Tag Archives: standards

Tweet Jam Summary: Identity Management #ogChat

By Patty Donovan, The Open Group

Over 300 tweets were posted during The Open Group’s initial tweet jam, which took place this week on Tuesday morning! The hour of spirited conversation included our expert panel, as well as other participants who joined in the spirited discussion including:

If you missed the event this time, here’s a snapshot of how the discussion went:

Q1: What are the biggest challenges of #idM today? #ogChat

Many agreed that regulations at the federal and business levels are inadequate today. Other big challenges include the lack of funding, managing people not affiliated to an organization and the various contexts surrounding the issue. Here’s a sampling of some of the tweets that drove the discussion:

  • @jim_hietala: For users, managing multiple identities with strong auth credentials across myriad systems #ogChat
  • @ErickaChick: Q1 Even when someone writes a check, no one usually measures effectiveness of the spend  #ogChat
  • @dazzagreenwood: #ogchat biggest challenges of #IdM are complexity of SSO, and especially legal and business aspects. #NSTIC approach can help.
  • @Dana_Gardner: Biggest challenges of ID mgmt today are same ones as 10 years ago, that’s the problem. #ogchat #IdM
Q2: What should be the role of governments and private companies in creating #idM standards? #ogChat

Although our participants agreed that governments should have a central role in creating standards, questions about boundaries, members and willingness to adopt emerged. Dana Gardner pointed out the need for a neutral hub, but will competitors be willing to share identities with rival providers?

  • @JohnFontana: Q2 NISTIC is 1 example of how it might work. They intend to facilitate, then give way to private sector. Will it work? #ogchat
  • @Dana_Gardner: This is clearly a government role, but they dropped the ball. And now the climate is anti-regulation. So too late? #ogChat #IdM
  • @gbrunkhorst: Corps have the ability to span geopolitical boundaries. any solution has to both allow this, and ‘respect borders’ (mutually Excl?)
Q3: What are the barriers to developing an identity ecosystem? #ogChat 

The panelists opposed the idea of creating a single identity ecosystem, but the key issues to developing one rest on trust and assurance between provider and user. Paul Simmonds from the Jericho Forum noted that there are no intersections between the providers of identity management (providers, governments and vendors).

  • @ErickaChick: Q3 So many IT pros forget that #IdM isn’t a tech prob, it’s a biz process prob #ogChat
    • Response from @NadhanAtHP: @wikidsystems Just curious why you “want” multiple ecosystems? What is wrong if we have one even though it may be idealist? #ogChat #idM
    • Response from @wikidsystems: Q3 to be clear, I don’t want one identity eco system, I want many, at least some of which I control (consumer). #ogChat
  • @451wendy: Q3 Context validation for identity attributes. We all use the Internet as citizens, customers, employees, parents, students etc. #ogChat
  • @451wendy: ‘@TheRealSpaf: regulation of minimal standards for interoperability and (sometimes) safety are reasonable. Think NIST vs Congress.” #ogChat

Q4: Identity attributes may be valuable and subject to monetization. How will this play out? #ogChat

The issue of trust continued in the discussion, along with the idea that many consumers are unaware that the monetization of identity attributes occurs.

  • @Technodad: Q4: How about portability? Should I be able to pick up my identity and move to another #idm provider, like I can move my phone num? #ogchat
  • @NadhanAtHP: Q4 Identify attributes along with information analytics & context will allow for prediction and handling of security violations #idM #ogChat

Q5: How secure are single sign-on (#SSO) schemes through Web service providers such as #Google and #Facebook? #ogChat

There was an almost unanimous agreement on the insecurity of these providers, but other questions were also raised.

  • @simmonds_paul: Q5. Wrong question, instead ask why you should trust a self-asserted identity? #ogchat
  • @dazzagreenwood: Q5  #ogchat The real question is not about FB and Google, but how mass-market sso could work with OpenID Connect with *any* provider
  • @Dana_Garnder: Q5. Issue isn’t security, it’s being locked in, and then them using your meta data against you…and no alternatives. #SSO  #ogChat #IdM
  • @NadhanAtHP: Q5 Tracking liability for security violations is a challenge with #SSO schemes across Web Service Providers #idM #ogChat 

Q6: Is #idM more or less secure on #mobile devices (for users, businesses and identity providers)? #ogChat

Even though time edged its way in and we could not devote the same amount of attention to the final question, our participants painted interesting perspectives on how we actually feel about mobile security.

  • @jim_hietala: Q6. Mobile device (in)security is scary, period, add in identity credentials buried in phones, bad news indeed #ogChat
  • @simmonds_paul: Q6. I lose my SecureID card I worry in a week, I lose Cell Phone I may worry in an hour (mins if under 25) – which is more secure? #ogchat
  • @dazzagreenwood: Q6 #ogchat Mobile can be more OR less secure for #ID – depends on 1) implementation, 2) applicable trust framework(s).
  • @Technodad: @jim_hietala Q6: Mobile might make it better through physical control – similar to passport. #ogChat

Thank you to all the participants who made this a possibility, and please stay tuned for our next tweet jam!

Patricia Donovan is Vice President, Membership & Events, at The Open Group and a member of its executive management team. In this role she is involved in determining the company’s strategic direction and policy as well as the overall management of that business area. Patricia joined The Open Group in 1988 and has played a key role in the organization’s evolution, development and growth since then. She also oversees the company’s marketing, conferences and member meetings. She is based in the U.S.

Comments Off

Filed under Identity Management, Tweet Jam

Enterprise Transformation Takes the French Riviera

By The Open Group Conference Team

The Open Group Conference in Cannes, France is just around the corner. Taking place April 23-27, the conference will bring together leading minds in technology to discuss the process of Enterprise Transformation, and the role of Enterprise Architecture (EA) and IT in Enterprise Transformation.

The French Riviera is a true playground for the rich and famous. As the location of the next Open Group Conference, (not to mention the next Open Cannes Awards) it seems only fitting that we not only have an incredible venue for the event, the JW Marriott Cannes, but have our own star-studded lineup of speakers, sessions and activities that are sure to make the conference an unforgettable experience.

