Tag Archives: cloud computing

Is Cloud Computing a “Buyers’ Market?”

By Mark Skilton, Global Director at Capgemini

At the Open Group Cannes Conference, a session we are providing is on the topic of “Selecting and Delivering Successful Cloud Products and Services.” This is an area that comes up frequently in establishing costs and benefits of on-demand solutions using the term Cloud Computing.

Cloud Computing terms have been overhyped in terms of their benefits and have saturated the general IT marketplace with all kinds of information systems stating rapid scalable benefits. Most of this may be true in the sense that readily available compute or storage capacity has commoditized in the infrastructure space. Software has also changed in functionality such that it can be contractually purchased now on a subscription basis. Users can easily subscribe to software that focuses on one or many business process requirements covering virtually all core and non-core business activities from productivity tools, project management, and collaboration to VOIP communication and business software applications all in a Software-as-a-Service (SaaS) business model.

I recently heard in conversation a view stating “Cloud Computing, it’s a buyers’ market,” meaning that customers and consumers could just pick their portfolio of software and hardware. But underlying this concept there are still some questions about using a commoditized approach to solving all your enterprise system’s needs.

Is this the whole story, when typically many organizations may seek competitive differentiation in user experience, unique transaction and functional business services? It’s ultimately more a commodity view of Cloud that matches commodity type requirements and functional needs of a customer. But, it does not fit the other 50 percent of customers who want Cloud products and characteristics but not a commodity.

The session in The Open Group Conference, Cannes on April 25 will cover the following key questions:

  • How to identify the key steps in a Cloud Products and Services selection and delivery lifecycle, avoiding tactical level decisions resulting in Cloud solution lock-in and lock-out in one or more of the stages?
  • How Cloud consumers can identify where Cloud products and services can augment and improve their business models and capabilities?
  • How Cloud providers can identify what types of Cloud products and services they can develop and deliver successfully to meet consumer and market needs?
  • What kinds of competitive differentiators to look for in consumer choice and in building providers’ value propositions?
  • What security standards, risk and certifications expertise are needed complement understanding Cloud Products and service advice?
  • What kinds of pricing, revenue and cost management on-demand models are needed to incentivize and build successful Cloud products and service consumption and delivery?
  • How to deal with contractual issues and governance across the whole lifecycle of Cloud Product and services from the perspectives of consumers and providers?

 Mark Skilton is Global Director for Capgemini, Strategy CTO Group, Global Infrastructure Services. His role includes strategy development, competitive technology planning including Cloud Computing and on-demand services, global delivery readiness and creation of Centers of Excellence. He is currently author of the Capgemini University Cloud Computing Course and is responsible for Group Interoperability strategy.

Comments Off

Filed under Cloud, Cloud/SOA, Conference

The Open Group Brings the Cloud to Cannes (Well, Let’s Hope That’s Only Metaphorically the Case)

By Stuart Boardman, KPN 

On Wednesday, April 25 at The Open Group Cannes Conference, we have a whole stream of sessions that will discuss Cloud Computing. There’s a whole bunch of interesting presentations on the program but one of the things that struck me in particular is how many of them are dealing with Cloud as an ecosystem. As a member of The Open Group’s Cloud Work Group, this is not a huge surprise for me (we do tell each other what we’re working on!), but it also happens to be a major preoccupation of mine at the moment, so I tend to notice occurrences of the word “ecosystem” or of related concepts. Outside of The Open Group in the wider Enterprise Architecture community, there’s more and more being written about ecosystems. The topic was the focus of my last Open Group blog .

On Wednesday, you’ll hear Boeing’s TJ Virdi and Kevin Sevigny with Conexiam Solutions talking about ecosystems in the context of Cloud and TOGAF. They’ll be talking about “how the Cloud Ecosystem impacts Enterprise Architecture,” which will include “an overview of how to use TOGAF to develop an Enterprise Architecture for the Cloud ecosystem.”  This work comes out of the Using TOGAF for Cloud Ecosystem project (TOGAF-CE), which they co-chair. Capgemini’s Mark Skilton kicks off the day with a session called “Selecting and Delivering Successful Cloud Products and Services.” If you’re wondering what that has to do with ecosystems, Mark pointed out to me that  “the ecosystem in that sense is business technology dynamics and the structural, trust models that….” – well I won’t spoil it – come along and hear a nice business take on the subject. In fact, I wonder who on that Wednesday won’t be talking in one way or another about ecosystems. Take a look at the agenda for yourself.

By the way, apart from the TOGAF-CE project, several other current Open Group projects deal with ecosystems. The Cloud Interaction Ecosystem Language (CIEL) project is developing a visual language for Cloud ecosystems and then there’s the Cloud Interoperability and Portability project, which inevitably has to concern itself with ecosystems. So it’s clearly a significant concept for people to be thinking about.

In my own presentation I’ll be zooming in on Social Business as a Cloud-like phenomenon. “What has that to do with Cloud?” you might be asking. Well quite a lot actually. Technologically most social business tools have a Cloud delivery model. But far more importantly a social business involves interaction across parties who may not have any formal relationship (e.g. provider to not-yet customer or to potential partner) or where the formal aspect of their relationship doesn’t include the social business part (e.g. engaging a customer in a co-creation initiative). In some forms it’s really an extended enterprise. So even if there were no computing involved, the relationship has the same Cloud-like, loosely coupled, service oriented nature. And of course there is a lot of information technology involved. Moreover, most of the interaction takes place over Internet- based services. In a successful social business these will not be the proprietary services of the enterprise but the public services of one or more market leading provider, because that’s where your customers and partners interact. Or to put it another way, you don’t engage your customers by making them come to you but by going to them.

I don’t want to stretch this too far. The point here is not to insist that Social Business is a form of Cloud but rather that they have comparable types of ecosystem and that they are therefore amenable to similar analysis methods. There are of course essential parts of Cloud that are purely the business of the provider and are quite irrelevant to the ecosystem (the ecosystem only cares about what they deliver). Interestingly one can’t really say that about social business – that really is all about the ecosystem. It may not matter whether we think the IT underlying social business is really Cloud computing but it most certainly is part of the ecosystem.

In my presentation, I’ll be looking at techniques we can use to help us understand what’s going on in an ecosystem and how changes in one place can have unexpected effects elsewhere – if we don’t understand it properly. My focus is one part of the whole body of work that needs to be done. There is work being done on how we can capture the essence of a Cloud ecosystem (CIEL). There is work being done on how we can use TOGAF to help us describe the architecture of a Cloud ecosystem (TOGAF-CE). There is work being done on how to model ecosystem behavior in general (me and others). And there’s work being done in many places on how ecosystem participants can interoperate. At some point we’ll need to bring all this together but for now, as long as we all keep talking to each other, each of the focus areas will enrich the others. In fact I think it’s too early to try to construct some kind of grand unified theory out of it all. We’d just produce something overly complex that no one knew how to use. I hope that TOGAF Next will give us a home for some of this – not in core TOGAF but as part of the overall guidance – because enterprises are more and more drawn into and dependent upon their surrounding ecosystems and have an increasing need to understand them. And Cloud is accelerating that process.

You can expect a lot of interesting insights on Wednesday, April 25. Come along and please challenge the presenters, because we too have a lot to learn.

Stuart Boardman is a Senior Business Consultant with KPN where he co-leads the Enterprise Architecture practice as well as the Cloud Computing solutions group. He is co-lead of The Open Group Cloud Computing Work Group’s Security for the Cloud and SOA project and a founding member of both The Open Group Cloud Computing Work Group and The Open Group SOA Work Group. Stuart is the author of publications by the Information Security Platform (PvIB) in The Netherlands and of his previous employer, CGI. He is a frequent speaker at conferences on the topics of Cloud, SOA, and Identity. 

Comments Off

Filed under Cloud, Conference, Enterprise Architecture, TOGAF®

Enterprise Transformation Takes the French Riviera

By The Open Group Conference Team

The Open Group Conference in Cannes, France is just around the corner. Taking place April 23-27, the conference will bring together leading minds in technology to discuss the process of Enterprise Transformation, and the role of Enterprise Architecture (EA) and IT in Enterprise Transformation.

The French Riviera is a true playground for the rich and famous. As the location of the next Open Group Conference, (not to mention the next Open Cannes Awards) it seems only fitting that we not only have an incredible venue for the event, the JW Marriott Cannes, but have our own star-studded lineup of speakers, sessions and activities that are sure to make the conference an unforgettable experience.

In addition to tutorial sessions on TOGAF and ArchiMate, the conference offers roughly 60 sessions on a varied of topics, including:

  • Enterprise Transformation, including Enterprise Architecture and SOA
  • Cybersecurity, Cloud Security and Trusted Technology for the Supply Chain
  • Cloud Computing for Business, Collaborative Cloud Frameworks and Cloud Architectures

The conference theme “Enterprise Transformation” will highlight how Enterprise Architecture can be used to truly change how companies do business and create models and architectures that help them make those changes. Keynote speakers include:

  • Dr. Alexander Osterwalder, Best-selling Author and Entrepreneur

Dr. Osterwalder is a renowned thought leader on business model design and innovation. Many executives and entrepreneurs and world-leading organizations have applied Dr. Osterwalderʼs approach to strengthen their business model and achieve a competitive advantage through business model innovation. His keynote session at the conference, titled: “Business Models, IT, and Enterprise Transformation,” will discuss how to use the Business Model Canvas approach to better align IT and business strategy, empower multi-disciplinary teams and contribute to Enterprise Transformation.

  • Herve Gouezel, Advisor to the CEO at BNP Paribas & Eric Boulay, Founder and CEO of Arismore

Keynote: “EA and Transformation: An Enterprise Issue, a New Role for the CIO?” will examine governance within the Enterprise and what steps need to take place to create a collaborative Enterprise.

  • Peter Haviland, Chief Architect and Head of Business Architecture Advisory Services at Ernst & Young, US

Keynote: “World Class EA 2012: Putting Your Architecture Team in the Middle of Enterprise Transformation,” will identify and discuss key activities leading practice architecture teams are performing to create and sustain value, to remain at the forefront of enterprise transformation.

  • Kirk Avery, Software Architect at Lockheed Martin & Robert Sweeney, MSMA Lead Systems Engineer at Naval Air Systems Command

Keynote: “FACE: Transforming the DoD Avionics Software Industry Through the Use of Open Standards,” will address the DoD Avionics Industry’s need for providing complex mission capability in less time and in an environment of shrinking government budgets

The Common Criteria Workshop and the European Commission

We are also pleased to be hosting the first Common Criteria Workshop during the Cannes Conference. This two-day event – taking place April 25 to 26 – offers a rich opportunity to hear from distinguished speakers from the Common Criteria Security community, explore viewpoints through panel discussions and work with minded people towards common goals.

One of the keynote speakers during the workshop is Andrea Servida, the Deputy Head of the Internet, Network and Information Security unit with the European Commission in Brussels, Belgium. With extensive experience defining and implementing strategies and policies on network and information security and critical information infrastructure protection, Mr. Servida is an ideal speaker as we kick-off the first workshop.

The Open Cannes Awards

What trip would be complete to Cannes without an awards ceremony? Presented by The Open Group, The Open Cannes Awards is an opportunity for our members to recognize each other’s accomplishments within The Open Group with a little fun during the gala ceremony on the night of Tuesday, April 24. The goal is to acknowledge the success stories, the hard work and dedication that members, either as individuals or as organizations, have devoted to The Open Group’s ideals and vision over the past decade.

We hope to see you in Cannes! For more information on the conference tracks or to register, please visit our conference registration page, and please stay tuned throughout the next month as we continue to release blog posts and information leading up to The Open Group Conference in Cannes, France!

Comments Off

Filed under Cloud, Cloud/SOA, Conference, Cybersecurity, Enterprise Architecture, Enterprise Transformation, FACE™, Semantic Interoperability, Service Oriented Architecture

The SOA RA Provides a Way to Assess or Design your SOA

By Dr. Ali Arsanjani, IBM

The Standard in Summary

The SOA Reference Architecture (SOA RA) published by The Open Group provides a prescriptive means of assessment or creation of a service-oriented architecture (SOA) solution, including the architecture for Cloud-based solutions. It does so by grouping the capabilities required of an SOA into a set of layers, each containing a set of Architectural Building Blocks (ABBs) that can serve as a checklist for an implementation of an SOA, depending on the level of maturity required by an organization. The SOA RA is intended to support organizations adopting SOA, product vendors building SOA infrastructure components, integrators engaged in the building of SOA solutions and standards bodies engaged in the specifications for SOA.

The SOA RA provides a vendor-neutral product-agnostic perspective on the logical architecture that supports the service eco-system of providers, consumers and brokers bound together by services, their interfaces and contracts.

A high level description of the SOA RA can be found above. The layers shown in figure 1 above provide a starting point for the separation of concerns required to build or assess an SOA. Each group of the separated concerns is represented by a “layer” of their own.

Starting with a robust and complete set of building blocks provided by the standard is a key enabler for the achievement of the value propositions of an SOA, such as business agility, cost-reduction, faster time to market enabled by a flexible IT infrastructure. It does so in part by providing insights, patterns and the building blocks for integrating fundamental elements of an SOA into a solution or Enterprise Architecture. 

Background

In recent years, the decoupling of interface from implementation at the programming level has been elevated to an architectural level by loosely coupling the interface of a service consumed by a service consumer from its implementation by a service provider and by decoupling the implementation from its binding. This concept is reflected in a layer in the architecture corresponding to each of these notions: i.e., a layer for services and a layer for the runtime operational systems.

This style of architecture has come to be known as SOA, where rather than the implementations of components being exposed and known, only the services provided are published and consumers are insulated from the details of the underlying implementation by a provider.

Thus, an SOA enables business and IT convergence through agreement on a (contract consisting of a) set of business-aligned IT services that collectively support an organization’s business processes and business goals. Not only does it provide flexible decoupled functionality that can be reused, but it also provides the mechanisms to externalize variations of quality of service in declarative specifications such as WS-Policy and related standards.

