Category Archives: Standards

The Open Group San Francisco Conference: Day 1 Highlights

By The Open Group Conference Team

With the end of the first day of the conference, here are a few key takeaways from Monday’s key note sessions:

The Enterprise Architect: Architecting Business Success

Jeanne Ross, Director & Principal Research Scientist, MIT Center for Information Systems Research

Ms. Ross began the plenary discussing the impact of enterprise architecture on the whole enterprise. According to Ross “we live in a digital economy, and in order to succeed, we need to excel in enterprise architecture.” She went on to say that the current “plan, build, use” model has led to a lot of application silos. Ms. Ross also mentioned that enablement doesn’t work well; while capabilities are being built, they are grossly underutilized within most organizations.

Enterprise architects need to think about what capabilities their firms will exploit – both in the short- and long-terms. Ms. Ross went on to present case studies from Aetna, Protection 1, USAA, Pepsi America and Commonwealth of Australia. In each of these examples, architects provided the following business value:

  • Helped senior executives clarify business goals
  • Identified architectural capability that can be readily exploited
  • Presented Option and their implications for business goals
  • Built Capabilities incrementally

A well-received quote from Ms. Ross during the Q&A portion of the session was, “Someday, CIOs will report to EA – that’s the way it ought to be!”

How Enterprise Architecture is Helping Nissan IT Transformation

Celso Guiotoko, Corporate Vice President and CIO, Nissan Motor Co., Ltd.

Mr. Guiotoko presented the steps that Nissan took to improve the efficiency of its information systems. The company adapted BEST – an IT mid-term plan that helped led enterprise transformation within the organization. BEST was comprised of the following components:

  • Business Alignment
  • Enterprise Architecture
  • Selective Sourcing
  • Technology Simplification

Guided by BEST and led by strong Enterprise Architecture, Nissan saw the following results:

  • Reduced cost per user from 1.09 to 0.63
  • 230,000 return with 404 applications reduced
  • Improved solution deployment time
  • Significantly reduced hardware costs

Nissan recently created the next IT mid-term plan called “VITESSE,” which stands for value information, technology, simplification and service excellence. Mr. Guiotoko said that VITESSE will help the company achieve its IT and business goals as it moves toward the production of zero-emissions vehicles.

The Transformed Enterprise

Andy Mulholland, Global CTO, Capgemini

Mr. Mulholland began the presentation by discussing what parts of technology comprise today’s enterprise and asking the question, “What needs to be done to integrate these together?” Enterprise technology is changing rapidly and  the consumerization of IT only increasing. Mr. Mulholland presented a statistic from Gartner predicting that up to 35 percent of enterprise IT expenditures will be managed outside of the IT department’s budget by 2015. He then referenced the PC revolution when enterprises were too slow to adapt to employees needs and adoption of technology.

There are three core technology clusters and standards that are emerging today in the form of Cloud, mobility and big data, but there are no business process standards to govern them. In order to not repeat the same mistakes of the PC revolution, organizations need to move from an inside-out model to an outside-in model – looking at the activities and problems within the enterprise then looking outward versus looking at those problems from the outside in. Outside-in, Mulholland argued, will increase productivity and lead to innovative business models, ultimately enabling your enterprise to keep up the current technology trends.

Making Business Drive IT Transformation through Enterprise Architecture

Lauren States, VP & CTO of Cloud Computing and Growth Initiatives, IBM Corp.

Ms. States began her presentation by describing today’s enterprise – flat, transparent and collaborative. In order to empower this emerging type of enterprise, she argued that CEOs need to consider data a strategic initiative.

Giving the example of the CMO within the enterprise to reflect how changing technologies affect their role, she stated, “CMOS are overwhelming underprepared for the data explosion and recognize a need to invest in and integrate technology and analytics.” CIOs and architects need to use business goals and strategy to set the expectation of IT. Ms. States also said that organizations need to focus on enabling growth, productivity and cultural change – factors are all related and lead to enterprise transformation.

*********

The conference will continue tomorrow with overarching themes that include enterprise transformation, security and SOA. For more information about the conference, please go here: http://www3.opengroup.org/sanfrancisco2012

Comments Off

Filed under Cloud, Cloud/SOA, Data management, Enterprise Architecture, Enterprise Transformation, Semantic Interoperability, Standards

What’s New in ArchiMate 2.0?

By Andrew Josey, The Open Group, Henry Franken, BiZZdesign

ArchiMate® 2.0, an Open Group Standard, is an upwards-compatible evolution from ArchiMate 1.0 adding new features, as well as addressing usage feedback and comments raised.

ArchiMate 2.0 standard supports modeling throughout the TOGAF Architecture Development Method (ADM).

Figure 1: Correspondence between ArchiMate and the TOGAF ADM

ArchiMate 2.0 consists of:

  • The ArchiMate Core, which contains several minor improvements on the 1.0 version.
  • The Motivation extension, to model stakeholders, drivers for change, business goals, principles, and requirements. This extension mainly addresses the needs in the early TOGAF phases and the requirements management process.
  • The Implementation and Migration extension, to support project portfolio management, gap analysis, and transition and migration planning. This extension mainly addresses the needs in the later phases of the TOGAF ADM cycle.

ArchiMate 2.0 offers a modeling language to create fully integrated models of the organization’s enterprise architecture, the motivation for the enterprise architecture, and the programs, projects and migration paths to implement this enterprise architecture. In this way, full (forward and backward) traceability between the elements in the enterprise architecture, their motivations and their implementation can be obtained.

In the ArchiMate Core, a large number of minor improvements have been made compared to ArchiMate 1.0: inconsistencies have been removed, examples have been improved and additional text has been inserted to clarify certain aspects. Two new concepts have been added based on needs experienced by practitioners:

  • Location: To model a conceptual point or extent in space that can be assigned to structural elements and, indirectly, of behavior elements.
  • Infrastructure Function: To model the internal behavior of a node in the technology layer. This makes the technology layer more consistent with the other two layers.

The Motivation extension defines the following concepts:

  • Stakeholder: The role of an individual, team, or organization (or classes thereof) that represents their interests in, or concerns relative to, the outcome of the architecture.
  • Driver: Something that creates, motivates, and fuels the change in an organization.
  • Assessment: The outcome of some analysis of some driver.
  • Goal: An end state that a stakeholder intends to achieve.
  • Requirement: A statement of need that must be realized by a system.
  • Constraint: A restriction on the way in which a system is realized.
  • Principle: A normative property of all systems in a given context or the way in which they are realized.

For motivation elements, a limited set of relationships has been defined, partly re-used from the ArchiMate Core: aggregation (decomposition), realization, and (positive or negative) influence.

The Implementation and Migration extension defines the following concepts (and re-uses the relationships of the Core):

  • Work Package: A series of actions designed to accomplish a unique goal within a specified time.
  • Deliverable: A precisely defined outcome of a work package.
  • Plateau: A relatively stable state of the architecture that exists during a limited period of time.
  • Gap: An outcome of a gap analysis between two plateaus.