In addition to tutorial sessions on TOGAF and ArchiMate, the conference offers roughly 60 sessions on a varied of topics, including:

  • Enterprise Transformation, including Enterprise Architecture and SOA
  • Cybersecurity, Cloud Security and Trusted Technology for the Supply Chain
  • Cloud Computing for Business, Collaborative Cloud Frameworks and Cloud Architectures

The conference theme “Enterprise Transformation” will highlight how Enterprise Architecture can be used to truly change how companies do business and create models and architectures that help them make those changes. Keynote speakers include:

  • Dr. Alexander Osterwalder, Best-selling Author and Entrepreneur

Dr. Osterwalder is a renowned thought leader on business model design and innovation. Many executives and entrepreneurs and world-leading organizations have applied Dr. Osterwalderʼs approach to strengthen their business model and achieve a competitive advantage through business model innovation. His keynote session at the conference, titled: “Business Models, IT, and Enterprise Transformation,” will discuss how to use the Business Model Canvas approach to better align IT and business strategy, empower multi-disciplinary teams and contribute to Enterprise Transformation.

  • Herve Gouezel, Advisor to the CEO at BNP Paribas & Eric Boulay, Founder and CEO of Arismore

Keynote: “EA and Transformation: An Enterprise Issue, a New Role for the CIO?” will examine governance within the Enterprise and what steps need to take place to create a collaborative Enterprise.

  • Peter Haviland, Chief Architect and Head of Business Architecture Advisory Services at Ernst & Young, US

Keynote: “World Class EA 2012: Putting Your Architecture Team in the Middle of Enterprise Transformation,” will identify and discuss key activities leading practice architecture teams are performing to create and sustain value, to remain at the forefront of enterprise transformation.

  • Kirk Avery, Software Architect at Lockheed Martin & Robert Sweeney, MSMA Lead Systems Engineer at Naval Air Systems Command

Keynote: “FACE: Transforming the DoD Avionics Software Industry Through the Use of Open Standards,” will address the DoD Avionics Industry’s need for providing complex mission capability in less time and in an environment of shrinking government budgets

The Common Criteria Workshop and the European Commission

We are also pleased to be hosting the first Common Criteria Workshop during the Cannes Conference. This two-day event – taking place April 25 to 26 – offers a rich opportunity to hear from distinguished speakers from the Common Criteria Security community, explore viewpoints through panel discussions and work with minded people towards common goals.

One of the keynote speakers during the workshop is Andrea Servida, the Deputy Head of the Internet, Network and Information Security unit with the European Commission in Brussels, Belgium. With extensive experience defining and implementing strategies and policies on network and information security and critical information infrastructure protection, Mr. Servida is an ideal speaker as we kick-off the first workshop.

The Open Cannes Awards

What trip would be complete to Cannes without an awards ceremony? Presented by The Open Group, The Open Cannes Awards is an opportunity for our members to recognize each other’s accomplishments within The Open Group with a little fun during the gala ceremony on the night of Tuesday, April 24. The goal is to acknowledge the success stories, the hard work and dedication that members, either as individuals or as organizations, have devoted to The Open Group’s ideals and vision over the past decade.

We hope to see you in Cannes! For more information on the conference tracks or to register, please visit our conference registration page, and please stay tuned throughout the next month as we continue to release blog posts and information leading up to The Open Group Conference in Cannes, France!

Comments Off

Filed under Cloud, Cloud/SOA, Conference, Cybersecurity, Enterprise Architecture, Enterprise Transformation, FACE™, Semantic Interoperability, Service Oriented Architecture

FACE Consortium Publishes First Standard for Defense Avionics Systems

By Judy Cerenzia, The Open Group FACE Consortium

I’m amazed that only 19 months ago we kicked off The Open Group Future Airborne Capability Environment (FACE™) Consortium, a collaborative group of avionics industry and U.S. Army, Navy and Air Force contributors who are working to develop standards for a common operating environment to support portable capability applications across Department of Defense (DoD) avionics systems. Our goal is to create an avionics software environment on installed computing hardware of war-fighting platforms that enables FACE applications and components to be deployed on different platforms without impact to the FACE applications. This approach to portable applications and interoperability will reduce development and integration costs and reduce the time to field new avionics capabilities.

I’m particularly proud of the consortium’s Technical Working Group, authors of Version 1.0 of The Technical Standard for Future Airborne Capability Environment (FACE™) Reference Architecture, which was just approved for official publication as an Open Group Standard. What they have accomplished in a year and a half is nothing less than phenomenal. The publication is available at The Open Group’s Bookstore.

The FACE Consortium’s unique strategy and structure is changing the way government and industry do business by breaking down barriers to portability—exchanging proprietary solutions for a common and standardized computing environment and components. To enable this climate change, the consortium’s Business Working Group has also published the FACE Business Guide, which defines stakeholders and their roles within a new business model; discusses business scenarios and defines how stakeholders will impact or be impacted by business drivers in each; and investigates how contract terms, software licensing agreements and IP rights may need to change to support procuring common components with standardized interfaces versus a proprietary black-box solution from a prime contractor. The Business Guide is also available at The Open Group’s Bookstore.

We’ve grown from 74 individuals representing 14 organizations in June 2010 to over 375 participants from 39 government and industry partners to date. Our next consortium members’ meeting will be in Baltimore, MD February 29 – March 1 2012, hosted by Northrop Grumman. I’m looking forward to seeing FACE colleagues, facilitating their working meeting, and continuing our mission to develop, evolve and publish a realistic open FACE™ architecture, standards and business model, and robust industry conformance program that will be supported and adopted by FACE customers, vendors, and integrators.

Judy Cerenzia is currently The Open Group’s Program Director for the Future Airborne Capability Environment (FACE) Consortium. Judy has 10+ years senior program management experience leading cross-functional and cross-organizational teams to reach consensus, define, and meet business and technical goals during project lifecycles. 

1 Comment

Filed under FACE™, Standards

SOCCI: Behind the Scenes

By E.G. Nadhan, HP

Cloud Computing standards, like other standards go through a series of evolutionary phases similar to the ones I outlined in the Top 5 phases of IaaS standards evolution. IaaS standards, in particular, take longer than their SaaS and PaaS counterparts because a balance is required between the service-orientation of the core infrastructure components in Cloud Computing.

This balance is why today’s announcement of the release of the industry’s first technical standard, Service Oriented Cloud Computing Infrastructure (SOCCI) is significant.

