Tag Archives: The Open Group Conference

How Should we use Cloud?

By Chris Harding, The Open Group

How should we use Cloud? This is the key question at the start of 2013.

The Open Group® conferences in recent years have thrown light on, “What is Cloud?” and, “Should we use Cloud?” It is time to move on.

Cloud as a Distributed Processing Platform

The question is an interesting one, because the answer is not necessarily, “Use Cloud resources just as you would use in-house resources.” Of course, you can use Cloud processing and storage to replace or supplement what you have in-house, and many companies are doing just that. You can also use the Cloud as a distributed computing platform, on which a single application instance can use multiple processing and storage resources, perhaps spread across many countries.

It’s a bit like contracting a company to do a job, rather than hiring a set of people. If you hire a set of people, you have to worry about who will do what when. Contract a company, and all that is taken care of. The company assembles the right people, schedules their work, finds replacements in case of sickness, and moves them on to other things when their contribution is complete.

This doesn’t only make things easier, it also enables you to tackle bigger jobs. Big Data is the latest technical phenomenon. Big Data can be processed effectively by parceling the work out to multiple computers. Cloud providers are beginning to make the tools to do this available, using distributed file systems and map-reduce. We do not yet have, “Distributed Processing as a Service” – but that will surely come.

Distributed Computing at the Conference

Big Data is the main theme of the Newport Beach conference. The plenary sessions have keynote presentations on Big Data, including the crucial aspect of security, and there is a Big Data track that explores in depth its use in Enterprise Architecture.

There are also Cloud tracks that explore the business aspects of using Cloud and the use of Cloud in Enterprise Architecture, including a session on its use for Big Data.

Service orientation is generally accepted as a sound underlying principle for systems using both Cloud and in-house resources. The Service Oriented Architecture (SOA) movement focused initially on its application within the enterprise. We are now looking to apply it to distributed systems of all kinds. This may require changes to specific technology and interfaces, but not to the fundamental SOA approach. The Distributed Services Architecture track contains presentations on the theory and practice of SOA.

Distributed Computing Work in The Open Group

Many of the conference presentations are based on work done by Open Group members in the Cloud Computing, SOA and Semantic Interoperability Work Groups, and in the Architecture, Security and Jericho Forums. The Open Group enables people to come together to develop standards and best practices for the benefit of the architecture community. We have active Work Groups and Forums working on artifacts such as a Cloud Computing Reference Architecture, a Cloud Portability and Interoperability Guide, and a Guide to the use of TOGAF® framework in Cloud Ecosystems.

The Open Group Conference in Newport Beach

Our conferences provide an opportunity for members and non-members to discuss ideas together. This happens not only in presentations and workshops, but also in informal discussions during breaks and after the conference sessions. These discussions benefit future work at The Open Group. They also benefit the participants directly, enabling them to bring to their enterprises ideas that they have sounded out with their peers. People from other companies can often bring new perspectives.

Most enterprises now know what Cloud is. Many have identified specific opportunities where they will use it. The challenge now for enterprise architects is determining how best to do this, either by replacing in-house systems, or by using the Cloud’s potential for distributed processing. This is the question for discussion at The Open Group Conference in Newport Beach. I’m looking forward to an interesting conference!

Dr. Chris Harding is Director for Interoperability and SOA at The Open Group. He has been with The Open Group for more than ten years, and is currently responsible for managing and supporting its work on interoperability, including SOA and interoperability aspects of Cloud Computing. He is a member of the BCS, the IEEE and the AEA, and is a certified TOGAF practitioner.

1 Comment

Filed under Cloud, Conference

The Open Group Photo Contest: Document the Magic at the Newport Beach Conference!

By The Open Group Conference Team

It’s that time again! The Open Group is busily preparing for the Newport Beach Conference, taking place Jan. 28-31, 2013. As you begin packing, charge up your smartphones and bring your digital cameras: We’ll be hosting The Open Group Photo Contest once again! The prize is a free pass to attend any one of the Open Group conferences in 2013!

The contest is open to all Newport Beach Conference attendees. Here are the details for those of you who have yet to participate or need a refresher on our guidelines.

The categories will include:

  • The Real O.C. Award – any photo taken in or around Newport Beach.
  • The Newport Beach Conference Award – any photo taken during the conference. This includes photos of keynote speakers, candid photos of Open Group members, group sessions, etc.

Participants can submit photos via Twitter using the hashtag #ogPhoto, or via email to photo@opengroup.org.  Please include your full name and the photo’s category upon submission. The submission period will end on Friday, February 8 at 5:00 p.m. PT, with the winner to be announced the following week.

All photos will be uploaded to The Open Group’s Facebook page. Facebook members can vote by “liking” a photo; photos with the most “likes” in each category will win the contest. Photos will be uploaded in real-time, so the sooner you submit a photo, the more time members will have to vote on it.

Below are previous photo contest winners from the Barcelona Conference in 2012:

Modernista Award: For best photo taken in or around Barcelona

Winner: Craig Heath

Craig Heath - Franklin Heath

“Barcelona Sky from the Fundació Joan Miró”

Best of Barcelona Conference Award:  For any photo taken during conference activities

Winner: Leonardo Ramirez

Leonardo Ramirez DuxDiligens 5

A flamenco dancer at the Tuesday night event

1 Comment

Filed under Conference

2013 Open Group Predictions, Vol. 2

By The Open Group

Continuing on the theme of predictions, here are a few more, which focus on global IT trends, business architecture, OTTF and Open Group events in 2013.

Global Enterprise Architecture

By Chris Forde, Vice President of Enterprise Architecture and Membership Capabilities

Cloud is no longer a bleeding edge technology – most organizations are already well on their way to deploying cloud technology.  However, Cloud implementations are resurrecting a perennial problem for organizations—integration. Now that Cloud infrastructures are being deployed, organizations are having trouble integrating different systems, especially with systems hosted by third parties outside their organization. What will happen when two, three or four technical delivery systems are hosted on AND off premise? This presents a looming integration problem.

As we see more and more organizations buying into cloud infrastructures, we’ll see an increase in cross-platform integration architectures globally in 2013. The role of the enterprise architect will become more complex. Architectures must not only ensure that systems are integrated properly, but architects also need to figure out a way to integrate outsourced teams and services and determine responsibility across all systems. Additionally, outsourcing and integration will lead to increased focus on security in the coming year, especially in healthcare and financial sectors. When so many people are involved, and responsibility is shared or lost in the process, gaping holes can be left unnoticed. As data is increasingly shared between organizations and current trends escalate, security will also become more and more of a concern. Integration may yield great rewards architecturally, but it also means greater exposure to vulnerabilities outside of your firewall.

Within the Architecture Forum, we will be working on improvements to the TOGAF® standard throughout 2013, as well as an effort to continue to harmonize the TOGAF specification with the ArchiMate® modelling language.  The Forum also expects to publish a whitepaper on application portfolio management in the new year, as well as be involved in the upcoming Cloud Reference Architecture.

In China, The Open Group is progressing well. In 2013, we’ll continue translating The Open Group website, books and whitepapers from English to Chinese. Partnerships and Open CA certification will remain in the forefront of global priorities, as well as enrolling TOGAF trainers throughout Asia Pacific as Open Group members. There are a lot of exciting developments arising, and we will keep you updated as we expand our footprint in China and the rest of Asia.

Open Group Events in 2013

By Patty Donovan, Vice President of Membership and Events

In 2013, the biggest change for us will be our quarterly summit. The focus will shift toward an emphasis on verticals. This new focus will debut at our April event in Sydney where the vertical themes include Mining, Government, and Finance. Additional vertical themes that we plan to cover throughout the year include: Healthcare, Transportation, Retail, just to name a few. We will also continue to increase the number of our popular Livestream sessions as we have seen an extremely positive reaction to them as well as all of our On-Demand sessions – listen to best selling authors and industry leaders who participated as keynote and track speakers throughout the year.

Regarding social media, we made big strides in 2012 and will continue to make this a primary focus of The Open Group. If you haven’t already, please “like” us on Facebook, follow us on Twitter, join the chat on (#ogchat) one of our Security focused Tweet Jams, and join our LinkedIn Group. And if you have the time, we’d love for you to contribute to The Open Group blog.

We’re always open to new suggestions, so if you have a creative idea on how we can improve your membership, Open Group events, webinars, podcasts, please let me know! Also, please be sure to attend the upcoming Open Group Conference in Newport Beach, Calif., which is taking place on January 28-31. The conference will address Big Data.

Business Architecture

By Steve Philp, Marketing Director for Open CA and Open CITS

Business Architecture is still a relatively new discipline, but in 2013 I think it will continue to grow in prominence and visibility from an executive perspective. C-Level decision makers are not just looking at operational efficiency initiatives and cost reduction programs to grow their future revenue streams; they are also looking at market strategy and opportunity analysis.

Business Architects are extremely valuable to an organization when they understand market and technology trends in a particular sector. They can then work with business leaders to develop strategies based on the capabilities and positioning of the company to increase revenue, enhance their market position and improve customer loyalty.

Senior management recognizes that technology also plays a crucial role in how organizations can achieve their business goals. A major role of the Business Architect is to help merge technology with business processes to help facilitate this business transformation.

There are a number of key technology areas for 2013 where Business Architects will be called upon to engage with the business such as Cloud Computing, Big Data and social networking. Therefore, the need to have competent Business Architects is a high priority in both the developed and emerging markets and the demand for Business Architects currently exceeds the supply. There are some training and certification programs available based on a body of knowledge, but how do you establish who is a practicing Business Architect if you are looking to recruit?

The Open Group is trying to address this issue and has incorporated a Business Architecture stream into The Open Group Certified Architect (Open CA) program. There has already been significant interest in this stream from both organizations and practitioners alike. This is because Open CA is a skills- and experience-based program that recognizes, at different levels, those individuals who are actually performing in a Business Architecture role. You must complete a candidate application package and be interviewed by your peers. Achieving certification demonstrates your competency as a Business Architect and therefore will stand you in good stead for both next year and beyond.

You can view the conformance criteria for the Open CA Business Architecture stream at https://www2.opengroup.org/ogsys/catalog/X120.

Trusted Technology

By Sally Long, Director of Consortia Services

The interdependency of all countries on global technology providers and technology providers’ dependencies on component suppliers around the world is more certain than ever before.  The need to work together in a vendor-neutral, country-neutral environment to assure there are standards for securing technology development and supply chain operations will become increasingly apparent in 2013. Securing the global supply chain can not be done in a vacuum, by a few providers or a few governments, it must be achieved by working together with all governments, providers, component suppliers and integrators and it must be done through open standards and accreditation programs that demonstrate conformance to those standards and are available to everyone.

The Open Group’s Trusted Technology Forum is providing that open, vendor and country-neutral environment, where suppliers from all countries and governments from around the world can work together in a trusted collaborative environment, to create a standard and an accreditation program for securing the global supply chain. The Open Trusted Technology Provider Standard (O-TTPS) Snapshot (Draft) was published in March of 2012 and is the basis for our 2013 predictions.