The SOA RA can be used as a template to be used in defining capabilities and building blocks for SOA-based solutions. This is provided by the standard as a checklist of key elements that must be considered when an SOA solution is being evaluated or architected. The SOA RA provides this through a definition of layers and architectural building blocks within those layers. The elements underlying the SOA RA is based on a meta-model defined in figure 2:

The main SOA RA abstractions, represented in figure 2 above, collectively provide a logical design of an SOA and the inter-relationships between a set of architectural building blocks residing in its layers. During Architectural Assessments or the design of a solution or Enterprise Architecture, the SOA RA provides enterprise architects with a set of architectural building blocks and their associations in each layer, the available options, and architectural and design decisions that need to be made at each layer. This allows organizations to gradually mature into the implementation of more intricate SOA designs in a gradual fashion.

In the next blog post I will describe the details behind each of the layers.

Here is a brief description of those layers as an introduction.

Brief Description of Layers

The layers that are defined in the SOA RA each provide a set of capabilities that are then realized through the use of the architectural building blocks. Note that there are five functional layers providing direct business functional value in SOA solutions. An additional four layers (Integration, Information, QoS and Governance) provide cross-cutting capabilities expected of SOA and Cloud –based solutions. A brief description of these layers is provided below:

  • Operational Systems Layer – captures the new and existing organization infrastructure and is needed to support the SOA solution at design, deploy and run time.
  • Service Component Layer – contains software components, each of which provide the implementation or “realization” for a service, or operation on a service. The layer also contains the functional and technical components that facilitate a Service Component to realize one or more services.
  • Services Layer – consists of all the services defined within the SOA. The service layer can be thought of as containing the service descriptions for business capabilities, services and IT manifestation used/created during design time as well as runtime service contracts and descriptions that used at runtime.
  • Business Process Layer – covers the process representation, composition methods and building blocks for aggregating loosely coupled services as a sequencing process aligned with business goals.
  • Consumer Layer – where consumers interact with the SOA. It enables a SOA solution to support a client-independent, channel agnostic set of functionality, which is separately consumed and rendered through one or more channels (client platforms and devices).
  • Integration Layer – enables and provides the capability to mediate, which includes transformation, routing and protocol conversion to transport service requests from the service requester to the correct service provider.
  • Quality of Service Layer – supports non functional requirement (NFR) related issues as a primary feature/concern of SOA and provides a focal point for dealing with them in any given solution.
  • Information Architecture Layer – is responsible for manifesting a unified representation of the information aspect of an organization as provided by its IT services, applications, and systems enabling business needs and processes and aligned with the business vocabulary – glossary and terms. This enables the SOA to support data consistency, and consistency in data quality.
  • Governance Layer – contains the registries, repositories, and other capabilities required to support the governance of your SOA within the SOA ecosystem and is adapted to match and support the target SOA goals of the organization.

Conclusion

The SOA RA is an excellent tool in the toolbox forEnterpriseand Application Architects.  It maps out the path for enterprise architects to assess their current SOA implementations against an industry agreed upon standard and define and customize their own internal implementations and product mappings against it.  The SOA RA provides the tools necessary to allow architects to speak in a standard, consistent vocabulary to the business line executives when designing solutions for the enterprise.  As the industry moves more towards the Cloud, the SOA RA ensures a strong foundation to pave the way towards Cloud Computing, helping businesses leverage the investments they have made in SOA services that will keep them on solid ground while moving towards the Cloud Computing Model.  Lastly, the SOA RA defines the architecture for all kinds of services based solutions, where Cloud extends and leverages services into the infrastructure in a virtualized, elastic and monitored model of pooled resources on a grander scale.

Dr. Ali Arsanjani is Chief Technology Officer (CTO) for SOA, BPM & Emerging Technologies within IBM Global Services where he leads a team responsible for developing worldwide competency in SOA/ BPM and increasing delivery excellence of SOA solutions using IBM and non-IBM tools and SOA offerings. Dr. Arsanjani represents IBM in standards bodies such as The Open Group and is responsible for co-chairing the SOA Reference Architecture, SOA Maturity Model, Cloud Computing Reference Architecture standards within that body.

3 Comments

Filed under Cloud, Cloud/SOA

Top 5 Tell-tale Signs of SOA Evolving to the Cloud

By E.G. Nadhan, HP Enterprise Services

Rewind two decades and visualize what a forward-thinking prediction would have looked like then —  IT is headed towards a technology agnostic, service-based applications and infrastructure environment, consumed when needed, with usage-based chargeback models in place for elastic resources. A forward thinking tweet would have simply said – IT is headed for the Cloud. These concepts have steadily evolved within applications first with virtualization expediting their evolution within infrastructure across enterprises. Thus, IT has followed an evolutionary pattern over the years forcing enterprises to continuously revisit their overall strategy.

What started as SOA has evolved into the Cloud.  Here are five tell-tale signs:

  • As-a-service model:  Application interfaces being exposed as services in a standardized fashion were the technical foundation to SOA. This concept was slowly but steadily extended to the infrastructure environment leading to IaaS and eventually, [pick a letter of your choice]aaS. Infrastructure components, provisioned as services, had to be taken into account as part of the overall SOA strategy. Given the vital role of IaaS within the Cloud, a holistic SOA enterprise-wide SOA strategy is essential for successful Cloud deployment.
  • Location transparency: Prior to service orientation, applications had to be aware of the logistics of information sources. Service orientation introduced location transparency so that the specifics of the physical location where the services were executed did not matter as much. Extending this paradigm, Cloud leverages the available resources as and when needed for execution of the services provided.
  • Virtualization: Service orientation acted as a catalyst for virtualization of application interfaces wherein the standardization of the interfaces was given more importance than the actual execution of the services. Virtualization was extended to infrastructure components facilitating their rapid provisioning as long as it met the experience expectations of the consumers.
  • Hardware: IaaS provisioning based on virtualization along with the partitioning of existing physical hardware into logically consumable segments resulted in hardware being shared across multiple applications. Cloud extends this notion into a pool of hardware resources being shared across multiple applications.
  • Chargeback: SOA was initially focused on service implementation after which the focus shifted to SOA Governance and SOA Management including the tracking of metrics and chargeback mechanism. Cloud is following a similar model, which is why the challenges of metering and chargeback mechanisms that IT is dealing with in the Cloud are fundamentally similar to monitoring service consumption across the enterprise.

These are my tell-tale signs. I would be very interested to know about practical instances of similar signs on your end.

Figure 1: The Open Group Service Oriented Cloud Computing Infrastructure Technical Standard

It is no surprise that the very first Cloud technical standard published by The Open Group — Service Oriented Cloud Computing Infrastructure – initially started as the Service Oriented Infrastructure (SOI) project within The Open Group SOA Work Group. As its co-chair, I had requested extending SOI into the Open Group Cloud Work Group when it was formed making it a joint project across both work groups. Today, you will see how the SOCCI technical standard calls out the evolution of SOI into SOCCI for the Cloud.

To find out more about the new SOCCI technical standard, please check out: http://www3.opengroup.org/news/press/open-group-publishes-new-standards-soa-and-cloud

 This blog post was originally posted on HP’s Technical Support Services Blog.

HP Distinguished Technologist, E.G.Nadhan has over 25 years of experience in the IT industry across the complete spectrum of selling, delivering and managing enterprise level solutions for HP customers. He is the founding co-chair for The Open Group SOCCI project and is also the founding co-chair for the Open Group Cloud Computing Governance project. Twitter handle @NadhanAtHP.

4 Comments

Filed under Cloud, Cloud/SOA, Service Oriented Architecture, Standards

Open Group Security Gurus Dissect the Cloud: Higher of Lower Risk

By Dana Gardner, Interarbor Solutions

For some, any move to the Cloud — at least the public Cloud — means a higher risk for security.

For others, relying more on a public Cloud provider means better security. There’s more of a concentrated and comprehensive focus on security best practices that are perhaps better implemented and monitored centrally in the major public Clouds.

And so which is it? Is Cloud a positive or negative when it comes to cyber security? And what of hybrid models that combine public and private Cloud activities, how is security impacted in those cases?

We posed these and other questions to a panel of security experts at last week’s Open Group Conference in San Francisco to deeply examine how Cloud and security come together — for better or worse.

The panel: Jim Hietala, Vice President of Security for The Open Group; Stuart Boardman, Senior Business Consultant at KPN, where he co-leads the Enterprise Architecture Practice as well as the Cloud Computing Solutions Group; Dave Gilmour, an Associate at Metaplexity Associates and a Director at PreterLex Ltd., and Mary Ann Mezzapelle, Strategist for Enterprise Services and Chief Technologist for Security Services at HP.

The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. The full podcast can be found here.

Here are some excerpts:

Gardner: Is this notion of going outside the firewall fundamentally a good or bad thing when it comes to security?

Hietala: It can be either. Talking to security people in large companies, frequently what I hear is that with adoption of some of those services, their policy is either let’s try and block that until we get a grip on how to do it right, or let’s establish a policy that says we just don’t use certain kinds of Cloud services. Data I see says that that’s really a failed strategy. Adoption is happening whether they embrace it or not.

The real issue is how you do that in a planned, strategic way, as opposed to letting services like Dropbox and other kinds of Cloud Collaboration services just happen. So it’s really about getting some forethought around how do we do this the right way, picking the right services that meet your security objectives, and going from there.

Gardner: Is Cloud Computing good or bad for security purposes?

Boardman: It’s simply a fact, and it’s something that we need to learn to live with.

What I’ve noticed through my own work is a lot of enterprise security policies were written before we had Cloud, but when we had private web applications that you might call Cloud these days, and the policies tend to be directed toward staff’s private use of the Cloud.

Then you run into problems, because you read something in policy — and if you interpret that as meaning Cloud, it means you can’t do it. And if you say it’s not Cloud, then you haven’t got any policy about it at all. Enterprises need to sit down and think, “What would it mean to us to make use of Cloud services and to ask as well, what are we likely to do with Cloud services?”

Gardner: Dave, is there an added impetus for Cloud providers to be somewhat more secure than enterprises?

Gilmour: It depends on the enterprise that they’re actually supplying to. If you’re in a heavily regulated industry, you have a different view of what levels of security you need and want, and therefore what you’re going to impose contractually on your Cloud supplier. That means that the different Cloud suppliers are going to have to attack different industries with different levels of security arrangements.

The problem there is that the penalty regimes are always going to say, “Well, if the security lapses, you’re going to get off with two months of not paying” or something like that. That kind of attitude isn’t going to go in this kind of security.

What I don’t understand is exactly how secure Cloud provision is going to be enabled and governed under tight regimes like that.

An opportunity

Gardner: Jim, we’ve seen in the public sector that governments are recognizing that Cloud models could be a benefit to them. They can reduce redundancy. They can control and standardize. They’re putting in place some definitions, implementation standards, and so forth. Is the vanguard of correct Cloud Computing with security in mind being managed by governments at this point?

Hietala: I’d say that they’re at the forefront. Some of these shared government services, where they stand up Cloud and make it available to lots of different departments in a government, have the ability to do what they want from a security standpoint, not relying on a public provider, and get it right from their perspective and meet their requirements. They then take that consistent service out to lots of departments that may not have had the resources to get IT security right, when they were doing it themselves. So I think you can make a case for that.

Gardner: Stuart, being involved with standards activities yourself, does moving to the Cloud provide a better environment for managing, maintaining, instilling, and improving on standards than enterprise by enterprise by enterprise? As I say, we’re looking at a larger pool and therefore that strikes me as possibly being a better place to invoke and manage standards.

Boardman: Dana, that’s a really good point, and I do agree. Also, in the security field, we have an advantage in the sense that there are quite a lot of standards out there to deal with interoperability, exchange of policy, exchange of credentials, which we can use. If we adopt those, then we’ve got a much better chance of getting those standards used widely in the Cloud world than in an individual enterprise, with an individual supplier, where it’s not negotiation, but “you use my API, and it looks like this.”

Having said that, there are a lot of well-known Cloud providers who do not currently support those standards and they need a strong commercial reason to do it. So it’s going to be a question of the balance. Will we get enough specific weight of people who are using it to force the others to come on board? And I have no idea what the answer to that is.

Gardner: We’ve also seen that cooperation is an important aspect of security, knowing what’s going on on other people’s networks, being able to share information about what the threats are, remediation, working to move quickly and comprehensively when there are security issues across different networks.

Is that a case, Dave, where having a Cloud environment is a benefit? That is to say more sharing about what’s happening across networks for many companies that are clients or customers of a Cloud provider rather than perhaps spotty sharing when it comes to company by company?

Gilmour: There is something to be said for that, Dana. Part of the issue, though, is that companies are individually responsible for their data. They’re individually responsible to a regulator or to their clients for their data. The question then becomes that as soon as you start to share a certain aspect of the security, you’re de facto sharing the weaknesses as well as the strengths.

So it’s a two-edged sword. One of the problems we have is that until we mature a little bit more, we won’t be able to actually see which side is the sharpest.

Gardner: So our premise that Cloud is good and bad for security is holding up, but I’m wondering whether the same things that make you a risk in a private setting — poor adhesion to standards, no good governance, too many technologies that are not being measured and controlled, not instilling good behavior in your employees and then enforcing that — wouldn’t this be the same either way? Is it really Cloud or not Cloud, or is it good security practices or not good security practices? Mary Ann?

No accountability

Mezzapelle: You’re right. It’s a little bit of that “garbage in, garbage out,” if you don’t have the basic things in place in your enterprise, which means the policies, the governance cycle, the audit, and the tracking, because it doesn’t matter if you don’t measure it and track it, and if there is no business accountability.

David said it — each individual company is responsible for its own security, but I would say that it’s the business owner that’s responsible for the security, because they’re the ones that ultimately have to answer that question for themselves in their own business environment: “Is it enough for what I have to get done? Is the agility more important than the flexibility in getting to some systems or the accessibility for other people, as it is with some of the ubiquitous computing?”