As one of the co-chairs of this project, here is some insight into the manner in which The Open Group went about creating the definition of this standard:

  • Step One: Identify the key characteristics of service orientation, as well as those for the cloud as defined by the National Institute of Standards and Technology (NIST). Analyze these characteristics and the resulting synergies through the application of service orientation in the cloud. Compare and contrast their evolution from the traditional environment through service orientation to the Cloud.
  • Step Two: Identify the key architectural building blocks that enable the Operational Systems Layer of the SOA Reference Architecture and the Cloud Reference Architecture that is in progress.
  • Step Three: Map these building blocks across the architectural layers while representing the multi-faceted perspectives of various viewpoints including those of the consumer, provider and developer.
  • Step Four: Define a Motor Cars in the Cloud business scenario: You, the consumer  are downloading auto-racing videos through an environment managed by a Service Integrator which requires the use of services for software, platform and infrastructure along with  traditional technologies. Provide a behind-the-curtains perspective on the business scenario where the SOCCI building blocks slowly but steadily come to life.
  • Step Five: Identify the key connection points with the other Open Group projects in the areas of architecture, business use cases, governance and security.

The real test of a standard is in its breadth of adoption. This standard can be used in multiple ways by the industry at large in order to ensure that the architectural nuances are comprehensively addressed. It could be used to map existing Cloud-based deployments to a standard architectural template. It can also serve as an excellent set of Cloud-based building blocks that can be used to build out a new architecture.

Have you taken a look at this standard? If not, please do so. If so, where and how do you think this standard could be adopted? Are there ways that the standard can be improved in future releases to make it better suited for broader adoption? Please let me know your thoughts.

This blog post was originally posted on HP’s Grounded in the Cloud Blog.

HP Distinguished Technologist, E.G.Nadhan has over 25 years of experience in the IT industry across the complete spectrum of selling, delivering and managing enterprise level solutions for HP customers. He is the founding co-chair for The Open Group SOCCI project and is also the founding co-chair for the Open Group Cloud Computing Governance project.

Comments Off

Filed under Cloud, Cloud/SOA, Semantic Interoperability, Service Oriented Architecture, Standards

2012 Open Group Predictions, Vol. 2

By The Open Group

Continuing on the theme of predictions, here are a few more, which focus on enterprise architecture, business architecture, general IT and Open Group events in 2012.

Enterprise Architecture – The Industry

By Leonard Fehskens, VP of Skills and Capabilities

Looking back at 2011 and looking forward to 2012, I see growing stress within the EA community as both the demands being placed on it and the diversity of opinions within it increase. While this stress is not likely to fracture the community, it is going to make it much more difficult for both enterprise architects and the communities they serve to make sense of EA in general, and its value proposition in particular.

As I predicted around this time last year, the conventional wisdom about EA continues to spin its wheels.  At the same time, there has been a bit more progress at the leading edge than I had expected or hoped for. The net effect is that the gap between the conventional wisdom and the leading edge has widened. I expect this to continue through the next year as progress at the leading edge is something like the snowball rolling downhill, and newcomers to the discipline will pronounce that it’s obvious the Earth is both flat and the center of the universe.

What I had not expected is the vigor with which the loosely defined concept of business architecture has been adopted as the answer to the vexing challenge of “business/IT alignment.” The big idea seems to be that the enterprise comprises “the business” and IT, and enterprise architecture comprises business architecture and IT architecture. We already know how to do the IT part, so if we can just figure out the business part, we’ll finally have EA down to a science. What’s troubling is how much of the EA community does not see this as an inherently IT-centric perspective that will not win over the “business community.” The key to a truly enterprise-centric concept of EA lies inside that black box labeled “the business” – a black box that accounts for 95% or more of the enterprise.

As if to compensate for this entrenched IT-centric perspective, the EA community has lately adopted the mantra of “enterprise transformation”, a dangerous strategy that risks promising even more when far too many EA efforts have been unable to deliver on the promises they have already made.

At the same time, there is a growing interest in professionalizing the discipline, exemplified by the membership of the Association of Enterprise Architects (AEA) passing 20,000, TOGAF® 9 certifications passing 10,000, and the formation of the Federation of Enterprise Architecture Professional Organizations (FEAPO). The challenge that we face in 2012 and beyond is bringing order to the increasing chaos that characterizes the EA space. The biggest question looming seems to be whether this should be driven by IT. If so, will we be honest about this IT focus and will the potential for EA to become a truly enterprise-wide capability be realized?

Enterprise Architecture – The Profession

By Steve Nunn, COO of The Open Group and CEO of the Association of Enterprise Architects

It’s an exciting time for enterprise architecture, both as an industry and as a profession. There are an abundance of trends in EA, but I wanted to focus on three that have emerged and will continue to evolve in 2012 and beyond.

  • A Defined Career Path for Enterprise Architects: Today, there is no clear career path for the enterprise architect. I’ve heard this from college students, IT and business professionals and current EAs. Up until now, the skills necessary to succeed and the roles within an organization that an EA can and should fill have not been defined. It’s imperative that we determine the skill sets EAs need and the path for EAs to acquire these skills in a linear progression throughout their career. Expect this topic to become top priority in 2012.
  • Continued EA Certification Adoption: Certification will continue to grow as EAs seek ways to differentiate themselves within the industry and to employers. Certifications and memberships through professional bodies such as the Association of Enterprise Architects will offer value to members and employers alike by identifying competent and capable architects. This growth will also be supported by EA certification adoption in emerging markets like India and China, as those countries continue to explore ways to build value and quality for current and perspective clients, and to establish more international credibility.
  • Greater Involvement from the Business: As IT investments become business driven, business executives controlling corporate strategy will need to become more involved in EA and eventually drive the process. Business executive involvement will be especially helpful when outsourcing IT processes, such as Cloud Computing. Expect to see greater interest from executives and business schools that will implement coursework and training to reflect this shift, as well as increased discussion on the value of business architecture.

Business Architecture – Part 2

By Kevin Daley, IBM and Vice-Chair of The Open Group Business Forum

Several key technologies have reached a tipping point in 2011 that will move them out of the investigation and validation by enterprise architects and into the domain of strategy and realization for business architects. Five areas where business architects will be called upon for participation and effort in 2012 are related to:

  • Cloud: This increasingly adopted and disruptive technology will help increase the speed of development and change. The business architect will be called upon to ensure the strategic relevancy of transformation in a repeatable fashion as cycle times and rollouts happen faster.
  • Social Networking / Mobile Computing: Prevalent consumer usage, global user adoption and improvements in hardware and security make this a trend that cannot be ignored. The business architect will help develop new strategies as organizations strive for new markets and broader demographic reach.
  • Internet of Things: This concept from 2000 is reaching critical mass as more and more devices become communicative. The business architect will be called on to facilitate the conversation and design efforts between operational efforts and technologies managing the flood of new and usable information.
  • Big Data and Business Intelligence: Massive amounts of previously untapped data are being exposed, analyzed and made insightful and useful. The business architect will be utilized to help contain the complexity of business possibilities while identifying tactical areas where the new insights can be integrated into existing technologies to optimize automation and business process domains.
  • ERP Resurgence and Smarter Software: Software purchasing looks to continue its 2011 trend towards broader, more intuitive and feature-rich software and applications.  The business architect will be called upon to identify and help drive getting the maximum amount of operational value and output from these platforms to both preserve and extend organizational differentiation.

The State of IT

By Dave Lounsbury, CTO

What will have a profound effect on the IT industry throughout 2012 are the twin horses of mobility and consumerization, both of which are galloping at full tilt within the IT industry right now. Key to these trends are the increased use of personal devices, as well as favorite consumer Cloud services and social networks, which drive a rapidly growing comfort among end users with both data and computational power being everywhere. This comfort brings a level of expectations to end users who will increasingly want to control how they access and use their data, and with what devices. The expectation of control and access will be increasingly brought from home to the workplace.

This has profound implications for core IT organizations. There will be less reliance on core IT services, and with that an increased expectation of “I’ll buy the services, you show me know to knit them in” as the prevalent user approach to IT – thus requiring increased attention to use of standards conformance. IT departments will change from being the only service providers within organizations to being a guiding force when it comes to core business processes, with IT budgets being impacted. I see a rapid tipping point in this direction in 2012.

What does this mean for corporate data? The matters of scale that have been a part of IT—the overarching need for good architecture, security, standards and governance—will now apply to a wide range of users and their devices and services. Security issues will loom larger. Data, apps and hardware are coming from everywhere, and companies will need to develop criteria for knowing whether systems are robust, secure and trustworthy. Governments worldwide will take a close look at this in 2012, but industry must take the lead to keep up with the pace of technology evolution, such as The Open Group and its members have done with the OTTF standard.

Open Group Events in 2012

By Patty Donovan, VP of Membership and Events

In 2012, we will continue to connect with members globally through all mediums available to us – our quarterly conferences, virtual and regional events and social media. Through coordination with our local partners in Brazil, China, France, Japan, South Africa, Sweden, Turkey and the United Arab Emirates, we’ve been able to increase our global footprint and connect members and non-members who may not have been able to attend the quarterly conferences with the issues facing today’s IT professionals. These events in conjunction with our efforts in social media has led to a rise in member participation and helped further develop The Open Group community, and we hope to have continued growth in the coming year and beyond.

We’re always open to new suggestions, so if you have a creative idea on how to connect members, please let me know! Also, please be sure to attend the upcoming Open Group Conference in San Francisco, which is taking place on January 30 through February 3. The conference will address enterprise transformation as well as other key issues in 2012 and beyond.

9 Comments

Filed under Business Architecture, Cloud, Cloud/SOA, Data management, Enterprise Architecture, Semantic Interoperability, Standards

The Open Group Surpasses 400 Member Milestone

By Allen Brown, The Open Group

I’m pleased to announce The Open Group has recently surpassed the 400 member mark. Reaching this milestone is a true testament to the commitment our members and staff have made to promoting open standards over the past 25 years.

The Open Group’s strategy has been shaped by IT users through the development of open, vendor-neutral standards and certifications. Today’s milestone validates that this strategy is continuing to resonate, particularly with global organizations that demand greater interoperability, trusted ways to architect their information systems and qualified IT people to lead the effort.

Our members continue to collaborate on developing long term, globally accepted solutions surrounding the most critical IT issues facing business today. Some of the work areas include Enterprise Architecture, Cloud Computing, real-time and embedded systems, operating platform, semantic interoperability and cyber-security to name a few. The members’ leadership around these issues is increasingly global through a larger roster of regional events and local offices now based in China, France, Japan, South Africa, South America, Sweden, Turkey, the United Arab Emirates, the UK and US. As a result, we now have more than 30,000 individual members participating from 400 global organizations in more than 85 countries worldwide.

This is a great milestone to end the year on, and we’re looking forward to celebrating more occasions like it resulting from the members’ hard work and contributions in 2012.

2 Comments

Filed under Enterprise Transformation, Semantic Interoperability, Standards

The future – ecosystems and standards

By Mark Skilton, Capgemini

This article is a continuation of a series on standards by Mark Stilton. Read his previous posts on “Why standards in information technology are critical and “Innovation in the Cloud needs open standards.”

The evolution of standards has become a big domain issue. The world has moved from the individual languages of resources and transactions into architectural standards that seek to describe how different sets of resources, interfaces and interactions can be designed to work together. But this concept has now gone further in networked societies.

In this new “universe” of online and physical services, new channels, portals, devices and services are emerging that create new integration and compositions of services. New business models are emerging as a result, which are impacting existing markets and incumbents as well as creating new rules and standards.  Old standards and policies such as digital privacy and cross-border intellectual property are being challenged by these new realities. Ignoring these is not an option, as companies and whole countries are realizing the need to keep up-to-date and aware of these developments that impact their own locations and economies.

This means the barriers and accelerators to individual markets and new markets are evolving and in constant dynamic change. Standards and interoperability are at the center of these issues and affect the very levers of change in markets.

Cloud Computing is one such phenomenon rewriting the rules on information exchange and business models for provisioning and delivery of products and services. The impact of Cloud Computing on competitive advantage is significant in the way it has lowered barriers to access of markets and collaboration. It has increased speed of provisioning and potential for market growth and expansion through the distributed power of the Internet. The connectivity and extensions of business models brought about by these trends is changing previously held beliefs and competitive advantages of ownership and relationships.

The following diagram was presented at The Open Group Conference, Amsterdam in the fall  of 2010.