We predict that in 2013:

  • Version 1.0 of the O-TTPS (Standard) will be published.
  • Version 1.0 will be submitted to the ISO PAS process in 2013, and will likely become part of the ISO/IEC 27036 standard, where Part 5 of that ISO standard is already reserved for the O-TTPS work
  • An O-TTPS Accreditation Program – open to all providers, component suppliers, and integrators, will be launched
  • The Forum will continue the trend of increased member participation from governments and suppliers around the world

4 Comments

Filed under Business Architecture, Conference, Enterprise Architecture, O-TTF, OTTF

The Open Group Newport Beach Conference – Early Bird Registration Ends January 4

By The Open Group Conference Team

The Open Group is busy gearing up for the Newport Beach Conference. Taking place January 28-31, 2013, the conference theme is “Big Data – The Transformation We Need to Embrace Today” and will bring together leading minds in technology to discuss the challenges and solutions facing Enterprise Architecture around the growth of Big Data. Register today!

Information is power, and we stand at a time when 90% of the data in the world today was generated in the last two years alone.  Despite the sheer enormity of the task, off the shelf hardware, open source frameworks, and the processing capacity of the Cloud, mean that Big Data processing is within the cost-effective grasp of the average business. Organizations can now initiate Big Data projects without significant investment in IT infrastructure.

In addition to tutorial sessions on TOGAF® and ArchiMate®, the conference offers roughly 60 sessions on a varied of topics including:

  • The ways that Cloud Computing is transforming the possibilities for collecting, storing, and processing big data.
  • How to contend with Big Data in your Enterprise?
  • How does Big Data enable your Business Architecture?
  • What does the Big Data revolution mean for the Enterprise Architect?
  • Real-time analysis of Big Data in the Cloud.
  • Security challenges in the world of outsourced data.
  • What is an architectural view of Security for the Cloud?

Plenary speakers include:

  • Christian Verstraete, Chief Technologist – Cloud Strategy, HP
  • Mary Ann Mezzapelle, Strategist – Security Services, HP
  • Michael Cavaretta, Ph.D, Technical Leader, Predictive Analytics / Data Mining Research and Advanced Engineering, Ford Motor Company
  • Adrian Lane, Analyst and Chief Technical Officer, Securosis
  • David Potter, Chief Technical Officer, Promise Innovation Oy
  • Ron Schuldt, Senior Partner, UDEF-IT, LLC

A full conference agenda is available here. Tracks include:

  • Architecting Big Data
  • Big Data and Cloud Security
  • Data Architecture and Big Data
  • Business Architecture
  • Distributed Services Architecture
  • EA and Disruptive Technologies
  • Architecting the Cloud
  • Cloud Computing for Business

Early Bird Registration

Early Bird registration for The Open Group Conference in Newport Beach ends January 4. Register now and save! For more information or to register: http://www.opengroup.org/event/open-group-newport-beach-2013/reg

Upcoming Conference Submission Deadlines

In addition to the Early Bird registration deadline to attend the Newport Beach conference, there are upcoming deadlines for speaker proposal submissions to Open Group conferences in Sydney, Philadelphia and London. To submit a proposal to speak, click here.

Venue Industry Focus Submission Deadline
Sydney (April 15-17) Finance, Defense, Mining January 18, 2013
Philadelphia (July 15-17) Healthcare, Finance, Defense April 5, 2013
London (October 21-23) Finance, Government, Healthcare July 8, 2013

We expect space on the agendas of these events to be at a premium, so it is important for proposals to be submitted as early as possible. Proposals received after the deadline dates will still be considered, if space is available; if not, they may be carried over to a future conference. Priority will be given to proposals received by the deadline dates and to proposals that include an end-user organization, at least as a co-presenter.

Comments Off

Filed under Conference

Snapshots of The Open Group Barcelona Conference

By The Open Group Conference Team

It is time to announce the winners of the Barcelona Photo Contest! For those of you who were unable to attend, conference attendees submitted some of their best photos to the contest for a chance to win one free conference pass to one of the global Open Group conference over the next year – a prize valued at more than $1,000/€900 value.

Barcelona is a city for architects. While it is most known for works by Gaudi, enterprise architects flooded the streets for the Open Group Conference in Barcelona…and took some amazing pictures. We had a record number of photo contest submissions that captured everything from the plenary session speakers to flamenco dancers to Camp Nou, home of FC Barcelona!

The contest ended today at noon PDT, and it is time to announce the winners…

Modernista Award – For best photo taken in or around Barcelona

The winner is Craig Heath!

“Barcelona Sky from the Fundació Joan Miró”

Honorable Mentions

“Sagrada Familia Spiral Staircase” by David Boyett

 

Submission by Angela Spencer

Best of Barcelona Conference - For any photo taken during conference activities

The winner is Leonardo Ramirez!

A flamenco dancer at the Tuesday night event

Honorable Mentions

Submission by Leonardo Ramirez

The FACE™ team by David Boyett

Thank you to all those who participated in this contest – whether it was submitting one of your own photos or voting for your favorites. Please visit The Open Group’s Facebook page to view all of the submissions and conference photos.

We’re always trying to improve our programs, so if you have any feedback regarding the photo contest, please email photo@opengroup.org or leave a comment below. We’ll see you in Newport Beach!

Comments Off

Filed under Conference

Barcelona Highlights

By Steve Philp, The Open Group

Within a 15 minute walk of Camp Nou (home of FC Barcelona), The Open Group Conference “kicked off” on Monday morning with some excellent plenary presentations from Scott Radedztsky of Deloitte followed by Peter Haviland and Mick Adams of Ernst & Young, and after the break from Helen Sun of Oracle and finally Ron Tolido and Manuel Sevilla from Capgemini. You can see most of these Big Data presentations for yourself on The Open Group’s Livestream page.

The “second half” of the day was split into tracks for Big Data, Enterprise Architecture (EA), TOGAF® and ArchiMate®. Henry Franken of BiZZdesign talked about EA in terms of TOGAF and ArchiMate (you can see this on our Livestream site, too) and the other ArchiMate presentations from Peter Filip of Tatra Bank, Gerben Wierda of APG Asset Management and Mieke Mahakena of Capgemini were also well received by an enthusiastic audience. Networking and drinks followed at the end of the track sessions, and the “crowd” went away happy after day one.

Tuesday started with a plenary presentation by Dr. Robert Winter from the University of St Gallen on EA and Transformation Management. See the following clip to learn more about his presentation and his research.


This was followed by tracks on distributed services architecture, security, TOGAF 9 case studies, information architecture, quantum lifecycle management (QLM) and a new track on Practice Driven Research on Enterprise Transformation (PRET) and Trends in EA Research (TEAR). The evening entertainment on day two consisted of dinner and a spectacular flamenco dancing show at the Palacio de Flamenco – where a good time was had by all.

After the show there was also time for a number of us to watch Barcelona v. Celtic in their European Champions League match at the Camp Nou. This is the view from my seat:

 

The game ended in a 2-1 victory for Barcelona, and following the game there was much debate and friendly banter in the bar between the conference delegates and the Celtic fans that were staying at our hotel.

The track theme continued on day three of the conference along with member meetings such as the next version of TOGAF Working Group, the TOGAF Standard and ArchiMate Language Harmonization Project, Certification Standing Committee, and TOGAF Value Realization Working Group, etc. Member meetings of the Architecture Forum and Security Forum were held on Thursday and brought the Barcelona event to its conclusion.

At the end of the day, if your “goal” is to listen to some great presentations, network with your peers, participate in meetings and influence the generation of new IT standards, then you should get a ticket for our next fixture in Newport Beach, Calif., USA on January 28-31, 2013. The theme, again, will be Big Data.

I look forward to seeing you there!

Steve Philp is the Marketing Director at The Open Group. Over the past 20 years, Steve has worked predominantly in sales, marketing and general management roles within the IT training industry. Based in Reading, UK, he joined the Open Group in 2008 to promote and develop the organization’s skills and experience-based IT certifications. More recently, he has become responsible for corporate marketing as well as certification.

Comments Off

Filed under Conference

Barcelona Conference Spotlight: Dr. Robert Winter

By The Open Group Conference Team

The Open Group sat down with Dr. Robert Winter, professor at the University of St. Gallen in Switzerland, to talk about Enterprise Architecture management and transformation management following his keynote at the Barcelona Conference on Tuesday, October 23.

Dr. Winter’s session opened with the question, “Should we design and engineer methods like software?” His answer: “Yes!” Dr. Winter stresses that customization and componentization are essential when building Enterprise Architectures, making sure that architectures are constructed to fit a specific need or case and that components are reused. He also notes that enterprise architects cannot accomplish everything alone, as team work between enterprise architects and other departments are critical to organizational success.

Comments Off

Filed under Conference

The Open Group Conference in Barcelona – Day One Recap

By The Open Group Conference Team

Monday was jam-packed with excitement at The Open Group Conference in Barcelona. Since not everyone could make the trip, we’ve put together a recap of the day’s most popular sessions. Stay tuned for more recaps, which are coming soon!


How to Gain Big Insight from Big Data

In his talk titled, “How Companies Extract Insight and Foresight from Big Data,” Scott Radeztsky, CTO of Deloitte Analytics Innovation Center, discussed how companies can tackle Big Data. Scott recommended three specific steps that will help organizations make sense of Big Data:

  1. Get Buy-in First: Without the right tools, it is near impossible to make sense of Big Data. Research the technologies that will help you understand, break down and analyze Big Data. After determining which technology/technologies you would like to invest in, present a strong case to all decisions makers on why it is necessary, focusing on the activities that it will enable and the output that it will produce. Be sure to convey the direct business benefits to ensure that all stakeholders understand how this will ultimately help the business, both in the short- and long-term.
  1. Be Lean: Borrowing from Eric Ries’ Lean Startup Methodology, Scott encouraged attendees to think “low-fi before thinking high-fi.” Often times, planning and project management can be time consuming without producing results. By breaking up larger tasks and projects into smaller pieces, IT professionals can focus on a smaller number of features and really concentrate on the task at hand, rather than more administrative duties, which are necessary but don’t produce output.
  1. Create visuals: A spreadsheet full of numbers does not help anyone grasp data, let alone Big Data. Use visuals to present data to other users and stakeholders, to help them understand what the data means sooner rather than later. This will mean that dashboards and abstraction layers should be designed with user experience (UX) first, before diving into the user interface (UI). Helping all users within an organization understand Big Data more efficiently should be the primary focus of your efforts, and this is done through visuals and superior UX.

To view Scott’s presentation, please watch the session here: https://new.livestream.com/opengroup/Radeztsky-BCN12

Talking Big Data in the Boardroom

Peter Haviland, chief architect and head of business architecture within Ernst & Young’s Advisory Services, along with his colleague Mick Adams, emphasized that data impacts decision. Big Data is in prime position to help organizations improve the execution of strategy across business functions. We are moving toward a Big Data platform, and according to Haviland and Adams, the conversation for architects starts with technology.