So you’re right. If it’s an ugly situation within your enterprise, it’s going to get worse when you do outsourcing, out-tasking, or anything else you want to call within the Cloud environment. One of the things that we say is that organizations not only need to know their technology, but they have to get better at relationship management, understanding who their partners are, and being able to negotiate and manage that effectively through a series of relationships, not just transactions.

Gardner: If data and sharing data is so important, it strikes me that Cloud component is going to be part of that, especially if we’re dealing with business processes across organizations, doing joins, comparing and contrasting data, crunching it and sharing it, making data actually part of the business, a revenue generation activity, all seems prominent and likely.

So to you, Stuart, what is the issue now with data in the Cloud? Is it good, bad, or just the same double-edged sword, and it just depends how you manage and do it?

Boardman: Dana, I don’t know whether we really want to be putting our data in the Cloud, so much as putting the access to our data into the Cloud. There are all kinds of issues you’re going to run up against, as soon as you start putting your source information out into the Cloud, not the least privacy and that kind of thing.

A bunch of APIs

What you can do is simply say, “What information do I have that might be interesting to people? If it’s a private Cloud in a large organization elsewhere in the organization, how can I make that available to share?” Or maybe it’s really going out into public. What a government, for example, can be thinking about is making information services available, not just what you go and get from them that they already published. But “this is the information,” a bunch of APIs if you like. I prefer to call them data services, and to make those available.

So, if you do it properly, you have a layer of security in front of your data. You’re not letting people come in and do joins across all your tables. You’re providing information. That does require you then to engage your users in what is it that they want and what they want to do. Maybe there are people out there who want to take a bit of your information and a bit of somebody else’s and mash it together, provide added value. That’s great. Let’s go for that and not try and answer every possible question in advance.

Gardner: Dave, do you agree with that, or do you think that there is a place in the Cloud for some data?

Gilmour: There’s definitely a place in the Cloud for some data. I get the impression that there is going to drive out of this something like the insurance industry, where you’ll have a secondary Cloud. You’ll have secondary providers who will provide to the front-end providers. They might do things like archiving and that sort of thing.

Now, if you have that situation where your contractual relationship is two steps away, then you have to be very confident and certain of your cloud partner, and it has to actually therefore encompass a very strong level of governance.

The other issue you have is that you’ve got then the intersection of your governance requirements with that of the cloud provider’s governance requirements. Therefore you have to have a really strongly — and I hate to use the word — architected set of interfaces, so that you can understand how that governance is actually going to operate.

Gardner: Wouldn’t data perhaps be safer in a cloud than if they have a poorly managed network?

Mezzapelle: There is data in the Cloud and there will continue to be data in the Cloud, whether you want it there or not. The best organizations are going to start understanding that they can’t control it that way and that perimeter-like approach that we’ve been talking about getting away from for the last five or seven years.

So what we want to talk about is data-centric security, where you understand, based on role or context, who is going to access the information and for what reason. I think there is a better opportunity for services like storage, whether it’s for archiving or for near term use.

There are also other services that you don’t want to have to pay for 12 months out of the year, but that you might need independently. For instance, when you’re running a marketing campaign, you already share your data with some of your marketing partners. Or if you’re doing your payroll, you’re sharing that data through some of the national providers.

Data in different places

So there already is a lot of data in a lot of different places, whether you want Cloud or not, but the context is, it’s not in your perimeter, under your direct control, all of the time. The better you get at managing it wherever it is specific to the context, the better off you will be.

Hietala: It’s a slippery slope [when it comes to customer data]. That’s the most dangerous data to stick out in a Cloud service, if you ask me. If it’s personally identifiable information, then you get the privacy concerns that Stuart talked about. So to the extent you’re looking at putting that kind of data in a Cloud, looking at the Cloud service and trying to determine if we can apply some encryption, apply the sensible security controls to ensure that if that data gets loose, you’re not ending up in the headlines of The Wall Street Journal.

Gardner: Dave, you said there will be different levels on a regulatory basis for security. Wouldn’t that also play with data? Wouldn’t there be different types of data and therefore a spectrum of security and availability to that data?

Gilmour: You’re right. If we come back to Facebook as an example, Facebook is data that, even if it’s data about our known customers, it’s stuff that they have put out there with their will. The data that they give us, they have given to us for a purpose, and it is not for us then to distribute that data or make it available elsewhere. The fact that it may be the same data is not relevant to the discussion.

Three-dimensional solution

That’s where I think we are going to end up with not just one layer or two layers. We’re going to end up with a sort of a three-dimensional solution space. We’re going to work out exactly which chunk we’re going to handle in which way. There will be significant areas where these things crossover.

The other thing we shouldn’t forget is that data includes our software, and that’s something that people forget. Software nowadays is out in the Cloud, under current ways of running things, and you don’t even always know where it’s executing. So if you don’t know where your software is executing, how do you know where your data is?

It’s going to have to be just handled one way or another, and I think it’s going to be one of these things where it’s going to be shades of gray, because it cannot be black and white. The question is going to be, what’s the threshold shade of gray that’s acceptable.

Gardner: Mary Ann, to this notion of the different layers of security for different types of data, is there anything happening in the market that you’re aware of that’s already moving in that direction?

Mezzapelle: The experience that I have is mostly in some of the business frameworks for particular industries, like healthcare and what it takes to comply with the HIPAA regulation, or in the financial services industry, or in consumer products where you have to comply with the PCI regulations.

There has continued to be an issue around information lifecycle management, which is categorizing your data. Within a company, you might have had a document that you coded private, confidential, top secret, or whatever. So you might have had three or four levels for a document.

You’ve already talked about how complex it’s going to be as you move into trying understand, not only for that data, that the name Mary Ann Mezzapelle, happens to be in five or six different business systems over a 100 instances around the world.

That’s the importance of something like an Enterprise Architecture that can help you understand that you’re not just talking about the technology components, but the information, what they mean, and how they are prioritized or critical to the business, which sometimes comes up in a business continuity plan from a system point of view. That’s where I’ve advised clients on where they might start looking to how they connect the business criticality with a piece of information.

One last thing. Those regulations don’t necessarily mean that you’re secure. It makes for good basic health, but that doesn’t mean that it’s ultimately protected.You have to do a risk assessment based on your own environment and the bad actors that you expect and the priorities based on that.

Leaving security to the end

Boardman: I just wanted to pick up here, because Mary Ann spoke about Enterprise Architecture. One of my bugbears — and I call myself an enterprise architect — is that, we have a terrible habit of leaving security to the end. We don’t architect security into our Enterprise Architecture. It’s a techie thing, and we’ll fix that at the back. There are also people in the security world who are techies and they think that they will do it that way as well.

I don’t know how long ago it was published, but there was an activity to look at bringing the SABSA Methodology from security together with TOGAF®. There was a white paper published a few weeks ago.

The Open Group has been doing some really good work on bringing security right in to the process of EA.

Hietala: In the next version of TOGAF, which has already started, there will be a whole emphasis on making sure that security is better represented in some of the TOGAF guidance. That’s ongoing work here at The Open Group.

Gardner: As I listen, it sounds as if the in the Cloud or out of the Cloud security continuum is perhaps the wrong way to look at it. If you have a lifecycle approach to services and to data, then you’ll have a way in which you can approach data uses for certain instances, certain requirements, and that would then apply to a variety of different private Cloud, public Cloud, hybrid Cloud.

Is that where we need to go, perhaps have more of this lifecycle approach to services and data that would accommodate any number of different scenarios in terms of hosting access and availability? The Cloud seems inevitable. So what we really need to focus on are the services and the data.

Boardman: That’s part of it. That needs to be tied in with the risk-based approach. So if we have done that, we can then pick up on that information and we can look at a concrete situation, what have we got here, what do we want to do with it. We can then compare that information. We can assess our risk based on what we have done around the lifecycle. We can understand specifically what we might be thinking about putting where and come up with a sensible risk approach.

You may come to the conclusion in some cases that the risk is too high and the mitigation too expensive. In others, you may say, no, because we understand our information and we understand the risk situation, we can live with that, it’s fine.

Gardner: It sounds as if we are coming at this as an underwriter for an insurance company. Is that the way to look at it?

Current risk

Gilmour: That’s eminently sensible. You have the mortality tables, you have the current risk, and you just work the two together and work out what’s the premium. That’s probably a very good paradigm to give us guidance actually as to how we should approach intellectually the problem.

Mezzapelle: One of the problems is that we don’t have those actuarial tables yet. That’s a little bit of an issue for a lot of people when they talk about, “I’ve got $100 to spend on security. Where am I going to spend it this year? Am I going to spend it on firewalls? Am I going to spend it on information lifecycle management assessment? What am I going to spend it on?” That’s some of the research that we have been doing at HP is to try to get that into something that’s more of a statistic.

So, when you have a particular project that does a certain kind of security implementation, you can see what the business return on it is and how it actually lowers risk. We found that it’s better to spend your money on getting a better system to patch your systems than it is to do some other kind of content filtering or something like that.

Gardner: Perhaps what we need is the equivalent of an Underwriters Laboratories (UL) for permeable organizational IT assets, where the security stamp of approval comes in high or low. Then, you could get you insurance insight– maybe something for The Open Group to look into. Any thoughts about how standards and a consortium approach would come into that?

Hietala: I don’t know about the UL for all security things. That sounds like a risky proposition.

Gardner: It could be fairly popular and remunerative.

Hietala: It could.

Mezzapelle: An unending job.

Hietala: I will say we have one active project in the Security Forum that is looking at trying to allow organizations to measure and understand risk dependencies that they inherit from other organizations.

So if I’m outsourcing a function to XYZ corporation, being able to measure what risk am I inheriting from them by virtue of them doing some IT processing for me, could be a Cloud provider or it could be somebody doing a business process for me, whatever. So there’s work going on there.

I heard just last week about a NSF funded project here in the U.S. to do the same sort of thing, to look at trying to measure risk in a predictable way. So there are things going on out there.

Gardner: We have to wrap up, I’m afraid, but Stuart, it seems as if currently it’s the larger public Cloud provider, something of Amazon and Google and among others that might be playing the role of all of these entities we are talking about. They are their own self-insurer. They are their own underwriter. They are their own risk assessor, like a UL. Do you think that’s going to continue to be the case?

Boardman: No, I think that as Cloud adoption increases, you will have a greater weight of consumer organizations who will need to do that themselves. You look at the question that it’s not just responsibility, but it’s also accountability. At the end of the day, you’re always accountable for the data that you hold. It doesn’t matter where you put it and how many other parties they subcontract that out to.

The weight will change

So there’s a need to have that, and as the adoption increases, there’s less fear and more, “Let’s do something about it.” Then, I think the weight will change.

Plus, of course, there are other parties coming into this world, the world that Amazon has created. I’d imagine that HP is probably one of them as well, but all the big names in IT are moving in here, and I suspect that also for those companies there’s a differentiator in knowing how to do this properly in their history of enterprise involvement.

So yeah, I think it will change. That’s no offense to Amazon, etc. I just think that the balance is going to change.

Gilmour: Yes. I think that’s how it has to go. The question that then arises is, who is going to police the policeman and how is that going to happen? Every company is going to be using the Cloud. Even the Cloud suppliers are using the Cloud. So how is it going to work? It’s one of these never-decreasing circles.

Mezzapelle: At this point, I think it’s going to be more evolution than revolution, but I’m also one of the people who’ve been in that part of the business — IT services — for the last 20 years and have seen it morph in a little bit different way.

Stuart is right that there’s going to be a convergence of the consumer-driven, cloud-based model, which Amazon and Google represent, with an enterprise approach that corporations like HP are representing. It’s somewhere in the middle where we can bring the service level commitments, the options for security, the options for other things that make it more reliable and risk-averse for large corporations to take advantage of it.

Dana Gardner is president and principal analyst at Interarbor Solutions, an enterprise IT analysis, market research, and consulting firm. Gardner, a leading identifier of software and Cloud productivity trends and new IT business growth opportunities, honed his skills and refined his insights as an industry analyst, pundit, and news editor covering the emerging software development and enterprise infrastructure arenas for the last 18 years.

1 Comment

Filed under Cloud, Cloud/SOA, Conference, Cybersecurity, Information security, Security Architecture

San Francisco Conference Observations: Enterprise Transformation, Enterprise Architecture, SOA and a Splash of Cloud Computing

By Chris Harding, The Open Group 

This week I have been at The Open Group conference in San Francisco. The theme was Enterprise Transformation which, in simple terms means changing how your business works to take advantage of the latest developments in IT.

Evidence of these developments is all around. I took a break and went for coffee and a sandwich, to a little cafe down on Pine and Leavenworth that seemed to be run by and for the Millennium generation. True to type, my server pulled out a cellphone with a device attached through which I swiped my credit card; an app read my screen-scrawled signature and the transaction was complete.

Then dinner. We spoke to the hotel concierge, she tapped a few keys on her terminal and, hey presto, we had a window table at a restaurant on Fisherman’s Wharf. No lengthy phone negotiations with the Maitre d’. We were just connected with the resource that we needed, quickly and efficiently.

The power of ubiquitous technology to transform the enterprise was the theme of the inspirational plenary presentation given by Andy Mulholland, Global CTO at Capgemini. Mobility, the Cloud, and big data are the three powerful technical forces that must be harnessed by the architect to move the business to smarter operation and new markets.

Jeanne Ross of the MIT Sloan School of Management shared her recipe for architecting business success, with examples drawn from several major companies. Indomitable and inimitable, she always challenges her audience to think through the issues. This time we responded with, “Don’t small companies need architecture too?” Of course they do, was the answer, but the architecture of a big corporation is very different from that of a corner cafe.

Corporations don’t come much bigger than Nissan. Celso Guiotoko, Corporate VP and CIO at the Nissan Motor Company, told us how Nissan are using enterprise architecture for business transformation. Highlights included the concept of information capitalization, the rationalization of the application portfolio through SOA and reusable services, and the delivery of technology resource through a private cloud platform.

The set of stimulating plenary presentations on the first day of the conference was completed by Lauren States, VP and CTO Cloud Computing and Growth Initiatives at IBM. Everyone now expects business results from technical change, and there is huge pressure on the people involved to deliver results that meet these expectations. IT enablement is one part of the answer, but it must be matched by business process excellence and values-based culture for real productivity and growth.

My role in The Open Group is to support our work on Cloud Computing and SOA, and these activities took all my attention after the initial plenary. If you had, thought five years ago, that no technical trend could possibly generate more interest and excitement than SOA, Cloud Computing would now be proving you wrong.

But interest in SOA continues, and we had a SOA stream including presentations of forward thinking on how to use SOA to deliver agility, and on SOA governance, as well as presentations describing and explaining the use of key Open Group SOA standards and guides: the Service Integration Maturity Model (OSIMM), the SOA Reference Architecture, and the Guide to using TOGAF for SOA.

We then moved into the Cloud, with a presentation by Mike Walker of Microsoft on why Enterprise Architecture must lead Cloud strategy and planning. The “why” was followed by the “how”: Zapthink’s Jason Bloomberg described Representational State Transfer (REST), which many now see as a key foundational principle for Cloud architecture. But perhaps it is not the only principle; a later presentation suggested a three-tier approach with the client tier, including mobile devices, accessing RESTful information resources through a middle tier of agents that compose resources and carry out transactions (ACT).

In the evening we had a CloudCamp, hosted by The Open Group and conducted as a separate event by the CloudCamp organization. The original CloudCamp concept was of an “unconference” where early adopters of Cloud Computing technologies exchange ideas. Its founder, Dave Nielsen, is now planning to set up a demo center where those adopters can experiment with setting up private clouds. This transition from idea to experiment reflects the changing status of mainstream cloud adoption.

The public conference streams were followed by a meeting of the Open Group Cloud Computing Work Group. This is currently pursuing nine separate projects to develop standards and guidance for architects using cloud computing. The meeting in San Francisco focused on one of these – the Cloud Computing Reference Architecture. It compared submissions from five companies, also taking into account ongoing work at the U.S. National Institute of Standards and Technology (NIST), with the aim of creating a base from which to create an Open Group reference architecture for Cloud Computing. This gave a productive finish to a busy week of information gathering and discussion.

Ralph Hitz of Visana, a health insurance company based in Switzerland, made an interesting comment on our reference architecture discussion. He remarked that we were not seeking to change or evolve the NIST service and deployment models. This may seem boring, but it is true, and it is right. Cloud Computing is now where the automobile was in 1920. We are pretty much agreed that it will have four wheels and be powered by gasoline. The business and economic impact is yet to come.

So now I’m on my way to the airport for the flight home. I checked in online, and my boarding pass is on my cellphone. Big companies, as well as small ones, now routinely use mobile technology, and my airline has a frequent-flyer app. It’s just a shame that they can’t manage a decent cup of coffee.

Dr. Chris Harding is Director for Interoperability and SOA at The Open Group. He has been with The Open Group for more than ten years, and is currently responsible for managing and supporting its work on interoperability, including SOA and interoperability aspects of Cloud Computing. Before joining The Open Group, he was a consultant, and a designer and development manager of communications software. With a PhD in mathematical logic, he welcomes the current upsurge of interest in semantic technology, and the opportunity to apply logical theory to practical use. He has presented at Open Group and other conferences on a range of topics, and contributes articles to on-line journals. He is a member of the BCS, the IEEE, and the AOGEA, and is a certified TOGAF practitioner.

Comments Off

Filed under Cloud, Cloud/SOA, Conference, Enterprise Architecture, Enterprise Transformation, Service Oriented Architecture, Standards

Setting Expectations and Working within Existing Structures the Dominate Themes for Day 3 of San Francisco Conference

By The Open Group Conference Team

Yesterday concluded The Open Group Conference San Francisco. Key themes that stood out on Day 3, as well as throughout the conference, included the need for a better understanding of business expectations and existing structures.

Jason Bloomberg, president of ZapThink, began his presentation by using an illustration of a plate of spaghetti and drawing an analogy to Cloud Computing. He compared spaghetti to legacy applications and displayed the way that enterprises are currently moving to the Cloud – by taking the plate of spaghetti and physically putting it in the Cloud.

A lot of companies that have adopted Cloud Computing have done so without a comprehensive understanding of their current organization and enterprise assets, according to Mr. Bloomberg. A legacy application that is not engineered to operate in the Cloud will not yield the hyped benefits of elasticity and infinite scalability. And Cloud adoption without well thought-out objectives will never reach the vague goals of “better ROI” or “reduced costs.”

Mr. Bloomberg urged the audience to start with the business problem in order to understand what the right adoption will be for your enterprise. He argued that it’s crucial to think about the question “What does your application require?” Do you require Scalability? Elasticity? A private, public or hybrid Cloud? Without knowing a business’s expected outcomes, enterprise architects will be hard pressed to help them achieve their goals.

Understand your environment

Chris Lockhart, consultant at Working Title Management & Technology Consultants, shared his experiences helping a Fortune 25 company with an outdated technology model support Cloud-centric services. Lockhart noted that for many large companies, Cloud has been the fix-it solution for poorly architected enterprises. But often times after the business tells architects to build a model for cloud adoption, the plan presented and the business expectations do not align.

After working on this project Mr. Lockhart learned that the greatest problem for architects is “people with unset and unmanaged expectations.” After the Enterprise Architecture team realized that they had limited power with their recommendations and strategic roadmaps, they acted as negotiators, often facilitating communication between different departments within the business. This is where architects began to display their true value to the organization, illustrated by the following statement made by a business executive within the organization: “Architects are seen as being balanced and rounded individuals who combine a creative approach with a caring, thoughtful disposition.”

The key takeaways from Mr. Lockhart’s experience were:

  • Recognize the limitations
  • Use the same language
  • Work within existing structures
  • Frameworks and models are important to a certain extent
  • Don’t talk products
  • Leave architectural purity in the ivory tower
  • Don’t dictate – low threat level works better
  • Recognize that EA doesn’t know everything
  • Most of the work was dealing with people, not technology

Understand your Cloud Perspective

Steve Bennett, senior enterprise architect at Oracle, discussed the best way to approach Cloud Computing in his session, entitled “A Pragmatic Approach to Cloud Computing.” While architects understand and create value driven approaches, most customers simply don’t think this way, Mr. Bennett said. Often the business side of the enterprise hears about the revolutionary benefits of the Cloud, but they usually don’t take a pragmatic approach to implementing it.

Mr. Bennett went on to compare two types of Cloud adopters – the “Dilberts” and the “Neos” (from the Matrix). Dilberts often pursue monetary savings when moving to the Cloud and are late adopters, while Neos pursue business agility and can be described as early adopters, again highlighting the importance of understanding who is driving the implementation before architecting a plan.

Comments Off

Filed under Cloud, Cloud/SOA, Cybersecurity, Enterprise Architecture, Enterprise Transformation

Cloud Interoperability and Portability Project Findings to be Showcased in San Francisco

By Mark Skilton, Capgemini

Over the past year, The Open Group has been conducting a project to assess the current state of interoperability and portability in Cloud Computing. The findings from this work will be presented at The Open Group San Francisco Conference on Wednesday, February 1 by Mark Skilton (Capgemini) Kapil Bakshi (Cisco) and Chris Harding (The Open Group) – co-chairs and members of the project team.

The work has surveyed the current range of international standards development impacting interoperability. The project then developed a set of proposed architectural reference models targeting data, application, platform, infrastructure and environment portability and interoperability for Cloud ecosystems and connectivity to non-Cloud environments.

The Open Group plans to showcase the current findings and proposed areas of development within The Open Group using the organization’s own international architecture standards models and is also exploring the possibility of promoting work in this area  with other leading standards bodies as well.

If you’re interested in learning more about this project and if you’re at the San Francisco Conference, please come to the session, “The Benefits, Challenges and Survey of Cloud Computing Interoperability and Portability” on Wednesday, February 1 at 4:00 p.m.

Mark Skilton is Global Director for Capgemini, Strategy CTO Group, Global Infrastructure Services. His role includes strategy development, competitive technology planning including Cloud Computing and on-demand services, global delivery readiness and creation of Centers of Excellence. He is currently author of the Capgemini University Cloud Computing Course and is responsible for Group Interoperability strategy.

Comments Off

Filed under Cloud, Semantic Interoperability, Standards

The Open Group San Francisco Conference: Day 1 Highlights

By The Open Group Conference Team

With the end of the first day of the conference, here are a few key takeaways from Monday’s key note sessions:

The Enterprise Architect: Architecting Business Success

Jeanne Ross, Director & Principal Research Scientist, MIT Center for Information Systems Research

Ms. Ross began the plenary discussing the impact of enterprise architecture on the whole enterprise. According to Ross “we live in a digital economy, and in order to succeed, we need to excel in enterprise architecture.” She went on to say that the current “plan, build, use” model has led to a lot of application silos. Ms. Ross also mentioned that enablement doesn’t work well; while capabilities are being built, they are grossly underutilized within most organizations.

Enterprise architects need to think about what capabilities their firms will exploit – both in the short- and long-terms. Ms. Ross went on to present case studies from Aetna, Protection 1, USAA, Pepsi America and Commonwealth of Australia. In each of these examples, architects provided the following business value:

  • Helped senior executives clarify business goals
  • Identified architectural capability that can be readily exploited
  • Presented Option and their implications for business goals
  • Built Capabilities incrementally

A well-received quote from Ms. Ross during the Q&A portion of the session was, “Someday, CIOs will report to EA – that’s the way it ought to be!”

How Enterprise Architecture is Helping Nissan IT Transformation

Celso Guiotoko, Corporate Vice President and CIO, Nissan Motor Co., Ltd.

Mr. Guiotoko presented the steps that Nissan took to improve the efficiency of its information systems. The company adapted BEST – an IT mid-term plan that helped led enterprise transformation within the organization. BEST was comprised of the following components:

  • Business Alignment
  • Enterprise Architecture
  • Selective Sourcing
  • Technology Simplification

Guided by BEST and led by strong Enterprise Architecture, Nissan saw the following results:

  • Reduced cost per user from 1.09 to 0.63
  • 230,000 return with 404 applications reduced
  • Improved solution deployment time
  • Significantly reduced hardware costs

Nissan recently created the next IT mid-term plan called “VITESSE,” which stands for value information, technology, simplification and service excellence. Mr. Guiotoko said that VITESSE will help the company achieve its IT and business goals as it moves toward the production of zero-emissions vehicles.

The Transformed Enterprise

Andy Mulholland, Global CTO, Capgemini

Mr. Mulholland began the presentation by discussing what parts of technology comprise today’s enterprise and asking the question, “What needs to be done to integrate these together?” Enterprise technology is changing rapidly and  the consumerization of IT only increasing. Mr. Mulholland presented a statistic from Gartner predicting that up to 35 percent of enterprise IT expenditures will be managed outside of the IT department’s budget by 2015. He then referenced the PC revolution when enterprises were too slow to adapt to employees needs and adoption of technology.

There are three core technology clusters and standards that are emerging today in the form of Cloud, mobility and big data, but there are no business process standards to govern them. In order to not repeat the same mistakes of the PC revolution, organizations need to move from an inside-out model to an outside-in model – looking at the activities and problems within the enterprise then looking outward versus looking at those problems from the outside in. Outside-in, Mulholland argued, will increase productivity and lead to innovative business models, ultimately enabling your enterprise to keep up the current technology trends.

Making Business Drive IT Transformation through Enterprise Architecture

Lauren States, VP & CTO of Cloud Computing and Growth Initiatives, IBM Corp.

Ms. States began her presentation by describing today’s enterprise – flat, transparent and collaborative. In order to empower this emerging type of enterprise, she argued that CEOs need to consider data a strategic initiative.

Giving the example of the CMO within the enterprise to reflect how changing technologies affect their role, she stated, “CMOS are overwhelming underprepared for the data explosion and recognize a need to invest in and integrate technology and analytics.” CIOs and architects need to use business goals and strategy to set the expectation of IT. Ms. States also said that organizations need to focus on enabling growth, productivity and cultural change – factors are all related and lead to enterprise transformation.

*********

The conference will continue tomorrow with overarching themes that include enterprise transformation, security and SOA. For more information about the conference, please go here: http://www3.opengroup.org/sanfrancisco2012

Comments Off

Filed under Cloud, Cloud/SOA, Data management, Enterprise Architecture, Enterprise Transformation, Semantic Interoperability, Standards

SOCCI: Behind the Scenes

By E.G. Nadhan, HP

Cloud Computing standards, like other standards go through a series of evolutionary phases similar to the ones I outlined in the Top 5 phases of IaaS standards evolution. IaaS standards, in particular, take longer than their SaaS and PaaS counterparts because a balance is required between the service-orientation of the core infrastructure components in Cloud Computing.

This balance is why today’s announcement of the release of the industry’s first technical standard, Service Oriented Cloud Computing Infrastructure (SOCCI) is significant.

As one of the co-chairs of this project, here is some insight into the manner in which The Open Group went about creating the definition of this standard:

  • Step One: Identify the key characteristics of service orientation, as well as those for the cloud as defined by the National Institute of Standards and Technology (NIST). Analyze these characteristics and the resulting synergies through the application of service orientation in the cloud. Compare and contrast their evolution from the traditional environment through service orientation to the Cloud.
  • Step Two: Identify the key architectural building blocks that enable the Operational Systems Layer of the SOA Reference Architecture and the Cloud Reference Architecture that is in progress.
  • Step Three: Map these building blocks across the architectural layers while representing the multi-faceted perspectives of various viewpoints including those of the consumer, provider and developer.
  • Step Four: Define a Motor Cars in the Cloud business scenario: You, the consumer  are downloading auto-racing videos through an environment managed by a Service Integrator which requires the use of services for software, platform and infrastructure along with  traditional technologies. Provide a behind-the-curtains perspective on the business scenario where the SOCCI building blocks slowly but steadily come to life.
  • Step Five: Identify the key connection points with the other Open Group projects in the areas of architecture, business use cases, governance and security.

The real test of a standard is in its breadth of adoption. This standard can be used in multiple ways by the industry at large in order to ensure that the architectural nuances are comprehensively addressed. It could be used to map existing Cloud-based deployments to a standard architectural template. It can also serve as an excellent set of Cloud-based building blocks that can be used to build out a new architecture.

Have you taken a look at this standard? If not, please do so. If so, where and how do you think this standard could be adopted? Are there ways that the standard can be improved in future releases to make it better suited for broader adoption? Please let me know your thoughts.

This blog post was originally posted on HP’s Grounded in the Cloud Blog.

HP Distinguished Technologist, E.G.Nadhan has over 25 years of experience in the IT industry across the complete spectrum of selling, delivering and managing enterprise level solutions for HP customers. He is the founding co-chair for The Open Group SOCCI project and is also the founding co-chair for the Open Group Cloud Computing Governance project.

Comments Off

Filed under Cloud, Cloud/SOA, Semantic Interoperability, Service Oriented Architecture, Standards

First Technical Standard for Cloud Computing – SOCCI

By E.G. Nadhan, HP

The Open Group just announced the availability of its first Technical Standard for the Cloud - Service Oriented Cloud Computing Infrastructure Framework (SOCCI), which outlines the concepts and architectural building blocks necessary for infrastructures to support SOA and Cloud initiatives. HP has played a leadership role in the definition and evolution of this standard within The Open Group.

SOCCI.png

As a platinum member of The Open Group, HP’s involvement started with the leadership of the Service Oriented Infrastructure project that I helped co-chair. As the Cloud Computing Working Group started taking shape, I suggested expanding this project into the working group, which resulted in the formation of the Service Oriented Cloud Computing Infrastructure project. This project was co-chaired by Tina Abdollah of IBM and myself and operated under the auspices of both the SOA and Cloud Computing Working Groups.

Infrastructure has been traditionally provisioned in a physical manner. With the evolution of virtualization technologies and application of service-orientation to infrastructure, it can now be offered as a service. SOCCI is the realization of an enabling framework of service-oriented components for infrastructure to be provided as a service in the cloud.

Service Oriented Cloud Computing Infrastructure (SOCCI) is a classic intersection of multiple paradigms in the industry – infrastructure virtualization, service-orientation and the cloud – an inevitable convergence,” said Tom Hall, Global Product Marketing Manager, Cloud and SOA Applications, HP Enterprise Services. “HP welcomes the release of the industry’s first cloud computing standard by The Open Group. This standard provides a strong foundation for HP and The Open Group to work together to evolve additional standards in the SOA and Cloud domains.”

This standard can be leveraged in one or more of the following ways:

  • Comprehend service orientation and Cloud synergies
  • Extend adoption of  traditional and service-oriented infrastructure in the Cloud
  • Leverage consumer, provider and developer viewpoints
  • Incorporate SOCCI building blocks into Enterprise Architecture
  • Implement Cloud-based solutions using different infrastructure deployment models
  • Realize business solutions referencing the SOCCI Business Scenario
  • Apply Cloud governance considerations and recommendations

The Open Group also announced the availability of the SOA Reference Architecture, a blueprint for creating and evaluating SOA solutions.

Standards go through a series of evolution phases as I outline in my post on Evolution of IaaS standards.  The announcement of the SOCCI Technical Standard will give some impetus to the evolution of IaaS standards in the Cloud somewhere between the experience and consensus phases.

It was a very positive experience co-chairing the evolution of the SOCCI standard within The Open Group working with other member companies from several enterprises with varied perspectives.

Have you taken a look at this standard?  If not, please do so.  And for those who have, where and how do you think this standard could be adopted?  Are there ways that the standard can be improved in future releases to make it better suited for broader adoption?  Please let me know!

This blog post was originally posted on HP’s Enterprise Services Blog.

HP Distinguished Technologist, E.G.Nadhan has over 25 years of experience in the IT industry across the complete spectrum of selling, delivering and managing enterprise level solutions for HP customers. He is the founding co-chair for The Open Group SOCCI project and is also the founding co-chair for the Open Group Cloud Computing Governance project.

1 Comment

Filed under Cloud, Cloud/SOA, Service Oriented Architecture, Standards

Enterprise Architects and Paradigm Shifts

By Stuart Boardman, KPN

It’s interesting looking back at what people have written over the course of the year and seeing which themes appear regularly in their blogs. I thought I’d do the same with my own posts for The Open Group and see whether I could pull some of it together. I saw that the recurring themes for me have been dealing with uncertainty, the changing nature of the enterprise and the influence of information technology from outside the enterprise – and all of this in relation to the practice of enterprise architecture. I also explored the mutual influences these themes have on each other.

Unsurprisingly I’m not alone in picking up on these themes. At the risk of offending anyone I don’t mention, I note that Serge Thorn, Raghuraman Krishnamurthy and Len Fehskens have given their own perspectives on The Open Group’s Blog on some or all of these themes. And of course there’s plenty of writing on these themes going on in the blogosphere at large. In one sense I think writing about this is part of a process of trying to understand what’s going on in the world.

After some reflection, it seems to me that all of this converges in what tends to be called ”social business.” For better or worse, there is no fixed definition of the term. I would say it describes a way of working where, both within and across organizations, hierarchies and rules are being replaced by networks and collaboration. The concept of the enterprise in such a system is then definitively extended to include a whole ecosystem of customers and suppliers as well as investors and beneficiaries. Any one organization is just a part of the enterprise – a stakeholder. And of course the enterprise will look different dependent on the viewpoint of a particular stakeholder. That should be a familiar concept anyway for an enterprise architect. That one participant can be a stakeholder in multiple enterprises is not really new – it’s just something we now have no choice but to take into account.

Within any one organization, social business means that creativity and strategy development takes place at and across multiple levels. We can speak of networked, podular or fractal forms of organization. It also means a lot of other things with wider economic, social and political implications but that’s not my focus here.

Another important aspect is the relationship with newer developments in information and communication technology. We can’t separate social business from the technology which has helped it to develop and which in turn is stimulated by its existence and demands. I don’t mean any one technology and I won’t even insist on restricting it to information technology. But it’s clear that there is at least a high degree of synergy between newer IT developments and social business. In other words, the more an organization becomes a social business, the more its business will involve the use of information technology – not as a support function but as an essential part of how it does its business.  Moreover exactly this usage of IT is not and cannot be (entirely) under its own control.

A social business therefore demonstrates, in all aspects of the enterprise, fuzzy boundaries and a higher level of what I call entropy (uncertainty, rate of change, sensitivity to change). It means we need new ways of dealing with complexity, which fortunately is a topic a lot of people are looking at. It means that simplicity is not in every case a desirable goal and that, scary as it may seem, we may actually need to encourage entropy (in some places) in order to develop the agility to respond to change – effectively and without making any unnecessary long term assumptions.

So, if indeed the world is evolving to such a state, what can enterprise architects do to help their own organizations become successful social businesses (social governments – whatever)?

Enterprise Architecture is a practice that is founded in communication. To support and add value to that communication we have developed analysis methods and frameworks, which help us model what we learn and, in turn, communicate the results. Enterprise Architects work across organizations to understand how the activities of the participants relate to the strategy of the organization and how the performance of each person/group’s activities can optimally support and reinforce everyone else’s. We don’t do their work for them and don’t, if we do our work properly, have any sectional interests. We are the ultimate generalists, specialized in bringing together all those aspects, in which other people are the experts. We’re therefore ideally placed to facilitate the development of a unified vision and a complementary set of practices. OK, that sounds a bit idealistic. We know reality is never perfect but, if we don’t have ideals, we’d be hypocrites to be doing this work anyway. Pragmatism and ideals can be a positive combination.

Yes, there’s plenty of work to do to adapt our models to this new reality. Our goals, the things we try to achieve with EA will not be different. In some significant aspects, the results will be – if only because of the scope and diversity of the enterprise. We’ll certainly need to produce some good example EA artifacts to show what these results will look like. I can see an obvious impact in business architecture and in governance – most likely other areas too. But the issues faced in governance may be similar to those being tackled by The Open Group’s Cloud Governance project. And business architecture is long due for expansion outside of the single organization, so there’s synergy there as well. We can also look outside of our own community for inspiration – in the area of complexity theory, in business modeling, in material about innovation and strategy development and in economic and even political thinking about social business.

We’ll also be faced with organizational challenges. EA has for too long and too often been seen as the property of the IT department. That’s always been a problem anyway, but to face the challenges of social business, EA must avoid the slightest whiff of sectional interest and IT centrism. And, ironically, the best hope for the IT department in this scary new world may come from letting go of what it does not need to control and taking on a new role as a positive enabler of change.

There could hardly be a more appropriate time to be working on TOGAF Next. What an opportunity!

Stuart Boardman is a Senior Business Consultant with KPN where he co-leads the Enterprise Architecture practice as well as the Cloud Computing solutions group. He is co-lead of The Open Group Cloud Computing Work Group’s Security for the Cloud and SOA project and a founding member of both The Open Group Cloud Computing Work Group and The Open Group SOA Work Group. Stuart is the author of publications by the Information Security Platform (PvIB) in The Netherlands and of his previous employer, CGI. He is a frequent speaker at conferences on the topics of Cloud, SOA, and Identity. 

5 Comments

Filed under Business Architecture, Cloud, Cloud/SOA, Enterprise Architecture, Enterprise Transformation, Semantic Interoperability

Capgemini’s CTO on How Cloud Computing Exposes the Duality Between IT and Business Transformation

By Dana Gardner, Interarbor Solutions

This BriefingsDirect thought leadership interview comes in conjunction with The Open Group Conference this month in San Francisco.

The conference will focus on how IT and enterprise architecture support enterprise transformation. Speakers in conference events will also explore the latest in service oriented architecture (SOA), cloud computing, and security.

We’re now joined by one of the main speakers, Andy Mulholland, the Global Chief Technology Officer and Corporate Vice President at Capgemini. In 2009, Andy was voted one of the top 25 most influential CTOs in the world by InfoWorld. And in 2010, his CTO Blog was voted best blog for business managers and CIOs for the third year running by Computer Weekly.

Capgemini is about to publish a white paper on cloud computing. It draws distinctions between what cloud means to IT, and what it means to business — while examining the complex dual relationship between the two.

As a lead-in to his Open Group conference presentation on the transformed enterprise, Andy draws on the paper and further drills down on one of the decade’s hottest technology and business trends, cloud computing, and how it impacts business and IT. The interview is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. The full podcast can be found here.

Here are some excerpts:

Gardner: Why do business people think they have a revolution on their hands, while IT people look cloud computing as an evolution of infrastructure efficiency?

Mulholland: We define the role of IT and give it the responsibility and the accountability in the business in a way that is quite strongly related to internal practice. It’s all about how we manage the company’s transactions, how we reduce the cost, how we automate business process,and generally try to make our company a more efficient internal operator.

When you look at cloud computing through that set of lenses, you’re going to see … the technologies from cloud computing, principally virtualization, [as] ways to improve how you deliver the current server-centric, application-centric environment.

However, business people … reflect on it in terms of the change in society and the business world, which we all ought to recognize because that is our world, around the way we choose what we buy, how we choose to do business with people, how we search more, and how we’ve even changed that attitude.

Changed our ways

There’s a whole list of things that we simply just don’t do anymore because we’ve changed the way we choose to buy a book, the way we choose and listen to music and lots of other things.

So we see this as a revolution in the market or, more particularly, a revolution in how cloud can serve in the market, because everybody uses some form of technology.

So then the question is not the role of the IT department and the enterprise — it’s the role technology should be playing in their extended enterprise in doing business.

Gardner: What do we need to start doing differently?

Mulholland: Let’s go to a conversation this morning with a client. It’s always interesting to touch reality. This particular client is looking at the front end of a complex ecosystem around travel, and was asked this standard question by our account director: Do you have a business case for the work we’re discussing?

The reply from the CEO is very interesting. He fixed him with a very cold glare and he said, “If you were able to have 20 percent more billable hours without increasing your cost structure, would you be bothered to even think about the business case?”

The answer in that particular case was they were talking about 10,000 more travel instances or more a year — with no increase in their cost structure. In other words, their whole idea was there was nothing to do with cost in it. Their argument was in revenue increase, market share increase, and they thought that they would make better margins, because it would actually decrease their cost base or spread it more widely.

That’s the whole purpose of this revolution and that’s the purpose the business schools are always pushing, when they talk about innovative business models. It means innovate your business model to look at the market again from the perspective of getting into new markets, getting increased revenue, and maybe designing things that make more money.

Using technology externally

We’re always hooked on this idea that we’ve used technology very successfully internally, but now we should be asking the question about how we’re using technology externally when the population as a whole uses that as their primary method of deciding what they’re going to buy, how they’re going to buy it, when they’re going to buy it, and lots of other questions.

… A popular book recently has been The Power of Pull, and the idea is that we’re really seeing a decentralization of the front office in order to respond to and follow the market and the opportunities and the events in very different ways.

The Power of Pull says that I do what my market is asking me and I design business process or capabilities to be rapidly orchestrated through the front office around where things want to go, and I have linkage points, application programming interface (API) points, where I take anything significant and transfer it back.

But the real challenge is — and it was put to me today in the client discussion — that their business was designed around 1970 computer systems, augmented slowly around that, and they still felt that. Today, their market and their expectations of the industry that they’re in were that they would be designed around the way people were using their products and services and the events and that they had to make that change.

To do that, they’re transformed in the organization, and that’s where we start to spot the difference. We start to spot the idea that your own staff, your customers, and other suppliers are all working externally in information, process, and services accessible to all on an Internet market or architecture.

So when we talk about business architecture, it’s as relevant today as it ever was in terms of interpreting a business.

Set of methodologies

But when we start talking about architecture, The Open Group Architectural Framework (TOGAF) is a set of methodologies on the IT side — the closed-coupled state for a designed set of principles to client-server type systems. In this new model, when we talk about clouds, mobility, and people traveling around and connecting by wireless, etc., we have a stateless loosely coupled environment.

The whole purpose of The Open Group is, in fact, to help devise new ways for being able to architect methods to deliver that. That’s what stands behind the phrase, “a transformed enterprise.”

… If we go back to the basic mission of The Open Group, which is boundarylessness of this information flow, the boundary has previously been defined by a computer system updating another computer system in another company around traditional IT type procedural business flow.

Now, we’re talking about the idea that the information flow is around an ecosystem in an unstructured way. Not a structured file-to-file type transfer, not a structured architecture of who does what, when, and how, but the whole change model in this is unstructured.

Gardner: It’s important to point out here, Andy, that the stakes are relatively high. Who in the organization can be the change agent that can make that leap between the duality view of cloud that IT has, and these business opportunists?

Mulholland: The CEOs are quite noticeably reading the right articles, hearing the right information from business schools, etc., and they’re getting this picture that they’re going to have new business models and new capabilities.

So the drive end is not hard. The problem that is usually encountered is that the IT department’s definition and role interferes with them being able to play the role they want.

What we’re actually looking for is the idea that IT, as we define it today, is some place else. You have to accept that it exists, it will exist, and it’s hugely important. So please don’t take those principles and try to apply them outside.

The real question here is when you find those people who are doing the work outside — and I’ve yet to find any company where it hasn’t been the case — and the question should be how can we actually encourage and manage that innovation sensibly and successfully?

What I mean by that is that if everybody goes off and does their own thing, once again, we’ll end up with a broken company. Why? Because their whole purpose as an enterprises is to leverage success rapidly. If someone is very successful over there, you really need to know, and you need to leverage that again as rapidly as you can to run the rest of the organization. If it doesn’t work, you need to stop it quickly.

Changing roles

In models of the capabilities of that, the question is where is the government structure? So we hear titles like Chief Innovation Officer, again, slightly surprising how it may come up. But we see the model coming both ways. There are reforming CIOs for sure, who have recognized this and are changing their role and position accordingly, sometimes formally, sometimes informally.

The other way around, there are people coming from other parts of the business, taking the title and driving them. I’ve seen Chief Strategy Officers taking the role. I’ve seen the head of sales and marketing taking the role.

Certainly, recognizing the technology possibilities should be coming from the direction of the technology capabilities within the current IT department. The capability of what that means might be coming differently. So it’s a very interesting balance at the moment, and we don’t know quite the right answer.

What I do know is that it’s happening, and the quick-witted CIOs are understanding that it’s a huge opportunity for them to fix their role and embrace a new area, and a new sense of value that they can bring to their organization.

Gardner: Returning to the upcoming Capgemini white paper, it adds a sense of urgency at the end on how to get started. It suggests that you appoint a leader, but a leader first for the inside-out element of cloud and transformation and then a second leader, a separate leader perhaps, for that outside-in or reflecting the business transformation and the opportunity for what’s going on in the external business and markets. It also suggests a strategic road map that involves both business and technology, and then it suggests getting a pilot going.

How does this transition become something that you can manage?

Mulholland: The question is do you know who is responsible. If you don’t, you’d better figure out how you’re going to make someone responsible, because in any situation, someone has to be deciding what we’re going to do and how we’re going to do it.

Having defined that, there are very different business drivers, as well as different technology drivers, between the two. Clearly, whoever takes those roles will reflect a very different way that they will have to run that element. So a duality is recognized in that comment.

On the other hand, no business can survive by going off in half-a-dozen directions at once. You won’t have the money. You won’t have the brand. You won’t have anything you’d like. It’s simply not feasible.

So, the object of the strategic roadmap is to reaffirm the idea of what kind of business we’re trying to be and do. That’s the glimpse of what we want to achieve.

There has to be a strategy. Otherwise, you’ll end up with way too much decentralization and people making up their own version of the strategy, which they can fairly easily do and fairly easily mount from someone else’s cloud to go and do it today.

So the purpose of the duality is to make sure that the two roles, the two different groups of technology, the two different capabilities they reflect to the organization, are properly addressed, properly managed, and properly have a key authority figure in charge of them.

Enablement model

The business strategy is to make sure that the business knows how the enablement model that these two offer them is capable of being directed to where the shareholders will make money out of the business, because that is ultimately that success factor they’re looking for to drive them forward.

************

If you are interested in attending The Open Group’s upcoming conference, please register here: http://www3.opengroup.org/event/open-group-conference-san-francisco/registration

Dana Gardner is president and principal analyst at Interarbor Solutions, an enterprise IT analysis, market research, and consulting firm. Gardner, a leading identifier of software and cloud productivity trends and new IT business growth opportunities, honed his skills and refined his insights as an industry analyst, pundit, and news editor covering the emerging software development and enterprise infrastructure arenas for the last 18 years.

3 Comments

Filed under Cloud, Cloud/SOA, Enterprise Transformation, Semantic Interoperability

Security and Cloud Computing Themes to be explored at The Open Group San Francisco Conference

By The Open Group Conference Team

Cybersecurity and Cloud Computing are two of the most pressing trends facing enterprises today. The Open Group Conference San Francisco will feature tracks on both trends where attendees can learn about the latest developments in both disciplines as well as hear practical advice for implementing both secure architectures and for moving enterprises into the Cloud.  Below are some of the highlights and featured speakers from both tracks.

Security

The San Francisco conference will provide an opportunity for practitioners to explore the theme of “hacktivism,” the use and abuse of IT to drive social change, and its potential impact on business strategy and Enterprise Transformation.  Traditionally, IT security has focused on protecting the IT infrastructure and the integrity of the data held within.  However, in a rapidly changing world where hacktivism is an enterprise’s biggest threat, how can enterprise IT security respond?

Featured speakers and panels include:

  • Steve Whitlock, Chief Security Strategist, Boeing, “Information Security in the Internet Age”
  • Jim Hietala, Vice President, Security, The Open Group, “The Open Group Security Survey Results”
  • Dave Hornford, Conexiam, and Chair, The Open Group Architecture Forum, “Overview of TOGAF® and SABSA® Integration White Paper”
  • Panel – “The Global Supply Chain: Presentation and Discussion on the Challenges of Protecting Products Against Counterfeit and Tampering”

Cloud Computing

According to Gartner, Cloud Computing is now entering the “trough of disillusionment” on its hype cycle. It is critical that organizations better understand the practical business, operational and regulatory issues associated with the implementation of Cloud Computing in order to truly maximize its potential benefits.

Featured speakers and panels include:

  • David JW Gilmour, Metaplexity Associates, “Architecting for Information Security in a Cloud Environment”
  • Chris Lockhart, Senior Enterprise Architect, UnitedHeal, “Un-Architecture: How a Fortune 25 Company Solved the Greatest IT Problem”
  • Penelope Gordon, Cloud and Business Architect, 1Plug Corporation, “Measuring the Business Performance of Cloud Products”
  • Jitendra Maan, Tata Consultancy, “Mobile Intelligence with Cloud Strategy”
  • Panel – “The Benefits, Challenges and Survey of Cloud Computing Interoperability and Portability”
    • Mark Skilton, Capgemini; Kapil Bakshi, Cisco; Jeffrey Raugh, Hewlett-Packard

Please join us in San Francisco for these speaking tracks, as well as those on our featured them of Enterprise Transformation and the role of enterprise architecture. For more information, please go to the conference homepage: http://www3.opengroup.org/sanfrancisco2012

2 Comments

Filed under Cloud, Cloud/SOA, Cybersecurity, Information security, Security Architecture, Semantic Interoperability, TOGAF

Overlapping Criminal and State Threats Pose Growing Cyber Security Threat to Global Internet Commerce, Says Open Group Speaker

By Dana Gardner, Interarbor Solutions

This special BriefingsDirect thought leadership interview comes in conjunction with The Open Group Conference this January in San Francisco.

The conference will focus on how IT and enterprise architecture support enterprise transformation. Speakers in conference events will also explore the latest in service oriented architecture (SOA), cloud computing, and security.

We’re here now with one of the main speakers, Joseph Menn, Cyber Security Correspondent for the Financial Times and author of Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet.

Joe has covered security since 1999 for both the Financial Times and then before that, for the Los Angeles Times. Fatal System Error is his third book, he also wrote All the Rave: The Rise and Fall of Shawn Fanning’s Napster.

As a lead-in to his Open Group presentation, entitled “What You’re Up Against: Mobsters, Nation-States, and Blurry Lines,” Joe explores the current cyber-crimelandscape, the underground cyber-gang movement, and the motive behind governments collaborating with organized crime in cyber space. The interview is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. The full podcast can be found here.

Here are some excerpts:

Gardner: Have we entered a new period where just balancing risks and costs isn’t a sufficient bulwark against burgeoning cyber crime?

Menn: Maybe you can make your enterprise a little trickier to get into than the other guy’s enterprise, but crime pays very, very well, and in the big picture, their ecosystem is better than ours. They do capitalism better than we do. They specialize to a great extent. They reinvest in R&D.

On our end, on the good guys’ side, it’s hard if you’re a chief information security officer (CISO) or a chief security officer (CSO) to convince the top brass to pay more. You don’t really know what’s working and what isn’t. You don’t know if you’ve really been had by something that we call advanced persistent threat (APT). Even the top security minds in the country can’t be sure whether they’ve been had or not. So it’s hard to know what to spend on.

More efficient

The other side doesn’t have that problem. They’re getting more efficient in the same way that they used to lead technical innovation. They’re leading economic innovation. The freemium model is best evidenced by crimeware kits like ZeuS, where you can get versions that are pretty effective and will help you steal a bunch of money for free. Then if you like that, you have the add-on to pay extra for — the latest and greatest that are sure to get through the antivirus systems.

Gardner: When you say “they,” who you are really talking about?

Menn: They, the bad guys? It’s largely Eastern European organized crime. In some countries, they can be caught. In other countries they can’t be caught, and there really isn’t any point in trying.

It’s a geopolitical issue, which is something that is not widely understood, because in general, officials don’t talk about it. Working on my book, and in reporting for the newspapers, I’ve met really good cyber investigators for the Secret Service and the FBI, but I’ve yet to meet one that thinks he’s going to get promoted for calling a press conference and announcing that they can’t catch anyone.

So the State Department, meanwhile, keeps hoping that the other side is going to turn a new leaf, but they’ve been hoping that for 10 or more years, and it hasn’t happened. So it’s incumbent upon the rest of us to call a spade a spade here.

What’s really going on is that Russian intelligence and, depending on who is in office at a given time, Ukrainian authorities, are knowingly protecting some of the worst and most effective cyber criminals on the planet.

Gardner: And what would be their motivation?

Menn: As a starting point, the level of garden-variety corruption over there is absolutely mind-blowing. More than 50 percent of Russian citizens responding to the survey say that they had paid a bribe to somebody in the past 12 months. But it’s gone well beyond that.

The same resources, human and technical, that are used to rob us blind are also being used in what is fairly called cyber war. The same criminal networks that are after our bank accounts were, for example, used in denial-of-service (DOS) attacks on Georgia and Estonian websites belonging to government, major media, and Estonia banks.

It’s the same guy, and it’s a “look-the-other-way” thing. You can do whatever crime you want, and when we call upon you to serve Mother Russia, you will do so. And that has accelerated. Just in the past couple of weeks, with the disputed elections in Russia, you’ve seen mass DOS attacks against opposition websites, mainstream media websites, and live journals. It’s a pretty handy tool to have at your disposal. I provide all the evidence that would be needed to convince the reasonable people in my book.

Gardner: In your book you use the terms “bringing down the Internet.” Is this all really a threat to the integrity of the Internet?

Menn: Well integrity is the key word there. No, I don’t think anybody is about to stop us all from the privilege of watching skateboarding dogs onYouTube. What I mean by that is the higher trust in the Internet in the way it’s come to be used, not the way it was designed, but the way it is used now for online banking, ecommerce, and for increasingly storing corporate — and heaven help us, government secrets — in the cloud. That is in very, very great trouble.

Not a prayer

I don’t think that now you can even trust transactions not to be monitored and pilfered. The latest, greatest versions of ZeuS gets past multi-factor authentication and are not detected by any antivirus that’s out there. So consumers don’t have a prayer, in the words of Art Coviello, CEO of RSA, and corporations aren’t doing much better.

So the way the Internet is being used now is in very, very grave trouble and not reliable. That’s what I mean by it. If they turned all the botnets in the world on a given target, that target is gone. For multiple root servers and DNS, they could do some serious damage. I don’t know if they could stop the whole thing, but you’re right, they don’t want to kill the golden goose. I don’t see a motivation for that.

Gardner: If we look at organized crime in historical context, we found that there is a lot of innovation over the decades. Is that playing out on the Internet as well?

Menn: Sure. The mob does well in any place where there is a market for something, and there isn’t an effective regulatory framework that sustains it – prohibition back in the day, prostitution, gambling, and that sort of thing.

… The Russian and Ukrainian gangs went to extortion as an early model, and ironically, some of the first websites that they extorted with the threat were the offshore gambling firms. They were cash rich, they had pretty weak infrastructure, and they were wary about going to the FBI. They started by attacking those sites in 2003-04 and then they moved on to more garden-variety companies. Some of them paid off and some said, “This is going to look little awkward in our SEC filings” and they didn’t pay off.

Once the cyber gang got big enough, sooner or later, they also wanted the protection of traditional organized crime, because those people had better connections inside the intelligence agencies and the police force and could get them protection. That’s the way it worked. It was sort of an organic alliance, rather than “Let’s develop this promising area.”

… That is what happens. Initially it was garden-variety payoffs and protection. Then, around 2007, with the attack on Estonia, these guys started proving their worth to the Kremlin, and others saw that with the attacks that ran through their system.

