. Imagine that — they’re both using FAIR.

But when you think about BI or any sort of analytics, there are really two halves to the equation. One is data and the other is models. You can have all the data in the world, but if your models stink, then you can’t be effective. And, of course, vice versa. If you’ve got great model and zero data, then you’ve got challenges there as well.

Being able to combine the two, good data and effective models, puts you in much better place. As an industry, we aren’t there yet. We’ve got some really interesting things going on, and so there’s a lot of potential there, but people have to leverage that data effectively and make sure they’re using a model that makes sense.

There are some models out there that that frankly are just so badly broken that all the data in the world isn’t going to help you. The models will grossly misinform you. So people have to be careful, because data is great, but if you’re applying it to a bad model, then you’re in trouble.

Gardner: We are coming up near the end of our half hour. Jack Freund, for those organizations that are looking to get started, to get more mature, perhaps start leveraging some of their investments in areas like big data, in addition to attending The Open Group Conference or watching some of the plenary sessions online, what tips do you have for getting started? Are there some basic building blocks that should be in place or ways in which to get the ball rolling when it comes to a better risk analysis?

Freund: Strong personality matters in this. They have to have some sort of evangelist in the organization who cares enough about it to drive it through to completion. That’s a stake on the ground to say, “Here is where we’re going to start, and here is the path that we are going to go on.”

When you start doing that sort of thing, even if leadership changes and other things happen, you have a strong commitment from the organization to keep moving forward on these sorts of things.

I spend a lot of my time integrating FAIR with other methodologies. One of the messaging points that I keep saying all the time is that what we are doing is implementing a discipline around how we choose our risk rankings. That’s one of the great things about FAIR. It’s universally compatible with other assessment methodologies, programs, standards, and legislation that allows you to be consistent and precise around how you’re connecting to everything else that your organization cares about.

Concerns around operational risk integration are important as well. But driving that through to completion in the organization has a lot to do with finding sponsorship and then just building a program to completion. But absent that high-level sponsorship, because FAIR allows you to build a discipline around how you choose rankings, you can also build it from the bottom up. You can have these groups of people that are FAIR trained that can build risk analyses or either pick ranges — 1, 2, 3, 4 or high, medium, low. But then when questioned, you have the ability to say, “We think this is a medium, because it met our frequency and magnitude criteria that we’ve been establishing using FAIR.”

Different organizations culturally are going to have different ways to implement and to structure quantitative risk analysis. In the end it’s an interesting and reasonable path to get to risk utopia.

Gardner: Jack Jones, any thoughts from your perspective on a good way to get started, maybe even through the lens of the verticals that The Open Group has targeted for this conference, finance, government and healthcare? Are there any specific important things to consider on the outset for your risk analysis journey from any of the three verticals?

Jones: A good place to start is with the materials that The Open Group has made available on the risk taxonomy and the soon to be published risk-analysis standard.

Another source that I recommend to everybody I talk to about other sorts of things is a book called ‘How to Measure Anything’ by Douglas Hubbard. If someone is even least bit interested in actually measuring risk in quantitative terms, they owe it to themselves to read that book. It puts into layman’s terms some very important concepts and approaches that are tremendously helpful. That’s an important resource for people to consider too.

As far as within organizations, some organizations will have a relatively mature enterprise risk-management program at the corporate level, outside of IT. Unfortunately, it can be hit-and-miss, but there can be some very good resources in terms of people and processes that the organization has already adopted. But you have to be careful there too, because with some of those enterprise risk management programs, even though they may have been in place for years, and thus, one would think over time and become mature, all they have done is dig a really deep ditch in terms of bad practices and misconceptions.

So it’s worth having the conversation with those folks to gauge how clueful are they, but don’t assume that just because they have been in place for a while and they have some specific title or something like that that they really understand risk at that level.

Gardner: Well, very good. I’m afraid we will have to leave it there. We’ve been talking with a panel of experts about the new trends and solutions in the area of anticipating risk and how to better manage organizations with that knowledge. We’ve seen how enterprises are better delivering risk assessments, or beginning to, as they are facing challenges in cyber-security as well as undergoing the larger undertaking of enterprise transformation.

This special BriefingsDirect discussion comes to you in conjunction with The Open Group Conference in July 2013 in Philadelphia. There’s more information on The Open Group website about that conference for you to attend or to gather information from either live streaming or there are resources available by downloading an app for the conference.

So with that thanks to our panel. We’ve been joined by Jack Freund. He is the Information Security Risk Assessment Manager at TIAA-CREF. Thank you so much, Jack.

Freund: Thank you Dana.

Gardner: And also Jack Jones, the Principal at CXOWARE. Thank you, sir.

Jones: It’s been my pleasure. Thanks.

Gardner: And then also lastly, Jim Hietala, Vice President, Security at The Open Group. Thank you Jim.

Hietala: Thank you, Dana.

Gardner: And this is Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator through these thought leader interview series. Thanks again for listening, and come back next time.