The data explosion is happening and executives recognize the need to invest in and integrate technology and analytic capabilities into their architecture. According to Haviland and Adams, business capabilities need to support an information-centric reference model in order to take advantage of Big Data. During the session, Haviland and Adams presented a framework for architects to implement effective analytics using a wide range of common transformation tools, that when used in a coordinated fashion, unlocks the promise of enterprise analytics.

To view Peter and Mick’s presentation, please watch the session here: https://new.livestream.com/opengroup/Mick-Peter-BC12

Big Data Needs Big Architecture – An Architectural Approach to Business Information Management

In their talk titled, “Big Data Needs Big Architecture – An Architectural Approach to Business Information Management,” Ron Tolido and Manuel Sevilla of Capgemini asked, “Do we really need big frameworks to support big data?” They both concluded that they didn’t think so. Capgemini commissioned the Economist Intelligence Unit to survey over 6,000 business leaders worldwide about the use of Big Data on their organizations. Their research showed that a surprising 85 percent of respondents say the issue with Big Data is not the volume, but the ability to analyze and act on the data in real time.

Volume, variety and velocity is what Ron and Manuel think most people focus on in regards to Big Data. However, it’s not about volume; it’s really about value. By velocity, they mean that what happened one minute ago in more relevant than what happened one year ago. Time and the turnover of information is directly linked with value and relevancy.

Manual explained that there is a lot of data that isn’t being exploited. Big Data is about using all that data to yield a return on investment.

Ron and Manuel presented a “Big Data Process Model” with four steps:

  1. Acquisition (collecting the data)
  2. Marshaling (organizing the data)
  3. Analytics (finding insight and predictive modeling)
  4. Action (using insights to change business outcomes)

In sum, Manuel reiterated that volume is essentially a non-issue. IT has been seen often as a constraint when it comes to business; that is no longer. Big data means big business.

To view Ron and Manuel’s presentation, please watch the session here: https://new.livestream.com/opengroup/Tolido-BC12

Delivering Enterprise Architecture with TOGAF® and ArchiMate®

On Monday, BiZZdesign’s CEO Henry Franken opened his session titled, “Delivering Enterprise Architecture with TOGAF and ArchiMate” by speaking about what exactly Enterprise Architecture is, and why it’s needed. He explains it is both a model and a product and believes it falls into the implementation category in a business and bridges that gap between “as is” and what is “to be.”

Henry also covered TOGAF’s popular Architecture Development Method (ADM), which is broken down into four steps (but is a continuous process):

  1. Getting the organization committed and involved
  2. Getting the architecture right
  3. Making the architecture work
  4. Keeping the process running

Henry discussed The Open Group’s visual modeling language for Enterprise Architecture, ArchiMate. He explained that the language of ArchiMate is designed to talk about Enterprise Architecture domains (information architecture, process architecture, product architecture, application architecture and technical architecture), but more importantly to maintain the interrelationships between them. It allows for one language for all Enterprise Architecture change. The latest version also adds a motivation extension to facilitate what a stakeholder wants and what is changed within Enterprise Architecture. This way, changes can be easily traced back to stakeholder and business goals.

In closing, Henry explains the links between TOGAF and ArchiMate, in three layers – the business layer, application layer and technology layer. Together they can help a business accomplish its goals in the final migration and integration layer. He says TOGAF and ArchiMate are the perfect basis for a tool-supported enterprise architecture practice.

Henry provided examples of each layer and step, which can be viewed here, along with the whole presentation: https://new.livestream.com/opengroup/Franken-BC12

Comments Off

Filed under Conference

ArchiMate® 2.0 and Beyond

By The Open Group Conference Team

In this video, Henry Franken of BiZZdesign discusses ArchiMate® 2.0, the new version of the graphical modeling language for Enterprise Architecture that provides businesses with the means to communicate with different stakeholders from the business goals level to implementation scenarios.

Franken explains that the first edition allowed users to express Enterprise Architecture at its core – modeling business applications and infrastructure. ArchiMate® 2.0 has two major additions to make it fully aligned with TOGAF® – the motivation extension and the migration and planning extension. The motivation extension provides users with the ability to fully express business motivations and goals to enterprise architects; the migration and planning extension helps lay out programs and projects to make a business transition.

There are several sessions on ArchiMate® at the upcoming Open Group Conference in Barcelona. Notably, Henry Franken’s “Delivering Enterprise Architecture with TOGAF® and ArchiMate®” session on October 22 at 2:00-2:45 p.m. UTC / 8:00-8:45 a.m. EST will be livestreamed on The Open Group Website.

To view these sessions and for more information on the conference, please go to: http://www3.opengroup.org/barcelona2012

Comments Off

Filed under ArchiMate®, Conference, Enterprise Architecture

The Open Group is Livestreaming The Open Group Barcelona Conference

By The Open Group Conference Team

The Open Group Conference in Barcelona will commence next week and cover the theme of “Big Data – The Next Frontier in the Enterprise.” During the four day conference, which runs Oct. 22-24, speakers and sessions will address the challenges and solutions facing Enterprise Architecture within the context of Big Data.

With travel budgets tight, we know Barcelona is hard to get to for many of our Open Group members. As such, The Open Group will be Livestreaming some of our sessions on Monday, Oct. 22. The keynote speakers include Deloitte Analytics CTO Scott Radeztsky; Ernst & Young Head of Architecture Peter Haviland; Ernst & Young Chief Business Architecture Mick Adams; Oracle Senior Director of Enterprise Architecture Helen Sun; Capgemini CTO Ron Tolido; and Capgemini CTO Manuel Sevilla.

BiZZdesign CEO, Henry Franken, will host a Livestreaming session on how ArchiMate® with TOGAF® improves business efficiency. And on Wednesday, we are Livestreaming an “Ask the Experts” panel session with FACE™ Consortium members on their efforts to transform the U.S. Department of Defense’s Avionics Software Enterprise with open standards.

Livestreaming Sessions

Title: How Companies Extract Insight and Foresight from Big Data

Speaker: Scott Radeztsky, CTO, Deloitte Analytics Innovation Centers

Date: Monday, October 22

Time: 8:50-9:45 a.m. UTC / 2:50-3:45 a.m. ET

Link: https://new.livestream.com/opengroup/Radeztsky-BCN12

 

Title: Boardroom Business Architecture – What Executives Want to Know About Big Data and Analytics

Speaker: Peter Haviland, Head of Business Architecture, Ernst & Young; Mick Adams, Chief Business Architect, Ernst & Young

Date: Monday, October 22

Time: 9:50-10:35 a.m. UTC / 3:50-4:35 a.m. ET

Link: https://new.livestream.com/opengroup/Mick-Peter-BC12

 

Title: Enterprise Information Management

Speaker: Helen Sun, Senior Director of Enterprise Architecture, Oracle

Date: Monday, October 22

Time: 11:10-11:55 a.m. UTC / 5:10-5:55 a.m. ET

Link: https://new.livestream.com/opengroup/Sun-BC12

 

Title: Big Data Needs Big Architecture – An Architectural Approach to Business Information Management

Speaker: Ron Tolido, CTO, Application Services in Europe, Capgemini; Manuel Sevilla, Chief Technical Officer, Global Business Information Management TLI, Capgemini

Date: Monday, October 22

Time: 12:00-12:40 p.m. UTC / 6:00-6:40 a.m. ET

Link: https://new.livestream.com/opengroup/Tolido-BC12

 

Title: Delivering Enterprise Architecture with TOGAF® and ArchiMate®

Speaker: Henry Franken, CEO, BiZZdesign

Date: Monday, October 22

Time: 2:00-2:45 p.m. UTC / 8:00-8:45 a.m. ET

Link: https://new.livestream.com/opengroup/Franken-BC12

 

Title: Future Airborne Capability Environment (FACE™): Ask the Experts (panel)

Speakers: Jeff Howington, Rockwell Collins – FACE Steering Committee Vice-Chair; Kirk Avery, Lockheed Martin – FACE Technical Working Group Vice-Chair; Dennis Stevens, Lockheed Martin, FACE Business Chair; Chip Downing, Wind River – FACE Business Working Group Outreach Lead

Moderator: Judy Cerenzia, FACE Program Director

Date: Wednesday, October 24

Time: 4:00-5:00 p.m. UTC / 10:00-11:00 a.m. ET

Link: https://new.livestream.com/opengroup/Downing-BC12

 

We hope you we see you either in Barcelona or online during one of the Livestreaming sessions!

For more information on The Open Group Barcelona Conference, please visit: http://www.opengroup.org/barcelona2012.

Comments Off

Filed under Conference

Alex Osterwalder’s Business Model Canvas

By The Open Group Conference Team

At The Open Group Conference in Cannes, Alex Osterwalder, entrepreneur, “Business Model Generation” author and creator of the Business Model Canvas, discussed how enterprise architects can contribute to business models. He suggested that there needs to be a bridge between Enterprise Architecture and the highest strategic level of business, bringing strategic and implementation concepts together.  Osterwalder also encouraged organizations to have a shared discussion in a shared language with all stakeholders – a concept that enterprise architects are very familiar with.

To hear more from Alex Osterwalder on how enterprise architects can become more involved in the business model development process, please watch this video:

 

Later this month, The Open Group is hosting its Barcelona conference from October 22-25, where industry thought leaders, like Osterwalder, will be discussing emerging IT trends, specifically the concept of Big Data – the next frontier in the enterprise.

1 Comment

Filed under Business Architecture, Conference

Snapshots of Spain: The Open Group Conference Photo Contest

By The Open Group Conference Team

You’ve all seen the great photos our members produce during conferences, and as The Open Group Conference in Barcelona draws closer, it’s no surprise that we will be hosting the photo contest once again. The prize? A free pass to attend any one of the Open Group conferences in 2013!

Many of you are already familiar with the photo contest from previous conferences, but here are the details for those of you need a short refresher:

We will have two categories for this conference – which means you have two chances to win:

  • The Modernista Award for any photo taken in and around Barcelona.
  • Best of Barcelona Conference for any photo taken during the conference. This includes photos of any of the conference sessions, candid photos of Open Group members.

Similar to previous contests, all photos will be uploaded to The Open Group’s Facebook page, where members and Open Group Facebook fans can vote by “liking” a photo. Photos with the most “likes” in each category will be named the winner. Submissions will be uploaded in real-time, so the sooner you submit a photo, the more time members and fans will have to vote for it!

Conference attendees are free to participate, and winners of each category will receive a free conference pass to any global Open Group conference over the next year – an over $1,000/€ 900 value!

All photos must be submitted via email to photo@opengroup.org or via Twitter with the #ogPhoto hashtag. Please include your full name and the photo’s category upon submission. The submission period will end on Sunday, October 28 at 10:00 p.m. PT, with voting ending on Friday, November 2 at noon PT. The winners will be announced during the afternoon on Friday, November 2.

Below are the photo contest winners of the Washington, D.C. conference, which was held in July 2012:

Best of Washington, D.C.: Reflections of the Capital – by Jude Umeh

Capital City Award: Fun at a Local Pub – by Ron Schuldt

If you have any questions, please email kdene (at) bateman-group.com.