ArchiMate 2 Certification

New with ArchiMate 2.0 is the introduction of a certification program. This includes certification for people and accreditation for training courses. It also includes certification for tools supporting the ArchiMate standard.

The ArchiMate 2 Certification for People program enables professionals around the globe to demonstrate their knowledge of the ArchiMate standard. ArchiMate 2 Certification for People is achieved through an examination and practical exercises as part of an Accredited ArchiMate 2 Training Course.

The Open Group Accreditation for ArchiMate training courses provides an authoritative and independent assurance of the quality and relevance of the training courses.

The Open Group ArchiMate Tool Certification Program makes certification available to tools supporting ArchiMate. The goal of the program is to ensure that architecture artifacts created with a certified tool are conformant to the language.

Further Reading

ArchiMate 2.0 is available for online reading and download from The Open Group Bookstore at www.opengroup.org/bookstore/catalog/c118.htm.

A white paper with further details on ArchiMate 2.0 is available to download from The Open Group Bookstore at www.opengroup.org/bookstore/catalog/w121.htm .

Andrew Josey is Director of Standards within The Open Group. He is currently managing the standards process for The Open Group, and has recently led the standards development projects for TOGAF 9.1, ArchiMate 2.0, IEEE Std 1003.1-2008 (POSIX), and the core specifications of the Single UNIX Specification, Version 4. Previously, he has led the development and operation of many of The Open Group certification development projects, including industry-wide certification programs for the UNIX system, the Linux Standard Base, TOGAF, and IEEE POSIX. He is a member of the IEEE, USENIX, UKUUG, and the Association of Enterprise Architects.

Henry Franken is the managing director of BiZZdesign and is chair of The Open Group ArchiMate Forum. As chair of The Open Group ArchiMate Forum, Henry led the development of the ArchiMate Version 2.o standard. Henry is a speaker at many conferences and has co-authored several international publications and Open Group White Papers. Henry is co-founder of the BPM-Forum. At BiZZdesign, Henry is responsible for research and innovation.

Comments Off

Filed under ArchiMate®, Business Architecture, Enterprise Architecture, Standards, TOGAF, TOGAF®

FACE Consortium Publishes First Standard for Defense Avionics Systems

By Judy Cerenzia, The Open Group FACE Consortium

I’m amazed that only 19 months ago we kicked off The Open Group Future Airborne Capability Environment (FACE™) Consortium, a collaborative group of avionics industry and U.S. Army, Navy and Air Force contributors who are working to develop standards for a common operating environment to support portable capability applications across Department of Defense (DoD) avionics systems. Our goal is to create an avionics software environment on installed computing hardware of war-fighting platforms that enables FACE applications and components to be deployed on different platforms without impact to the FACE applications. This approach to portable applications and interoperability will reduce development and integration costs and reduce the time to field new avionics capabilities.

I’m particularly proud of the consortium’s Technical Working Group, authors of Version 1.0 of The Technical Standard for Future Airborne Capability Environment (FACE™) Reference Architecture, which was just approved for official publication as an Open Group Standard. What they have accomplished in a year and a half is nothing less than phenomenal. The publication is available at The Open Group’s Bookstore.

The FACE Consortium’s unique strategy and structure is changing the way government and industry do business by breaking down barriers to portability—exchanging proprietary solutions for a common and standardized computing environment and components. To enable this climate change, the consortium’s Business Working Group has also published the FACE Business Guide, which defines stakeholders and their roles within a new business model; discusses business scenarios and defines how stakeholders will impact or be impacted by business drivers in each; and investigates how contract terms, software licensing agreements and IP rights may need to change to support procuring common components with standardized interfaces versus a proprietary black-box solution from a prime contractor. The Business Guide is also available at The Open Group’s Bookstore.

We’ve grown from 74 individuals representing 14 organizations in June 2010 to over 375 participants from 39 government and industry partners to date. Our next consortium members’ meeting will be in Baltimore, MD February 29 – March 1 2012, hosted by Northrop Grumman. I’m looking forward to seeing FACE colleagues, facilitating their working meeting, and continuing our mission to develop, evolve and publish a realistic open FACE™ architecture, standards and business model, and robust industry conformance program that will be supported and adopted by FACE customers, vendors, and integrators.

Judy Cerenzia is currently The Open Group’s Program Director for the Future Airborne Capability Environment (FACE) Consortium. Judy has 10+ years senior program management experience leading cross-functional and cross-organizational teams to reach consensus, define, and meet business and technical goals during project lifecycles. 

1 Comment

Filed under FACE™, Standards

OSIMM Goes de Jure: The First International Standards on SOA

By Heather Kreger, CTO International Standards, IBM

I was very excited to see OSIMM pass its ratification vote within the International Organization for Standardization (ISO) on January 8, 2012, becoming the first International Standard on SOA.  This is the culmination of a two year process that I’ve been driving for The Open Group in ISO/IEC JTC1.  Having the OSIMM standard recognized globally is a huge validation of the work that The Open Group and the SOA Work Group have been doing over the past few years since OSIMM first became an Open Group standard in 2009.  Even though the process for international standard ratification is a lengthy one, it has been worth the effort and we’ve already submitted additional Open Group standards to ISO.  For those of you interested in the process, read on…

How it works

In order for OSIMM to become an international standard, The Open Group had to first be approved as an “Approved Reference Organization” and “Publically Available Specification” (PAS) Submitter, in a vote by every JTC1 country.

What does this REALLY mean? It means Open Group standards can be referenced by international standards and it means the Open Group can submit standards to ISO/IEC and ask for them to follow the PAS process, which ratifies standards as they are as International Standards if they pass the international vote.  Each country votes and comments on the specification and if there are comments, there is a ballot resolution meeting with potentially an update to the submitted specification. This all sounds straightforward until you mix in The Open Group’s timeline for approving updates to standards with the JTC1 process. In the end, this takes about a year.

Why drag you through this?  I just wanted you to appreciate what an accomplishment the OSIMM V2 ISO/IEC 16680 is for The Open Group.  The SOA Governance Framework Standard is now following the same process. The SOA Ontology and new SOA Reference Architecture Standards have also been submitted to ISO’s SOA Work Group (in SC38) as input to a normal working group processes.

The OSIMM benefit

Let’s also revisit OSIMM, since it’s been awhile since OSIMM V1 was first standardized in 2009. OSIMM V2 is technically equivalent to OSIMM V1, although we did some clarifications to answer comments from the PAS processes and added an appendix positioning OSIMM with them maturity models in ISO/IEC JTC1.

OSIMM leverages proven best practices to allow consultants and IT practitioners to assess an organization’s readiness and maturity level for adopting services in SOA and Cloud solutions. It defines a process to create a roadmap for incremental adoption that maximizes business benefits at each stage along the way. The model consists of seven levels of maturity and seven dimensions of consideration that represent significant views of business and IT capabilities where the application of SOA principles is essential for the deployment of services. OSIMM acts as a quantitative model to aid in assessment of current state and desired future state of SOA maturity. OSIMM also has an extensible framework for understanding the value of implementing a service model, as well as a comprehensive guide for achieving their desired level of service maturity.

There are a couple of things I REALLY like about OSIMM, especially for those new to SOA:

First, it’s an easy, visual way to grasp the full breadth of what is SOA. From no services to simple, single, hand-developed services or dynamically created services.  In fact, the first three levels of maturity are “pre-services” approaches we all know and use (i.e.: object-oriented and components). With this, everyone can find what they are using…even if they are not using services at all.

Second, it’s a self assessment. You use this to gauge your own use of services today and where you want to be. You can reassess to “track” your progress (sort of like weight loss) on employing services. Because you have to customize the indicators and the weight of the maturity scores will differ according to what is important to your company, it doesn’t make sense to compare scores between two companies. In addition, every company has a different target goal. So, no, sorry, you cannot brag that you are more mature than your arch competitor!  However, some of the process assessments in ISO/IEC SC7 ARE for just that, so check out the OSIMM appendix for links and pointers!

Which brings me to my third point–there is no “right” level of maturity. The most mature level doesn’t make sense for most companies.  OSIMM is a great tool to force your business and IT staff into a discussion to agree together on what the current level is and what the right level is for them – everyone on the same page.

Finally, it’s flexible. You can add indicators and adjust weightings to make it accurate and a reflection of the needs of your business AND IT departments.  You can skip levels, be at different levels of maturity for different business dimensions.  You work on advancing the use of services in the dimension that gives you the most business value, you don’t have to give them all “equal attention” or get them to the same level.

Resources

The following resources are available if you are interested in learning more about the OSIMM V2 Standard:

IBM is also presenting next week during The Open Group Conference in San Francisco, which will discuss how to extend OSIMM for your organization.

Heather KregerHeather Kreger is IBM’s lead architect for Smarter Planet, Policy, and SOA Standards in the IBM Software Group, with 15 years of standards experience. She has led the development of standards for Cloud, SOA, Web services, Management and Java in numerous standards organizations, including W3C, OASIS, DMTF, and Open Group.Heather is currently co-chair for The Open Group’s SOA Work Group and liaison for the Open Group SOA and Cloud Work Groups to ISO/IEC JTC1 SC7 SOA SG and INCITS DAPS38 (US TAG to ISO/IEC JTC 1 SC38). Heather is also the author of numerous articles and specifications, as well as the book Java and JMX, Building Manageable Systems, and most recently was co-editor of Navigating the SOA Open Standards Landscape Around Architecture.

1 Comment

Filed under Cloud/SOA, Service Oriented Architecture, Standards

SOCCI: Behind the Scenes

By E.G. Nadhan, HP

Cloud Computing standards, like other standards go through a series of evolutionary phases similar to the ones I outlined in the Top 5 phases of IaaS standards evolution. IaaS standards, in particular, take longer than their SaaS and PaaS counterparts because a balance is required between the service-orientation of the core infrastructure components in Cloud Computing.

This balance is why today’s announcement of the release of the industry’s first technical standard, Service Oriented Cloud Computing Infrastructure (SOCCI) is significant.

As one of the co-chairs of this project, here is some insight into the manner in which The Open Group went about creating the definition of this standard:

  • Step One: Identify the key characteristics of service orientation, as well as those for the cloud as defined by the National Institute of Standards and Technology (NIST). Analyze these characteristics and the resulting synergies through the application of service orientation in the cloud. Compare and contrast their evolution from the traditional environment through service orientation to the Cloud.
  • Step Two: Identify the key architectural building blocks that enable the Operational Systems Layer of the SOA Reference Architecture and the Cloud Reference Architecture that is in progress.
  • Step Three: Map these building blocks across the architectural layers while representing the multi-faceted perspectives of various viewpoints including those of the consumer, provider and developer.
  • Step Four: Define a Motor Cars in the Cloud business scenario: You, the consumer  are downloading auto-racing videos through an environment managed by a Service Integrator which requires the use of services for software, platform and infrastructure along with  traditional technologies. Provide a behind-the-curtains perspective on the business scenario where the SOCCI building blocks slowly but steadily come to life.
  • Step Five: Identify the key connection points with the other Open Group projects in the areas of architecture, business use cases, governance and security.

The real test of a standard is in its breadth of adoption. This standard can be used in multiple ways by the industry at large in order to ensure that the architectural nuances are comprehensively addressed. It could be used to map existing Cloud-based deployments to a standard architectural template. It can also serve as an excellent set of Cloud-based building blocks that can be used to build out a new architecture.

Have you taken a look at this standard? If not, please do so. If so, where and how do you think this standard could be adopted? Are there ways that the standard can be improved in future releases to make it better suited for broader adoption? Please let me know your thoughts.

This blog post was originally posted on HP’s Grounded in the Cloud Blog.

HP Distinguished Technologist, E.G.Nadhan has over 25 years of experience in the IT industry across the complete spectrum of selling, delivering and managing enterprise level solutions for HP customers. He is the founding co-chair for The Open Group SOCCI project and is also the founding co-chair for the Open Group Cloud Computing Governance project.

Comments Off

Filed under Cloud, Cloud/SOA, Semantic Interoperability, Service Oriented Architecture, Standards

First Technical Standard for Cloud Computing – SOCCI

By E.G. Nadhan, HP

The Open Group just announced the availability of its first Technical Standard for the Cloud – Service Oriented Cloud Computing Infrastructure Framework (SOCCI), which outlines the concepts and architectural building blocks necessary for infrastructures to support SOA and Cloud initiatives. HP has played a leadership role in the definition and evolution of this standard within The Open Group.

SOCCI.png

As a platinum member of The Open Group, HP’s involvement started with the leadership of the Service Oriented Infrastructure project that I helped co-chair. As the Cloud Computing Working Group started taking shape, I suggested expanding this project into the working group, which resulted in the formation of the Service Oriented Cloud Computing Infrastructure project. This project was co-chaired by Tina Abdollah of IBM and myself and operated under the auspices of both the SOA and Cloud Computing Working Groups.

Infrastructure has been traditionally provisioned in a physical manner. With the evolution of virtualization technologies and application of service-orientation to infrastructure, it can now be offered as a service. SOCCI is the realization of an enabling framework of service-oriented components for infrastructure to be provided as a service in the cloud.

Service Oriented Cloud Computing Infrastructure (SOCCI) is a classic intersection of multiple paradigms in the industry – infrastructure virtualization, service-orientation and the cloud – an inevitable convergence,” said Tom Hall, Global Product Marketing Manager, Cloud and SOA Applications, HP Enterprise Services. “HP welcomes the release of the industry’s first cloud computing standard by The Open Group. This standard provides a strong foundation for HP and The Open Group to work together to evolve additional standards in the SOA and Cloud domains.”

This standard can be leveraged in one or more of the following ways:

  • Comprehend service orientation and Cloud synergies
  • Extend adoption of  traditional and service-oriented infrastructure in the Cloud
  • Leverage consumer, provider and developer viewpoints
  • Incorporate SOCCI building blocks into Enterprise Architecture
  • Implement Cloud-based solutions using different infrastructure deployment models
  • Realize business solutions referencing the SOCCI Business Scenario
  • Apply Cloud governance considerations and recommendations

The Open Group also announced the availability of the SOA Reference Architecture, a blueprint for creating and evaluating SOA solutions.

Standards go through a series of evolution phases as I outline in my post on Evolution of IaaS standards.  The announcement of the SOCCI Technical Standard will give some impetus to the evolution of IaaS standards in the Cloud somewhere between the experience and consensus phases.

It was a very positive experience co-chairing the evolution of the SOCCI standard within The Open Group working with other member companies from several enterprises with varied perspectives.

Have you taken a look at this standard?  If not, please do so.  And for those who have, where and how do you think this standard could be adopted?  Are there ways that the standard can be improved in future releases to make it better suited for broader adoption?  Please let me know!

This blog post was originally posted on HP’s Enterprise Services Blog.

HP Distinguished Technologist, E.G.Nadhan has over 25 years of experience in the IT industry across the complete spectrum of selling, delivering and managing enterprise level solutions for HP customers. He is the founding co-chair for The Open Group SOCCI project and is also the founding co-chair for the Open Group Cloud Computing Governance project.

1 Comment

Filed under Cloud, Cloud/SOA, Service Oriented Architecture, Standards

Security and Cloud Computing Themes to be explored at The Open Group San Francisco Conference

By The Open Group Conference Team

Cybersecurity and Cloud Computing are two of the most pressing trends facing enterprises today. The Open Group Conference San Francisco will feature tracks on both trends where attendees can learn about the latest developments in both disciplines as well as hear practical advice for implementing both secure architectures and for moving enterprises into the Cloud.  Below are some of the highlights and featured speakers from both tracks.

Security

The San Francisco conference will provide an opportunity for practitioners to explore the theme of “hacktivism,” the use and abuse of IT to drive social change, and its potential impact on business strategy and Enterprise Transformation.  Traditionally, IT security has focused on protecting the IT infrastructure and the integrity of the data held within.  However, in a rapidly changing world where hacktivism is an enterprise’s biggest threat, how can enterprise IT security respond?

Featured speakers and panels include:

  • Steve Whitlock, Chief Security Strategist, Boeing, “Information Security in the Internet Age”
  • Jim Hietala, Vice President, Security, The Open Group, “The Open Group Security Survey Results”
  • Dave Hornford, Conexiam, and Chair, The Open Group Architecture Forum, “Overview of TOGAF® and SABSA® Integration White Paper”
  • Panel – “The Global Supply Chain: Presentation and Discussion on the Challenges of Protecting Products Against Counterfeit and Tampering”

Cloud Computing

According to Gartner, Cloud Computing is now entering the “trough of disillusionment” on its hype cycle. It is critical that organizations better understand the practical business, operational and regulatory issues associated with the implementation of Cloud Computing in order to truly maximize its potential benefits.

Featured speakers and panels include:

  • David JW Gilmour, Metaplexity Associates, “Architecting for Information Security in a Cloud Environment”
  • Chris Lockhart, Senior Enterprise Architect, UnitedHeal, “Un-Architecture: How a Fortune 25 Company Solved the Greatest IT Problem”
  • Penelope Gordon, Cloud and Business Architect, 1Plug Corporation, “Measuring the Business Performance of Cloud Products”
  • Jitendra Maan, Tata Consultancy, “Mobile Intelligence with Cloud Strategy”
  • Panel – “The Benefits, Challenges and Survey of Cloud Computing Interoperability and Portability”
    • Mark Skilton, Capgemini; Kapil Bakshi, Cisco; Jeffrey Raugh, Hewlett-Packard

Please join us in San Francisco for these speaking tracks, as well as those on our featured them of Enterprise Transformation and the role of enterprise architecture. For more information, please go to the conference homepage: http://www3.opengroup.org/sanfrancisco2012

2 Comments

Filed under Cloud, Cloud/SOA, Cybersecurity, Information security, Security Architecture, Semantic Interoperability, TOGAF

2012 Open Group Predictions, Vol. 2

By The Open Group

Continuing on the theme of predictions, here are a few more, which focus on enterprise architecture, business architecture, general IT and Open Group events in 2012.

Enterprise Architecture – The Industry

By Leonard Fehskens, VP of Skills and Capabilities

Looking back at 2011 and looking forward to 2012, I see growing stress within the EA community as both the demands being placed on it and the diversity of opinions within it increase. While this stress is not likely to fracture the community, it is going to make it much more difficult for both enterprise architects and the communities they serve to make sense of EA in general, and its value proposition in particular.

As I predicted around this time last year, the conventional wisdom about EA continues to spin its wheels.  At the same time, there has been a bit more progress at the leading edge than I had expected or hoped for. The net effect is that the gap between the conventional wisdom and the leading edge has widened. I expect this to continue through the next year as progress at the leading edge is something like the snowball rolling downhill, and newcomers to the discipline will pronounce that it’s obvious the Earth is both flat and the center of the universe.

What I had not expected is the vigor with which the loosely defined concept of business architecture has been adopted as the answer to the vexing challenge of “business/IT alignment.” The big idea seems to be that the enterprise comprises “the business” and IT, and enterprise architecture comprises business architecture and IT architecture. We already know how to do the IT part, so if we can just figure out the business part, we’ll finally have EA down to a science. What’s troubling is how much of the EA community does not see this as an inherently IT-centric perspective that will not win over the “business community.” The key to a truly enterprise-centric concept of EA lies inside that black box labeled “the business” – a black box that accounts for 95% or more of the enterprise.

As if to compensate for this entrenched IT-centric perspective, the EA community has lately adopted the mantra of “enterprise transformation”, a dangerous strategy that risks promising even more when far too many EA efforts have been unable to deliver on the promises they have already made.

At the same time, there is a growing interest in professionalizing the discipline, exemplified by the membership of the Association of Enterprise Architects (AEA) passing 20,000, TOGAF® 9 certifications passing 10,000, and the formation of the Federation of Enterprise Architecture Professional Organizations (FEAPO). The challenge that we face in 2012 and beyond is bringing order to the increasing chaos that characterizes the EA space. The biggest question looming seems to be whether this should be driven by IT. If so, will we be honest about this IT focus and will the potential for EA to become a truly enterprise-wide capability be realized?

Enterprise Architecture – The Profession

By Steve Nunn, COO of The Open Group and CEO of the Association of Enterprise Architects

It’s an exciting time for enterprise architecture, both as an industry and as a profession. There are an abundance of trends in EA, but I wanted to focus on three that have emerged and will continue to evolve in 2012 and beyond.

  • A Defined Career Path for Enterprise Architects: Today, there is no clear career path for the enterprise architect. I’ve heard this from college students, IT and business professionals and current EAs. Up until now, the skills necessary to succeed and the roles within an organization that an EA can and should fill have not been defined. It’s imperative that we determine the skill sets EAs need and the path for EAs to acquire these skills in a linear progression throughout their career. Expect this topic to become top priority in 2012.
  • Continued EA Certification Adoption: Certification will continue to grow as EAs seek ways to differentiate themselves within the industry and to employers. Certifications and memberships through professional bodies such as the Association of Enterprise Architects will offer value to members and employers alike by identifying competent and capable architects. This growth will also be supported by EA certification adoption in emerging markets like India and China, as those countries continue to explore ways to build value and quality for current and perspective clients, and to establish more international credibility.
  • Greater Involvement from the Business: As IT investments become business driven, business executives controlling corporate strategy will need to become more involved in EA and eventually drive the process. Business executive involvement will be especially helpful when outsourcing IT processes, such as Cloud Computing. Expect to see greater interest from executives and business schools that will implement coursework and training to reflect this shift, as well as increased discussion on the value of business architecture.

Business Architecture – Part 2

By Kevin Daley, IBM and Vice-Chair of The Open Group Business Forum

Several key technologies have reached a tipping point in 2011 that will move them out of the investigation and validation by enterprise architects and into the domain of strategy and realization for business architects. Five areas where business architects will be called upon for participation and effort in 2012 are related to:

  • Cloud: This increasingly adopted and disruptive technology will help increase the speed of development and change. The business architect will be called upon to ensure the strategic relevancy of transformation in a repeatable fashion as cycle times and rollouts happen faster.
  • Social Networking / Mobile Computing: Prevalent consumer usage, global user adoption and improvements in hardware and security make this a trend that cannot be ignored. The business architect will help develop new strategies as organizations strive for new markets and broader demographic reach.
  • Internet of Things: This concept from 2000 is reaching critical mass as more and more devices become communicative. The business architect will be called on to facilitate the conversation and design efforts between operational efforts and technologies managing the flood of new and usable information.
  • Big Data and Business Intelligence: Massive amounts of previously untapped data are being exposed, analyzed and made insightful and useful. The business architect will be utilized to help contain the complexity of business possibilities while identifying tactical areas where the new insights can be integrated into existing technologies to optimize automation and business process domains.
  • ERP Resurgence and Smarter Software: Software purchasing looks to continue its 2011 trend towards broader, more intuitive and feature-rich software and applications.  The business architect will be called upon to identify and help drive getting the maximum amount of operational value and output from these platforms to both preserve and extend organizational differentiation.

The State of IT

By Dave Lounsbury, CTO

What will have a profound effect on the IT industry throughout 2012 are the twin horses of mobility and consumerization, both of which are galloping at full tilt within the IT industry right now. Key to these trends are the increased use of personal devices, as well as favorite consumer Cloud services and social networks, which drive a rapidly growing comfort among end users with both data and computational power being everywhere. This comfort brings a level of expectations to end users who will increasingly want to control how they access and use their data, and with what devices. The expectation of control and access will be increasingly brought from home to the workplace.

This has profound implications for core IT organizations. There will be less reliance on core IT services, and with that an increased expectation of “I’ll buy the services, you show me know to knit them in” as the prevalent user approach to IT – thus requiring increased attention to use of standards conformance. IT departments will change from being the only service providers within organizations to being a guiding force when it comes to core business processes, with IT budgets being impacted. I see a rapid tipping point in this direction in 2012.

What does this mean for corporate data? The matters of scale that have been a part of IT—the overarching need for good architecture, security, standards and governance—will now apply to a wide range of users and their devices and services. Security issues will loom larger. Data, apps and hardware are coming from everywhere, and companies will need to develop criteria for knowing whether systems are robust, secure and trustworthy. Governments worldwide will take a close look at this in 2012, but industry must take the lead to keep up with the pace of technology evolution, such as The Open Group and its members have done with the OTTF standard.

Open Group Events in 2012

By Patty Donovan, VP of Membership and Events

In 2012, we will continue to connect with members globally through all mediums available to us – our quarterly conferences, virtual and regional events and social media. Through coordination with our local partners in Brazil, China, France, Japan, South Africa, Sweden, Turkey and the United Arab Emirates, we’ve been able to increase our global footprint and connect members and non-members who may not have been able to attend the quarterly conferences with the issues facing today’s IT professionals. These events in conjunction with our efforts in social media has led to a rise in member participation and helped further develop The Open Group community, and we hope to have continued growth in the coming year and beyond.

We’re always open to new suggestions, so if you have a creative idea on how to connect members, please let me know! Also, please be sure to attend the upcoming Open Group Conference in San Francisco, which is taking place on January 30 through February 3. The conference will address enterprise transformation as well as other key issues in 2012 and beyond.

9 Comments

Filed under Business Architecture, Cloud, Cloud/SOA, Data management, Enterprise Architecture, Semantic Interoperability, Standards

Save the Date—The Open Group Conference San Francisco!

By Patty Donovan, The Open Group

It’s that time again to start thinking ahead to The Open Group’s first conference of 2012 to be held in San Francisco, January 30 – February 3, 2012. Not only do we have a great venue for the event, the Intercontinental Mark Hopkins (home of the famous “Top of the Mark” sky lounge—with amazing views of all of San Francisco!), but we have stellar line up for our winter conference centered on the theme of Enterprise Transformation.

Enterprise Transformation is a theme that is increasingly being used by organizations of all types to represent the change processes they implement in response to internal and external business drivers. Enterprise Architecture (EA) can be a means to Enterprise Transformation, but most enterprises today because EA is still largely limited to the IT department and transformation must go beyond the IT department to be successful. The San Francisco conference will focus on the role that both IT and EA can play within the Enterprise Transformation process, including the following:

  • The differences between EA and Enterprise Transformation and how they relate  to one another
  • The use of EA to facilitate Enterprise Transformation
  • How EA can be used to create a foundation for Enterprise Transformation that the Board and business-line managers can understand and use to their advantage
  • How EA facilitates transformation within IT, and how does such transformation support the transformation of the enterprise as a whole
  • How EA can help the enterprise successfully adapt to “disruptive technologies” such as Cloud Computing and ubiquitous mobile access

In addition, we will be featuring a line-up of keynotes by some of the top industry leaders to discuss Enterprise Transformation, as well as themes around our regular tracks of Enterprise Architecture and Professional Certification, Cloud Computing and Cybersecurity. Keynoting at the conference will be:

  • Joseph Menn, author and cybersecurity correspondent for the Financial Times (Keynote: What You’re Up Against: Mobsters, Nation-States and Blurry Lines)
  • Celso Guiotoko, Corporate Vice President and CIO, Nissan Motor Co., Ltd. (Keynote: How Enterprise Architecture is helping NISSAN IT Transformation)
  • Jeanne W. Ross, Director & Principal Research Scientist, MIT Center for Information Systems Research (Keynote: The Enterprise Architect: Architecting Business Success)
  • Lauren C. States, Vice President & Chief Technology Officer, Cloud Computing and Growth Initiatives, IBM Corp. (Keynote: Making Business Drive IT Transformation Through Enterprise Architecture)
  • Andy Mulholland, Chief Global Technical Officer, Capgemini (Keynote: The Transformed Enterprise)
  • William Rouse, Executive Director, Tennenbaum Institute at Georgia Institute of Technology (Keynote: Enterprise Transformation: An Architecture-Based Approach)

For more on the conference tracks or to register, please visit our conference registration page. And stay tuned throughout the next month for more sneak peeks leading up to The Open Group Conference San Francisco!

1 Comment

Filed under Cloud, Cloud/SOA, Cybersecurity, Data management, Enterprise Architecture, Semantic Interoperability, Standards

The Open Group Surpasses 400 Member Milestone

By Allen Brown, The Open Group

I’m pleased to announce The Open Group has recently surpassed the 400 member mark. Reaching this milestone is a true testament to the commitment our members and staff have made to promoting open standards over the past 25 years.

The Open Group’s strategy has been shaped by IT users through the development of open, vendor-neutral standards and certifications. Today’s milestone validates that this strategy is continuing to resonate, particularly with global organizations that demand greater interoperability, trusted ways to architect their information systems and qualified IT people to lead the effort.

Our members continue to collaborate on developing long term, globally accepted solutions surrounding the most critical IT issues facing business today. Some of the work areas include Enterprise Architecture, Cloud Computing, real-time and embedded systems, operating platform, semantic interoperability and cyber-security to name a few. The members’ leadership around these issues is increasingly global through a larger roster of regional events and local offices now based in China, France, Japan, South Africa, South America, Sweden, Turkey, the United Arab Emirates, the UK and US. As a result, we now have more than 30,000 individual members participating from 400 global organizations in more than 85 countries worldwide.

This is a great milestone to end the year on, and we’re looking forward to celebrating more occasions like it resulting from the members’ hard work and contributions in 2012.

2 Comments

Filed under Enterprise Transformation, Semantic Interoperability, Standards

Why do pencils have erasers?

By Andrew Josey and Garry Doherty, The Open Group

We know that TOGAF® isn’t perfect. In fact, it probably never will be, but sometimes, especially after a major release, it’s a good idea to stop and look backwards after its been in implementation for a while… just to make sure we’ve gotten it right and to review the standard for reasons of further clarification and to improve consistency.

That’s why we’re releasing TOGAF® 9.1. It contains a set of corrections to address comments raised since the introduction of TOGAF® 9 in 2009. We have been able to address over 400 of the comments received against TOGAF® 9, resulting in over 450 changes to the standard.

The maintenance updates in TOGAF® 9.1 are based on feedback received on the framework as organizations have put it to good use over the past three years. As such the changes are upwards compatible adding clarification, consistency and additional detail where needed. Some of the most significant updates include:

  • The SOA chapter (Part III, Chapter 22, Using TOGAF to Define & Govern SOAs) has been updated to include the latest Open Group SOA Work Group output providing guidance on adapting the ADM phases for SOA
  • ADM Phases E and F (Part II, Chapters 13 and 14) have been reworked to match the level of detail in other phases, and the uses of terminology for Transition Architecture, Roadmap, and Implementation Strategy clarified and made consistent
  • Corrections have been applied to aspects of the Content Metamodel (Part IV, Chapter 34, The Content Metamodel) including the metamodel diagrams
  • The concepts of levels, iterations and partitions have been clarified and made consistent. This includes a reorganization of material in Part III, Chapter 19, Applying Iteration to the ADM and Chapter 20, Applying the ADM across the Architecture Landscape, and also Part V, Chapter 40, Architecture Partitioning
  • The terms “artifact” versus “viewpoint” have been clarified and made consistent. This includes a restructuring of Part IV, Chapter 35, Architectural Artifacts
  • Changes have been made to improve general usability including:
    • The artifacts for each phase are now listed in the phase descriptions
    • Duplicate text in several places has been replaced with an appropriate reference
    • The “Objectives” sections of the phases have been reworked
    • Some artifacts have been renamed to better reflect their usage

If you’re already TOGAF® 9 certified,  don’t worry about the status of your certification. The TOGAF® 9 Certification for People Program has been designed to accommodate maintenance updates to the TOGAF® 9 standard such as TOGAF® 9.1. So impacts on the program are minimal:

  • The two levels of certification remain as TOGAF® 9 Foundation and TOGAF® 9 Certified.
  • Individuals who are currently certified in the TOGAF® 9 People Certification program remain certified.

TOGAF 9.1 is available for online reading at http://www.opengroup.org/togaf/ and available in The Open Group Bookstore at http://www.opengroup.org/bookstore/catalog/g116.htm .

A detailed description of the changes between TOGAF 9 and TOGAF 9.1 is available at http://www.opengroup.org/bookstore/catalog/u112.htm .

So now you know why pencils have erasers… because perfection is a constantly moving target!

5 Comments

Filed under Enterprise Architecture, Standards, TOGAF, TOGAF®

The future – ecosystems and standards

By Mark Skilton, Capgemini

This article is a continuation of a series on standards by Mark Stilton. Read his previous posts on “Why standards in information technology are critical and “Innovation in the Cloud needs open standards.”

The evolution of standards has become a big domain issue. The world has moved from the individual languages of resources and transactions into architectural standards that seek to describe how different sets of resources, interfaces and interactions can be designed to work together. But this concept has now gone further in networked societies.

In this new “universe” of online and physical services, new channels, portals, devices and services are emerging that create new integration and compositions of services. New business models are emerging as a result, which are impacting existing markets and incumbents as well as creating new rules and standards.  Old standards and policies such as digital privacy and cross-border intellectual property are being challenged by these new realities. Ignoring these is not an option, as companies and whole countries are realizing the need to keep up-to-date and aware of these developments that impact their own locations and economies.

This means the barriers and accelerators to individual markets and new markets are evolving and in constant dynamic change. Standards and interoperability are at the center of these issues and affect the very levers of change in markets.

Cloud Computing is one such phenomenon rewriting the rules on information exchange and business models for provisioning and delivery of products and services. The impact of Cloud Computing on competitive advantage is significant in the way it has lowered barriers to access of markets and collaboration. It has increased speed of provisioning and potential for market growth and expansion through the distributed power of the Internet. The connectivity and extensions of business models brought about by these trends is changing previously held beliefs and competitive advantages of ownership and relationships.

The following diagram was presented at The Open Group Conference, Amsterdam in the fall  of 2010.

The Internet of Things (IOT) is an example of this trend that is seen in the area of Radio Frequency Identification (RFID) tags of materials and products for automatic tracking. But this is just one example of interoperability emerging across industries. Large-scale telecommunications networks now have the ability to reach and integrate large areas of the marketplace through fixed and now wireless mobile communications networks.

This vision can create new possibilities beyond just tagging and integration of supply chains; it hints towards a possibility of social networks, business networks and value chains being able to create new experiences and services through interconnectedness.

Mark Skilton, Director, Capgemini, is the Co-Chair of The Open Group Cloud Computing Work Group. He has been involved in advising clients and developing of strategic portfolio services in Cloud Computing and business transformation. His recent contributions include the publication of Return on Investment models on Cloud Computing widely syndicated that achieved 50,000 hits on CIO.com and in the British Computer Society 2010 Annual Review. His current activities include development of a new Cloud Computing Model standards and best practices on the subject of Cloud Computing impact on Outsourcing and Off-shoring models and contributed to the second edition of the Handbook of Global Outsourcing and Off-shoring published through his involvement with Warwick Business School UK Specialist Masters Degree Program in Information Systems Management.