1 Comment

Filed under ArchiMate®, Business Architecture, Conference, Enterprise Architecture, Professional Development, TOGAF®

Enterprise Architecture in China: Who uses this stuff?

by Chris Forde, GM APAC and VP Enterprise Architecture, The Open Group

Since moving to China in March 2010 I have consistently heard a similar set of statements and questions, something like this….

“EA? That’s fine for Europe and America, who is using it here?”

“We know EA is good!”

“What is EA?”

“We don’t have the ability to do EA, is it a problem if we just focus on IT?”

And

“Mr Forde your comment about western companies not discussing their EA programs because they view them as a competitive advantage is accurate here too, we don’t discuss we have one for that reason.” Following that statement the lady walked away smiling, having not introduced herself or her company.

Well some things are changing in China relative to EA and events organized by The Open Group; here is a snapshot from May 2013.

M GaoThe Open Group held an Enterprise Architecture Practitioners Conference in Shanghai China May 22nd 2013. The conference theme was EA and the spectrum of business value. The presentations were made by a mix of non-member and member organizations of The Open Group, most but not all based in China. The audience was mostly non-members from 55 different organizations in a range of industries. There was a good mix of customer, supplier, government and academic organizations presenting and in the audience. The conference proceedings are available to registered attendees of the conference and members of The Open Group. Livestream recordings will also be available shortly.

Organizations large and small presented about the fact that EA was integral to delivering business value. Here’s the nutshell.

China

Huawei is a leading global ICT communications provider based in Shenzhen China.  They presented on EA applied to their business transformation program and the ongoing development of their core EA practice.

GKHB is a software services organization based in Chengdu China. They presented on an architecture practice applied to real time forestry and endangered species management.

Nanfang Media is a State Owned Enterprise, the second largest media organization in the country based in Guangzhou China. They presented on the need to rapidly transform themselves to a modern integrated digital based organization.

McKinsey & Co a Management Consulting company based in New York USA presented an analysis of a CIO survey they conducted with Peking University.

Mr Wang Wei a Partner in the Shanghai office of McKinsey & Co’s Business Technology Practice reviewed a survey they conducted in co-operation with Peking University.

wang wei.jpg

The Survey of CIO’s in China indicated a common problem of managing complexity in multiple dimensions: 1) “Theoretically” Common Business Functions, 2) Across Business Units with differing Operations and Product, 3) Across Geographies and Regions. The recommended approach was towards “Organic Integration” and to carefully determine what should be centralized and what should be distributed. An Architecture approach can help with managing and mitigating these realities. The survey also showed that the CIO’s are evenly split amongst those dedicated to a traditional CIO role and those that have a dual Business and CIO role.

Mr Yang Li Chao Director of EA and Planning at Huawei and Ms Wang Liqun leader of the EA Center of Excellence at Huawei yang li chao.jpgwang liqun.jpgoutlined the 5-year journey Huawei has been on to deal with the development, maturation and effectiveness of an Architecture practice in a company that has seen explosive growth and is competing on a global scale. They are necessarily paying a lot of attention to Talent Management and development of their Architects, as these people are at the forefront of the company Business Transformation efforts. Huawei constantly consults with experts on Architecture from around the world and incorporates what they consider best practice into their own method and framework, which is based on TOGAF®.

 Mr He Kun CIO of Nanfang Media described the enormous pressures his traditional media organization is under, such as a concurrent loss of advertising and talent to digital media.

he kun.jpgHe gave and example where China Mobile has started its own digital newspaper leveraging their delivery platform. So naturally, Nanfang media is also undergoing a transformation and is looking to leverage its current advantages as a trusted source and its existing market position. The discipline of Architecture is a key enabler and aids as a foundation for clearly communicating a transformation approach to other business leaders. This does not mean using EA Jargon but communicating in the language of his peers for the purpose of obtaining funding to accomplish the transformation effectively.

Mr Chen Peng Vice General Manager of GKHB Chengdu described the use of an Architecture approach to managing precious national resources such as forestry, bio diversity and endangered species. He descrichen peng.jpgbed the necessity for real time information in observation, tracking and responses in this area and the necessity of “Informationalization” of Forestry in China as a part of eGovernment initiatives not only for the above topics but also for the countries growth particularly in supplying the construction industry. The Architecture approach taken here is also based on TOGAF®.

The take away from this conference is that Enterprise Architecture is alive and well amongst certain organizations in China. It is being used in a variety of industries.  Value is being realized by executives and practitioners, and delivered for both IT and Business units. However for many companies EA is also a new idea and to date its value is unclear to them.

The speakers also made it clear that there are no easy answers, each organization has to find its own use and value from Enterprise Architecture and it is a learning journey. They expressed their appreciation that The Open Group and its standards are a place where they can make connections, pull from and contribute to in regards to Enterprise Architecture.

Comments Off

Filed under Enterprise Architecture, Enterprise Transformation, Professional Development, Standards, TOGAF, TOGAF®, Uncategorized

Follow

Get every new post delivered to your Inbox.

Join 7,129 other followers

%d bloggers like this: