Tag Archives: The Open Group

Operational Resilience through Managing External Dependencies

By Ian Dobson & Jim Hietala, The Open Group

These days, organizations are rarely self-contained. Businesses collaborate through partnerships and close links with suppliers and customers. Outsourcing services and business processes, including into Cloud Computing, means that key operations that an organization depends on are often fulfilled outside their control.

The challenge here is how to manage the dependencies your operations have on factors that are outside your control. The goal is to perform your risk management so it optimizes your operational success through being resilient against external dependencies.

The Open Group’s Dependency Modeling (O-DM) standard specifies how to construct a dependency model to manage risk and build trust over organizational dependencies between enterprises – and between operational divisions within a large organization. The standard involves constructing a model of the operations necessary for an organization’s success, including the dependencies that can affect each operation. Then, applying quantitative risk sensitivities to each dependency reveals those operations that have highest exposure to risk of not being successful, informing business decision-makers where investment in reducing their organization’s exposure to external risks will result in best return.

O-DM helps you to plan for success through operational resilience, assured business continuity, and effective new controls and contingencies, enabling you to:

  • Cut costs without losing capability
  • Make the most of tight budgets
  • Build a resilient supply chain
  •  Lead programs and projects to success
  • Measure, understand and manage risk from outsourcing relationships and supply chains
  • Deliver complex event analysis

The O-DM analytical process facilitates organizational agility by allowing you to easily adjust and evolve your organization’s operations model, and produces rapid results to illustrate how reducing the sensitivity of your dependencies improves your operational resilience. O-DM also allows you to drill as deep as you need to go to reveal your organization’s operational dependencies.

O-DM support training on the development of operational dependency models conforming to this standard is available, as are software computation tools to automate speedy delivery of actionable results in graphic formats to facilitate informed business decision-making.

The O-DM standard represents a significant addition to our existing Open Group Risk Management publications:

The O-DM standard may be accessed here.

Ian Dobson is the director of the Security Forum and the Jericho Forum for The Open Group, coordinating and facilitating the members to achieve their goals in our challenging information security world.  In the Security Forum, his focus is on supporting development of open standards and guides on security architectures and management of risk and security, while in the Jericho Forum he works with members to anticipate the requirements for the security solutions we will need in future.

Jim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT security and risk management programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

1 Comment

Filed under Cybersecurity, Security Architecture

Different Words Meant Different Things, Part 3

By Leonard Fehskens, The Open Group

In the second part of this series, I examined the effect of our definition of enterprise on how we think about EA.

To close, I’ll consider the implications of a more inclusive concept of enterprise on the future of Enterprise Architecture.

The current cohort of EAs who have grown accustomed to a misnamed and narrowly focused discipline will eventually retire.  They will be replaced, over time, by EAs who learn the discipline in academic programs rather than by making it up on the job.  They will chuckle in amusement at a “body of knowledge” that is like that of medicine before germ theory, geology before plate tectonics, or astronomy before heliocentrism.  These programs are being created now, and academics are not interested in teaching a discipline with an irrational and inconsistent vocabulary.  They don’t want to have to explain to their students that it is for “historical reasons” that “enterprise means the IT part of a business.”

The focus of an academic program on Enterprise Architecture will necessarily reflect the prevailing concept of enterprise.  The commonly used model of Enterprise Architecture being about people, process and technology provides a useful context for considering this influence.

An IT-centric concept of Enterprise Architecture, like the one currently espoused by most of the community, will emphasize the role of information technology in supporting the needs of the business.  It will include just enough about business and people to enable practitioners to address the goal of “aligning IT with the business.”

A concept of Enterprise Architecture based on the idea of enterprise as business will emphasize business, especially business processes, as they are the primary locus of technological support.  It will include just enough about information technology and people to enable practitioners to address the goal of making IT a strategic asset for businesses.

A concept of Enterprise Architecture based on the idea of enterprise as human endeavor will emphasize the role of people, and be built around the sociology and psychology of individuals, groups and organizations, especially leadership and management as means to achieving organizational goals.  It will devote some attention to business as a particular kind of enterprise, but will look at other forms of enterprise and their unique concerns as well.  Finally, it will consider technology in its most general sense as the means of instantiating the infrastructure necessary to realize an enterprise.  There will be a lot of harumphing about how the conventional wisdom is correct by definition because it is what is practiced by the majority of practitioners, but there is a noisy and insistent contingent that will continue to point out that the world is not flat and the sun does not go around the earth.  Only time will tell, but however you measure it, over 90% of most organizations is “not-IT”, and the IT-centric perspective is simply so imbalanced that it can’t ultimately prevail.

Adopting a broader concept of enterprise consistent with its meaning in common English usage does not in any way invalidate any of the current applications or interpretations of Enterprise Architecture.  It simply allows the application of architectural thinking to other kinds of purposeful human activity besides commercial business organizations to be subsumed under the rubric “Enterprise Architecture”.  All entities that are enterprises by these more restrictive definitions clearly fit unchanged into this more inclusive definition of enterprise.

 Len Fehskens is Vice President of Skills and Capabilities at The Open GroupHe is responsible for The Open Group’s activities relating to the professionalization of the discipline of enterprise architecture. Prior to joining The Open Group, Len led the Worldwide Architecture Profession Office for HP Services at Hewlett-Packard. He majored in Computer Science at MIT, and has over 40 years of experience in the IT business as both an individual contributor and a manager, within both product engineering and services business units. Len has worked for Digital Equipment Corporation, Data General Corporation, Prime Computer, Compaq and Hewlett Packard.  He is the lead inventor on six software patents on the object oriented management of distributed systems.

12 Comments

Filed under Business Architecture, Enterprise Architecture

Different Words Mean Different Things, Part 2

By Leonard Fehskens, The Open Group

In the first part of this series, I proposed distinct meanings of enterprise, business, organization and corporation.

As I noted earlier, you don’t have to agree with the distinctions I am making here.  But words are a finite, “nonrenewable” resource – if you treat these four words as interchangeable synonyms, you will not be able to make these distinctions without finding other words to make them for you.  In particular, you will not be able to distinguish an endeavor from the means of realizing it (similar to confusing an architecture and a blueprint).  You will not be able to distinguish one particular kind of endeavor (for example, a commercial endeavor) from other kinds of endeavors.  You will not be able to distinguish one particular kind of organization from other kinds of organizations.

Treating these four words as synonyms makes these words unavailable to describe larger and more inclusive domains for the application of architectural thinking.  What’s more, it does so needlessly.  This discipline doesn’t need synonyms any more than an organization needs multiple different systems that do the same thing.  Synonyms are redundancies that reduce the expressive power of the language we use to talk about what we do.  We need to be able to make distinctions between things that are important to distinguish from one another, and there are only so many words available to us to do so.

I acknowledge that for most of the community of practicing business and enterprise architects, most if not all of their practice occurs in the context of business-as-commercial-entities.  It is therefore not surprising that many people in the Business and Enterprise Architecture communities would not believe these distinctions are worth making, and be perfectly happy to (if not insistent that we) treat these words as synonyms.  But we have to be careful to avoid the example of the six blind men and the elephant, and being able to explain a predisposition to make these words synonymous doesn’t make it the right thing to do.

There’s even a contingent that insists that enterprise doesn’t just mean a commercial business organization, that it means a specific kind of commercial business organization, one that exceeds some critical threshold with respect to its scale, complexity, sophistication, ambition or consequence.  This is a bit like insisting that the implied “building” in “(building) architecture” means “commercial building”, or more specifically, “skyscraper.”

The problem with this concept of enterprise arises when one tries to specify the objective criteria by which one distinguishes a mere business from the bigger, more complex, more sophisticated, more ambitious or more consequential business that deserves to be called an enterprise.  It is certainly the case that the larger, more complex, more sophisticated, more ambitious and more consequential a commercial business organization is, the more likely architectural thinking will be necessary and beneficial.  But this observation about Enterprise Architecture does not mean that we ought to define enterprise to mean a large, complex, sophisticated, ambitious and consequential commercial business organization.

Why have so many naval vessels been named Enterprise?  Why was the Starship Enterprise from the Star Trek franchise so named, and why was this thought to be an appropriate name for the first space shuttle?  It was not because these vessels embodied some idea of a commercial business organization or because the word connoted a big, complex, sophisticated, ambitious or consequential business.  And surely if the latter had been the reason, there would be many lesser vessels named simply “Business”?

There are two significant consequences to basing Enterprise Architecture (EA) on a concept of enterprise that is limited to a particular kind of organization.  The first has to do with the applicability of the discipline, and the second has to do with how we educate enterprise architects.

If we restrict the definition of enterprise to a specific kind of purposeful activity, whether the criteria we use for this restriction are subjective or objective, we must either argue that architectural thinking is inapplicable to those purposeful activities that do not satisfy these restrictions, or we have to find a word to denote the larger class of purposeful activities to which architectural thinking applies, a class that includes both the restricted concept of enterprise and all other activities to which architectural thinking applies.

If enterprise means the same thing as commercial business organization, what do we call an entity that is not a commercial business organization (e.g., a church, a hospital, a government, or an army)?  Does Enterprise Architecture not apply to such endeavors because they are not created primarily to conduct business transactions?  What do we call organizations that are not businesses?  If we want to talk about an organization that is a business, why can’t we just use the compound “business organization”, which not only does not erase the distinction, it makes clear the relationship between the two?  Similarly, if we want to talk about an enterprise that is a business, as an enterprise, why can’t we just use the compound “business enterprise”?

Similarly, what should we call the architectural discipline that applies to human enterprise in general, and of which any more narrowly defined concept of Enterprise Architecture is necessarily a specialization?

Expanding definitions

The recent surge of interest in “Business Architecture” is, in my opinion, reflective of both the realization by the community that the historically IT-centric focus of Enterprise Architecture is unnecessarily circumscribed, and the lack of a systematic and internally consistent concept of Enterprise Architecture shared throughout that community.

There is a growing faction within the EA community that argues that most of Enterprise Architecture as practiced is actually enterprise IT architecture (EITA), and calling this practice EA is a misuse of the term.  Despite this, the widespread adoption of the egregiously oversimplified model of an enterprise as comprising “the business” and IT, and thus, Enterprise Architecture as comprising “Business Architecture” and “IT Architecture”, has led to the emergence of “Business Architecture” as a distinct if ill-defined concept.

It seems to me that many people consider Enterprise Architecture to be so hopelessly tainted by its historic IT-centricity that they view the best course to be allowing Enterprise Architecture to continue to be misused to mean EITA, and letting Business Architecture take its place as what EA “should have meant.”  I note in passing that there are some people who insist that EA “has always meant,” or at least “originally” meant, the architecture of the enterprise as a whole, but was hijacked by the IT community, though no one has been able to provide other than thirty year old recollections to support this assertion.

As I noted at the outset, I think Enterprise Architecture should encompass the application of architectural thinking to human endeavors of all kinds, not just those that are primarily business in nature, including, for example, governmental, military, religious, academic, or medical enterprises.  Yes, these endeavors all have some business aspects, but they are not what we normally call businesses, and calling the discipline “Business Architecture” almost unavoidably encourages us to overlook the architectural needs of such non-business-centric endeavors and focus instead on the needs of one specific kind of endeavor.

We have the words to name these things properly. We simply have to start doing so.

In part 3 of this series, I’ll consider the implications of a more inclusive concept of enterprise on the future of Enterprise Architecture.

 Len Fehskens is Vice President of Skills and Capabilities at The Open GroupHe is responsible for The Open Group’s activities relating to the professionalization of the discipline of enterprise architecture. Prior to joining The Open Group, Len led the Worldwide Architecture Profession Office for HP Services at Hewlett-Packard. He majored in Computer Science at MIT, and has over 40 years of experience in the IT business as both an individual contributor and a manager, within both product engineering and services business units. Len has worked for Digital Equipment Corporation, Data General Corporation, Prime Computer, Compaq and Hewlett Packard.  He is the lead inventor on six software patents on the object oriented management of distributed systems.

2 Comments

Filed under Business Architecture, Enterprise Architecture

Different Words Mean Different Things, Part 1

By Leonard Fehskens, The Open Group

Over on the LinkedIn Enterprise Architecture Network discussion group there is a thread on the relationship between Enterprise Architecture (EA) and Business Architecture that as of late November 2012 had run to over 4100 comments.

Some of the sprawl of this thread is due to the usual lack of discipline in staying on topic.  Some of it is due to the rehashing of well-worn themes as newcomers arrive.  It seems clear to me though, that even when long time contributors try to move the subject forward, a lot of the back and forth that fails to converge is a consequence of the community’s lack of an appropriate and widely shared vocabulary.

In particular, there are four words that many in the Enterprise and Business Architecture communities seem to use interchangeably – enterprise, business, organization and corporation.

Before I tackle this subject, there is some context I should provide.

First, people who know me consider me to be obsessive about the precise use of language, and they’re right.  I think of Enterprise Architecture as more a craft than a science, and as such, the language we use to express it is ordinary language (as opposed to, for example, mathematics).  To me it follows that it is especially important that we use that language carefully.

Second, I’m coming at this from the perspective of creating a profession and its supporting ecosystem.  I believe a profession should be broadly applicable, with specializations within the profession addressing more narrowly focused concerns.

Finally, though much of the discussion about Enterprise Architecture is in English, I acknowledge that for a large fraction of the community English is a second (or third) language.  So, while this post is specifically about English usage, I suspect much of it applies as well to other languages, and I don’t want to imply that the conventions of English usage are the only ones worthy of consideration.

That’s enough by way of preamble.

The EA community may not have agreed upon definitions of many of the words it uses, but as these words are drawn from the vernacular, the rest of the world does.  This conventional usage makes clear distinctions between enterprise, business, organization and corporation.

While it is true that these words all have some sense in which they are roughly synonymous, they have primary definitions that distinguish them from one another.  I think we ought to observe these distinctions because they are useful, especially in that they allow us to sensibly relate the concepts they represent to one another, and they do not needlessly foreclose the broader application of these concepts.

First, I’m going to propose definitions for these words to be used in the context of Enterprise Architecture.  Then I’m going to look at what these definitions imply about the relationships between the things these words denote, and how the current usage obscures or denies these relationships.

It’s very possible, if not likely, that you will not agree with these definitions.  I’ll deal with that later.

Enterprise

The Oxford English Dictionary (Compact Edition, 1971) defines “enterprise” as:

Derived from the French entreprendre, “to take in hand, undertake”.

    1. A design of which the execution is attempted; a piece of work taken in hand, an undertaking; chiefly, and now exclusively, a bold, arduous, or momentous undertaking.
      • b. engagement in such undertaking
    2. Disposition or readiness to engage in undertakings of difficulty, risk, or danger; daring spirit.
    3. The action of taking in hand; management, superintendence. Obsolete.

So, enterprise means “undertaking” or “endeavor,” especially one that is relatively ambitious.  Implicit in this concept of enterprise is the intentional action of one of more people.  It is intentional in the sense that the action is intended to achieve some outcome.  The role of people is important; we do not generally consider machines, regardless of their purpose, to exhibit “enterprise” in this sense.  For me, the essential properties of an enterprise are people and their activity in pursuit of explicit intent.

This is a deliberately, very broadly inclusive concept of enterprise.  All of the following are, in my opinion, enterprises:

  • A child’s lemonade stand
  • A club
  • A professional society
  • A committee or working group
  • A town, state or country government
  • An international/multinational coalition
  • A military unit
  • A department or ministry of defense
  • A for-profit, non-profit or not-for-profit corporation
  • A partnership
  • A consortium
  • A church
  • A university or college
  • A hospital

Business

English speakers commonly use the word “business” to mean three things, and are usually able to infer the intended meaning from context.  These three common meanings of business are:

Business-as-commerce: The exchange of goods and services for some form of compensation for the costs and risks of doing so.