1 Comment

Filed under Cloud, Standards

Innovation in the Cloud needs open standards

By Mark Skilton, Capgemini

This article is a continuation of a series on standards by Mark Stilton. Read his previous post on “Why standards in information technology are critical.

The forces of innovation are seen in the power of broadband, mass computing power, dynamic new mobile cell devices and tablets, new social networking software and new advanced technologies in fields such as medical scanners, multi-media, education, robotics and electronics. These disruptions are jumps that can make huge leaps in societal quality of life and benefit for all. And with every advance there can be counterproductive and emergent issues that result which may be detrimental to markets, and to personal liberty and safety. There is a continuing debate over standards and policies that may or may not prejudice the legitimate rights of consumers, providers and governments that seek these benefits.

Standards evolve as a means for description and commonality as well as differentiation. Common utility services in the gas, electricity, and water amenities industry are examples that trade and provide services to mass markets. Likewise, in consumer electronics markets and network standards, we see interests in common interface and connector standards to enable consumer and providers to access and gain use of the products and services marketplaces. Without standards in areas that enable trade exchange, markets would be fragmented, limiting potential growth and evolution of new opportunities.

But equally, standards can create challenges to barriers in trade and adoption. Protection of intellectual property, closed technology platforms and protectionist and legislative control policies are consequences that can been seen as building competitive advantages; but equally can be limiting access and competition to existing and new markets.

This is a concern from large multi-national corporations to the plethora of SMBs, and to the individual. It can also be seen as a wider economic, societal and environmental issue, where disproportionate activities and resource consumption can affect green sustainability and intergovernmental and marketplace balance of power and growth.

Mark Skilton, Director, Capgemini, is the Co-Chair of The Open Group Cloud Computing Work Group. He has been involved in advising clients and developing of strategic portfolio services in Cloud Computing and business transformation. His recent contributions include the publication of Return on Investment models on Cloud Computing widely syndicated that achieved 50,000 hits on CIO.com and in the British Computer Society 2010 Annual Review. His current activities include development of a new Cloud Computing Model standards and best practices on the subject of Cloud Computing impact on Outsourcing and Off-shoring models and contributed to the second edition of the Handbook of Global Outsourcing and Off-shoring published through his involvement with Warwick Business School UK Specialist Masters Degree Program in Information Systems Management.

2 Comments

Filed under Cloud, Standards

The Open Group releases O-ACEML standard, automates compliance configuration

By Jim Hietala, The Open Group

The Open Group recently published the Open Automated Compliance Expert Markup Language (O-ACEML) standard. This new technical standard addresses needs to automate the process of configuring IT environments to meet compliance requirements. O-ACEML will also enable customer organizations and their auditors to streamline data gathering and reporting on compliance postures.

O-ACEML is aimed at helping organizations to reduce the cost of compliance by easing manual compliance processes. The standard is an open, simple, and well defined XML schema that allows compliance requirements to be described in machine understandable XML, as opposed to requiring humans to interpret text from documents. The standard also allows for a remediation element, which enables multiple requirements (from different compliance regulations) to be blended into a single policy. An example of where this is needed would be in password length and complexity requirements, which may differ between different regulations. O-ACEML allows for the most secure setting to be selected and applied, enabling all of the regulations to be met or exceeded.

O-ACEML is intended to allow platform vendors and compliance management and IT-GRC providers to utilize a common language for exchanging compliance information. The existence of a single common standard will benefit platform vendors and compliance management tool vendors, by reducing development costs and providing a single data interchange format. Customer organizations will benefit by reducing costs for managing compliance in complex IT environments, and by increasing effectiveness. Where previously organizations might have just polled a small but representative sample of their environment to assess compliance, the existence of a standard allowing automated compliance checking makes it feasible to survey the entire environment rather than just a small sample. Organizations publishing government compliance regulations, as well as the de facto standard compliance organizations that have emerged in many industries will benefit by enabling more cost effective adoption and simpler compliance with their regulations and standards.

In terms of how O-ACEML relates to other compliance related standards and content frameworks, it has similarities and differences to NIST’s Security Content Automation Protocol (SCAP), and to the Unified Compliance Framework (UCF). One of the main differences is that O-ACEML was architected such that a Compliance Organization could author its IT security requirements in a high-level language, without the need to understand the specific configuration command and settings an OS or device will use to implement the requirement. A distinguishing capability of O-ACEML is that it gathers artifacts as it moves from Compliance Organization directive, implementation on a particular device, and the result of the configuration command. The final step of this automation not only produces a computer system configured meet or exceed the compliance requirements, it also produces an xml document from which compliance reporting can be simplified. The Open Group plans to work with NIST and the creators of the UCF to ensure interoperability and integration between O-ACEML and SCAP and UCF.

If you have responsibility for managing compliance in your organization, or if you are a vendor whose software product involves compliance or security configuration management, we invite you to learn more about O-ACEML.

An IT security industry veteran, Jim Hietala is Vice President of Security at The Open Group, where he is responsible for security programs and standards activities. He holds the CISSP and GSEC certifications. Jim is based in the U.S.

8 Comments

Filed under Cybersecurity, Standards

Why standards in information technology are critical

By Mark Skilton, Capgemini

See the next article in Mark’s series on standards here.

Information technology as an industry is at the center of communications and exchange of information, and increasingly, fully digitized products and services. Its span of influence and control is enabled through the ability of protocols, syntax and nomenclatures to be defined and known between consumers and providers. The Internet is testament to HTTP, TCP-IP, HTML, URL, MAC and XML standards that have become universal languages to enable its very existence. These “universal common standards” are an example of a homogenous, all-pervasive standard that enables the construction and use of resources and connections that are built on these standards.

These “building blocks” are a necessary foundation to enable more advanced language and exchange interactions to become possible. It can be argued that with every new technology advance, a new language is needed to express and drive that new advance. Prior to the Internet, earlier standards of timeshare mainframes, virtual memory, ISA chip architecture and fiber optics established scale and increasing capacity to affect simple to more complex tasks. There simply was no universal protocol-based standards that could support the huge network of wired and wireless communications. Commercial-scale computing was locked and limited inside mainframe and PC computers.

With federated distributed computing standards, all that changed. The Client-Server era enabled cluster intranet and peer-to-peer networks. Email exchange, web access and data base access evolved to be across a number of computers and to connect groups of computers together for shared resource services. The web browser running as a client program at the user computer enables access to information at any web server in the world. So standards come and go, and evolve in cycles as existing technology matures and new technologies and capabilities evolve much like the cycles of innovation explained in the development of technology and innovation seen in the published works of “Machine that Changed the World” by James Womack 1990, “Clock Speed” by Charles Fine in 1999 and recently the “Innovators Dilemma” by Clayton Christensen in the mid 2000’s.