The Internet of Things (IOT) is an example of this trend that is seen in the area of Radio Frequency Identification (RFID) tags of materials and products for automatic tracking. But this is just one example of interoperability emerging across industries. Large-scale telecommunications networks now have the ability to reach and integrate large areas of the marketplace through fixed and now wireless mobile communications networks.

This vision can create new possibilities beyond just tagging and integration of supply chains; it hints towards a possibility of social networks, business networks and value chains being able to create new experiences and services through interconnectedness.

Mark Skilton, Director, Capgemini, is the Co-Chair of The Open Group Cloud Computing Work Group. He has been involved in advising clients and developing of strategic portfolio services in Cloud Computing and business transformation. His recent contributions include the publication of Return on Investment models on Cloud Computing widely syndicated that achieved 50,000 hits on CIO.com and in the British Computer Society 2010 Annual Review. His current activities include development of a new Cloud Computing Model standards and best practices on the subject of Cloud Computing impact on Outsourcing and Off-shoring models and contributed to the second edition of the Handbook of Global Outsourcing and Off-shoring published through his involvement with Warwick Business School UK Specialist Masters Degree Program in Information Systems Management.

1 Comment

Filed under Cloud, Standards

Innovation in the Cloud needs open standards

By Mark Skilton, Capgemini

This article is a continuation of a series on standards by Mark Stilton. Read his previous post on “Why standards in information technology are critical.

The forces of innovation are seen in the power of broadband, mass computing power, dynamic new mobile cell devices and tablets, new social networking software and new advanced technologies in fields such as medical scanners, multi-media, education, robotics and electronics. These disruptions are jumps that can make huge leaps in societal quality of life and benefit for all. And with every advance there can be counterproductive and emergent issues that result which may be detrimental to markets, and to personal liberty and safety. There is a continuing debate over standards and policies that may or may not prejudice the legitimate rights of consumers, providers and governments that seek these benefits.

Standards evolve as a means for description and commonality as well as differentiation. Common utility services in the gas, electricity, and water amenities industry are examples that trade and provide services to mass markets. Likewise, in consumer electronics markets and network standards, we see interests in common interface and connector standards to enable consumer and providers to access and gain use of the products and services marketplaces. Without standards in areas that enable trade exchange, markets would be fragmented, limiting potential growth and evolution of new opportunities.

But equally, standards can create challenges to barriers in trade and adoption. Protection of intellectual property, closed technology platforms and protectionist and legislative control policies are consequences that can been seen as building competitive advantages; but equally can be limiting access and competition to existing and new markets.

This is a concern from large multi-national corporations to the plethora of SMBs, and to the individual. It can also be seen as a wider economic, societal and environmental issue, where disproportionate activities and resource consumption can affect green sustainability and intergovernmental and marketplace balance of power and growth.

Mark Skilton, Director, Capgemini, is the Co-Chair of The Open Group Cloud Computing Work Group. He has been involved in advising clients and developing of strategic portfolio services in Cloud Computing and business transformation. His recent contributions include the publication of Return on Investment models on Cloud Computing widely syndicated that achieved 50,000 hits on CIO.com and in the British Computer Society 2010 Annual Review. His current activities include development of a new Cloud Computing Model standards and best practices on the subject of Cloud Computing impact on Outsourcing and Off-shoring models and contributed to the second edition of the Handbook of Global Outsourcing and Off-shoring published through his involvement with Warwick Business School UK Specialist Masters Degree Program in Information Systems Management.

2 Comments

Filed under Cloud, Standards

Why standards in information technology are critical

By Mark Skilton, Capgemini

See the next article in Mark’s series on standards here.

Information technology as an industry is at the center of communications and exchange of information, and increasingly, fully digitized products and services. Its span of influence and control is enabled through the ability of protocols, syntax and nomenclatures to be defined and known between consumers and providers. The Internet is testament to HTTP, TCP-IP, HTML, URL, MAC and XML standards that have become universal languages to enable its very existence. These “universal common standards” are an example of a homogenous, all-pervasive standard that enables the construction and use of resources and connections that are built on these standards.

These “building blocks” are a necessary foundation to enable more advanced language and exchange interactions to become possible. It can be argued that with every new technology advance, a new language is needed to express and drive that new advance. Prior to the Internet, earlier standards of timeshare mainframes, virtual memory, ISA chip architecture and fiber optics established scale and increasing capacity to affect simple to more complex tasks. There simply was no universal protocol-based standards that could support the huge network of wired and wireless communications. Commercial-scale computing was locked and limited inside mainframe and PC computers.

With federated distributed computing standards, all that changed. The Client-Server era enabled cluster intranet and peer-to-peer networks. Email exchange, web access and data base access evolved to be across a number of computers and to connect groups of computers together for shared resource services. The web browser running as a client program at the user computer enables access to information at any web server in the world. So standards come and go, and evolve in cycles as existing technology matures and new technologies and capabilities evolve much like the cycles of innovation explained in the development of technology and innovation seen in the published works of “Machine that Changed the World” by James Womack 1990, “Clock Speed” by Charles Fine in 1999 and recently the “Innovators Dilemma” by Clayton Christensen in the mid 2000’s.

The challenge is to position standards and policies to use those standards in a way that establish and enable products, services and markets to be created or developed. The Open Group does just that.

Mark Skilton will be presenting on “Building A Cloud Computing Roadmap View To Your Enterprise Planning” at The Open Group Conference, Austin, July 18-22. Join us for best practices and case studies on Enterprise Architecture, Cloud, Security and more, presented by preeminent thought leaders in the industry.

Mark Skilton, Director, Capgemini, is the Co-Chair of The Open Group Cloud Computing Work Group. He has been involved in advising clients and developing of strategic portfolio services in Cloud Computing and business transformation. His recent contributions include the publication of Return on Investment models on Cloud Computing widely syndicated that achieved 50,000 hits on CIO.com and in the British Computer Society 2010 Annual Review. His current activities include development of a new Cloud Computing Model standards and best practices on the subject of Cloud Computing impact on Outsourcing and Off-shoring models and contributed to the second edition of the Handbook of Global Outsourcing and Off-shoring published through his involvement with Warwick Business School UK Specialist Masters Degree Program in Information Systems Management.

