Tag Archives: Open Group Conference

Improving Signal-to-Noise in Risk Management

By Jack Jones, CXOWARE

One of the most important responsibilities of the information security professional (or any IT professional, for that matter) is to help management make well-informed decisions. Unfortunately, this has been an illusive objective when it comes to risk. Although we’re great at identifying control deficiencies, and we can talk all day long about the various threats we face, we have historically had a poor track record when it comes to risk. There are a number of reasons for this, but in this article I’ll focus on just one — definition.

You’ve probably heard the old adage, “You can’t manage what you can’t measure.”  Well, I’d add to that by saying, “You can’t measure what you haven’t defined.” The unfortunate fact is that the information security profession has been inconsistent in how it defines and uses the term “risk.” Ask a number of professionals to define the term, and you will get a variety of definitions.

Besides inconsistency, another problem regarding the term “risk” is that many of the common definitions don’t fit the information security problem space or simply aren’t practical. For example, the ISO27000 standard defines risk as, “the effect of uncertainty on objectives.” What does that mean? Fortunately (or perhaps unfortunately), I must not be the only one with that reaction because the ISO standard goes on to define “effect,” “uncertainty,” and “objectives,” as follows:

  • Effect: A deviation from the expected — positive and/or negative
  • Uncertainty: The state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence or likelihood
  • Objectives: Can have different aspects (such as financial, health and safety, information security, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process)

NOTE: Their definition for ”objectives” doesn’t appear to be a definition at all, but rather an example. 

Although I understand, conceptually, the point this definition is getting at, my first concern is practical in nature. As a Chief Information Security Officer (CISO), I invariably have more to do than I have resources to apply. Therefore, I must prioritize and prioritization requires comparison and comparison requires measurement. It isn’t clear to me how “uncertainty regarding deviation from the expected (positive and/or negative) that might affect my organization’s objectives” can be applied to measure, and thus compare and prioritize, the issues I’m responsible for dealing with.

This is just an example though, and I don’t mean to pick on ISO because much of their work is stellar. I could have chosen any of several definitions in our industry and expressed varied concerns.

In my experience, information security is about managing how often loss takes place, and how much loss will be realized when/if it occurs. That is our profession’s value proposition, and it’s what management cares about. Consequently, whatever definition we use needs to align with this purpose.

The Open Group’s Risk Taxonomy (shown below), based on Factor Analysis of Information Risk (FAIR), helps to solve this problem by providing a clear and practical definition for risk. In this taxonomy, Risk is defined as, “the probable frequency and probable magnitude of future loss.”

Taxonomy image

The elements below risk in the taxonomy form a Bayesian network that models risk factors and acts as a framework for critically evaluating risk. This framework has been evolving for more than a decade now and is helping information security professionals across many industries understand, measure, communicate and manage risk more effectively.

In the communications context, you have to have a very clear understanding of what constitutes signal before you can effectively and reliably filter it out from noise. The Open Group’s Risk Taxonomy gives us an important foundation for achieving a much clearer signal.

I will be discussing this topic in more detail next week at The Open Group Conference in Newport Beach. For more information on my session or the conference, visit: http://www.opengroup.org/newportbeach2013.

Jack Jones HeadshotJack Jones has been employed in technology for the past twenty-nine years, and has specialized in information security and risk management for twenty-two years.  During this time, he’s worked in the United States military, government intelligence, consulting, as well as the financial and insurance industries.  Jack has over nine years of experience as a CISO, with five of those years at a Fortune 100 financial services company.  His work there was recognized in 2006 when he received the 2006 ISSA Excellence in the Field of Security Practices award at that year’s RSA conference.  In 2007, he was selected as a finalist for the Information Security Executive of the Year, Central United States, and in 2012 was honored with the CSO Compass award for leadership in risk management.  He is also the author and creator of the Factor Analysis of Information Risk (FAIR) framework.

1 Comment

Filed under Cybersecurity

How Should we use Cloud?

By Chris Harding, The Open Group

How should we use Cloud? This is the key question at the start of 2013.

The Open Group® conferences in recent years have thrown light on, “What is Cloud?” and, “Should we use Cloud?” It is time to move on.

Cloud as a Distributed Processing Platform

The question is an interesting one, because the answer is not necessarily, “Use Cloud resources just as you would use in-house resources.” Of course, you can use Cloud processing and storage to replace or supplement what you have in-house, and many companies are doing just that. You can also use the Cloud as a distributed computing platform, on which a single application instance can use multiple processing and storage resources, perhaps spread across many countries.

It’s a bit like contracting a company to do a job, rather than hiring a set of people. If you hire a set of people, you have to worry about who will do what when. Contract a company, and all that is taken care of. The company assembles the right people, schedules their work, finds replacements in case of sickness, and moves them on to other things when their contribution is complete.

This doesn’t only make things easier, it also enables you to tackle bigger jobs. Big Data is the latest technical phenomenon. Big Data can be processed effectively by parceling the work out to multiple computers. Cloud providers are beginning to make the tools to do this available, using distributed file systems and map-reduce. We do not yet have, “Distributed Processing as a Service” – but that will surely come.

Distributed Computing at the Conference

Big Data is the main theme of the Newport Beach conference. The plenary sessions have keynote presentations on Big Data, including the crucial aspect of security, and there is a Big Data track that explores in depth its use in Enterprise Architecture.

There are also Cloud tracks that explore the business aspects of using Cloud and the use of Cloud in Enterprise Architecture, including a session on its use for Big Data.