The challenge is to position standards and policies to use those standards in a way that establish and enable products, services and markets to be created or developed. The Open Group does just that.

Mark Skilton will be presenting on “Building A Cloud Computing Roadmap View To Your Enterprise Planning” at The Open Group Conference, Austin, July 18-22. Join us for best practices and case studies on Enterprise Architecture, Cloud, Security and more, presented by preeminent thought leaders in the industry.

Mark Skilton, Director, Capgemini, is the Co-Chair of The Open Group Cloud Computing Work Group. He has been involved in advising clients and developing of strategic portfolio services in Cloud Computing and business transformation. His recent contributions include the publication of Return on Investment models on Cloud Computing widely syndicated that achieved 50,000 hits on CIO.com and in the British Computer Society 2010 Annual Review. His current activities include development of a new Cloud Computing Model standards and best practices on the subject of Cloud Computing impact on Outsourcing and Off-shoring models and contributed to the second edition of the Handbook of Global Outsourcing and Off-shoring published through his involvement with Warwick Business School UK Specialist Masters Degree Program in Information Systems Management.

4 Comments

Filed under Standards

“Making Standards Work®”

By Andrew Josey, The Open Group

Next month as part of the ongoing process of “Making Standards Work®,” we will be setting standards and policy with those attending the member meetings at The Open Group Conference, London, (May 9-12, Central Hall Westminster). The standards development activities include a wide range of subject areas from Cloud Computing, Tools and People certification, best practices for Trusted Technology, SOA and Quantum Lifecycle Management, as well as maintenance of existing standards such as TOGAF® and ArchiMate®. The common link with all these activities is that all of these are open standards developed by members of The Open Group.

Why do our members invest their time and efforts in development of open standards? The key reasons as I see them are as follows:

  1. Open standards are a core part of today’s infrastructure
  2. Open standards allow vendors to differentiate their offerings by offering a level of openness (portable interfaces and interoperability)
  3. Open standards establish a baseline from which competitors can innovate
  4. Open standards backed with certification enable customers to buy with increased confidence

This is all very well, you say — but what differentiates The Open Group from other standards organizations? Well, when The Open Group develops a new standard, we take an end-to-end view of the ecosystem all the way through from customer requirements, developing consensus standards to certification and procurement. We aim to deliver standards that meet a need in the marketplace and then back those up with certification that delivers an assurance about the products or in the case of people certification, their knowledge or skills and experience. We then take regular feedback on our standards, maintain them and evolve them according to marketplace needs. We also have a deterministic, timely process for developing our standards that helps to avoid the stalemate that can occur in some standards development.

Let’s look briefly at two of the most well known Open Group standards:  UNIX® and TOGAF®,. The UNIX® and TOGAF® standards are both examples of where a full ecosystem has been developed around the standard.

The UNIX® standard for operating systems has been around since 1995 and is now in its fourth major iteration. High reliability, availability and scalability are all attributes associated with certified UNIX® systems. As well as the multi-billion-dollar annual market in server systems from HP, Oracle, IBM and Fujitsu, there is an installed base of 50 million users* using The Open Group certified UNIX® systems on the desktop.

TOGAF® is the standard enterprise architecture method and framework. It encourages use with other frameworks and adoption of best practices for enterprise architecture. Now in its ninth iteration, it is freely available for internal use by any organization globally and is widely adopted with over 60% of the Fortune 50 and more than 80% of the Global Forbes 50. The TOGAF® certification program now has more than 15,000 certified individuals, including over 6,000 for TOGAF® 9.

If you are able to join us in London in May, I hope you will be able to also join us at the member meetings to continue making standards work. If you are not yet a member then I hope you will attend the conference itself and network with the members to find out more and consider joining us in Making Standards Work®!

For more information on The Open Group Standards Process visit http://www.opengroup.org/standardsprocess/

(*) Apple estimated number from Briefing October 2010. Mac OS X is certified to the UNIX 03 standard.

Standards development will be part of member meetings taking place at The Open Group Conference, London, May 9-13. Join us for best practices and case studies on Enterprise Architecture, Cloud, Security and more, presented by preeminent thought leaders in the industry.

Andrew Josey is Director of Standards within The Open Group, responsible for the Standards Process across the organization. Andrew leads the standards development activities within The Open Group Architecture Forum, including the development and maintenance of TOGAF® 9, and the TOGAF® 9 People certification program. He also chairs the Austin Group, the working group responsible for development and maintenance the POSIX 1003.1 standard that forms the core volumes of the Single UNIX® Specification. He is the ISO project editor for ISO/IEC 9945 (POSIX). He is a member of the IEEE Computer Society’s Golden Core and is the IEEE P1003.1 chair and the IEEE PASC Functional chair of Interpretations. Andrew is based in the UK.

Comments Off

Filed under Standards, TOGAF, UNIX

The Open Group Announces New Information Security Management Standard: O-ISM3

By Jim Hietala, The Open Group

The Open Group yesterday announced the approval of a new standard in information security, O-ISM3. This standard, which derives its name from The Open Group Information Security Management Maturity Model, aims to help information security managers and practitioners to more effectively manage information security. Information security management is one of two focus areas for The Open Group Security Forum (security architecture being the other).

The development of the O-ISM3 standard has been in process in the Security Forum for the past 18 months. Like all Open Group standards, O-ISM3 was developed through an open, consensus-based process. The O-ISM3 standard leverages work previously done by the ISM3 consortium to produce the ISM3 version 2.3 document.

O-ISM3 brings some fresh thinking to information security management. O-ISM3:

  • Provides a framework to align security objectives and security targets to overall business objectives
  • Delivers a much-needed continuous improvement approach to the management of information security
  • Expresses security outcomes in positive terms

O-ISM3 can be implemented as a top-down methodology to manage an entire information security program, or it can be deployed more tactically, starting with just a few information security processes. As such, it can deliver value to information security organizations of varying sizes, maturity levels, and in different industries.

The O-ISM3 standard is available free on The Open Group website (registration required), and on Kindle. The standard provides an approach which is complementary to ISO 27001/2, as well as to ITIL and COBIT.

The Open Group is conducting a series of webcasts on the O-ISM3 standard in April and May. Details and registration may be found here.

Many thanks to the many members of The Open Group who worked hard over the past 18 months to make O-ISM3 a reality. Many had a hand in developing O-ISM3 in the Security Forum, and I thank them all; however, I would be remiss if I did not recognize the leadership of workgroup chair Vicente Aceituno, who brought this work to The Open Group, and who has continued to work tirelessly to make O-ISM3 an important standard for information security.

The working group will in the coming months be developing maturity levels for O-ISM3, and exploring certification programs. If you have interest in O-ISM3 and these future developments, please contact us at ogsecurity-interest@opengroup.org and we will help you get involved.

Jim HietalaAn IT security industry veteran, Jim is Vice President of Security at The Open Group, where he is responsible for security programs and standards activities. He holds the CISSP and GSEC certifications. Jim is based in the U.S.

2 Comments

Filed under Information security, Standards