Business-as-commercial-entity: An entity whose primary activity is the conduct of some form of business-as-commerce.  In colloquial terms, the primary purpose of such an entity is to “make money”, and if it does not “make money” it will “go out of business.”

Business-as-primary-concern: The primary concern or activity of some entity.

These three different commonly understood meanings of business make it possible for someone to say something like:

“The business of my business is business.”

I.e., “The business-as-primary-concern of my business-as-commercial-entity is business-as-commerce.”

Organization

An “organization” is a structured (i.e., “organized”) group of people and resources, usually acting in concert to achieve some shared purpose.

Corporation

Finally, a “corporation” is an organization structured and operated in a particular way so as to satisfy certain legal constraints and thus benefit from the legal consequences of that conformance.  Strictly speaking, a corporation is a legal entity that has an organization associated with it.  In the case of a “shell” or “dummy” corporation, the associated organization’s people and resources may be minimal.

Observations

Based on these definitions, one can make some observations.

An organization is typically the means by which an enterprise is realized.  Small scale enterprises may be realized by a single individual, which is a trivial case of an organization.

Not all organizations are business-as-commercial-entities.  Organizations that are not businesses will almost certainly conduct some business-as-commerce as an adjunct activity in support of their primary intent.

Not all enterprises have as their intent some form of business-as-commerce. An organization that realizes such an enterprise will not be a business-as-commercial-entity.  While all business-as-commercial-entities realize an enterprise, not all enterprises are realized by business-as-commercial-entities.

Not all organizations are corporations.

Not all business-as-commercial-entities are corporations.

These relationships are depicted below.

 Len diagram

This is a three-part series that discusses how our vocabulary affects the way we conceptualize Enterprise Architecture, Business Architecture and their relationship.  Part 2 will examine the effect of our definition of enterprise on how we think about EA. 

 Len Fehskens is Vice President of Skills and Capabilities at The Open GroupHe is responsible for The Open Group’s activities relating to the professionalization of the discipline of enterprise architecture. Prior to joining The Open Group, Len led the Worldwide Architecture Profession Office for HP Services at Hewlett-Packard. He majored in Computer Science at MIT, and has over 40 years of experience in the IT business as both an individual contributor and a manager, within both product engineering and services business units. Len has worked for Digital Equipment Corporation, Data General Corporation, Prime Computer, Compaq and Hewlett Packard.  He is the lead inventor on six software patents on the object oriented management of distributed systems.

5 Comments

Filed under Business Architecture, Enterprise Architecture

Questions for the Upcoming 2013 Security Priorities Tweet Jam – Dec. 11

By Patty Donovan, The Open Group

Last week, we announced our upcoming tweet jam on Tuesday, December 11 at 9:00 a.m. PT/12:00 p.m. ET/5:00 p.m. BST, which will examine the topic of IT security and what is in store for 2013.

Please join us next Tuesday, December 11! The discussion will be moderated by Elinor Mills (@elinormills), former CNET security reporter, and we welcome Open Group members and interested participants from all backgrounds to join the session. Our panel of experts will include:

The discussion will be guided by these seven questions:

  1. What’s the biggest lesson learned by the security industry in 2012? #ogChat
  2. How will organizations tackle #BYOD security in 2013? Are standards needed to secure employee-owned devices? #ogChat
  3. In #BYOD era, will organizations be more focused on securing the network, the device, or the data? #ogChat
  4. What impact will using 3rd party #BigData have on corporate security practices? #ogChat
  5. What will global supply chain security look like in 2013? How involved should governments be? #ogChat
  6. What are the biggest unsolved issues in cloud computing security? #ogChat
  7. What should be the top security priorities for organizations in 2013? #ogChat

To access the discussion, please follow the #ogChat hashtag during the allotted discussion time. Other hashtags we recommend you use during the event include:

  • Information Security: #InfoSec
  • Security: #security
  • BYOD: #BYOD
  • Big Data: #BigData
  • Privacy: #privacy
  • Mobile: #mobile
  • Supply Chain: #supplychain

For more information about the tweet jam topic (security), guidelines and general background information on the event, please visit our previous blog post: http://blog.opengroup.org/2012/11/26/2013-security-priorities-tweet-jam/

If you have any questions prior to the event or would like to join as a participant, please direct them to Rod McLeod (rmcleod at bateman-group dot com), or leave a comment below. We anticipate a lively chat and hope you will be able to join us!

Patricia Donovan is Vice President, Membership & Events, at The Open Group and a member of its executive management team. In this role she is involved in determining the company’s strategic direction and policy as well as the overall management of that business area. Patricia joined The Open Group in 1988 and has played a key role in the organization’s evolution, development and growth since then. She also oversees the company’s marketing, conferences and member meetings. She is based in the U.S.

Comments Off

Filed under Tweet Jam

Architecting for Secure Business Collaboration

By Ian Dobson & Jim Hietala, The Open Group

The Open Group Framework for Secure Collaboration Oriented Architectures (O-SCOA) Guide provides system and security architects and designers with a blueprint specifying the requirements for secure design of enterprise architectures that support safe and secure operation, globally, over any unsecured network.

This secure COA framework was originally developed by the Jericho Forum®, a forum of The Open Group, from 2007-2009. They started with an overview paper outlining the objectives and framework concepts, and quickly followed it with a high-level COA framework that mapped the primary components – processes, services, attributes and technologies – and identified the sub-components under each. Then, over the next 18 months the forum developed and published a series of requirements papers on the results of the methodical analysis of the security requirements that each sub-component should be architected to fulfill.