4 Comments

Filed under Standards

“Making Standards Work®”

By Andrew Josey, The Open Group

Next month as part of the ongoing process of “Making Standards Work®,” we will be setting standards and policy with those attending the member meetings at The Open Group Conference, London, (May 9-12, Central Hall Westminster). The standards development activities include a wide range of subject areas from Cloud Computing, Tools and People certification, best practices for Trusted Technology, SOA and Quantum Lifecycle Management, as well as maintenance of existing standards such as TOGAF® and ArchiMate®. The common link with all these activities is that all of these are open standards developed by members of The Open Group.

Why do our members invest their time and efforts in development of open standards? The key reasons as I see them are as follows:

  1. Open standards are a core part of today’s infrastructure
  2. Open standards allow vendors to differentiate their offerings by offering a level of openness (portable interfaces and interoperability)
  3. Open standards establish a baseline from which competitors can innovate
  4. Open standards backed with certification enable customers to buy with increased confidence

This is all very well, you say — but what differentiates The Open Group from other standards organizations? Well, when The Open Group develops a new standard, we take an end-to-end view of the ecosystem all the way through from customer requirements, developing consensus standards to certification and procurement. We aim to deliver standards that meet a need in the marketplace and then back those up with certification that delivers an assurance about the products or in the case of people certification, their knowledge or skills and experience. We then take regular feedback on our standards, maintain them and evolve them according to marketplace needs. We also have a deterministic, timely process for developing our standards that helps to avoid the stalemate that can occur in some standards development.

Let’s look briefly at two of the most well known Open Group standards:  UNIX® and TOGAF®,. The UNIX® and TOGAF® standards are both examples of where a full ecosystem has been developed around the standard.

The UNIX® standard for operating systems has been around since 1995 and is now in its fourth major iteration. High reliability, availability and scalability are all attributes associated with certified UNIX® systems. As well as the multi-billion-dollar annual market in server systems from HP, Oracle, IBM and Fujitsu, there is an installed base of 50 million users* using The Open Group certified UNIX® systems on the desktop.

TOGAF® is the standard enterprise architecture method and framework. It encourages use with other frameworks and adoption of best practices for enterprise architecture. Now in its ninth iteration, it is freely available for internal use by any organization globally and is widely adopted with over 60% of the Fortune 50 and more than 80% of the Global Forbes 50. The TOGAF® certification program now has more than 15,000 certified individuals, including over 6,000 for TOGAF® 9.

If you are able to join us in London in May, I hope you will be able to also join us at the member meetings to continue making standards work. If you are not yet a member then I hope you will attend the conference itself and network with the members to find out more and consider joining us in Making Standards Work®!

For more information on The Open Group Standards Process visit http://www.opengroup.org/standardsprocess/

(*) Apple estimated number from Briefing October 2010. Mac OS X is certified to the UNIX 03 standard.

Standards development will be part of member meetings taking place at The Open Group Conference, London, May 9-13. Join us for best practices and case studies on Enterprise Architecture, Cloud, Security and more, presented by preeminent thought leaders in the industry.

Andrew Josey is Director of Standards within The Open Group, responsible for the Standards Process across the organization. Andrew leads the standards development activities within The Open Group Architecture Forum, including the development and maintenance of TOGAF® 9, and the TOGAF® 9 People certification program. He also chairs the Austin Group, the working group responsible for development and maintenance the POSIX 1003.1 standard that forms the core volumes of the Single UNIX® Specification. He is the ISO project editor for ISO/IEC 9945 (POSIX). He is a member of the IEEE Computer Society’s Golden Core and is the IEEE P1003.1 chair and the IEEE PASC Functional chair of Interpretations. Andrew is based in the UK.

Comments Off

Filed under Standards, TOGAF, UNIX

The Open Group Announces New Information Security Management Standard: O-ISM3

By Jim Hietala, The Open Group

The Open Group yesterday announced the approval of a new standard in information security, O-ISM3. This standard, which derives its name from The Open Group Information Security Management Maturity Model, aims to help information security managers and practitioners to more effectively manage information security. Information security management is one of two focus areas for The Open Group Security Forum (security architecture being the other).

The development of the O-ISM3 standard has been in process in the Security Forum for the past 18 months. Like all Open Group standards, O-ISM3 was developed through an open, consensus-based process. The O-ISM3 standard leverages work previously done by the ISM3 consortium to produce the ISM3 version 2.3 document.

O-ISM3 brings some fresh thinking to information security management. O-ISM3:

  • Provides a framework to align security objectives and security targets to overall business objectives
  • Delivers a much-needed continuous improvement approach to the management of information security
  • Expresses security outcomes in positive terms

O-ISM3 can be implemented as a top-down methodology to manage an entire information security program, or it can be deployed more tactically, starting with just a few information security processes. As such, it can deliver value to information security organizations of varying sizes, maturity levels, and in different industries.

The O-ISM3 standard is available free on The Open Group website (registration required), and on Kindle. The standard provides an approach which is complementary to ISO 27001/2, as well as to ITIL and COBIT.

The Open Group is conducting a series of webcasts on the O-ISM3 standard in April and May. Details and registration may be found here.

Many thanks to the many members of The Open Group who worked hard over the past 18 months to make O-ISM3 a reality. Many had a hand in developing O-ISM3 in the Security Forum, and I thank them all; however, I would be remiss if I did not recognize the leadership of workgroup chair Vicente Aceituno, who brought this work to The Open Group, and who has continued to work tirelessly to make O-ISM3 an important standard for information security.

The working group will in the coming months be developing maturity levels for O-ISM3, and exploring certification programs. If you have interest in O-ISM3 and these future developments, please contact us at ogsecurity-interest@opengroup.org and we will help you get involved.

Jim HietalaAn IT security industry veteran, Jim is Vice President of Security at The Open Group, where he is responsible for security programs and standards activities. He holds the CISSP and GSEC certifications. Jim is based in the U.S.

2 Comments

Filed under Information security, Standards

Open Group conference next week focuses on role and impact of enterprise architecture amid shifting sands for IT and business

by Dana Gardner, Interarbor Solutions

Republished from his blog, BriefingsDirect, originally published Feb. 2, 2011

Next week’s The Open Group Conference in San Diego comes at an important time in the evolution of IT and business. And it’s not too late to attend the conference, especially if you’re looking for an escape from the snow and ice.