This has continued to evolve very rapidly. Now the DOS attacks are routinely used as the tool for political repression all around the world –Vietnam, Iran and everywhere you’ll see critics that are silenced from DOS attacks. In most cases, it’s not the spy agencies or whoever themselves, but it’s their contract agents. They just go to their friends in the similar gangs and say, “Hey do this.” What’s interesting is that they are both in this gray area now, both Russia and China, which we haven’t talked about as much.

In China, hacking really started out as an expression of patriotism. Some of the biggest attacks, Code Red being one of them, were against targets in countries that were perceived to have slighted China or had run into some sort of territorial flap with China, and, lo and behold, they got hacked.

In the past several years, with this sort of patriotic hacking, the anti-defense establishment hacking in the West that we are reading a lot about finally, those same guys have gone off and decided to enrich themselves as well. There were actually disputes in some of the major Chinese hacking groups. Some people said it was unethical to just go after money, and some of these early groups split over that.

Once the cyber gang got big enough, sooner or later, they also wanted the protection of traditional organized crime, because those people had better connections inside the intelligence agencies and the police force and could get them protection. That’s the way it worked. It was sort of an organic alliance, rather than “Let’s develop this promising area.”

… That is what happens. Initially it was garden-variety payoffs and protection. Then, around 2007, with the attack on Estonia, these guys started proving their worth to the Kremlin, and others saw that with the attacks that ran through their system.

This has continued to evolve very rapidly. Now the DOS attacks are routinely used as the tool for political repression all around the world –Vietnam, Iran and everywhere you’ll see critics that are silenced from DOS attacks. In most cases, it’s not the spy agencies or whoever themselves, but it’s their contract agents. They just go to their friends in the similar gangs and say, “Hey do this.” What’s interesting is that they are both in this gray area now, both Russia and China, which we haven’t talked about as much.

In China, hacking really started out as an expression of patriotism. Some of the biggest attacks, Code Red being one of them, were against targets in countries that were perceived to have slighted China or had run into some sort of territorial flap with China, and, lo and behold, they got hacked.

In the past several years, with this sort of patriotic hacking, the anti-defense establishment hacking in the West that we are reading a lot about finally, those same guys have gone off and decided to enrich themselves as well. There were actually disputes in some of the major Chinese hacking groups. Some people said it was unethical to just go after money, and some of these early groups split over that.

In Russia, it went the other way. It started out with just a bunch of greedy criminals, and then they said, “Hey — we can do even better and be protected. You have better protection if you do some hacking for the motherland.” In China, it’s the other way. They started out hacking for the motherland, and then added, “Hey — we can get rich while serving our country.”

So they’re both sort of in the same place, and unfortunately it makes it pretty close to impossible for law enforcement in [the U.S.] to do anything about it, because it gets into political protection. What you really need is White House-level dealing with this stuff. If President Obama is going to talk to his opposite numbers about Chinese currency, Russian support of something we don’t like, or oil policy, this has got to be right up there too — or nothing is going to happen at all.

Gardner: What about the pure capitalism side, stealing intellectual property (IP) and taking over products in markets with the aid of these nefarious means? How big a deal is this now for enterprises and commercial organizations?

Menn: It is much, much worse than anybody realizes. The U.S. counterintelligence a few weeks ago finally put out a report saying that Russia and China are deliberately stealing our IP, the IP of our companies. That’s an open secret. It’s been happening for years. You’re right. The man in the street doesn’t realize this, because companies aren’t used to fessing up. Therefore, there is little outrage and little pressure for retaliation or diplomatic engagement on these issues.

I’m cautiously optimistic that that is going to change a little bit. This year the Securities and Exchange Commission (SEC) gave very detailed guidance about when you have to disclose when you’ve been hacked. If there is a material impact to your company, you have to disclose it here and there, even if it’s unknown.

Gardner: So the old adage of shining light on this probably is in the best interest of everyone. Is the message then keeping this quiet isn’t necessarily the right way to go?

Menn: Not only is it not the right way to go, but it’s safer to come out of the woods and fess up now. The stigma is almost gone. If you really blow the PR like Sony, then you’re going to suffer some, but I haven’t heard a lot of people say, “Boy, Google is run by a bunch of stupid idiots. They got hacked by the Chinese.”

It’s the definition of an asymmetrical fight here. There is no company that’s going to stand up against the might of the Chinese military, and nobody is going to fault them for getting nailed. Where we should fault them is for covering it up.

I think you should give the American people some credit. They realize that you’re not the bad guy, if you get nailed. As I said, nobody thinks that Google has a bunch of stupid engineers. It is somewhere between extremely difficult to impossible to ward off against “zero-days” and the dedicated teams working on social engineering, because the TCP/IP is fundamentally broken and it ain’t your fault.

 [These threats] are an existential threat not only to your company, but to our country and to our way of life. It is that bad. One of the problems is that in the U.S., executives tend to think a quarter or two ahead. If your source code gets stolen, your blueprints get taken, nobody might know that for a few years, and heck, by then you’re retired.

With the new SEC guidelines and some national plans in the U.K. and in the U.S., that’s not going to cut it anymore. Executives will be held accountable. This is some pretty drastic stuff. The things that you should be thinking about, if you’re in an IT-based business, include figuring out the absolutely critical crown jewel one, two, or three percent of your stuff, and keeping it off network machines.

Short-term price

Gardner: So we have to think differently, don’t we?

Menn: Basically, regular companies have to start thinking like banks, and banks have to start thinking like intelligence agencies. Everybody has to level up here.

Gardner: What do the intelligence agencies have to start thinking about?

Menn: The discussions that are going on now obviously include greatly increased monitoring, pushing responsibility for seeing suspicious stuff down to private enterprise, and obviously greater information sharing between private enterprise, and government officials.

But, there’s some pretty outlandish stuff that’s getting kicked around, including looking the other way if you, as a company, sniff something out in another country and decide to take retaliatory action on your own. There’s some pretty sea-change stuff that’s going on.

Gardner: So that would be playing offense as well as defense?

Menn: In the Defense Authorization Act that just passed, for the first time, Congress officially blesses offensive cyber-warfare, which is something we’ve already been doing, just quietly.

We’re entering some pretty new areas here, and one of the things that’s going on is that the cyber warfare stuff, which is happening, is basically run by intelligence folks, rather by a bunch of lawyers worrying about collateral damage and the like, and there’s almost no oversight because intelligence agencies in general get low oversight.

Gardner: Just quickly looking to the future, we have some major trends. We have an increased movement toward mobility, cloud, big data, social. How do these big shifts in IT impact this cyber security issue?

Menn: Well, there are some that are clearly dangerous, and there are some things that are a mixed bag. Certainly, the inroads of social networking into the workplace are bad from a security point of view. Perhaps worse is the consumerization of IT, the bring-your-own-device trend, which isn’t going to go away. That’s bad, although there are obviously mitigating things you can do.

The cloud itself is a mixed bag. Certainly, in theory, it could be made more secure than what you have on premise. If you’re turning it over to the very best of the very best, they can do a lot more things than you can in terms of protecting it, particularly if you’re a smaller business.

If you look to the large-scale banks and people with health records and that sort of thing that really have to be ultra-secure, they’re not going to do this yet, because the procedures are not really set up to their specs yet. That may likely come in the future. But, cloud security, in my opinion, is not there yet. So that’s a mixed blessing.

Radical steps

You need to think strategically about this, and that includes some pretty radical steps. There are those who say there are two types of companies out there — those that have been hacked and those that don’t know that they’ve been hacked.

Everybody needs to take a look at this stuff beyond their immediate corporate needs and think about where we’re heading as a society. And to the extent that people are already expert in the stuff or can become expert in this stuff, they need to share that knowledge, and that will often mean, saying “Yes, we got hacked” publicly, but it also means educating those around them about the severity of the threat.

One of the reasons I wrote my book, and spent years doing it, is not because I felt that I could tell every senior executive what they needed to do. I wanted to educate a broader audience, because there are some pretty smart people, even in Washington, who have known about this for years and have been unable to do anything about it. We haven’t really passed anything that’s substantial in terms of legislation.

As a matter of political philosophy, I feel that if enough people on the street realize what’s going on, then quite often leaders will get in front of them and at least attempt to do the right thing. Senior executives should be thinking about educating their customers, their peers, the general public, and Washington to make sure that the stuff that passes isn’t as bad as it might otherwise be.

************

If you are interested in attending The Open Group’s upcoming conference, please register here: http://www3.opengroup.org/event/open-group-conference-san-francisco/registration

Dana Gardner is president and principal analyst at Interarbor Solutions, an enterprise IT analysis, market research, and consulting firm. Gardner, a leading identifier of software and cloud productivity trends and new IT business growth opportunities, honed his skills and refined his insights as an industry analyst, pundit, and news editor covering the emerging software development and enterprise infrastructure arenas for the last 18 years.

Comments Off

Filed under Cloud, Cybersecurity, Information security, Security Architecture

2012 Open Group Predictions, Vol. 2

By The Open Group

Continuing on the theme of predictions, here are a few more, which focus on enterprise architecture, business architecture, general IT and Open Group events in 2012.

Enterprise Architecture – The Industry

By Leonard Fehskens, VP of Skills and Capabilities

Looking back at 2011 and looking forward to 2012, I see growing stress within the EA community as both the demands being placed on it and the diversity of opinions within it increase. While this stress is not likely to fracture the community, it is going to make it much more difficult for both enterprise architects and the communities they serve to make sense of EA in general, and its value proposition in particular.

As I predicted around this time last year, the conventional wisdom about EA continues to spin its wheels.  At the same time, there has been a bit more progress at the leading edge than I had expected or hoped for. The net effect is that the gap between the conventional wisdom and the leading edge has widened. I expect this to continue through the next year as progress at the leading edge is something like the snowball rolling downhill, and newcomers to the discipline will pronounce that it’s obvious the Earth is both flat and the center of the universe.

What I had not expected is the vigor with which the loosely defined concept of business architecture has been adopted as the answer to the vexing challenge of “business/IT alignment.” The big idea seems to be that the enterprise comprises “the business” and IT, and enterprise architecture comprises business architecture and IT architecture. We already know how to do the IT part, so if we can just figure out the business part, we’ll finally have EA down to a science. What’s troubling is how much of the EA community does not see this as an inherently IT-centric perspective that will not win over the “business community.” The key to a truly enterprise-centric concept of EA lies inside that black box labeled “the business” – a black box that accounts for 95% or more of the enterprise.

As if to compensate for this entrenched IT-centric perspective, the EA community has lately adopted the mantra of “enterprise transformation”, a dangerous strategy that risks promising even more when far too many EA efforts have been unable to deliver on the promises they have already made.

At the same time, there is a growing interest in professionalizing the discipline, exemplified by the membership of the Association of Enterprise Architects (AEA) passing 20,000, TOGAF® 9 certifications passing 10,000, and the formation of the Federation of Enterprise Architecture Professional Organizations (FEAPO). The challenge that we face in 2012 and beyond is bringing order to the increasing chaos that characterizes the EA space. The biggest question looming seems to be whether this should be driven by IT. If so, will we be honest about this IT focus and will the potential for EA to become a truly enterprise-wide capability be realized?

Enterprise Architecture – The Profession

By Steve Nunn, COO of The Open Group and CEO of the Association of Enterprise Architects

It’s an exciting time for enterprise architecture, both as an industry and as a profession. There are an abundance of trends in EA, but I wanted to focus on three that have emerged and will continue to evolve in 2012 and beyond.

  • A Defined Career Path for Enterprise Architects: Today, there is no clear career path for the enterprise architect. I’ve heard this from college students, IT and business professionals and current EAs. Up until now, the skills necessary to succeed and the roles within an organization that an EA can and should fill have not been defined. It’s imperative that we determine the skill sets EAs need and the path for EAs to acquire these skills in a linear progression throughout their career. Expect this topic to become top priority in 2012.
  • Continued EA Certification Adoption: Certification will continue to grow as EAs seek ways to differentiate themselves within the industry and to employers. Certifications and memberships through professional bodies such as the Association of Enterprise Architects will offer value to members and employers alike by identifying competent and capable architects. This growth will also be supported by EA certification adoption in emerging markets like India and China, as those countries continue to explore ways to build value and quality for current and perspective clients, and to establish more international credibility.
  • Greater Involvement from the Business: As IT investments become business driven, business executives controlling corporate strategy will need to become more involved in EA and eventually drive the process. Business executive involvement will be especially helpful when outsourcing IT processes, such as Cloud Computing. Expect to see greater interest from executives and business schools that will implement coursework and training to reflect this shift, as well as increased discussion on the value of business architecture.

Business Architecture – Part 2

By Kevin Daley, IBM and Vice-Chair of The Open Group Business Forum

Several key technologies have reached a tipping point in 2011 that will move them out of the investigation and validation by enterprise architects and into the domain of strategy and realization for business architects. Five areas where business architects will be called upon for participation and effort in 2012 are related to:

  • Cloud: This increasingly adopted and disruptive technology will help increase the speed of development and change. The business architect will be called upon to ensure the strategic relevancy of transformation in a repeatable fashion as cycle times and rollouts happen faster.
  • Social Networking / Mobile Computing: Prevalent consumer usage, global user adoption and improvements in hardware and security make this a trend that cannot be ignored. The business architect will help develop new strategies as organizations strive for new markets and broader demographic reach.
  • Internet of Things: This concept from 2000 is reaching critical mass as more and more devices become communicative. The business architect will be called on to facilitate the conversation and design efforts between operational efforts and technologies managing the flood of new and usable information.
  • Big Data and Business Intelligence: Massive amounts of previously untapped data are being exposed, analyzed and made insightful and useful. The business architect will be utilized to help contain the complexity of business possibilities while identifying tactical areas where the new insights can be integrated into existing technologies to optimize automation and business process domains.
  • ERP Resurgence and Smarter Software: Software purchasing looks to continue its 2011 trend towards broader, more intuitive and feature-rich software and applications.  The business architect will be called upon to identify and help drive getting the maximum amount of operational value and output from these platforms to both preserve and extend organizational differentiation.