The O-SCOA Guide brings together an updated version of all these papers in one publication, adding the latest developments in the critical identity management component.  It also includes the business case for building Enterprise Architectures that follow the O-SCOA guidance to assure safe and secure operations between business partners over insecure global networks. Additionally, it includes the Jericho Commandments, first published in 2006, which have stood the test of time as the proven benchmark for assessing how secure any Enterprise Architecture is for operations in open systems.

The SCOA guide may be downloaded here.

Ian Dobson is the director of the Security Forum and the Jericho Forum for The Open Group, coordinating and facilitating the members to achieve their goals in our challenging information security world.  In the Security Forum, his focus is on supporting development of open standards and guides on security architectures and management of risk and security, while in the Jericho Forum he works with members to anticipate the requirements for the security solutions we will need in future.

Jim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT security and risk management programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

1 Comment

Filed under Cybersecurity, Security Architecture

2013 Security Priorities – Tweet Jam

By Patty Donovan, The Open Group

On Tuesday, December 11, The Open Group will host a tweet jam examining the topic of IT security and what is in store for 2013.

2012 was a big year for security. Congress debated cybersecurity legislation in the face of attacks on vulnerabilities in the nation’s critical infrastructure systems; social networking site LinkedIn was faulted for one of the largest security breaches of the year; and global cyber espionage was a trending topic. With the year coming to a close, the big questions on peoples’ minds are what security issues will dominate headlines in 2013. In October, Gartner predicted that by 2014, employee-owned devices will be infected with malware at more than double the rate of corporate-owned devices, and by 2017, 40% of an enterprise’s contact information will have been leaked into Facebook through the use of mobile device collaboration applications. These predictions only touch the tip of the iceberg for security concerns in the coming year.

Please join us on Tuesday, December 11 at 9:00 a.m. PT/12:00 p.m. ET/5:00 p.m. GMT for a tweet jam that will discuss and debate the mega trends that will shape the security landscape in 2013. Key areas that will be addressed during the discussion include: mobile security, BYOD, supply chain security, advanced persistent threats, and cloud and data security. We welcome Open Group members and interested participants from all backgrounds to join the session and interact with our panel of IT security experts, analysts and thought leaders. To access the discussion, please follow the #ogChat hashtag during the allotted discussion time.

And for those of you who are unfamiliar with tweet jams, here is some background information:

What Is a Tweet Jam?

A tweet jam is a one hour “discussion” hosted on Twitter. The purpose of the tweet jam is to share knowledge and answer questions on a chosen topic. Each tweet jam is led by a moderator and a dedicated group of experts to keep the discussion flowing. The public (or anyone using Twitter interested in the topic) is free (and encouraged!) to join the discussion.

Participation Guidance

Whether you’re a newbie or veteran Twitter user, here are a few tips to keep in mind:

  • Have your first #ogChat tweet be a self-introduction: name, affiliation, occupation.
  • Start all other tweets with the question number you’re responding to and the #ogChat hashtag.
    • Sample: “Q1 The biggest security threat in 2013 will continue to be securing data in the cloud #ogChat”
  • Please refrain from product or service promotions. The goal of a tweet jam is to encourage an exchange of knowledge and stimulate discussion.
  • While this is a professional get-together, we don’t have to be stiff! Informality will not be an issue!
  • A tweet jam is akin to a public forum, panel discussion or Town Hall meeting – let’s be focused and thoughtful.

If you have any questions prior to the event or would like to join as a participant, please direct them to Rod McLeod (rmcleod at bateman-group dot com). We anticipate a lively chat and hope you will be able to join!

Patricia Donovan is Vice President, Membership & Events, at The Open Group and a member of its executive management team. In this role she is involved in determining the company’s strategic direction and policy as well as the overall management of that business area. Patricia joined The Open Group in 1988 and has played a key role in the organization’s evolution, development and growth since then. She also oversees the company’s marketing, conferences and member meetings. She is based in the U.S.

1 Comment

Filed under Cybersecurity, Tweet Jam

Data Protection Today and What’s Needed Tomorrow

By Ian Dobson and Jim Hietala, The Open Group

Technology today allows thieves to copy sensitive data, leaving the original in place and thus avoiding detection. One needn’t look far in today’s headlines to understand why protection of data is critical going forward. As this recent article from Bloomberg points out, penetrations of corporate IT systems with the aim to extract sensitive information, IP and other corporate data are rampant.  Despite the existence of data breach and data privacy laws in the U.S., EU and elsewhere, this issue is still not well publicized. The article cites specific intrusions at large consumer products companies, the EU, itself, law firms and a nuclear power plant.

Published in October 2012, the Jericho Forum® Data Protection white paper reviews the state of data protection today and where it should be heading to meet tomorrow’s business needs. The Open Group’s Jericho Forum contends that future data protection solutions must aim to provide stronger, more flexible protection mechanisms around the data itself.

The white paper argues that some of the current issues with data protection are:

  • It is too global and remote to be effective
  • Protection is neither granular nor interoperable enough
  • It’s not integrated with Centralized Authorization Services
  • Weak security services are relied on for enforcement

Refreshingly, it explains not only why, but also how. The white paper reviews the key issues surrounding data protection today; describes properties that data protection mechanisms should include to meet current and future requirements; considers why current technologies don’t deliver what is required; and proposes a set of data protection principles to guide the design of effective solutions.