1 Comment

Filed under Conference

The Open Group Barcelona Conference – Early Bird Registration ends September 21

By The Open Group Conference Team

Early Bird registration for The Open Group Conference in Barcelona ends September 21. Register now and save!

The conference runs October 22-24, 2012. On Monday, October 22, the plenary theme is “Big Data – The Next Frontier in the Enterprise,” and speakers will address the challenges and solutions facing Enterprise Architecture within the context of the growth of Big Data. Topics to be explored include:

  • How does an enterprise adopt the means to contend with Big Data within its information architecture?
  • How does Big Data enable your business architecture?
  • What are the issues concerned with real-time analysis of the data resources on the cloud?
  • What are the information security challenges in the world of outsourced and massively streamed data analytics?
  • What is the architectural view of security for cloud computing? How can you take a risk-based approach to cloud security?

Plenary speakers include:

  • Peter Haviland, head of Business Architecture, Ernst & Young
  • Ron Tolido, CTO of Application Services in Europe, Capgemini; and Manuel Sevilla, chief technical officer, Global Business Information Management, Capgemini
  • Scott Radeztsky, chief technical officer, Deloitte Analytics Innovation Centers
  • Helen Sun, director of Enterprise Architecture, Oracle

On Tuesday, October 23, Dr. Robert Winter, Institute of Information Management, University of St. Gallen, Switzerland, will kick off the day with a keynote on EA Management and Transformation Management.

Tracks include:

  • Practice-driven Research on Enterprise Transformation (PRET)
  • Trends in Enterprise Architecture Research (TEAR)
  • TOGAF® and ArchiMate® Case Studies
  • Information Architecture
  • Distributed Services Architecture
  • Holistic Enterprise Architecture Workshop
  • Business Innovation & Technical Disruption
  • Security Architecture
  • Big Data
  • Cloud Computing for Business
  • Cloud Security and Cloud Architecture
  • Agile Enterprise Architecture
  • Enterprise Architecture and Business Value
  • Setting Up A Successful Enterprise Architecture Practice

For more information or to register: http://www.opengroup.org/barcelona2012/registration

Comments Off

Filed under Conference

Using Foursquare at #ogDCA

By The Open Group Conference Team

We’re pleased to announce that we will be holding our first foursquare campaign at The Open Group conference in Washington, D.C.!

For those who are unfamiliar with the service, foursquare is a location-based social networking application for smartphones. Users “check in” at venues using a device-specific application by selecting from a list of venues located nearby based on GPS hardware in the mobile device. Each check-in awards the user points and sometimes “badges.” For those who don’t already have the foursquare app, it is available for download for iPhones, Android phones and BlackBerrys. More information about foursquare can be found here.

The venue for the conference is titled “The Open Group Conference Washington DC, #ogDCA,” and those who check in are eligible for Open Group foursquare campaigns:

Pre-conference Sessions

On Sunday, July 15, people who attend the pre-conference sessions starting at 3:30 p.m. ET and check in to the conference via foursquare will receive a TOGAF® Pocket Guide or another piece of Open Group swag.

Conference

On Monday, July 16 and Tuesday, July 17, attendees who check in to the conference via foursquare before 4:00 p.m. ET Tuesday will be entered to win one of the following prizes.

  • Grand prize – a seat at Allen Brown’s table at the Tuesday night networking dinner event on the W Hotel Terrace (5 seats available)
  • Consolation prizes – swag from ten of our conference exhibitors.

Foursquare basics

If you’ve never “checked in” before, it’s pretty simple. Below are some instructions for iPhone users. (Note: The screen shots below illustrate the “check in” process at a different location, not the conference venue and are provided as an example only.

1. Download the Foursquare app.

2. When you get to the conference, simply open the app and a screen will appear showing you where your “friends” have recently checked in.

3. Click the upside-down teardrop emblem in the upper right corner.

4. Choose the “The Open Group Conference Washington DC, #ogDCA,” by tapping the words.

5. Next, write a little something about what you’re doing (eg. “Getting ready to hear a great panel at The Open Group conference.”).

6. Make sure to sync your Foursquare account with Twitter by tapping the bird in the lower right corner of the check in screen (make sure it turns blue).

7. Then press “check in” and wait for the app to finish.

All winners will be chosen at random. Good luck!

Comments Off

Filed under Conference

The Open Group Trusted Technology Forum is Leading the Way to Securing Global IT Supply Chains

By Dana Gardner, Interarbor Solutions

This BriefingsDirect thought leadership interview comes in conjunction with The Open Group Conference in Washington, D.C., beginning July 16. The conference will focus on Enterprise Architecture (EA), enterprise transformation, and securing global supply chains.

We’re joined in advance by some of the main speakers at the conference to examine the latest efforts to make global supply chains for technology providers more secure, verified, and therefore trusted. We’ll examine the advancement of The Open Group Trusted Technology Forum (OTTF) to gain an update on the effort’s achievements, and to learn more about how technology suppliers and buyers can expect to benefit.

The expert panel consists of Dave Lounsbury, Chief Technical Officer at The Open Group; Dan Reddy, Senior Consultant Product Manager in the Product Security Office at EMC Corp.; Andras Szakal, Vice President and Chief Technology Officer at IBM’s U.S. Federal Group, and also the Chair of the OTTF, and Edna Conway, Chief Security Strategist for Global Supply Chain at Cisco. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: Why this is an important issue, and why is there a sense of urgency in the markets?

Lounsbury: The Open Group has a vision of boundaryless information flow, and that necessarily involves interoperability. But interoperability doesn’t have the effect that you want, unless you can also trust the information that you’re getting, as it flows through the system.

Therefore, it’s necessary that you be able to trust all of the links in the chain that you use to deliver your information. One thing that everybody who watches the news would acknowledge is that the threat landscape has changed. As systems become more and more interoperable, we get more and more attacks on the system.

As the value that flows through the system increases, there’s a lot more interest in cyber crime. Unfortunately, in our world, there’s now the issue of state-sponsored incursions in cyberspace, whether officially state-sponsored or not, but politically motivated ones certainly.

So there is an increasing awareness on the part of government and industry that we must protect the supply chain, both through increasing technical security measures, which are handled in lots of places, and in making sure that the vendors and consumers of components in the supply chain are using proper methodologies to make sure that there are no vulnerabilities in their components.

I’ll note that the demand we’re hearing is increasingly for work on standards in security. That’s top of everybody’s mind these days.

Reddy: One of the things that we’re addressing is the supply chain item that was part of the Comprehensive National Cybersecurity Initiative (CNCI), which spans the work of two presidents. Initiative 11 was to develop a multi-pronged approach to global supply chain risk management. That really started the conversation, especially in the federal government as to how private industry and government should work together to address the risks there.

In the OTTF, we’ve tried create a clear measurable way to address supply-chain risk. It’s been really hard to even talk about supply chain risk, because you have to start with getting a common agreement about what the supply chain is, and then talk about how to deal with risk by following best practices.

Szakal: One of the observations that I’ve made over the last couple of years is that this group of individuals, who are now part of this standards forum, have grown in their ability to collaborate, define, and rise to the challenges, and work together to solve the problem.

Standards process

Technology supply chain security and integrity are not necessarily a set of requirements or an initiative that has been taken on by the standards committee or standards groups up to this point The people who are participating in this aren’t your traditional IT standards gurus. They had to learn the standards process. They had to understand how to approach the standardization of best practices, which is how we approach solving this problem.

It’s sharing information. It’s opening up across the industry to share best practices on how to secure the supply chain and how to ensure its overall integrity. Our goal has been to develop a framework of best practices and then ultimately take those codified best practices and instantiate them into a standard, which we can then assess providers against. It’s a big effort, but I think we’re making tremendous progress.

Gardner: Because The Open Group Conference is taking place in Washington, D.C., what’s the current perception in the U.S. Government about this in terms of its role?

Szakal:The government has always taken a prominent role, at least to help focus the attention of the industry.

Now that they’ve corralled the industry and they’ve got us moving in the right direction, in many ways, we’ve fought through many of the intricate complex technology supply chain issues and we’re ahead of some of the thinking of folks outside of this group because the industry lives these challenges and understands the state of the art. Some of the best minds in the industry are focused on this, and we’ve applied some significant internal resources across our membership to work on this challenge.

So the government is very interested in it. We’ve had collaborations all the way from the White House across the Department of Defense (DoD) and within the Department of Homeland Security (DHS), and we have members from the government space in NASA and DoD.

It’s very much a collaborative effort, and I’m hoping that it can continue to be so and be utilized as a standard that the government can point to, instead of coming up with their own policies and practices that may actually not work as well as those defined by the industry.

Conway: Our colleagues on the public side of the public-private partnership that is addressing supply-chain integrity have recognized that we need to do it together.

More importantly, you need only to listen to a statement, which I know has often been quoted, but it’s worth noting again from EU Commissioner Algirdas Semeta. He recently said that in a globalized world, no country can secure the supply chain in isolation. He recognized that, again quoting, national supply chains are ineffective and too costly unless they’re supported by enhanced international cooperation.

Mindful focus

The one thing that we bring to bear here is a mindful focus on the fact that we need a public-private partnership to address comprehensively in our information and communications technology industry supply chain integrity internationally. That has been very important in our focus. We want to be a one-stop shop of best practices that the world can look at, so that we continue to benefit from commercial technology which sells globally and frequently builds once or on a limited basis.

Combining that international focus and the public-private partnership is something that’s really coming home to roost in everyone’s minds right now, as we see security value migrating away from an end point and looking comprehensively at the product lifecycle or the global supply chain.

Lounsbury:I had the honor of testifying before the U.S. House Energy and Commerce Committee on Oversight Investigations, on the view from within the U.S. Government on IT security.

It was very gratifying to see that the government does recognize this problem. We had witnesses in from the DoD and Department of Energy (DoE). I was there, because I was one of the two voices on industry that the government wants to tap into to get the industry’s best practices into the government.

It was even more gratifying to see that the concerns that were raised in the hearings were exactly the ones that the OTTF is pursuing. How do you validate a long and complex global supply chain in the face of a very wide threat environment, recognizing that it can’t be any single country? Also, it really does need to be not a process that you apply to a point, but something where you have a standard that raises the bar for our security for all the participants in your supply chain.

So it was really good to know that we were on track and that the government, and certainly the U.S. Government, as we’ve heard from Edna, the European governments, and I suspect all world governments are looking at exactly how to tap into this industry activity.

Gardner: Where we are in the progression of OTTF?

Lounsbury: In the last 18 months, there has been a tremendous amount of progress. The thing that I’ll highlight is that early in 2012, the OTTF published a snapshot of the standard. A snapshot is what The Open Group uses to give a preview of what we expect the standards will apply. It has fleshed out two areas, one on tainted products and one on counterfeit products, the standards and best practices needed to secure a supply chain against those two vulnerabilities.

So that’s out there. People can take a look at that document. Of course, we would welcome their feedback on it. We think other people have good answers too. Also, if they want to start using that as guidance for how they should shape their own practices, then that would be available to them.