Service orientation is generally accepted as a sound underlying principle for systems using both Cloud and in-house resources. The Service Oriented Architecture (SOA) movement focused initially on its application within the enterprise. We are now looking to apply it to distributed systems of all kinds. This may require changes to specific technology and interfaces, but not to the fundamental SOA approach. The Distributed Services Architecture track contains presentations on the theory and practice of SOA.

Distributed Computing Work in The Open Group

Many of the conference presentations are based on work done by Open Group members in the Cloud Computing, SOA and Semantic Interoperability Work Groups, and in the Architecture, Security and Jericho Forums. The Open Group enables people to come together to develop standards and best practices for the benefit of the architecture community. We have active Work Groups and Forums working on artifacts such as a Cloud Computing Reference Architecture, a Cloud Portability and Interoperability Guide, and a Guide to the use of TOGAF® framework in Cloud Ecosystems.

The Open Group Conference in Newport Beach

Our conferences provide an opportunity for members and non-members to discuss ideas together. This happens not only in presentations and workshops, but also in informal discussions during breaks and after the conference sessions. These discussions benefit future work at The Open Group. They also benefit the participants directly, enabling them to bring to their enterprises ideas that they have sounded out with their peers. People from other companies can often bring new perspectives.

Most enterprises now know what Cloud is. Many have identified specific opportunities where they will use it. The challenge now for enterprise architects is determining how best to do this, either by replacing in-house systems, or by using the Cloud’s potential for distributed processing. This is the question for discussion at The Open Group Conference in Newport Beach. I’m looking forward to an interesting conference!

Dr. Chris Harding is Director for Interoperability and SOA at The Open Group. He has been with The Open Group for more than ten years, and is currently responsible for managing and supporting its work on interoperability, including SOA and interoperability aspects of Cloud Computing. He is a member of the BCS, the IEEE and the AEA, and is a certified TOGAF practitioner.

1 Comment

Filed under Cloud, Conference

2013 Open Group Predictions, Vol. 2

By The Open Group

Continuing on the theme of predictions, here are a few more, which focus on global IT trends, business architecture, OTTF and Open Group events in 2013.

Global Enterprise Architecture

By Chris Forde, Vice President of Enterprise Architecture and Membership Capabilities

Cloud is no longer a bleeding edge technology – most organizations are already well on their way to deploying cloud technology.  However, Cloud implementations are resurrecting a perennial problem for organizations—integration. Now that Cloud infrastructures are being deployed, organizations are having trouble integrating different systems, especially with systems hosted by third parties outside their organization. What will happen when two, three or four technical delivery systems are hosted on AND off premise? This presents a looming integration problem.

As we see more and more organizations buying into cloud infrastructures, we’ll see an increase in cross-platform integration architectures globally in 2013. The role of the enterprise architect will become more complex. Architectures must not only ensure that systems are integrated properly, but architects also need to figure out a way to integrate outsourced teams and services and determine responsibility across all systems. Additionally, outsourcing and integration will lead to increased focus on security in the coming year, especially in healthcare and financial sectors. When so many people are involved, and responsibility is shared or lost in the process, gaping holes can be left unnoticed. As data is increasingly shared between organizations and current trends escalate, security will also become more and more of a concern. Integration may yield great rewards architecturally, but it also means greater exposure to vulnerabilities outside of your firewall.

Within the Architecture Forum, we will be working on improvements to the TOGAF® standard throughout 2013, as well as an effort to continue to harmonize the TOGAF specification with the ArchiMate® modelling language.  The Forum also expects to publish a whitepaper on application portfolio management in the new year, as well as be involved in the upcoming Cloud Reference Architecture.

In China, The Open Group is progressing well. In 2013, we’ll continue translating The Open Group website, books and whitepapers from English to Chinese. Partnerships and Open CA certification will remain in the forefront of global priorities, as well as enrolling TOGAF trainers throughout Asia Pacific as Open Group members. There are a lot of exciting developments arising, and we will keep you updated as we expand our footprint in China and the rest of Asia.

Open Group Events in 2013

By Patty Donovan, Vice President of Membership and Events

In 2013, the biggest change for us will be our quarterly summit. The focus will shift toward an emphasis on verticals. This new focus will debut at our April event in Sydney where the vertical themes include Mining, Government, and Finance. Additional vertical themes that we plan to cover throughout the year include: Healthcare, Transportation, Retail, just to name a few. We will also continue to increase the number of our popular Livestream sessions as we have seen an extremely positive reaction to them as well as all of our On-Demand sessions – listen to best selling authors and industry leaders who participated as keynote and track speakers throughout the year.

Regarding social media, we made big strides in 2012 and will continue to make this a primary focus of The Open Group. If you haven’t already, please “like” us on Facebook, follow us on Twitter, join the chat on (#ogchat) one of our Security focused Tweet Jams, and join our LinkedIn Group. And if you have the time, we’d love for you to contribute to The Open Group blog.

We’re always open to new suggestions, so if you have a creative idea on how we can improve your membership, Open Group events, webinars, podcasts, please let me know! Also, please be sure to attend the upcoming Open Group Conference in Newport Beach, Calif., which is taking place on January 28-31. The conference will address Big Data.

Business Architecture

By Steve Philp, Marketing Director for Open CA and Open CITS

Business Architecture is still a relatively new discipline, but in 2013 I think it will continue to grow in prominence and visibility from an executive perspective. C-Level decision makers are not just looking at operational efficiency initiatives and cost reduction programs to grow their future revenue streams; they are also looking at market strategy and opportunity analysis.

Business Architects are extremely valuable to an organization when they understand market and technology trends in a particular sector. They can then work with business leaders to develop strategies based on the capabilities and positioning of the company to increase revenue, enhance their market position and improve customer loyalty.

Senior management recognizes that technology also plays a crucial role in how organizations can achieve their business goals. A major role of the Business Architect is to help merge technology with business processes to help facilitate this business transformation.

There are a number of key technology areas for 2013 where Business Architects will be called upon to engage with the business such as Cloud Computing, Big Data and social networking. Therefore, the need to have competent Business Architects is a high priority in both the developed and emerging markets and the demand for Business Architects currently exceeds the supply. There are some training and certification programs available based on a body of knowledge, but how do you establish who is a practicing Business Architect if you are looking to recruit?

The Open Group is trying to address this issue and has incorporated a Business Architecture stream into The Open Group Certified Architect (Open CA) program. There has already been significant interest in this stream from both organizations and practitioners alike. This is because Open CA is a skills- and experience-based program that recognizes, at different levels, those individuals who are actually performing in a Business Architecture role. You must complete a candidate application package and be interviewed by your peers. Achieving certification demonstrates your competency as a Business Architect and therefore will stand you in good stead for both next year and beyond.

You can view the conformance criteria for the Open CA Business Architecture stream at https://www2.opengroup.org/ogsys/catalog/X120.

Trusted Technology

By Sally Long, Director of Consortia Services

The interdependency of all countries on global technology providers and technology providers’ dependencies on component suppliers around the world is more certain than ever before.  The need to work together in a vendor-neutral, country-neutral environment to assure there are standards for securing technology development and supply chain operations will become increasingly apparent in 2013. Securing the global supply chain can not be done in a vacuum, by a few providers or a few governments, it must be achieved by working together with all governments, providers, component suppliers and integrators and it must be done through open standards and accreditation programs that demonstrate conformance to those standards and are available to everyone.

The Open Group’s Trusted Technology Forum is providing that open, vendor and country-neutral environment, where suppliers from all countries and governments from around the world can work together in a trusted collaborative environment, to create a standard and an accreditation program for securing the global supply chain. The Open Trusted Technology Provider Standard (O-TTPS) Snapshot (Draft) was published in March of 2012 and is the basis for our 2013 predictions.

We predict that in 2013:

  • Version 1.0 of the O-TTPS (Standard) will be published.
  • Version 1.0 will be submitted to the ISO PAS process in 2013, and will likely become part of the ISO/IEC 27036 standard, where Part 5 of that ISO standard is already reserved for the O-TTPS work
  • An O-TTPS Accreditation Program – open to all providers, component suppliers, and integrators, will be launched
  • The Forum will continue the trend of increased member participation from governments and suppliers around the world

4 Comments

Filed under Business Architecture, Conference, Enterprise Architecture, O-TTF, OTTF

The Open Group Newport Beach Conference – Early Bird Registration Ends January 4

By The Open Group Conference Team

The Open Group is busy gearing up for the Newport Beach Conference. Taking place January 28-31, 2013, the conference theme is “Big Data – The Transformation We Need to Embrace Today” and will bring together leading minds in technology to discuss the challenges and solutions facing Enterprise Architecture around the growth of Big Data. Register today!

Information is power, and we stand at a time when 90% of the data in the world today was generated in the last two years alone.  Despite the sheer enormity of the task, off the shelf hardware, open source frameworks, and the processing capacity of the Cloud, mean that Big Data processing is within the cost-effective grasp of the average business. Organizations can now initiate Big Data projects without significant investment in IT infrastructure.

In addition to tutorial sessions on TOGAF® and ArchiMate®, the conference offers roughly 60 sessions on a varied of topics including:

  • The ways that Cloud Computing is transforming the possibilities for collecting, storing, and processing big data.
  • How to contend with Big Data in your Enterprise?
  • How does Big Data enable your Business Architecture?
  • What does the Big Data revolution mean for the Enterprise Architect?
  • Real-time analysis of Big Data in the Cloud.
  • Security challenges in the world of outsourced data.
  • What is an architectural view of Security for the Cloud?

Plenary speakers include:

  • Christian Verstraete, Chief Technologist – Cloud Strategy, HP
  • Mary Ann Mezzapelle, Strategist – Security Services, HP
  • Michael Cavaretta, Ph.D, Technical Leader, Predictive Analytics / Data Mining Research and Advanced Engineering, Ford Motor Company
  • Adrian Lane, Analyst and Chief Technical Officer, Securosis
  • David Potter, Chief Technical Officer, Promise Innovation Oy
  • Ron Schuldt, Senior Partner, UDEF-IT, LLC

A full conference agenda is available here. Tracks include:

  • Architecting Big Data
  • Big Data and Cloud Security
  • Data Architecture and Big Data
  • Business Architecture
  • Distributed Services Architecture
  • EA and Disruptive Technologies
  • Architecting the Cloud
  • Cloud Computing for Business

Early Bird Registration

Early Bird registration for The Open Group Conference in Newport Beach ends January 4. Register now and save! For more information or to register: http://www.opengroup.org/event/open-group-newport-beach-2013/reg

Upcoming Conference Submission Deadlines

In addition to the Early Bird registration deadline to attend the Newport Beach conference, there are upcoming deadlines for speaker proposal submissions to Open Group conferences in Sydney, Philadelphia and London. To submit a proposal to speak, click here.

Venue Industry Focus Submission Deadline
Sydney (April 15-17) Finance, Defense, Mining January 18, 2013
Philadelphia (July 15-17) Healthcare, Finance, Defense April 5, 2013
London (October 21-23) Finance, Government, Healthcare July 8, 2013

We expect space on the agendas of these events to be at a premium, so it is important for proposals to be submitted as early as possible. Proposals received after the deadline dates will still be considered, if space is available; if not, they may be carried over to a future conference. Priority will be given to proposals received by the deadline dates and to proposals that include an end-user organization, at least as a co-presenter.

Comments Off

Filed under Conference

Snapshots of The Open Group Barcelona Conference

By The Open Group Conference Team

It is time to announce the winners of the Barcelona Photo Contest! For those of you who were unable to attend, conference attendees submitted some of their best photos to the contest for a chance to win one free conference pass to one of the global Open Group conference over the next year – a prize valued at more than $1,000/€900 value.

Barcelona is a city for architects. While it is most known for works by Gaudi, enterprise architects flooded the streets for the Open Group Conference in Barcelona…and took some amazing pictures. We had a record number of photo contest submissions that captured everything from the plenary session speakers to flamenco dancers to Camp Nou, home of FC Barcelona!

The contest ended today at noon PDT, and it is time to announce the winners…

Modernista Award – For best photo taken in or around Barcelona

The winner is Craig Heath!

“Barcelona Sky from the Fundació Joan Miró”

Honorable Mentions

“Sagrada Familia Spiral Staircase” by David Boyett

 

Submission by Angela Spencer

Best of Barcelona Conference - For any photo taken during conference activities

The winner is Leonardo Ramirez!

A flamenco dancer at the Tuesday night event

Honorable Mentions

Submission by Leonardo Ramirez

The FACE™ team by David Boyett

Thank you to all those who participated in this contest – whether it was submitting one of your own photos or voting for your favorites. Please visit The Open Group’s Facebook page to view all of the submissions and conference photos.

We’re always trying to improve our programs, so if you have any feedback regarding the photo contest, please email photo@opengroup.org or leave a comment below. We’ll see you in Newport Beach!

Comments Off

Filed under Conference

Barcelona Highlights

By Steve Philp, The Open Group

Within a 15 minute walk of Camp Nou (home of FC Barcelona), The Open Group Conference “kicked off” on Monday morning with some excellent plenary presentations from Scott Radedztsky of Deloitte followed by Peter Haviland and Mick Adams of Ernst & Young, and after the break from Helen Sun of Oracle and finally Ron Tolido and Manuel Sevilla from Capgemini. You can see most of these Big Data presentations for yourself on The Open Group’s Livestream page.

The “second half” of the day was split into tracks for Big Data, Enterprise Architecture (EA), TOGAF® and ArchiMate®. Henry Franken of BiZZdesign talked about EA in terms of TOGAF and ArchiMate (you can see this on our Livestream site, too) and the other ArchiMate presentations from Peter Filip of Tatra Bank, Gerben Wierda of APG Asset Management and Mieke Mahakena of Capgemini were also well received by an enthusiastic audience. Networking and drinks followed at the end of the track sessions, and the “crowd” went away happy after day one.

Tuesday started with a plenary presentation by Dr. Robert Winter from the University of St Gallen on EA and Transformation Management. See the following clip to learn more about his presentation and his research.


This was followed by tracks on distributed services architecture, security, TOGAF 9 case studies, information architecture, quantum lifecycle management (QLM) and a new track on Practice Driven Research on Enterprise Transformation (PRET) and Trends in EA Research (TEAR). The evening entertainment on day two consisted of dinner and a spectacular flamenco dancing show at the Palacio de Flamenco – where a good time was had by all.

After the show there was also time for a number of us to watch Barcelona v. Celtic in their European Champions League match at the Camp Nou. This is the view from my seat:

 

The game ended in a 2-1 victory for Barcelona, and following the game there was much debate and friendly banter in the bar between the conference delegates and the Celtic fans that were staying at our hotel.

The track theme continued on day three of the conference along with member meetings such as the next version of TOGAF Working Group, the TOGAF Standard and ArchiMate Language Harmonization Project, Certification Standing Committee, and TOGAF Value Realization Working Group, etc. Member meetings of the Architecture Forum and Security Forum were held on Thursday and brought the Barcelona event to its conclusion.

At the end of the day, if your “goal” is to listen to some great presentations, network with your peers, participate in meetings and influence the generation of new IT standards, then you should get a ticket for our next fixture in Newport Beach, Calif., USA on January 28-31, 2013. The theme, again, will be Big Data.

I look forward to seeing you there!

Steve Philp is the Marketing Director at The Open Group. Over the past 20 years, Steve has worked predominantly in sales, marketing and general management roles within the IT training industry. Based in Reading, UK, he joined the Open Group in 2008 to promote and develop the organization’s skills and experience-based IT certifications. More recently, he has become responsible for corporate marketing as well as certification.

Comments Off

Filed under Conference

Barcelona Conference Spotlight: Dr. Robert Winter

By The Open Group Conference Team

The Open Group sat down with Dr. Robert Winter, professor at the University of St. Gallen in Switzerland, to talk about Enterprise Architecture management and transformation management following his keynote at the Barcelona Conference on Tuesday, October 23.

Dr. Winter’s session opened with the question, “Should we design and engineer methods like software?” His answer: “Yes!” Dr. Winter stresses that customization and componentization are essential when building Enterprise Architectures, making sure that architectures are constructed to fit a specific need or case and that components are reused. He also notes that enterprise architects cannot accomplish everything alone, as team work between enterprise architects and other departments are critical to organizational success.

Comments Off

Filed under Conference

Alex Osterwalder’s Business Model Canvas

By The Open Group Conference Team

At The Open Group Conference in Cannes, Alex Osterwalder, entrepreneur, “Business Model Generation” author and creator of the Business Model Canvas, discussed how enterprise architects can contribute to business models. He suggested that there needs to be a bridge between Enterprise Architecture and the highest strategic level of business, bringing strategic and implementation concepts together.  Osterwalder also encouraged organizations to have a shared discussion in a shared language with all stakeholders – a concept that enterprise architects are very familiar with.

To hear more from Alex Osterwalder on how enterprise architects can become more involved in the business model development process, please watch this video:

 

Later this month, The Open Group is hosting its Barcelona conference from October 22-25, where industry thought leaders, like Osterwalder, will be discussing emerging IT trends, specifically the concept of Big Data – the next frontier in the enterprise.

1 Comment

Filed under Business Architecture, Conference

Capgemini’s CTO on How Cloud Computing Exposes the Duality Between IT and Business Transformation

By Dana Gardner, Interarbor Solutions

This BriefingsDirect thought leadership interview comes in conjunction with The Open Group Conference this month in San Francisco.

The conference will focus on how IT and enterprise architecture support enterprise transformation. Speakers in conference events will also explore the latest in service oriented architecture (SOA), cloud computing, and security.

We’re now joined by one of the main speakers, Andy Mulholland, the Global Chief Technology Officer and Corporate Vice President at Capgemini. In 2009, Andy was voted one of the top 25 most influential CTOs in the world by InfoWorld. And in 2010, his CTO Blog was voted best blog for business managers and CIOs for the third year running by Computer Weekly.

Capgemini is about to publish a white paper on cloud computing. It draws distinctions between what cloud means to IT, and what it means to business — while examining the complex dual relationship between the two.

As a lead-in to his Open Group conference presentation on the transformed enterprise, Andy draws on the paper and further drills down on one of the decade’s hottest technology and business trends, cloud computing, and how it impacts business and IT. The interview is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. The full podcast can be found here.

Here are some excerpts:

Gardner: Why do business people think they have a revolution on their hands, while IT people look cloud computing as an evolution of infrastructure efficiency?

Mulholland: We define the role of IT and give it the responsibility and the accountability in the business in a way that is quite strongly related to internal practice. It’s all about how we manage the company’s transactions, how we reduce the cost, how we automate business process,and generally try to make our company a more efficient internal operator.

When you look at cloud computing through that set of lenses, you’re going to see … the technologies from cloud computing, principally virtualization, [as] ways to improve how you deliver the current server-centric, application-centric environment.

However, business people … reflect on it in terms of the change in society and the business world, which we all ought to recognize because that is our world, around the way we choose what we buy, how we choose to do business with people, how we search more, and how we’ve even changed that attitude.

Changed our ways

There’s a whole list of things that we simply just don’t do anymore because we’ve changed the way we choose to buy a book, the way we choose and listen to music and lots of other things.

So we see this as a revolution in the market or, more particularly, a revolution in how cloud can serve in the market, because everybody uses some form of technology.

So then the question is not the role of the IT department and the enterprise — it’s the role technology should be playing in their extended enterprise in doing business.

Gardner: What do we need to start doing differently?

Mulholland: Let’s go to a conversation this morning with a client. It’s always interesting to touch reality. This particular client is looking at the front end of a complex ecosystem around travel, and was asked this standard question by our account director: Do you have a business case for the work we’re discussing?

The reply from the CEO is very interesting. He fixed him with a very cold glare and he said, “If you were able to have 20 percent more billable hours without increasing your cost structure, would you be bothered to even think about the business case?”

The answer in that particular case was they were talking about 10,000 more travel instances or more a year — with no increase in their cost structure. In other words, their whole idea was there was nothing to do with cost in it. Their argument was in revenue increase, market share increase, and they thought that they would make better margins, because it would actually decrease their cost base or spread it more widely.

That’s the whole purpose of this revolution and that’s the purpose the business schools are always pushing, when they talk about innovative business models. It means innovate your business model to look at the market again from the perspective of getting into new markets, getting increased revenue, and maybe designing things that make more money.

Using technology externally

We’re always hooked on this idea that we’ve used technology very successfully internally, but now we should be asking the question about how we’re using technology externally when the population as a whole uses that as their primary method of deciding what they’re going to buy, how they’re going to buy it, when they’re going to buy it, and lots of other questions.

… A popular book recently has been The Power of Pull, and the idea is that we’re really seeing a decentralization of the front office in order to respond to and follow the market and the opportunities and the events in very different ways.

The Power of Pull says that I do what my market is asking me and I design business process or capabilities to be rapidly orchestrated through the front office around where things want to go, and I have linkage points, application programming interface (API) points, where I take anything significant and transfer it back.

But the real challenge is — and it was put to me today in the client discussion — that their business was designed around 1970 computer systems, augmented slowly around that, and they still felt that. Today, their market and their expectations of the industry that they’re in were that they would be designed around the way people were using their products and services and the events and that they had to make that change.

To do that, they’re transformed in the organization, and that’s where we start to spot the difference. We start to spot the idea that your own staff, your customers, and other suppliers are all working externally in information, process, and services accessible to all on an Internet market or architecture.

So when we talk about business architecture, it’s as relevant today as it ever was in terms of interpreting a business.

Set of methodologies

But when we start talking about architecture, The Open Group Architectural Framework (TOGAF) is a set of methodologies on the IT side — the closed-coupled state for a designed set of principles to client-server type systems. In this new model, when we talk about clouds, mobility, and people traveling around and connecting by wireless, etc., we have a stateless loosely coupled environment.

The whole purpose of The Open Group is, in fact, to help devise new ways for being able to architect methods to deliver that. That’s what stands behind the phrase, “a transformed enterprise.”

… If we go back to the basic mission of The Open Group, which is boundarylessness of this information flow, the boundary has previously been defined by a computer system updating another computer system in another company around traditional IT type procedural business flow.

Now, we’re talking about the idea that the information flow is around an ecosystem in an unstructured way. Not a structured file-to-file type transfer, not a structured architecture of who does what, when, and how, but the whole change model in this is unstructured.

Gardner: It’s important to point out here, Andy, that the stakes are relatively high. Who in the organization can be the change agent that can make that leap between the duality view of cloud that IT has, and these business opportunists?

Mulholland: The CEOs are quite noticeably reading the right articles, hearing the right information from business schools, etc., and they’re getting this picture that they’re going to have new business models and new capabilities.

So the drive end is not hard. The problem that is usually encountered is that the IT department’s definition and role interferes with them being able to play the role they want.

What we’re actually looking for is the idea that IT, as we define it today, is some place else. You have to accept that it exists, it will exist, and it’s hugely important. So please don’t take those principles and try to apply them outside.

The real question here is when you find those people who are doing the work outside — and I’ve yet to find any company where it hasn’t been the case — and the question should be how can we actually encourage and manage that innovation sensibly and successfully?

What I mean by that is that if everybody goes off and does their own thing, once again, we’ll end up with a broken company. Why? Because their whole purpose as an enterprises is to leverage success rapidly. If someone is very successful over there, you really need to know, and you need to leverage that again as rapidly as you can to run the rest of the organization. If it doesn’t work, you need to stop it quickly.

Changing roles

In models of the capabilities of that, the question is where is the government structure? So we hear titles like Chief Innovation Officer, again, slightly surprising how it may come up. But we see the model coming both ways. There are reforming CIOs for sure, who have recognized this and are changing their role and position accordingly, sometimes formally, sometimes informally.

The other way around, there are people coming from other parts of the business, taking the title and driving them. I’ve seen Chief Strategy Officers taking the role. I’ve seen the head of sales and marketing taking the role.

Certainly, recognizing the technology possibilities should be coming from the direction of the technology capabilities within the current IT department. The capability of what that means might be coming differently. So it’s a very interesting balance at the moment, and we don’t know quite the right answer.

What I do know is that it’s happening, and the quick-witted CIOs are understanding that it’s a huge opportunity for them to fix their role and embrace a new area, and a new sense of value that they can bring to their organization.

Gardner: Returning to the upcoming Capgemini white paper, it adds a sense of urgency at the end on how to get started. It suggests that you appoint a leader, but a leader first for the inside-out element of cloud and transformation and then a second leader, a separate leader perhaps, for that outside-in or reflecting the business transformation and the opportunity for what’s going on in the external business and markets. It also suggests a strategic road map that involves both business and technology, and then it suggests getting a pilot going.

How does this transition become something that you can manage?

Mulholland: The question is do you know who is responsible. If you don’t, you’d better figure out how you’re going to make someone responsible, because in any situation, someone has to be deciding what we’re going to do and how we’re going to do it.

Having defined that, there are very different business drivers, as well as different technology drivers, between the two. Clearly, whoever takes those roles will reflect a very different way that they will have to run that element. So a duality is recognized in that comment.

On the other hand, no business can survive by going off in half-a-dozen directions at once. You won’t have the money. You won’t have the brand. You won’t have anything you’d like. It’s simply not feasible.

So, the object of the strategic roadmap is to reaffirm the idea of what kind of business we’re trying to be and do. That’s the glimpse of what we want to achieve.

There has to be a strategy. Otherwise, you’ll end up with way too much decentralization and people making up their own version of the strategy, which they can fairly easily do and fairly easily mount from someone else’s cloud to go and do it today.

So the purpose of the duality is to make sure that the two roles, the two different groups of technology, the two different capabilities they reflect to the organization, are properly addressed, properly managed, and properly have a key authority figure in charge of them.

Enablement model

The business strategy is to make sure that the business knows how the enablement model that these two offer them is capable of being directed to where the shareholders will make money out of the business, because that is ultimately that success factor they’re looking for to drive them forward.

************

If you are interested in attending The Open Group’s upcoming conference, please register here: http://www3.opengroup.org/event/open-group-conference-san-francisco/registration

Dana Gardner is president and principal analyst at Interarbor Solutions, an enterprise IT analysis, market research, and consulting firm. Gardner, a leading identifier of software and cloud productivity trends and new IT business growth opportunities, honed his skills and refined his insights as an industry analyst, pundit, and news editor covering the emerging software development and enterprise infrastructure arenas for the last 18 years.

3 Comments

Filed under Cloud, Cloud/SOA, Enterprise Transformation, Semantic Interoperability

MIT’s Ross on How Enterprise Architecture and IT More Than Ever Lead to Business Transformation

By Dana Gardner, Interarbor Solutions

This BriefingsDirect thought leadership interview comes in conjunction with The Open Group Conference this month in San Francisco.

The conference will focus on how IT and enterprise architecture support enterprise transformation. Speakers in conference events will also explore the latest in service oriented architecture (SOA), cloud computing, and security.

We’re now joined by of the main speakers, Jeanne Ross, Director and Principal Research Scientist at the MIT Center for Information Systems Research. Jeanne studies how firms develop competitive advantage through the implementation and reuse of digitized platforms.

She is also the co-author of three books: IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, Enterprise Architecture As Strategy: Creating a Foundation for Business Execution, and IT Savvy: What Top Executives Must Know to Go from Pain to Gain.

As a lead-in to her Open Group presentation on how adoption of enterprise architecture (EA) leads to greater efficiencies and better business agility, Ross explains how enterprise architects have helped lead the way to successful business transformations. The interview is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. The full podcast can be found here.

Here are some excerpts:

Gardner: How you measure or determine that enterprise architects and their practices are intrinsic to successful business transformations?

Ross: That’s a great question. Today, there remains kind of a leap of faith in recognizing that companies that are well-architected will, in fact, perform better, partly because you can be well-architected and perform badly. Or if we look at companies that are very young and have no competitors, they can be very poorly architected and achieve quite remarkably in the marketplace.

But what we can ascribe to architecture is that when companies have competition, then they can establish any kind of performance target they want, whether it’s faster revenue growth or better profitability, and then architect themselves so they can achieve their goals. Then, we can monitor that.

We do have evidence in repeated case studies of companies that set goals, defined an architecture, started to build the capabilities associated with that architecture, and did indeed improve their performance. We have wonderful case study results that should be very reaffirming. I accept that they are not conclusive.

Architectural maturity

We also have statistical support in some of the work we’ve done that shows that high performers in our sample of 102 companies, in fact, had greater architecture maturity. They had deployed a number of practices associated with good architecture.

Gardner: Is there something that’s new about this, rather than just trying to reengineer something?

Ross: Yes, the thing we’re learning about enterprise architecture is that there’s a cultural shift that takes place in an organization, when it commits to doing business in a new way, and that cultural shift starts with abandoning a culture of heroes and accepting a culture of discipline.

Nobody wants to get rid of the heroes in their company. Heroes are people who see a problem and solve it. But we do want to get past heroes sub-optimizing. What companies traditionally did before they started thinking about what architecture would mean, is they relied on individuals to do what seemed best and that clearly can sub-optimize in an environment that increasingly is global and requires things like a single face to the customer.

We also have statistical support in some of the work we’ve done that shows that high performers in our sample of 102 companies, in fact, had greater architecture maturity. They had deployed a number of practices associated with good architecture.

Gardner: Is there something that’s new about this, rather than just trying to reengineer something?

Ross: Yes, the thing we’re learning about enterprise architecture is that there’s a cultural shift that takes place in an organization, when it commits to doing business in a new way, and that cultural shift starts with abandoning a culture of heroes and accepting a culture of discipline.

Nobody wants to get rid of the heroes in their company. Heroes are people who see a problem and solve it. But we do want to get past heroes sub-optimizing. What companies traditionally did before they started thinking about what architecture would mean, is they relied on individuals to do what seemed best and that clearly can sub-optimize in an environment that increasingly is global and requires things like a single face to the customer.

We really just need architecture to pull out unnecessary cost and to enable desirable reusability. And the architect is typically going to be the person representing that enterprise view and helping everyone understand the benefits of understanding that enterprise view, so that everybody who can easily or more easily see the local view is constantly working with architects to balance those two requirements.

Gardner: Is this a particularly good time, from your vantage point, to undertake enterprise architecture?

Ross: It’s a great time for most companies. There will be exceptions that I’ll talk about in a minute. One thing we learned early on in the research is that companies who were best at adopting architecture and implementing it effectively had cost pressures. What happens when you have cost pressures is that you’re forced to make tough decisions.

If you have all the money in the world, you’re not forced to make tough decisions. Architecture is all about making tough decisions, understanding your tradeoffs, and recognizing that you’re going to get some things that you want and you are going to sacrifice others.

If you don’t see that, if you just say, “We’re going to solve that by spending more money,” it becomes nearly impossible to become architected. This is why investment banks are invariably very badly architected, and most people in investment banks are very aware of that. It’s just very hard to do anything other than say, “If that’s important to us, let’s spend more money and let’s get it.” One thing you can’t get by spending more money is discipline, and architecture is very tightly related to discipline.

Tough decisions

In a tough economy, when competition is increasingly global and marketplaces are shifting, this ability to make tough decisions is going to be essential. Opportunities to save costs are going to be really valued, and architecture invariably helps companies save money. The ability to reuse, and thus rapidly seize the next related business opportunity, is also going to be highly valued.

The thing you have to be careful of is that if you see your markets disappearing, if your product is outdated, or your whole industry is being redefined, as we have seen in things like media, you have to be ready to innovate. Architecture can restrict your innovative gene, by saying, “Wait, wait, wait. We want to slow down. We want to do things on our platform.” That can be very dangerous, if you are really facing disruptive technology or market changes.

So you always have to have that eye out there that says, “When is what we built that’s stable actually constraining us too much? When is it preventing important innovation?” For a lot of architects, that’s going to be tough, because you start to love the architecture, the standards, and the discipline. You love what you’ve created, but if it isn’t right for the market you’re facing, you have to be ready to let it go and go seize the next opportunity.

Gardner: Perhaps this environment is the best of all worlds, because we have that discipline on the costs which forces hard decisions, as you say. We also have a lot of these innovative IT trends that would almost force you to look at doing things differently. I’m thinking again of cloud, mobile, the big data issues, and even social-media types of effects.