It goes on to describe how data protection has evolved to where it’s at today, and outlines a series of target stages for progressively moving the industry forward to deliver stronger more flexible protection solutions that business managers are already demanding their IT systems managers provide.  Businesses require these solutions to ensure appropriate data protection levels are wrapped around the rapidly increasing volumes of confidential information that is shared with their business partners, suppliers, customers and outworkers/contractors on a daily basis.

Having mapped out an evolutionary path for what we need to achieve to move data protection forward in the direction our industry needs, we’re now planning optimum approaches for how to achieve each successive stage of protection. The Jericho Forum welcomes folks who want to join us in this important journey.

 

Ian Dobson is the director of the Security Forum and the Jericho Forum for The Open Group, coordinating and facilitating the members to achieve their goals in our challenging information security world.  In the Security Forum, his focus is on supporting development of open standards and guides on security architectures and management of risk and security, while in the Jericho Forum he works with members to anticipate the requirements for the security solutions we will need in future.

Jim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT security and risk management programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

1 Comment

Filed under Cybersecurity

Call for Submissions

By Patty Donovan, The Open Group

The Open Group Blog is celebrating its second birthday this month! Over the past few years, our blog posts have tended to cover Open Group activities – conferences, announcements, our lovely members, etc. While several members and Open Group staff serve as regular contributors, we’d like to take this opportunity to invite our community members to share their thoughts and expertise on topics related to The Open Group’s areas of expertise as guest contributors.

Here are a few examples of popular guest blog posts that we’ve received over the past year

Blog posts generally run between 500 and 800 words and address topics relevant to The Open Group workgroups, forums, consortiums and events. Some suggested topics are listed below.

  • ArchiMate®
  • Big Data
  • Business Architecture
  • Cloud Computing
  • Conference recaps
  • DirectNet
  • Enterprise Architecture
  • Enterprise Management
  • Future of Airborne Capability Environment (FACE™)
  • Governing Board Businesses
  • Governing Board Certified Architects
  • Governing Board Certified IT Specialists
  • Identity Management
  • IT Security
  • The Jericho Forum
  • The Open Group Trusted Technology Forum (OTTF)
  • Quantum Lifecycle Management
  • Real-Time Embedded Systems
  • Semantic Interoperability
  • Service-Oriented Architecture
  • TOGAF®

If you have any questions or would like to contribute, please contact opengroup (at) bateman-group.com.

Please note that all content submitted to The Open Group blog is subject to The Open Group approval process. The Open Group reserves the right to deny publication of any contributed works. Anything published shall be copyright of The Open Group.

Patricia Donovan is Vice President, Membership & Events, at The Open Group and a member of its executive management team. In this role she is involved in determining the company’s strategic direction and policy as well as the overall management of that business area. Patricia joined The Open Group in 1988 and has played a key role in the organization’s evolution, development and growth since then. She also oversees the company’s marketing, conferences and member meetings. She is based in the U.S.

1 Comment

Filed under Uncategorized

Barcelona Highlights

By Steve Philp, The Open Group

Within a 15 minute walk of Camp Nou (home of FC Barcelona), The Open Group Conference “kicked off” on Monday morning with some excellent plenary presentations from Scott Radedztsky of Deloitte followed by Peter Haviland and Mick Adams of Ernst & Young, and after the break from Helen Sun of Oracle and finally Ron Tolido and Manuel Sevilla from Capgemini. You can see most of these Big Data presentations for yourself on The Open Group’s Livestream page.

The “second half” of the day was split into tracks for Big Data, Enterprise Architecture (EA), TOGAF® and ArchiMate®. Henry Franken of BiZZdesign talked about EA in terms of TOGAF and ArchiMate (you can see this on our Livestream site, too) and the other ArchiMate presentations from Peter Filip of Tatra Bank, Gerben Wierda of APG Asset Management and Mieke Mahakena of Capgemini were also well received by an enthusiastic audience. Networking and drinks followed at the end of the track sessions, and the “crowd” went away happy after day one.

Tuesday started with a plenary presentation by Dr. Robert Winter from the University of St Gallen on EA and Transformation Management. See the following clip to learn more about his presentation and his research.


This was followed by tracks on distributed services architecture, security, TOGAF 9 case studies, information architecture, quantum lifecycle management (QLM) and a new track on Practice Driven Research on Enterprise Transformation (PRET) and Trends in EA Research (TEAR). The evening entertainment on day two consisted of dinner and a spectacular flamenco dancing show at the Palacio de Flamenco – where a good time was had by all.

After the show there was also time for a number of us to watch Barcelona v. Celtic in their European Champions League match at the Camp Nou. This is the view from my seat:

 

The game ended in a 2-1 victory for Barcelona, and following the game there was much debate and friendly banter in the bar between the conference delegates and the Celtic fans that were staying at our hotel.

The track theme continued on day three of the conference along with member meetings such as the next version of TOGAF Working Group, the TOGAF Standard and ArchiMate Language Harmonization Project, Certification Standing Committee, and TOGAF Value Realization Working Group, etc. Member meetings of the Architecture Forum and Security Forum were held on Thursday and brought the Barcelona event to its conclusion.

At the end of the day, if your “goal” is to listen to some great presentations, network with your peers, participate in meetings and influence the generation of new IT standards, then you should get a ticket for our next fixture in Newport Beach, Calif., USA on January 28-31, 2013. The theme, again, will be Big Data.