Normative guidance

That’s the top development topic inside the OTTF itself. Of course, in parallel with that, we’re continuing to engage in an outreach process and talking to government agencies that have a stake in securing the supply chain, whether it’s part of government policy or other forms of steering the government to making sure they are making the right decisions. In terms of exactly where we are, I’ll defer to Edna and Andras on the top priority in the group.

Gardner: Edna, what’s been going on at OTTF and where do things stand?

Conway: We decided that this was, in fact, a comprehensive effort that was going to grow over time and change as the challenges change. We began by looking at two primary areas, which were counterfeit and taint in that communications technology arena. In doing so, we first identified a set of best practices, which you referenced briefly inside of that snapshot.

Where we are today is adding the diligence, and extracting the knowledge and experience from the broad spectrum of participants in the OTTF to establish a set of rigorous conformance criteria that allow a balance between flexibility and how one goes about showing compliance to those best practices, while also assuring the end customer that there is rigor sufficient to ensure that certain requirements are met meticulously, but most importantly comprehensively.

We have a practice right now where we’re going through each and every requirement or best practice and thinking through the broad spectrum of the development stage of the lifecycle, as well as the end-to-end nodes of the supply chain itself.

This is to ensure that there are requirements that would establish conformance that could be pointed to, by both those who would seek accreditation to this international standard, as well as those who would rely on that accreditation as the imprimatur of some higher degree of trustworthiness in the products and solutions that are being afforded to them, when they select an OTTF accredited provider.

Gardner: Andras, I’m curious where in an organization like IBM that these issues are most enforceable. Where within the private sector is the knowledge and the expertise to reside?

Szakal: Speaking for IBM, we recently celebrated our 100th anniversary in 2011. We’ve had a little more time than some folks to come up with a robust engineering and development process, which harkens back to the IBM 701 and the beginning of the modern computing era.

Integrated process

We have what we call the integrated product development process (IPD), which all products follow and that includes hardware and software. And we have a very robust quality assurance team, the QSE team, which ensures that the folks are following those practices that are called out. Within each of line of business there exist specific requirements that apply more directly to the architecture of a particular product offering.

For example, the hardware group obviously has additional standards that they have to follow during the course of development that is specific to hardware development and the associated supply chain, and that is true with the software team as well.

The product development teams are integrated with the supply chain folks, and we have what we call the Secure Engineering Framework, of which I was an author and the Secure Engineering Initiative which we have continued to evolve for quite some time now, to ensure that we are effectively engineering and sourcing components and that we’re following these Open Trusted Technology Provider Standard (O-TTPS) best practices.

In fact, the work that we’ve done here in the OTTF has helped to ensure that we’re focused in all of the same areas that Edna’s team is with Cisco, because we’ve shared our best practices across all of the members here in the OTTF, and it gives us a great view into what others are doing, and helps us ensure that we’re following the most effective industry best practices.

Gardner: Dan, at EMC, is the Product Security Office something similar to what Andras explained for how IBM operates? Perhaps you could just give us a sense of how it’s done there?

Reddy: At EMC in our Product Security Office, we house the enabling expertise to define how to build their products securely. We’re interested in building that in as soon as possible throughout the entire lifecycle. We work with all of our product teams to measure where they are, to help them define their path forward, as they look at each of the releases of their other products. And we’ve done a lot of work in sharing our practices within the industry.

One of the things this standard does for us, especially in the area of dealing with the supply chain, is it gives us a way to communicate what our practices are with our customers. Customers are looking for that kind of assurance and rather than having a one-by-one conversation with customers about what our practices are for a particular organization. This would allow us to have a way of demonstrating the measurement and the conformance against a standard to our own customers.

Also, as we flip it around and take a look at our own suppliers, we want to be able to encourage suppliers, which may be small suppliers, to conform to a standard, as we go and select who will be our authorized suppliers.

Gardner: Dave, what would you suggest for those various suppliers around the globe to begin the process?

Publications catalog

Lounsbury: Obviously, the thing I would recommend right off is to go to The Open Group website, go to the publications catalog, and download the snapshot of the OTTF standard. That gives a good overview of the two areas of best practices for protection from tainted and counterfeit products we’ve mentioned on the call here.

That’s the starting point, but of course, the reason it’s very important for the commercial world to lead this is that commercial vendors face the commercial market pressures and have to respond to threats quickly. So the other part of this is how to stay involved and how to stay up to date?

And of course the two ways that The Open Group offers to let people do that is that you can come to our quarterly conferences, where we do regular presentations on this topic. In fact, the Washington meeting is themed on the supply chain security.

Of course, the best way to do it is to actually be in the room as these standards are evolved to meet the current and the changing threat environment. So, joining The Open Group and joining the OTTF is absolutely the best way to be on the cutting edge of what’s happening, and to take advantage of the great information you get from the companies represented on this call, who have invested years-and-years, as Andras said, in making their own best practices and learning from them.

Gardner:Edna, what’s on the short list of next OTTF priorities?

Conway: You’ve heard us talk about CNCI, and the fact that cybersecurity is on everyone’s minds today. So while taint embodies that to some degree, we probably need to think about partnering in a more comprehensive way under the resiliency and risk umbrella that you heard Dan talk about and really think about embedding security into a resilient supply chain or a resilient enterprise approach.

In fact, to give that some forethought, we actually have invited at the upcoming conference, a colleague who I’ve worked with for a number of years who is a leading expert in enterprise resiliency and supply chain resiliency to join us and share his thoughts.

He is a professor at MIT, and his name is Yossi Sheffi. Dr. Sheffi will be with us. It’s from that kind of information sharing, as we think in a more comprehensive way, that we begin to gather the expertise that not only resides today globally in different pockets, whether it be academia, government, or private enterprise, but also to think about what the next generation is going to look like.

Resiliency, as it was known five years ago, is nothing like supply chain resiliency today, and where we want to take it into the future. You need only look at the US national strategy for global supply chain security to understand that. When it was announced in January of this year at Davos by Secretary Napolitano of the DHS, she made it quite clear that we’re now putting security at the forefront, and resiliency is a part of that security endeavor.

So that mindset is a change, given the reliance ubiquitously on communications, for everything, everywhere, at all times — not only critical infrastructure, but private enterprise, as well as all of us on a daily basis today. Our communications infrastructure is essential to us.

Thinking about resiliency

Given that security has taken top ranking, we’re probably at the beginning of this stage of thinking about resiliency. It’s not just about continuity of supply, not just about prevention from the kinds of cyber incidents that we’re worried about, but also to be cognizant of those nation-state concerns or personal concerns that would arise from those parties who are engaging in malicious activity, either for political, religious or reasons.

Or, as you know, some of them are just interested in seeing whether or not they can challenge the system, and that causes loss of productivity and a loss of time. In some cases, there are devastating negative impacts to infrastructure.

Szakal: There’s another area too that I am highly focused on, but have kind of set aside, and that’s the continued development and formalization of the framework itself that is to continue the collective best practices from the industry and provide some sort of methods by which vendors can submit and externalize those best practices. So those are a couple of areas that I think that would keep me busy for the next 12 months easily.

Gardner: What do IT vendors companies gain if they do this properly?

Secure by Design

Szakal: Especially now in this day and age, any time that you actually approach security as part of the lifecycle — what we call an IBM Secure by Design – you’re going to be ahead of the market in some ways. You’re going to be in a better place. All of these best practices that we’ve defined are additive in effect. However, the very nature of technology as it exists today is that it will be probably another 50 or so years, before we see a perfect security paradigm in the way that we all think about it.

So the researchers are going to be ahead of all of the providers in many ways in identifying security flaws and helping us to remediate those practices. That’s part of what we’re doing here, trying to make sure that we continue to keep these practices up to date and relevant to the entire lifecycle of commercial off-the-shelf technology (COTS) development.

So that’s important, but you also have to be realistic about the best practices as they exist today. The bar is going to move as we address future challenges.

************

For more information on The Open Group’s upcoming conference in Washington, D.C., please visit: http://www.opengroup.org/dc2012

Dana Gardner is president and principal analyst at Interarbor Solutions, an enterprise IT analysis, market research, and consulting firm. Gardner, a leading identifier of software and Cloud productivity trends and new IT business growth opportunities, honed his skills and refined his insights as an industry analyst, pundit, and news editor covering the emerging software development and enterprise infrastructure arenas for the last 18 years.

Comments Off

Filed under Cybersecurity, Information security, OTTF, Supply chain risk

The Open Group and MIT Experts Detail New Advances in ID Management to Help Reduce Cyber Risk

By Dana Gardner, The Open Group

This BriefingsDirect thought leadership interview comes in conjunction with The Open Group Conference in Washington, D.C., beginning July 16. The conference will focus on how Enterprise Architecture (EA), enterprise transformation and securing global supply chains.

We’re joined in advance by some of the main speakers at the July 16 conference to examine the relationship between controlled digital identities in cyber risk management. Our panel will explore how the technical and legal support of ID management best practices have been advancing rapidly. And we’ll see how individuals and organizations can better protect themselves through better understanding and managing of their online identities.

The panelist are Jim Hietala, vice president of security at The Open Group; Thomas Hardjono, technical lead and executive director of the MIT Kerberos Consortium; and Dazza Greenwood, president of the CIVICS.com consultancy and lecturer at the MIT Media Lab. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: What is ID management, and how does it form a fundamental component of cybersecurity?

Hietala: ID management is really the process of identifying folks who are logging onto computing services, assessing their identity, looking at authenticating them, and authorizing them to access various services within a system. It’s something that’s been around in IT since the dawn of computing, and it’s something that keeps evolving in terms of new requirements and new issues for the industry to solve.

Particularly as we look at the emergence of cloud and software-as-a-service (SaaS) services, you have new issues for users in terms of identity, because we all have to create multiple identities for every service we access.

You have issues for the providers of cloud and SaaS services, in terms of how they provision, where they get authoritative identity information for the users, and even for enterprises who have to look at federating identity across networks of partners. There are a lot of challenges there for them as well.

Key theme

Figuring out who is at the other end of that connection is fundamental to all of cybersecurity. As we look at the conference that we’re putting on this month in Washington, D.C., a key theme is cybersecurity — and identity is a fundamental piece of that.

You can look at things that are happening right now in terms of trojans, bank fraud, scammers and attackers, wire transferring money out of company’s bank accounts and other things you can point to.

There are failures in their client security and the customer’s security mechanisms on the client devices, but I think there are also identity failures. They need new approaches for financial institutions to adopt to prevent some of those sorts of things from happening. I don’t know if I’d use the word “rampant,” but they are clearly happening all over the place right now. So I think there is a high need to move quickly on some of these issues.

Gardner: Are we at a plateau? Or has ID management been a continuous progression over the past decade?

Hardjono: So it’s been at least a decade since the industry began addressing identity and identity federation. Someone in the audience might recall Liberty Alliance, the Project Liberty in its early days.

One notable thing about the industry is that the efforts have been sort of piecemeal, and the industry, as a whole, is now reaching the point where a true correct identity is absolutely needed now in transactions in a time of so many so-called Internet scams.