Ross: Absolutely. We should all look at it that way and say, “What a wonderful world we live in.” One of the companies that I find quite remarkable in their ability to, on the one hand, embrace discipline and architecture, and on the other hand, constantly innovate, is USAA. I’m sure I’ll talk about them a little bit at the conference.

This is a company that just totally understands the importance of discipline around customer service. They’re off the charts in their customer satisfaction.

They’re a financial services institution. Most financial services institutions just drool over USAA’s customer satisfaction ratings, but they’ve done this by combining this idea of discipline around the customer. We have a single customer file. We have an enterprise view of that customer. We constantly standardize those practices and processes that will ensure that we understand the customer and we deliver the products and services they need. They have enormous discipline around these things.

Simultaneously, they have people working constantly around innovation. They were the first company to see the need for this deposit with your iPhone. Take a picture of your check and it’s automatically deposited into your account. They were nearly a year ahead of the next company that came up with that service.

The way they see it is that for any new technology that comes out, our customer will want to use it. We’ve got to be there the day after the technology comes out. They obviously haven’t been able to achieve that, but that’s their goal. If they can make deals with R&D companies that are coming up with new technologies, they’re going to make them, so that they can be ready with their product when the thing actually becomes commercial.

So it’s certainly possible for a company to be both innovative and responsive to what’s going on in the technology world and disciplined and cost effective around customer service, order-to-cash, and those other underlying critical requirements in your organization. But it’s not easy, and that’s why USAA is quite remarkable. They’ve pulled it off and they are a lesson for many other companies.

Gardner: Is The Open Group a good forum for your message and your research, and if so, why?

Ross: The Open Group is great for me, because there is so much serious thinking in The Open Group about what architecture is, how it adds value, and how we do it well. For me to touch base with people in The Open Group is really valuable, and for me to touch base to share my research and hear the push back, the debate, or the value add is perfect, because these are people who are living it every day.

Major themes

Gardner: Are there any other major themes that you’ll be discussing at the conference coming up that you might want to share with us?

Ross: One thing we have observed in our cases that is more and more important to architects is that the companies are struggling more than we realized with using their platforms well.

I’m not sure that architects or people in IT always see this. You build something that’s phenomenally good and appropriate for the business and then you just assume, that if you give them a little training, they’ll use it well.

That’s actually been a remarkable struggle for organizations. One of our research projects right now is called “Working Smarter on Your Digitized Platform.” When we go out, we find there aren’t very many companies that have come anywhere close to leveraging their platforms the way they might have imagined and certainly the way an architect would have imagined.

It’s harder than we thought. It requires persistent coaching. It’s not about training, but persistent coaching. It requires enormous clarity of what the organization is trying to do, and organizations change fast. Clarity is a lot harder to achieve than we think it ought to be.

The message for architects would be: here you are trying to get really good at being a great architect. To add value to your organization, you actually have to understand one more thing: how effectively are people in your company adopting the capabilities and leveraging them effectively? At some point, the value add of the architecture is diminished by the fact that people don’t get it. They don’t understand what they should be able to do.

We’re going to see architects spending a little more time understanding what their leadership is capable of and what capabilities they’ll be able to leverage in the organization, as opposed to which on a rational basis seem like a really good idea.

Getting started

Gardner: When you’re an organization and you’ve decided that you do want to transform and take advantage of unique opportunities for either technical disruption or market discipline, how do you go about getting more structure, more of an architecture?

Ross: That’s idiosyncratic to some extent, because in your dream world, what happens is that the CEO announces, “This is what we are going to be five years from now. This is how we are going to operate and I expect everyone to get on board.” The vision is clear and the commitment is clear. Then the architects can just say, and most architects are totally capable of this, “Oh, well then, here are the capabilities we need to build. Let’s just go build them and then we’ll live happily ever after.”

The problem is that’s rarely the way you get to start. Invariably, the CEO is looking at the need for some acquisitions, some new markets, and all kinds of pressures. The last thing you’re getting is some clarity around the vision of an operating model that would define your critical architectural capabilities.

What ends up happening instead is architects recognize key business leaders who understand the need for, reused standardization, process discipline, whatever it is, and they’re very pragmatic about it. They say, “What do you need here to develop an enterprise view of the customer, or what’s limiting your ability to move into the next market?”

And they have to pragmatically develop what the organization can use, as opposed to defining the organizational vision and then the big picture view of the enterprise architecture.

So in practice, it’s a much more pragmatic process than what we would imagine when we, for example, write books on how to do enterprise architecture. The best architects are listening very hard to who is asking for what kind of capability. When they see real demand and real leadership around certain enterprise capabilities, they focus their attention on addressing those, in the context of what they realize will be a bigger picture over time.

They can already see the unfolding bigger picture, but there’s no management commitment yet. So they stick to the capabilities that they are confident the organization will use. That’s the way they get the momentum to build. That is more art than science and it really distinguishes the most successful architects.

************

If you are interested in attending The Open Group’s upcoming conference, please register here: http://www3.opengroup.org/event/open-group-conference-san-francisco/registration

Dana Gardner is president and principal analyst at Interarbor Solutions, an enterprise IT analysis, market research, and consulting firm. Gardner, a leading identifier of software and cloud productivity trends and new IT business growth opportunities, honed his skills and refined his insights as an industry analyst, pundit, and news editor covering the emerging software development and enterprise infrastructure arenas for the last 18 years.

2 Comments

Filed under Enterprise Architecture, Enterprise Transformation, Semantic Interoperability