From Feb. 7 through 9 at the Marriott San Diego Mission Valley, the 2011 conference is organized around three key themes: architecting cyber securityenterprise architecture (EA) and business transformation, and the business and financial impact of cloud computingCloudCamp San Diego will be held in conjunction with the conference on Wednesday, Feb. 9. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

Registration is open to both members and non-members of The Open Group. For more information, or to register for the conference in San Diego please visit:http://www.opengroup.org/sandiego2011/register.htm. Registration is free for members of the press and industry analysts.

The Open Group is a vendor- and technology-neutral consortium, whose vision ofBoundaryless Information Flow™ will enable access to integrated information within and between enterprises based on open standards and global interoperability.

I’ve found these conferences over the past five years an invaluable venue for meeting and collaborating with CIOs, enterprise architects, standards stewards and thought leaders on enterprise issues. It’s one of the few times when the mix of technology, governance and business interests mingle well for mutual benefit.

The Security Practitioners Conference, being held on Feb. 7, provides guidelines on how to build trusted solutions; take into account government and legal considerations; and connects architecture and information security management. Confirmed speakers include James Stikeleather, chief innovation officer, Dell Services; Bruce McConnell, cybersecurity counselor, National Protection and Programs Directorate, U.S. Department of Homeland Security; and Ben Calloni, Lockheed Martin Fellow, Software Security, Lockheed Martin Corp.

Change management processes requiring an advanced, dynamic and resilient EA structure will be discussed in detail during The Enterprise Architecture Practitioners Conference on Feb. 8. The Cloud Computing track, on Feb. 9, includes sessions on the business and financial impact of cloud computing; cloud security; and how to architect for the cloud — with confirmed speakers Steve Else, CEO, EA Principals; Pete Joodi, distinguished engineer, IBM; and Paul Simmonds, security consultant, the Jericho Forum.

General conference keynote presentation speakers include Dawn Meyerriecks, assistant director of National Intelligence for Acquisition, Technology and Facilities, Office of the Director of National Intelligence; David Mihelcic, CTO, the U.S. Defense Information Systems Agency; and Jeff Scott, senior analyst, Forrester Research.

I’ll be moderating an on-stage panel on Wednesday on the considerations that must be made when choosing a cloud solution — custom or “shrink-wrapped” — and whether different forms of cloud computing are appropriate for different industry sectors. The tension between plain cloud offerings and enterprise demands for customization is bound to build, and we’ll work to find a better path to resolution.

I’ll also be hosting and producing a set of BriefingsDirect podcasts at the conference, on such topics as the future of EA groups, EA maturity and future roles, security risk management, and on the new Trusted Technology Forum (OTTF) established in December. Look for those podcasts, blog summaries and transcripts here over the next few days and weeks.

For the first time, The Open Group Photo Contest will encourage the members and attendees to socialize, collaborate and share during Open Group conferences, as well as document and share their favorite experiences. Categories include best photo on the conference floor, best photo of San Diego, and best photo of the conference outing (dinner aboard the USS Midway in San Diego Harbor). The winner of each category will receive a $125 Amazon gift card. The winners will be announced on Monday, Feb. 14 via social media communities.

It’s not too late to join in, or to plan to look for the events and presentations online. Registration is open to both members and non-members of The Open Group. For more information, or to register for the conference in San Diego please visit:http://www.opengroup.org/sandiego2011/register.htm. Registration is free for members of the press and industry analysts.

You may also be interested in:

Dana Gardner is the Principal Analyst at Interarbor Solutions, which identifies and interprets the trends in Services-Oriented Architecture (SOA) and enterprise software infrastructure markets. Interarbor Solutions creates in-depth Web content and distributes it via BriefingsDirectblogs, podcasts and video-podcasts to support conversational education about SOA, software infrastructure, Enterprise 2.0, and application development and deployment strategies.

2 Comments

Filed under Uncategorized

IT: The professionals

By Steve Philp, The Open Group

The European Commission (EC) recently warned of a potential 350,000-plus shortfall in IT practitioners in the region by 2015 and criticised the UK for failing to adequately promote professionalism in the industry.  According to EC principal administrator André Richier, although Europe has approximately four million IT practitioners, 50 per cent are not IT degree-qualified.certification

While the EC raises some interesting points about the education of those entering the field of IT, it’s important not to lose sight of what’s really important – ensuring IT executives are continually improving and developing their skills and capabilities.

Developments in technology are moving faster than ever and bringing about major changes to the lives of IT professionals.  Today, for instance, it’s crucial IT professionals are not just technical experts but able to speak the language of business and ensure the work of the IT function is closely aligned to business objectives.  This is particularly so when it comes to cloud computing where pressure is mounting for IT teams to clearly articulate the benefits the technology can offer the business.

Business decision makers aren’t interested in the details of cloud computing implementation but do want to know that IT teams understand their situation and are well placed to solve the challenges they face.  In short, they want to know important IT decisions being made in their business are in the hands of true professionals.

ITSCCertification can act as an important mark of professional standards and inspire confidence by verifying the qualities and skills IT executives have with regards to the effective deployment, implementation and operation of IT solutions. It’s these factors that led to the launch of the Open Group’s IT Specialist Certification (ITSC) Programme.  The programme is peer reviewed, vendor-neutral and global, ensuring IT executives can use it to distinguish their skills regardless of the organisation they work for.  As such, it guarantees a professional standard, assuring business leaders that the IT professionals they have in place can help address the challenges they face.  Given the current pressures to do more with less and the rising importance of IT to business, expect to see certification rise in importance in the months ahead.

Steve PhilpSteve Philp is the Marketing Director for the IT Architect and IT Specialist certification programs at The Open Group. Over the past 20 years, Steve has worked predominantly in sales, marketing and general management roles within the IT training industry. Based in Reading, UK, he joined the Open Group in 2008 to promote and develop the organization’s skills and experience-based IT certifications.

1 Comment

Filed under Certifications, Enterprise Architecture

The Trusted Technology Forum: Best practices for securing the global technology supply chain

By Mary Ann Davidson, Oracle

Hello, I am Mary Ann Davidson. I am the Chief Security Officer for Oracle and I want to talk about The Open Group Trusted Technology Provider Frameworkhardware (O-TTPF). What, you may ask, is that? The Trusted Technology Forum (OTTF) is an effort within The Open Group to develop a body of practices related to software and hardware manufacturing — the O-TTPF — that will address procurers’ supply chain risk management concerns.