Gardner: Dazza, is there a casual approach to this, or a professional need? By that, I mean that we see a lot of social media activities, Facebook for example, where people can have an identity and may or may not be verified. That’s sort of the casual side, but it sounds like what we’re really talking about is more for professional business or eCommerce transactions, where verification is important. In other words, is there a division between these two areas that we should consider before we get into it more deeply?

Greenwood: Rather than thinking of it as a division, a spectrum would be a more useful way to look at it. On one side, you have, as you mentioned, a very casual use of identity online, where it may be self-asserted. It may be that you’ve signed a posting or an email.

On the other side, of course, the Internet and other online services are being used to conduct very high value, highly sensitive, or mission-critical interactions and transactions all the time. When you get toward that spectrum, a lot more information is needed about the identity authenticating, that it really is that person, as Thomas was starting to foreshadow. The authorization, workflow permissions, and accesses are also incredibly important.

In the middle, you have a lot of gradations, based partly on the sensitivity of what’s happening, based partly on culture and context as well. When you have people who are operating within organizations or within contexts that are well-known and well-understood — or where there is already a lot of not just technical, but business, legal and cultural understanding of what happens — if something goes wrong, there are the right kind of supports and risk management processes.

There are different ways that this can play out. It’s not always just a matter of higher security. It’s really higher confidence, and more trust based on a variety of factors. But the way you phrased it is a good way to enter this topic, which is, we have a spectrum of identity that occurs online, and much of it is more than sufficient for the very casual or some of the social activities that are happening.

Higher risk

But as the economy in our society moves into a digital age, ever more fully and at ever-higher speeds, much more important, higher risk, higher value interactions are occurring. So we have to revisit how it is that we have been addressing identity — and give it more attention and a more careful design, instead of architectures and rules around it. Then we’ll be able to make that transition more gracefully and with less collateral damage, and really get to the benefits of going online.

Gardner: What’s happening to shore this up and pull it together? Let’s look at some of the big news.

Hietala: I think the biggest recent news is the U.S. National Strategy for Trusted Identities in Cyber Space (NSTIC) initiative. It clearly shows that a large government, the United States government, is focused on the issue and is willing to devote resources to furthering an ID management ecosystem and construct for the future. To me that’s the biggest recent news.

At a crossroads

Greenwood: We’re just now is at a crossroads where finally industry, government and increasingly the populations in general, are understanding that there is a different playing field. In the way that we interact, the way we work, the way we do healthcare, the way we do education, the way our social groups cohere and communicate, big parts are happening online.

In some cases, it happens online through the entire lifecycle. What that means now is that a deeper approach is needed. Jim mentioned NSTIC as one of those examples. There are a number of those to touch on that are occurring because of the profound transition that requires a deeper treatment.

NSTIC is the U.S. government’s roadmap to go from its piecemeal approach to a coherent architecture and infrastructure for identity within the United States. It could provide a great model for other countries as well.

People can reuse their identity, and we can start to address what you’re talking about with identity and other people taking your ID, and more to the point, how to prove you are who you said you were to get that ID back. That’s not always so easy after identity theft, because we don’t have an underlying effective identity structure in the United States yet.

I just came back from the United Kingdom at a World Economic Forum meeting. I was very impressed by what their cabinet officers are doing with an identity-assurance scheme in large scale procurement. It’s very consistent with the NSTIC approach in the United States. They can get tens of millions of their citizens using secure well-authenticated identities across a number of transactions, while always keeping privacy, security, and also individual autonomy at the forefront.

There are a number of technology and business milestones that are occurring as well. Open Identity Exchange (OIX) is a great group that’s beginning to bring industry and other sectors together to look at their approaches and technology. We’ve had Security Assertion Markup Language (SAML). Thomas is co-chair of the PC, and that’s getting a facelift.

That approach was being brought to match scale with OpenID Connect, which is OpenID and OAuth. There are a great number of technology innovations that are coming online.

Legally, there are also some very interesting newsworthy harbingers. Some of it is really just a deeper usage of statutes that have been passed a few years ago — the Uniform Electronic Transactions Act, the Electronic Signatures in Global and National Commerce Act, among others, in the U.S.

There is eSignature Directive and others in Europe and in the rest of the world that have enabled the use of interactions online and dealt with identity and signatures, but have left to the private sector and to culture which technologies, approaches, and solutions we’ll use.

Now, we’re not only getting one-off solutions, but architectures for a number of different solutions, so that whole sectors of the economy and segments of society can more fully go online. Practically everywhere you look, you see news and signs of this transition that’s occurring, an exciting time for people interested in identity.

Gardner: What’s most new and interesting from your perspective on what’s being brought to bear on this problem, particularly from a technology perspective?

Two dimensions

Hardjono: It’s along two dimensions. The first one is within the Kerberos Consortium. We have a number of people coming from the financial industry. They all have the same desire, and that is to scale their services to the global market, basically sign up new customers abroad, outside United States. In wanting to do so, they’re facing a question of identity. How do we assert that somebody in a country is truly who they say they are.

The second, introduces a number of difficult technical problems. Closer to home and maybe at a smaller scale, the next big thing is user consent. The OpenID exchange and the OpenID Connect specifications have been completed, and people can do single sign-on using technology such as OAuth 2.0.

The next big thing is how can an attribute provider, banks, telcos and so on, who have data about me, share data with other partners in the industry and across the sectors of the industry with my expressed consent in a digital manner.

Gardner: Tell us a bit about the MIT Core ID approach and how this relates to the Jericho Forum approach.

Greenwood: I would defer to Jim of The Open Group to speak more authoritatively on Jericho Forum, which is a part of Open Group. But, in general, Jericho Forum is a group of experts in the security field from industry and, more broadly, who have done some great work in the past on deperimeterized security and some other foundational work.

In the last few years, they’ve been really focused on identity, coming to realize that identity is at the center of what one would have to solve in order to have a workable approach to security. It’s necessary, but not sufficient, for security. We have to get that right.

To their credit, they’ve come up with a remarkably good list of simple understandable principles, that they call the Jericho Forum Identity Commandments, which I strongly commend to everybody to read.

It puts forward a vision of an approach to identity, which is very constant with an approach that I’ve been exploring here at MIT for some years. A person would have a core ID identity, a core ID, and could from that create more than one persona. You may have a work persona, an eCommerce persona, maybe a social and social networking persona and so on. Some people may want a separate political persona.

You could cluster all of the accounts, interactions, services, attributes, and so forth, directly related to each of those to those individual personas, but not be in a situation where we’re almost blindly backing into right now. With a lot of the solutions in the market, your different aspects of life, unintentionally sometimes or even counter-intentionally, will merge.

Good architecture

Sometimes, that’s okay. Sometimes, in fact, we need to be able to have an inability to separate different parts of life. That’s part of privacy and can be part of security. It’s also just part of autonomy. It’s a good architecture. So Jericho Forum has got the commandments.

Many years ago, at MIT, we had a project called the Identity Embassy here in the Media Lab, where we put forward some simple prototypes and ideas, ways you could do that. Now, with all the recent activity we mentioned earlier toward full-scale usage of architectures for identity in U.S. with NSTIC and around the world, we’re taking a stronger, deeper run at this problem.

Thomas and I have been collaborating across different parts of MIT. I’m putting out what we think is a very exciting and workable way that you can in a high security manner, but also quite usably, have these core identifiers or individuals and inextricably link them to personas, but escape that link back to the core ID, and from across the different personas, so that you can get the benefits when you want them, keeping the personas separate.

Also it allows for many flexible business models and other personalization and privacy services as well, but we can get into that more in the fullness of time. But, in general, that’s what’s happening right now and we couldn’t be more excited about it.

Hardjono: For a global infrastructure for core identities to be able to develop, we definitely need collaboration between the governments of the world and the private sector. Looking at this problem, we were searching back in history to find an analogy, and the best analogy we could find was the rollout of a DNS infrastructure and the IP address assignment.

It’s not perfect and it’s got its critics, but the idea is that you could split blocks of IP addresses and get it sold and resold by private industry, really has allowed the Internet to scale, hitting limitations, but of course IPv6 is on the horizon. It’s here today.

So we were thinking along the same philosophy, where core identifiers could be arranged in blocks and handed out to the private sector, so that they can assign, sell it, or manage it on behalf of people who are Internet savvy, and perhaps not, such as my mom. So we have a number of challenges in that phase.

Gardner: Does this relate to the MIT Model Trust Framework System Rules project?

Greenwood: The Model Trust Framework System Rules project that we are pursuing in MIT is a very important aspect of what we’re talking about. Thomas and I talked somewhat about the technical and practical aspects of core identifiers and core identities. There is a very important business and legal layer within there as well.

So these trust framework system rules are ways to begin to approach the complete interconnected set of dimensions necessary to roll out these kinds of schemes at the legal, business, and technical layers.

They come from very successful examples in the past, where organizations have federated ID with more traditional approaches such as SAML and other approaches. There are some examples of those trust framework system rules at the business, legal, and technical level available.

Right now it’s CIVICS.com, and soon, when we have our model MIT under Creative Commons approach, we’ll take a lot of the best of what’s come before codified in a rational way. Business, legal, and technical rules can really be aligned in a more granular way to fit well, and put out a model that we think will be very helpful for the identity solutions of today that are looking at federate according to NSTIC and similar models. It absolutely would be applicable to how at the core identity persona underlying architecture and infrastructure that Thomas, I, and Jericho Forum are postulating could occur.

Hardjono: Looking back 10-15 years, we engineers came up with all sorts of solutions and standardized them. What’s really missing is the business models, business cases, and of course the legal side.

How can a business make revenue out of the management of identity-related aspects, management of attributes, and so on and how can they do so in such a manner that it doesn’t violate the user’s privacy. But it’s still user-centric in the sense that the user needs to give consent and can withdraw consent and so on. And trying to develop an infrastructure where everybody is protected.

Gardner: The Open Group, being a global organization focused on the collaboration process behind the establishment of standards, it sounds like these are some important aspects that you can bring out to your audience, and start to create that collaboration and discussion that could lead to more fuller implementation. Is that the plan, and is that what we’re expecting to hear more of at the conference next month?

Hietala: It is the plan, and we do get a good mix at our conferences and events of folks from all over the world, from government organizations and large enterprises as well. So it tends to be a good mixing of thoughts and ideas from around the globe on whatever topic we’re talking about — in this case identity and cybersecurity.

At the Washington, D.C. Conference, we have a mix of discussions. The kick-off one is a fellow by the name Joel Brenner who has written a book, America the Vulnerable, which I would recommend. He was inside the National Security Agency (NSA) and he’s been involved in fighting a lot of the cyber attacks. He has a really good insight into what’s actually happening on the threat and defending against the threat side. So that will be a very interesting discussion. [Read an interview with Joel Brenner.]

Then, on Monday, we have conference presentations in the afternoon looking at cybersecurity and identity, including Thomas and Dazza presenting on some of the projects that they’ve mentioned.