I look forward to seeing you there!

Steve Philp is the Marketing Director at The Open Group. Over the past 20 years, Steve has worked predominantly in sales, marketing and general management roles within the IT training industry. Based in Reading, UK, he joined the Open Group in 2008 to promote and develop the organization’s skills and experience-based IT certifications. More recently, he has become responsible for corporate marketing as well as certification.

Comments Off

Filed under Conference

ArchiMate® 2.0 and Beyond

By The Open Group Conference Team

In this video, Henry Franken of BiZZdesign discusses ArchiMate® 2.0, the new version of the graphical modeling language for Enterprise Architecture that provides businesses with the means to communicate with different stakeholders from the business goals level to implementation scenarios.

Franken explains that the first edition allowed users to express Enterprise Architecture at its core – modeling business applications and infrastructure. ArchiMate® 2.0 has two major additions to make it fully aligned with TOGAF® – the motivation extension and the migration and planning extension. The motivation extension provides users with the ability to fully express business motivations and goals to enterprise architects; the migration and planning extension helps lay out programs and projects to make a business transition.

There are several sessions on ArchiMate® at the upcoming Open Group Conference in Barcelona. Notably, Henry Franken’s “Delivering Enterprise Architecture with TOGAF® and ArchiMate®” session on October 22 at 2:00-2:45 p.m. UTC / 8:00-8:45 a.m. EST will be livestreamed on The Open Group Website.

To view these sessions and for more information on the conference, please go to: http://www3.opengroup.org/barcelona2012

Comments Off

Filed under ArchiMate®, Conference, Enterprise Architecture

The Open Group is Livestreaming The Open Group Barcelona Conference

By The Open Group Conference Team

The Open Group Conference in Barcelona will commence next week and cover the theme of “Big Data – The Next Frontier in the Enterprise.” During the four day conference, which runs Oct. 22-24, speakers and sessions will address the challenges and solutions facing Enterprise Architecture within the context of Big Data.

With travel budgets tight, we know Barcelona is hard to get to for many of our Open Group members. As such, The Open Group will be Livestreaming some of our sessions on Monday, Oct. 22. The keynote speakers include Deloitte Analytics CTO Scott Radeztsky; Ernst & Young Head of Architecture Peter Haviland; Ernst & Young Chief Business Architecture Mick Adams; Oracle Senior Director of Enterprise Architecture Helen Sun; Capgemini CTO Ron Tolido; and Capgemini CTO Manuel Sevilla.

BiZZdesign CEO, Henry Franken, will host a Livestreaming session on how ArchiMate® with TOGAF® improves business efficiency. And on Wednesday, we are Livestreaming an “Ask the Experts” panel session with FACE™ Consortium members on their efforts to transform the U.S. Department of Defense’s Avionics Software Enterprise with open standards.

Livestreaming Sessions

Title: How Companies Extract Insight and Foresight from Big Data

Speaker: Scott Radeztsky, CTO, Deloitte Analytics Innovation Centers

Date: Monday, October 22

Time: 8:50-9:45 a.m. UTC / 2:50-3:45 a.m. ET

Link: https://new.livestream.com/opengroup/Radeztsky-BCN12

 

Title: Boardroom Business Architecture – What Executives Want to Know About Big Data and Analytics

Speaker: Peter Haviland, Head of Business Architecture, Ernst & Young; Mick Adams, Chief Business Architect, Ernst & Young

Date: Monday, October 22

Time: 9:50-10:35 a.m. UTC / 3:50-4:35 a.m. ET

Link: https://new.livestream.com/opengroup/Mick-Peter-BC12

 

Title: Enterprise Information Management

Speaker: Helen Sun, Senior Director of Enterprise Architecture, Oracle

Date: Monday, October 22

Time: 11:10-11:55 a.m. UTC / 5:10-5:55 a.m. ET

Link: https://new.livestream.com/opengroup/Sun-BC12

 

Title: Big Data Needs Big Architecture – An Architectural Approach to Business Information Management

Speaker: Ron Tolido, CTO, Application Services in Europe, Capgemini; Manuel Sevilla, Chief Technical Officer, Global Business Information Management TLI, Capgemini

Date: Monday, October 22

Time: 12:00-12:40 p.m. UTC / 6:00-6:40 a.m. ET

Link: https://new.livestream.com/opengroup/Tolido-BC12

 

Title: Delivering Enterprise Architecture with TOGAF® and ArchiMate®

Speaker: Henry Franken, CEO, BiZZdesign

Date: Monday, October 22

Time: 2:00-2:45 p.m. UTC / 8:00-8:45 a.m. ET

Link: https://new.livestream.com/opengroup/Franken-BC12

 

Title: Future Airborne Capability Environment (FACE™): Ask the Experts (panel)

Speakers: Jeff Howington, Rockwell Collins – FACE Steering Committee Vice-Chair; Kirk Avery, Lockheed Martin – FACE Technical Working Group Vice-Chair; Dennis Stevens, Lockheed Martin, FACE Business Chair; Chip Downing, Wind River – FACE Business Working Group Outreach Lead

Moderator: Judy Cerenzia, FACE Program Director

Date: Wednesday, October 24

Time: 4:00-5:00 p.m. UTC / 10:00-11:00 a.m. ET

Link: https://new.livestream.com/opengroup/Downing-BC12

 

We hope you we see you either in Barcelona or online during one of the Livestreaming sessions!