That’s a mouthful, isn’t it? Putting it in layman’s terms, if you are an entity purchasing hardware and software for mission-critical systems, you want to know that your supplier has reasonable practices as to how they build and maintain their products that addresses specific (and I would argue narrow, more on which below) supply chain risks. The supplier ought to be doing “reasonable and prudent” practices to mitigate those risks and to be able to tell their buyers, “here is what I did.” Better industry practices related to supply chain risks with more transparency to buyers are both, in general, good things.

Real-world solutions

One of the things I particularly appreciate is that the O-TTPF is being developed by, among others, actual builders of software and hardware. So many of the “supply chain risk frameworks” I’ve seen to date appear to have been developed by people who have no actual software development and/or hardware manufacturing expertise. I think we all know that even well-intended and smart people without direct subject matter experience who want to “solve a problem” will often not solve the right problem, or will mandate remedies that may be ineffective, expensive and lack the always-needed dose of “real world pragmatism.”  In my opinion, an ounce of “pragmatic and implementable” beats a pound of “in a perfect world with perfect information and unlimited resources” any day of the week.

I know this from my own program management office in software assurance. When my team develops good ideas to improve software, we always vet them by our security leads in development, to try to achieve consensus and buy-in in some key areas:

  • Are our ideas good?
  • Can they be implemented?  Specifically, is our proposal the best way to solve the stated problem?
  • Given the differences in development organizations and differences in technology, is there a body of good practices that development can draw from rather than require a single practice for everyone?

That last point is a key one. There is almost never a single “best practice” that everybody on the planet should adhere in almost any area of life. The reality is that there are often a number of ways to get to a positive outcome, and the nature of business – particularly, the competitiveness and innovation that enables business – depends on flexibility.  The OTTF is outcomes-focused and “body of practice” oriented, because there is no single best way to build hardware and software and there is no single, monolithic supply chain risk management practice that will work for everybody or is appropriate for everybody.

BakingIt’s perhaps a stretch, but consider baking a pie. There is – last time I checked – no International Organization for Standardization (ISO) standard for how to bake a cherry pie (and God forbid there ever is one). Some people cream butter and sugar together before adding flour. Other people dump everything in a food processor. (I buy pre-made piecrusts and skip this step.) Some people add a little liqueur to the cherries for a kick, other people just open a can of cherries and dump it in the piecrust. There are no standards organization smack downs over two-crust vs. one-crust pies, and whether to use a crumble on the top or a pastry crust to constitute a “standards-compliant cherry pie.” Pie consumers want to know that the baker used reasonable ingredients – piecrust and cherries – that none of the ingredients were bad and that the baker didn’t allow any errant flies to wander into the dough or the filling. But the buyer should not be specifying exactly how the baker makes the pie or exactly how they keep flies out of the pie (or they can bake it themselves). The only thing that prescribing a single “best” way to bake a cherry pie will lead to is a chronic shortage of really good cherry pies and a glut of tasteless and mediocre ones.

Building on standards

Another positive aspect of the O-TTPF is that it is intended to build upon and incorporate existing standards – such as the international Common Criteria – rather than replace them. Incorporating and referring to existing standards is important because supply chain risk is not the same thing as software assurance — though they are related. For example, many companies evaluate ­one or more products, but not all products they produce. Therefore, even to the extent their CC evaluations incorporate a validation of the “security of the software development environment,” it is related to a product, and not necessarily to the overall corporate development environment. More importantly, one of the best things about the Common Criteria is that it is an existing ISO standard (ISO/IEC 15408:2005) and, thanks to the Common Criteria recognition arrangement (CCRA), a vendor can do a single evaluation accepted in many countries. Having to reevaluate the same product in multiple locations – or having to do a “supply chain certification” that covers the same sorts of areas that the CC covers – would be wasteful and expensive. The O-TTPF builds on but does not replace existing standards.

Another positive: The focus I see on “solving the right problems.” Too many supply chain risk discussions fail to define “supply chain risk” and in particular define every possible concern with a product as a supply chain risk. (If I buy a car that turns out to be a lemon, is it a supply chain risk problem? Or just a “lemon?”) For example, consider a system integrator who took a bunch of components and glued them together without delivering the resultant system in a locked down configuration. The weak configuration is not, per se, a supply chain risk; though arguably it is poor security practice and I’d also say it’s a weak software assurance practice. With regard to OTTF, we defined “supply chain attack” as (paraphrased) an attempt to deliberately subvert the manufacturing process rather than exploiting defects that happened to be in the product. Every product has defects, some are security defects, and some of those are caused by coding errors. That’s a lot different – and profoundly different — from someone putting a back door in code. The former is a software assurance problem and the second is a supply chain attack.

Why does this matter? Because supply chain risk – real supply chain risk, not every single concern either a vendor or a customer could have aboutManufacturing a product – needs focus to be able to address the concern. As has been said about priorities, if everything is priority number one, then nothing is.  In particular, if everything is “a supply chain risk,” then we can’t focus our efforts, and hone in on a reasonable, achievable, practical and implementable set  – “set” meaning “multiple avenues that lead to positive outcomes” – of practices that can lead to better supply chain practices for all, and a higher degree of confidence among purchasers.

Consider the nature of the challenges that OTTF is trying to address, and the nature of the challenges our industry faces, I am pleased that Oracle is participating in the OTTF. I look forward to working with peers – and consumers of technology – to help improve everyone’s supply chain risk management practices and the confidence of consumers of our technologies.

Mary Ann DavidsonMary Ann Davidson is the Chief Security Officer at Oracle Corporation, responsible for Oracle product security, as well as security evaluations, assessments and incident handling. She had been named one of Information Security’s top five “Women of Vision,” is a Fed100 award recipient from Federal Computer Week and was recently named to the Information Systems Security Association Hall of Fame. She has testified on the issue of cybersecurity multiple times to the US Congress. Ms. Davidson has a B.S.M.E. from the University of Virginia and a M.B.A. from the Wharton School of the University of Pennsylvania. She has also served as a commissioned officer in the U.S. Navy Civil Engineer Corps. She is active in The Open Group Trusted Technology Forum and writes a blog at Oracle.

6 Comments

Filed under Cybersecurity, Supply chain risk