Cartoon videos

Then, we’re also bringing to that event for the first time, a series of cartoon videos that were produced for the Jericho Forum. They describe a lot of the commandments that Dazza mentioned in a more approachable way. So they’re hopefully understandable to laymen, and folks with not as much understanding about all the identity mechanisms that are out there. So, yeah, that’s what we are hoping to do.

Gardner: Perhaps we could now better explain what NSTIC is and does?

Greenwood:The best person to speak about NSTIC in the United States right now is probably President Barrack Obama, because he is the person that signed the policy. Our president and the administration has taken a needed, and I think a very well-conceived approach, to getting industry involved with other stakeholders in creating the architecture that’s going to be needed for identity for the United States and as a model for the world, and also how to interact with other models.

Jeremy Grant is in charge of the program office and he is very accessible. So if people want more information, they can find Jeremy online easily in at nist.gov/nstic. And nstic.us also has more information.

In general, NSTIC is a strategy document and a roadmap for how a national ecosystem can emerge, which is comprised of a governing body. They’re beginning to put that together this very summer, with 13 different stakeholders groups, each of which would self-organize and elect or appoint a person — industry, government, state and local government, academia, privacy groups, individuals — which is terrific — and so forth.

That governance group will come up with more of the details in terms of what the accreditation and trust marks look like, the types of technologies and approaches that would be favored according to the general principles I hope everyone reads within the NSTIC document.

At a lower level, Congress has appropriated more than $10 million to work with the White House for a number of pilots that will be under a million half dollars each for a year or two, where individual proof of concept, technologies, or approaches to trust frameworks will be piloted and put out into where they can be used in the market.

In general, by this time two months from now, we’ll know a lot more about the governing body, once it’s been convened and about the pilots once those contracts have been awarded and grants have been concluded. What we can say right now is that the way it’s going to come together is with trust framework system rules, the same exact type of entity that we are doing a model of, to help facilitate people’s understanding and having templates and well-thought through structures that they can pull down and, in turn, use as a starting point.

Circle of trust

So industry-by-industry, sector-by-sector, but also what we call circle of trust by circle of trust. Folks will come up with their own specific rules to define exactly how they will meet these requirements. They can get a trust mark, be interoperable with other trust framework consistent rules, and eventually you’ll get a clustering of those, which will lead to an ecosystem.

The ecosystem is not one size fits all. It’s a lot of systems that interoperate in a healthy way and can adapt and involve over time. A lot more, as I said, is available on nstic.us and nist.gov/nstic, and it’s exciting times. It’s certainly the best government document I have ever read. I’ll be so very excited to see how it comes out.

Gardner: What’s coming down the pike that’s going to make this yet more important?

Hietala: I would turn to the threat and attacks side of the discussion and say that, unfortunately, we’re likely to see more headlines of organizations being breached, of identities being lost, stolen, and compromised. I think it’s going to be more bad news that’s going to drive this discussion forward. That’s my take based on working in the industry and where it’s at right now.

Hardjono: I mentioned the user consent going forward. I think this is increasingly becoming an important sort of small step to address and to resolve in the industry and efforts like the User Managed Access (UMA) working group within the Kantara Initiative.

Folks are trying to solve the problem of how to share resources. How can I legitimately not only share my photos on Flickr with data, but how can I allow my bank to share some of my attributes with partners of the bank with my consent. It’s a small step, but it’s a pretty important step.

Greenwood: Keep your eyes on UMA out of Kantara. Keep looking at OASIS, as well, and the work that’s coming with SAML and some of the Model Trust Framework System Rules.

Most important thing

In my mind the most strategically important thing that will happen is OpenID Connect. They’re just finalizing the standard now, and there are some reference implementations. I’m very excited to work with MIT, with our friends and partners at MITRE Corporation and elsewhere.

That’s going to allow mass scales of individuals to have more ready access to identities that they can reuse in a great number of places. Right now, it’s a little bit catch-as-catch-can. You’ve got your Google ID or Facebook, and a few others. It’s not something that a lot of industries or others are really quite willing to accept to understand yet.

They’ve done a complete rethink of that, and use the best lessons learned from SAML and a bunch of other federated technology approaches. I believe this one is going to change how identity is done and what’s possible.

They’ve done such a great job on it, I might add It fits hand in glove with the types of Model Trust Framework System Rules approaches, a layer of UMA on top, and is completely consistent with the architecture rights, with a future infrastructure where people would have a Core ID and more than one persona, which could be expressed as OpenID Connect credentials that are reusable by design across great numbers of relying parties getting where we want to be with single sign-on.

So it’s exciting times. If it’s one thing you have to look at, I’d say do a Google search and get updates on OpenID Connect and watch how that evolves.

************

For more information on The Open Group’s upcoming conference in Washington, D.C., please visit: http://www.opengroup.org/dc2012

Dana Gardner is president and principal analyst at Interarbor Solutions, an enterprise IT analysis, market research, and consulting firm. Gardner, a leading identifier of software and Cloud productivity trends and new IT business growth opportunities, honed his skills and refined his insights as an industry analyst, pundit, and news editor covering the emerging software development and enterprise infrastructure arenas for the last 18 years.

1 Comment

Filed under Conference, Cybersecurity

Cannes Conference Day 1: Communication Key for Business Transformation, According to Open Group Speakers

By The Open Group Conference Team

Video recap by Dave Lounsbury, CTO of The Open Group

Much like the wind that blows through the Côte d’Azur, talk of business transformation swept through Cannes like a warm breeze yesterday as Day 1 of The Open Group Cannes Conference concluded. The underlying theme of the day was communication and shared languages – a common concept for all enterprise architects, but this time with a slight twist.

Innovator Dr. Alex Osterwalder presented the first session of the day entitled “Business Models, IT and Enterprise Transformation,” which discussed concepts from his well-known book “Business Model Generation.” As Dr. Osterwalder explained, often times there’s a language gap between IT and strategy when it comes to business models, which is why long meetings are largely unproductive.

Dr. Alex Osterwalder explaining the business model canvas

Dr. Osterwalder stressed the importance of simplicity in models, meaning that business models should be created in such a way that anyone in the company can understand them upon first glance. This is the basis for a concept Osterwalder calls the business model canvas, a literal illustration of an organization’s business model using the following key assets – key partners, key activities, key resources, value propositions, customer relationship, channels, customer segments, cost structure and revenue streams.

The audience was then encouraged to work in pairs and use the business model canvas to break down the business model of one participant. Each group had eight minutes to map out the nine components on a large sheet of paper representing the business model canvas using post-its. The audience enjoyed this exercise, which demonstrated that creating a business model does not have to be a laborious process, and that simple is often times best.

Dr. Osterwalder went on to discuss real-life examples such as Apple’s iPod and Nestle Nespresso, dissecting each company’s business model utilizing the business model canvas to learn why both endeavors were so successful. Apple was disruptive because as Steve Jobs said when the first iPod was released, “It’s a thousand songs in your pocket.” The iPod created a dependency on the product and the iTunes service, and one of the unknown factors of the customer relationships was that iTunes made it so easy to upload and manage your music that the barrier to transfer services was too high for most consumers. Nespresso’s business model was built on the creation of the single drink aluminum cans, the product’s key resource, which are only made by Nespresso.

Companies of all sizes have used the business model canvas to adjust their business models, including Fortune 500 companies and government organizations, and Dr. Osterwalder thought that enterprise architects can act as a bridge between strategy and IT facilitating communication between all facets of the business and overseeing the management of business models.

BNP Paribas saves 1.5B Euro through Careful Business Transformation

In the next plenary session, Eric Boulay, CEO of Arismore, and Hervé Gouezel, Advisor to the CEO of BNP Paribas, looked at how enterprise architects can do a better job of presenting CEOs with Enterprise Architecture’s value proposition. Conversely, Boulay stated that the CEOs also need to outline what expectations need to be met by enterprise architects in order to enable business transformation via enterprise architects.

Boulay argued that a director of transformation is now needed within organizations to manage and develop transformation capability. The results of Enterprise Architecture must be merchandised at the C-level in order to communicate business value, and the director of transformation would be enable architects to continue to invent through this new role.

In the same session, Hervé Gouezel discussed the 2009 merger of BNP Paribas and Fortis Bank and the strategy that went into creating a somewhat seamless transition. The original plan had three phases: phase 1 – take six days to pick new management and six weeks to define taskforces, workgroup organizations and stabilization measures; phase 2 – take six months to plan and synergize; and phase 3 – implement projects and programs over a three year period.

Needless to say, this was a huge undertaking, and the goal of the three-phase process was to save the company 500 million Euros. With careful planning and implementation and by following the three-phased approach, BNP Paribas saved over 1.5 billion Euros – three times the targeted amount! This goes to show that careful planning and implementation can lead to true business transformation.

The Semantics of Enterprise Architecture

Len Fehskens, VP of skills and capabilities at The Open Group, presented the final plenary of the day. Fehskens revisited Enterprise Architecture’s most basic, yet seemingly impossible question: How do you define Enterprise Architecture?

Bewildered by the fact that so many different opinions exist around a discipline that nominally has one name, Fehskens went on to discuss the danger of assumptions and the fact that assumptions are rarely made explicit. He also exposed the biggest assumption of all: We’re all sharing the same assumptions about Enterprise Architecture (EA).

Fehskens urged architects to remain open-minded and be aware of the differing perspectives regarding what EA is. The definition of Enterprise Architecture at this point encompasses a variety of opinions, and even if your definition is “correct,” it’s necessary for architects to understand that logical arguments do not change strongly held beliefs. Fehskens ended the session by presenting the teachings St. Augustine, “Let us, on both sides, lay aside all arrogance. Let us not, on either side, claim that we have already discovered the truth. Let us seek it together as something which is known to neither of us. For then only may we seek it, lovingly and tranquilly, if there be no bold presumption that it is already discovered and possessed.”

In other words, Fehskens said, before Enterprise Architecture can move forward as a discipline and fulfill its potential within the enterprise, architects must first learn to agree to disagree regarding the definition of EA. Communication must first be established before true business transformation (and the value of EA) can be realized.

Day 2 of the conference looks to be equally exciting, continuing the theme of enterprise transformation. To view the sessions for the remainder of the conference, please visit: http://www3.opengroup.org/cannes2012

3 Comments

Filed under Conference, Enterprise Architecture, Enterprise Transformation

OTTF – Providing a Level of “Surety”

By Joshua Brickman, CA Technologies

A couple of weeks ago while the Supreme Court heard testimony about the constitutionality of “Obamacare,” I was glued to my computer watching the House of Representatives Sub-Committee on Energy and Commerce hear a very different but no less important type of testimony. The topic was supply chain integrity and security.    Two panels appeared before the committee – one containing U.S. government agencies; and the other focused on industry’s response to the issue. Representing industry was Dave Lounsbury from The Open Group.  While it seemed to me that the focus of the committee was the lack of preparedness some agencies had for supply chain attacks, Lounsbury admirably represented how industry is responding to the burgeoning topic with a public/private partnership and a consensus-driven process.