The State of IT

By Dave Lounsbury, CTO

What will have a profound effect on the IT industry throughout 2012 are the twin horses of mobility and consumerization, both of which are galloping at full tilt within the IT industry right now. Key to these trends are the increased use of personal devices, as well as favorite consumer Cloud services and social networks, which drive a rapidly growing comfort among end users with both data and computational power being everywhere. This comfort brings a level of expectations to end users who will increasingly want to control how they access and use their data, and with what devices. The expectation of control and access will be increasingly brought from home to the workplace.

This has profound implications for core IT organizations. There will be less reliance on core IT services, and with that an increased expectation of “I’ll buy the services, you show me know to knit them in” as the prevalent user approach to IT – thus requiring increased attention to use of standards conformance. IT departments will change from being the only service providers within organizations to being a guiding force when it comes to core business processes, with IT budgets being impacted. I see a rapid tipping point in this direction in 2012.

What does this mean for corporate data? The matters of scale that have been a part of IT—the overarching need for good architecture, security, standards and governance—will now apply to a wide range of users and their devices and services. Security issues will loom larger. Data, apps and hardware are coming from everywhere, and companies will need to develop criteria for knowing whether systems are robust, secure and trustworthy. Governments worldwide will take a close look at this in 2012, but industry must take the lead to keep up with the pace of technology evolution, such as The Open Group and its members have done with the OTTF standard.

Open Group Events in 2012

By Patty Donovan, VP of Membership and Events

In 2012, we will continue to connect with members globally through all mediums available to us – our quarterly conferences, virtual and regional events and social media. Through coordination with our local partners in Brazil, China, France, Japan, South Africa, Sweden, Turkey and the United Arab Emirates, we’ve been able to increase our global footprint and connect members and non-members who may not have been able to attend the quarterly conferences with the issues facing today’s IT professionals. These events in conjunction with our efforts in social media has led to a rise in member participation and helped further develop The Open Group community, and we hope to have continued growth in the coming year and beyond.

We’re always open to new suggestions, so if you have a creative idea on how to connect members, please let me know! Also, please be sure to attend the upcoming Open Group Conference in San Francisco, which is taking place on January 30 through February 3. The conference will address enterprise transformation as well as other key issues in 2012 and beyond.

9 Comments

Filed under Business Architecture, Cloud, Cloud/SOA, Data management, Enterprise Architecture, Semantic Interoperability, Standards

Save the Date—The Open Group Conference San Francisco!

By Patty Donovan, The Open Group

It’s that time again to start thinking ahead to The Open Group’s first conference of 2012 to be held in San Francisco, January 30 – February 3, 2012. Not only do we have a great venue for the event, the Intercontinental Mark Hopkins (home of the famous “Top of the Mark” sky lounge—with amazing views of all of San Francisco!), but we have stellar line up for our winter conference centered on the theme of Enterprise Transformation.

Enterprise Transformation is a theme that is increasingly being used by organizations of all types to represent the change processes they implement in response to internal and external business drivers. Enterprise Architecture (EA) can be a means to Enterprise Transformation, but most enterprises today because EA is still largely limited to the IT department and transformation must go beyond the IT department to be successful. The San Francisco conference will focus on the role that both IT and EA can play within the Enterprise Transformation process, including the following:

  • The differences between EA and Enterprise Transformation and how they relate  to one another
  • The use of EA to facilitate Enterprise Transformation
  • How EA can be used to create a foundation for Enterprise Transformation that the Board and business-line managers can understand and use to their advantage
  • How EA facilitates transformation within IT, and how does such transformation support the transformation of the enterprise as a whole
  • How EA can help the enterprise successfully adapt to “disruptive technologies” such as Cloud Computing and ubiquitous mobile access

In addition, we will be featuring a line-up of keynotes by some of the top industry leaders to discuss Enterprise Transformation, as well as themes around our regular tracks of Enterprise Architecture and Professional Certification, Cloud Computing and Cybersecurity. Keynoting at the conference will be:

  • Joseph Menn, author and cybersecurity correspondent for the Financial Times (Keynote: What You’re Up Against: Mobsters, Nation-States and Blurry Lines)
  • Celso Guiotoko, Corporate Vice President and CIO, Nissan Motor Co., Ltd. (Keynote: How Enterprise Architecture is helping NISSAN IT Transformation)
  • Jeanne W. Ross, Director & Principal Research Scientist, MIT Center for Information Systems Research (Keynote: The Enterprise Architect: Architecting Business Success)
  • Lauren C. States, Vice President & Chief Technology Officer, Cloud Computing and Growth Initiatives, IBM Corp. (Keynote: Making Business Drive IT Transformation Through Enterprise Architecture)
  • Andy Mulholland, Chief Global Technical Officer, Capgemini (Keynote: The Transformed Enterprise)
  • William Rouse, Executive Director, Tennenbaum Institute at Georgia Institute of Technology (Keynote: Enterprise Transformation: An Architecture-Based Approach)

For more on the conference tracks or to register, please visit our conference registration page. And stay tuned throughout the next month for more sneak peeks leading up to The Open Group Conference San Francisco!

1 Comment

Filed under Cloud, Cloud/SOA, Cybersecurity, Data management, Enterprise Architecture, Semantic Interoperability, Standards

2012 Open Group Predictions, Vol. 1

By The Open Group

Foreword

By Allen Brown, CEO

2011 was a big year for The Open Group, thanks to the efforts of our members and our staff – you all deserve a very big thank you. There have been so many big achievements, that to list them all here would mean we would never get to our predictions. Significantly though, The Open Group continues to grow and this year the number of enterprise members passed the 400 mark which means that around 30,000 people are involved, some more so than others, from all over the world.

Making predictions is always risky but we thought it might be fun anyway. Here are three trends that will wield great influence on IT in 2012 and beyond:

  • This year we experienced the consumerization of IT accelerating the pace of change for the enterprise at an astonishing rate as business users embraced new technologies that transformed their organizations. As this trend continues in 2012, the enterprise architect will play a critical role in supporting this change and enabling the business to realize their goals.
  • Enterprise architecture will continue its maturity in becoming a recognized profession. As the profession matures, employers of enterprise architects and other IT professionals, for that matter, will increasingly look for industry recognized certifications.
  • As globalization continues, security and compliance will be increasing issues for companies delivering products or services and there will be a growing spotlight on what might be inside IT products. Vendors will be expected to warrant that the products they purchase and integrate into their own products come from a trusted source and that their own processes can be trusted in order not to introduce potential threats to their customers. At the same time, customers will be increasingly sensitive to the security and dependability of their IT assets. To address this situation, security will continue to be designed in from the outset and be tightly coupled with enterprise architecture.

In addition to my predictions, Other Open Group staff members also wanted to share their predictions for 2012 with you:

Security

By Jim Hietala, VP of Security

Cloud security in 2012 becomes all about point solutions to address specific security pain points. Customers are realizing that to achieve an acceptable level of security, whether for IaaS, SaaS, or PaaS, they need to apply controls in addition to the native platform controls from the Cloud service provider. In 2012, this will manifest as early Cloud security technologies target specific and narrow security functionality gaps. Specific areas where we see this playing out include data encryption, data loss prevention, identity and access management, and others.

Cloud

By Chris Harding, Director of Interoperability

There is a major trend towards shared computing resources that are “on the Cloud” – accessed by increasingly powerful and mobile personal computing devices but decoupled from the users.

This may bring some much-needed economic growth in 2012, but history shows that real growth can only come from markets based on standards. Cloud portability and interoperability standards will enable development of re-usable components as commodity items, but the need for them is not yet appreciated. And, even if the vendors wanted these standards for Cloud Computing, they do not yet have the experience to create good ones.  But, by the end of the year, we should understand Cloud Computing better and will perhaps have made a start on the standardization that will lead to growth in the years ahead.

Here are some more Cloud predictions from my colleagues in The Open Group Cloud Work Group: http://blog.opengroup.org/2011/12/19/cloud-computing-predictions-for-2012/

Business Architecture

By Steve Philp, Professional Certification

There are a number of areas for 2012 where Business Architects will be called upon to engage in transforming the business and applying technologies such as Cloud Computing, social networking and big data. Therefore, the need to have competent Business Architects is greater than ever. This year organizations have been recruiting and developing Business Architects and the profession as a whole is now starting to take shape. But how do you establish who is a practicing Business Architect?

In response to requests from our membership, next year The Open Group will incorporate a Business Architecture stream into The Open Group Certified Architect (Open CA) program. There has already been significant interest in this stream from both organizations and practitioners alike. This is because Open CA is a skills and experience based program that recognizes, at different levels, those individuals who are performing in a Business Architecture role. I believe this initiative will further help to develop the profession over the next few years and especially in 2012.

1 Comment

Filed under Business Architecture, Cloud, Cybersecurity, Enterprise Architecture, Enterprise Transformation, Semantic Interoperability, Uncategorized

Cloud Computing predictions for 2012

By The Open Group Cloud Work Group Members 

With 2012 fast approaching, Cloud Computing will remain a hot topic for IT professionals everywhere. The Open Group Cloud Work Group worked on various initiatives in 2011, including the Cloud Computing Survey, which explored the business impact and primary drivers for Cloud within organizations, and the release of Cloud Computing for Business, a guide that examines how enterprises can derive the greatest business benefits from Cloud Computing from a business process standpoint.

As this year comes to an end, here are a few predictions from various Cloud Work Group members.

Non-IT executives will increasingly use the term “Cloud” in regular business conversations

By Penelope Gordon, 1 Plug

In 2012, the number of non-IT business executives seeking ways to leverage Cloud will increase, and consequently references to Cloud Computing will increasingly appear in general business publications.

This increase in Cloud references will in part be due to the availability of consumer-oriented Cloud services such as email and photo sharing. For example, the October 2011 edition of the Christian Science Monitor included an article titled “Five things you need to know about ‘the cloud’” by Chris Gaylord that discussed Cloud services in the same vein as mobile phone capabilities. Another factor behind the increase (unintentionally) highlighted in this article is the overuse – and consequent dilution – of the term “Cloud” – Web services and applications running on Cloud infrastructure are not necessarily themselves Cloud services.

The most important factor behind the increase will be due to the relevance of Cloud – especially the SaaS, BPaaS, and cloud-enabled BPO variants – to these executives. In contrast to SOA, Cloud Computing buying decisions related to business process enablement can be very granular and incremental and can thus be made independently of the IT Department – not that I advocate bypassing IT input. Good governance ensures both macro-level optimization and interoperability.

New business models in monetizing your Information-as–a-Service

By Mark Skilton, Capgemini

Personal data is rapidly become less restricted to individual control and management as we see exponential growth in the use of digital media and social networking to exchange ideas, conduct business and enable whole markets, products and services to be accessible. This has significant ramifications not only for individuals and organizations to maintain security and protection over what is public and private; it also represents a huge opportunity to understand both small and big data and the “interstitial connecting glue” – the metadata within and at the edge of Clouds that are like digital smoke trails of online community activities and behaviors.

At the heart of this is the “value of information” to organizations that can extract and understand how to maximize this information and, in turn, monetize it. This can be as simple as profiling customers who “like” products and services to creating secure backup Cloud services to retrieve in times of need and support of emergency services. The point is that new metadata combinations are possible through the aggregation of data inside and outside of organizations to create new value.

There are many new opportunities to create new business models that recognize this new wave of Information-as- a-Service (IaaS) as the Cloud moves further into new value model territories.

Small and large enterprise experiences when it comes to Cloud

By Pam Isom, IBM

The Cloud Business Use Case (CBUC) team is in the process of developing and publishing a paper that is focused on the subject of Cloud for Small-Medium-Enterprises (SME’s). The CBUC team is the same team that contributed to the book Cloud Computing for Business with a concerted focus on Cloud business benefits, use cases, and justification. When it comes to small and large enterprise comparisons of Cloud adoption, some initial observations are that the increased agility associated with Cloud helps smaller organizations with rapid time-to-market and, as a result, attracts new customers in a timely fashion. This faster time-to-market not only helps SME’s gain new customers who otherwise would have gone to competitors, but prevents those competitors from becoming stronger – enhancing the SME’s competitive edge. Larger enterprises might be more willing to have a dedicated IT organization that is backed with support staff and they are more likely to establish full-fledged data center facilities to operate as a Cloud service provider in both a public and private capacity, whereas SME’s have lower IT budgets and tend to focus on keeping their IT footprint small, seeking out IT services from a variety of Cloud service providers.

A recent study conducted by Microsoft surveyed more than 3000 small businesses across 16 countries with the objective of understanding whether they have an appetite for adopting Cloud Computing. One of the findings was that within three years, “43 percent of workloads will become paid cloud services.” This is one of many statistics that stress the significance of Cloud on small businesses in this example and the predictions for larger enterprise as Cloud providers and consumers are just as profound.

Penelope Gordon specializes in adoption strategies for emerging technologies, and portfolio management of early stage innovation. While with IBM, she led innovation, strategy, and product development efforts for all of IBM’s product and service divisions; and helped to design, implement, and manage one of the world’s first public clouds.

Mark Skilton is Global Director for Capgemini, Strategy CTO Group, Global Infrastructure Services. His role includes strategy development, competitive technology planning including Cloud Computing and on-demand services, global delivery readiness and creation of Centers of Excellence. He is currently author of the Capgemini University Cloud Computing Course and is responsible for Group Interoperability strategy.

Pamela K. Isom is the Chief Architect for complex cloud integration and application innovation services such as serious games. She joined IBM in June 2000 and currently leads efforts that drive Smarter Planet efficiencies throughout client enterprises using, and often times enhancing, its’ Enterprise Architecture (EA). Pamela is a Distinguished Chief/Lead IT Architect with The Open Group where she leads the Cloud Business Use Cases Work Group.

3 Comments

Filed under Cloud, Cloud/SOA, Enterprise Transformation, Semantic Interoperability