The process he referred to is the Open Trusted Technology Provider Standard (O-TTPS) for which the Open Trusted Technology Forum (OTTF) published a snapshot of this past February. In full disclosure, I represent a founding member of OTTF. You might say I have a vested interest in the O-TTPS becoming the de-facto standard for supply chain integrity and security, and you would be right. But that’s not just because I worked on the creation of this document. It’s because, as Lounsbury emphasized to the House, I believe the right way to ensure the integrity and security for the supply chains of acquirers or purchasers of technology is to build a consensus driven standard that focuses on the best practices needed to ensure the integrity of the product being produced.  This would allow acquirers to buy products with confidence. With this “snapshot” release, we’ve focused on the two most prevalent threats

  1. Tainted product – the product is produced by the provider and is acquired through reputable channels but has been tampered with maliciously.
  2. Counterfeit product – the product is produced other than by, or for, the provider, or is supplied by other than a reputable channel, and is presented as being legitimate.[1]

For the first time, industry has come together and put together a comprehensive set of best practices that, when followed, can help to protect the supply chain for Information and Communication Technology (ICT) products  starting with sourcing, through manufacturing, and ending with delivery to the customer.

But the work is not done. Now that we have a snapshot, the team is working hard to define conformance criteria as well as an accreditation program. The next quarterly meeting at the upcoming Open Group Cannes conference will have some great opportunities for people to hear more about OTTF.

  • Andras Szakal, Chief Technology Officer, IBM U.S. Federal, will present as a part of the Open Trusted Technology Track a talk entitled, “The Global Supply Chain: Presentation and Discussion on The Open Group Trusted Technology Forum and the Challenges of Protecting Products Against Counterfeit and Tampering”
  • Sally Long, Director, The Open Group Trusted Technology Forum, U.S., will follow with “The Global Supply Chain: Presentation and Discussion on The Open Group Trusted Identifying Trusted Technology Providers – What are the Conformance Criteria that Technology Providers and their Component Suppliers need to Meet to be Considered Trusted Technology Providers?”

When Rep. Terry from Nebraska asked Lounsbury if additional definition (regulations) was needed for ensuring the integrity of the supply chain, Lounsbury answered perfectly when he said: “Ultimately the use of COTs implies that an agency purchases from a commercial marketplace. The question is what are the standards that your supplier uses to demonstrate that they can be trusted? Part of that would be the processes they have for themselves throughout their product development and fulfillment lifecycle but also are they imposing those standards on their suppliers as well.”

Rep. Terry followed up:  “Do you think that is sufficient? How do they have a level of surety that somethings not being compromised way down the assembly line?”

Lounsbury:  “In the commercial world typically we look to some sort of a conformance program in which a supplier would submit evidence either through a third party lab and certainly to an independent certification authority to make sure in fact that they have some evidence of those best practices before they are recognized as a trusted partner.”

It’s clear that government is concerned about this issue. The OTTF is building a standard that customers can point to and ask suppliers about. When the OTTF finishes its conformance criteria, rolls out the accreditation program and vendors become accredited, that will help provide a level of “surety” that Rep. Terry and others on the committee want.

Joshua Brickman, project management professional, runs CA Technologies Federal Certifications Program. He has led CA through the successful evaluation of sixteen products through the Common Criteria over the last five years (in both the U.S. and Canada). Brickman has given talks at the last four International Common Criteria Conferences. Most recently, he has been a Steering Committee member on the Open Group consortium focused on Supply Chain Integrity and Security, The Trusted Technology Forum. He also runs CA Technologies Accessibility Program. 

[1] Open Trusted Technology Provider Standard (O-TTPS), Catalog number S121, Feb 2012, p1-2

Comments Off

Filed under Conference, O-TTF, OTTF, Standards, Supply chain risk

Is Cloud Computing a “Buyers’ Market?”

By Mark Skilton, Global Director at Capgemini

At the Open Group Cannes Conference, a session we are providing is on the topic of “Selecting and Delivering Successful Cloud Products and Services.” This is an area that comes up frequently in establishing costs and benefits of on-demand solutions using the term Cloud Computing.

Cloud Computing terms have been overhyped in terms of their benefits and have saturated the general IT marketplace with all kinds of information systems stating rapid scalable benefits. Most of this may be true in the sense that readily available compute or storage capacity has commoditized in the infrastructure space. Software has also changed in functionality such that it can be contractually purchased now on a subscription basis. Users can easily subscribe to software that focuses on one or many business process requirements covering virtually all core and non-core business activities from productivity tools, project management, and collaboration to VOIP communication and business software applications all in a Software-as-a-Service (SaaS) business model.

I recently heard in conversation a view stating “Cloud Computing, it’s a buyers’ market,” meaning that customers and consumers could just pick their portfolio of software and hardware. But underlying this concept there are still some questions about using a commoditized approach to solving all your enterprise system’s needs.

Is this the whole story, when typically many organizations may seek competitive differentiation in user experience, unique transaction and functional business services? It’s ultimately more a commodity view of Cloud that matches commodity type requirements and functional needs of a customer. But, it does not fit the other 50 percent of customers who want Cloud products and characteristics but not a commodity.

The session in The Open Group Conference, Cannes on April 25 will cover the following key questions:

  • How to identify the key steps in a Cloud Products and Services selection and delivery lifecycle, avoiding tactical level decisions resulting in Cloud solution lock-in and lock-out in one or more of the stages?
  • How Cloud consumers can identify where Cloud products and services can augment and improve their business models and capabilities?
  • How Cloud providers can identify what types of Cloud products and services they can develop and deliver successfully to meet consumer and market needs?
  • What kinds of competitive differentiators to look for in consumer choice and in building providers’ value propositions?
  • What security standards, risk and certifications expertise are needed complement understanding Cloud Products and service advice?
  • What kinds of pricing, revenue and cost management on-demand models are needed to incentivize and build successful Cloud products and service consumption and delivery?
  • How to deal with contractual issues and governance across the whole lifecycle of Cloud Product and services from the perspectives of consumers and providers?

 Mark Skilton is Global Director for Capgemini, Strategy CTO Group, Global Infrastructure Services. His role includes strategy development, competitive technology planning including Cloud Computing and on-demand services, global delivery readiness and creation of Centers of Excellence. He is currently author of the Capgemini University Cloud Computing Course and is responsible for Group Interoperability strategy.

Comments Off

Filed under Cloud, Cloud/SOA, Conference

Why We Can’t Agree on What We Mean by “Enterprise Architecture” and Why That’s OK, At Least for Now

By Leonard Fehskens, The Open Group

Many people have commented that one of the most significant consequences of the Internet is the “democratization of commentary.” The ability to comment on subjects of interest to a community is no longer limited to those few who have access to traditional methods of broadcast communications (e.g., printed media, radio and television). At the same time, membership in such communities is no longer limited to those who are physically proximate. The result is everyone has a wide-reaching public voice now (even this blog is one such example).

The chorus of public voices speaking about Enterprise Architecture has created something of a din. Over the past several years my listening to this chorus has revealed an extraordinary diversity of opinion about what we mean by “Enterprise Architecture.” I have tried to sort out and categorize this diversity of opinion to try to understand how the Enterprise Architecture community could think so many different things about the idea that unites it. Creating a true profession of Enterprise Architecture will require that we come to some sort of convergence and agreement as to what the profession is about, and I hope that understanding the roots of this wide diversity of opinion will facilitate achieving that convergence.

At The Open Group Conference in Cannes, France later this month, I will be speaking on this subject. Here is a preview of that talk.

Assumptions and Approaches 

In many discussions about Enterprise Architecture I have seen preliminary apparent agreement rapidly disintegrate into disagreement bordering on hostility. People who initially thought they were saying the same things discovered as they explored the implications of those statements that they actually meant and understood things quite differently. How can this happen?

There seem to me to be two things that contribute to this phenomenon. The first is the assumptions we make, and the second is the approaches we adopt in defining, thinking about and talking about Enterprise Architecture. As important as the nature of these assumptions and approaches is the fact that we are almost never explicit about them. Indeed, one of the most widespread and consequential assumptions we make is that we all share the same assumptions.

To keep this article short and to avoid “stealing my own thunder” from my upcoming conference presentation, I’m going to step from the tip of one iceberg to the next, hopefully whetting your appetite for a more in-depth treatment.

How We Approach the Problem

There are an even half dozen ways that I have observed people approach the problem of defining Enterprise Architecture that have, by their use, created additional problems. They are:

  • The use of ambiguous language – many of the words we have borrowed from common usage to talk about Enterprise Architecture have multiple meanings.
  • Failing to understand, and account for, the difference between denotation and connotation – a word denotes its literal meaning, but it also connotes a set of associations. We may all agree explicitly on what a word denotes, but at the same time each hold, probably implicitly, very different connotative associations for the word.
  • The use of figures of speech (metaphor, simile, metonymy, synecdoche) – figures of speech are expressive rhetorical gestures, but they too often have very little practical value as models for reasoning about the subject to which they are applied.
  • Conflation – the inclusion of a related but distinct discipline as an integral part of Enterprise Architecture.
  • Mixing up roles and job definitions or job descriptions – jobs are defined to meet the needs of a specific organization and may include parts of many different roles.
  • The “blind men and the elephant” syndrome – defining something to be the part of it that we individually know.

The Many Things We Make Assumptions About

The problem with assumptions is not that we make them, but that we do so implicitly, or worse, unknowingly. Our assumptions often reflect legitimate choices that we have made, but we must not forget that there are other possible choices that others can make.

I’ve identified fifteen areas where people make assumptions that lead to sometimes radically different perspectives on Enterprise Architecture. They have to do with things like what we think “architecture,” “enterprise,” and “business” mean; what we think the geography, landscape or taxonomy of Enterprise Architecture is; how we name or think we should name architectures; what kinds of things can have architectures; what we think makes a good definition; and several more. Come to my talk at The Open Group conference in Cannes at the end of the month if you want to explore this very rich space.

What Can We Do?

It’s tempting when someone comes at a problem from a different perspective, or makes a different choice from among a number of options, to conclude that they don’t understand our position, or too often, that they are simply wrong. Enterprise Architecture is a young discipline, and it is still sorting itself out. We need to remain open to alternative perspectives, and rather than focus on our differences, look for ways to accommodate these different perspectives under unifying generalizations. The first step to doing do is to be aware of our assumptions, and to acknowledge that they are not the only assumptions that might be made.

In the words of St. Augustine, “Let us, on both sides, lay aside all arrogance. Let us not, on either side, claim that we have already discovered the truth. Let us seek it together as something which is known to neither of us. For then only may we seek it, lovingly and tranquilly, if there be no bold presumption that it is already discovered and possessed.”

Len Fehskens is Vice President of Skills and Capabilities at The Open Group. He is responsible for The Open Group’s activities relating to the professionalization of the discipline of enterprise architecture. Prior to joining The Open Group, Len led the Worldwide Architecture Profession Office for HP Services at Hewlett-Packard. Len is based in the US.

6 Comments

Filed under Conference, Enterprise Architecture