For more information on The Open Group Barcelona Conference, please visit: http://www.opengroup.org/barcelona2012.

Comments Off

Filed under Conference

SOA Provides Needed Support for Enterprise Architecture in Cloud, Mobile, Big Data, Says Open Group Panel

By Dana Gardner, BriefingsDirect

There’s been a resurgent role for service-oriented architecture (SOA) as a practical and relevant ingredient for effective design and use of Cloud, mobile, and big data technologies.

To find out why, The Open Group recently gathered an international panel of experts to explore the concept of “architecture is destiny,” especially when it comes to hybrid services delivery and management. The panel shows how SOA is proving instrumental in allowing the needed advancements over highly distributed services and data, when it comes to scale, heterogeneity support, and governance.

The panel consists of Chris Harding, Director of Interoperability at The Open Group, based in the UK; Nikhil Kumar, President of Applied Technology Solutions and Co-Chair of the SOA Reference Architecture Projects within The Open Group, and he’s based in Michigan, and Mats Gejnevall, Enterprise Architect at Capgemini and Co-Chair of The Open Group SOA Work Group, and he’s based in Sweden. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.

The full podcast can be found here.

Here are some excerpts:

Gardner: Why this resurgence in the interest around SOA?

Harding: My role in The Open Group is to support the work of our members on SOA, Cloud computing, and other topics. We formed the SOA Work Group back in 2005, when SOA was a real emerging hot topic, and we set up a number of activities and projects. They’re all completed.

I was thinking that the SOA Work Group would wind down, move into maintenance mode, and meet once every few months or so, but we still get a fair attendance at our regular web meetings.

In fact, we’ve started two new projects and we’re about to start a third one. So, it’s very clear that there is still an interest, and indeed a renewed interest, in SOA from the IT community within The Open Group.

Larger trends

Gardner: Nikhil, do you believe that this has to do with some of the larger trends we’re seeing in the field, like Cloud Software as a Service (SaaS)? What’s driving this renewal?

Kumar: What I see driving it is three things. One is the advent of the Cloud and mobile, which requires a lot of cross-platform delivery of consistent services. The second is emerging technologies, mobile, big data, and the need to be able to look at data across multiple contexts.

The third thing that’s driving it is legacy modernization. A lot of organizations are now a lot more comfortable with SOA concepts. I see it in a number of our customers. I’ve just been running a large Enterprise Architecture initiative in a Fortune 500 customer.

At each stage, and at almost every point in that, they’re now comfortable. They feel that SOA can provide the ability to rationalize multiple platforms. They’re restructuring organizational structures, delivery organizations, as well as targeting their goals around a service-based platform capability.

So legacy modernization is a back-to-the-future kind of thing that has come back and is getting adoption. The way it’s being implemented is using RESTful services, as well as SOAP services, which is different from traditional SOA, say from the last version, which was mostly SOAP-driven.

Gardner: Mats, do you think that what’s happened is that the marketplace and the requirements have changed and that’s made SOA more relevant? Or has SOA changed to better fit the market? Or perhaps some combination?

Gejnevall: I think that the Cloud is really a service delivery platform. Companies discover that to be able to use the Cloud services, the SaaS things, they need to look at SOA as their internal development way of doing things as well. They understand they need to do the architecture internally, and if they’re going to use lots of external Cloud services, you might as well use SOA to do that.

Also, if you look at the Cloud suppliers, they also need to do their architecture in some way and SOA probably is a good vehicle for them. They can use that paradigm and also deliver what the customer wants in a well-designed SOA environment.

Gardner: Let’s drill down on the requirements around the Cloud and some of the key components of SOA. We’re certainly seeing, as you mentioned, the need for cross support for legacy, Cloud types of services, and using a variety of protocol, transports, and integration types. We already heard about REST for lightweight approaches and, of course, there will still be the need for object brokering and some of the more traditional enterprise integration approaches.

This really does sound like the job for an Enterprise Service Bus (ESB). So let’s go around the panel and look at this notion of an ESB. Some people, a few years back, didn’t think it was necessary or a requirement for SOA, but it certainly sounds like it’s the right type of functionality for the job.

Loosely coupled

Harding: I believe so, but maybe we ought to consider that in the Cloud context, you’re not just talking about within a single enterprise. You’re talking about a much more loosely coupled, distributed environment, and the ESB concept needs to take account of that in the Cloud context.

Gardner: Nikhil, any thoughts about how to manage this integration requirement around the modern SOA environment and whether ESBs are more or less relevant as a result?

Kumar: In the context of a Cloud we really see SOA and the concept of service contracts coming to the fore. In that scenario, ESBs play a role as a broker within the enterprise. When we talk about the interaction across Cloud-service providers and Cloud consumers, what we’re seeing is that the service provider has his own concept of an ESB within its own internal context.

If you want your Cloud services to be really reusable, the concept of the ESB then becomes more for the routing and the mediation of those services, once they’re provided to the consumer. There’s a kind of separation of concerns between the concept of a traditional ESB and a Cloud ESB, if you want to call it that.

The Cloud context involves more of the need to be able to support, enforce, and apply governance concepts and audit concepts, the capabilities to ensure that the interaction meets quality of service guarantees. That’s a little different from the concept that drove traditional ESBs.

That’s why you’re seeing API management platforms like Layer 7Mashery, or Apigee and other kind of product lines. They’re also coming into the picture, driven by the need to be able to support the way Cloud providers are provisioning their services. As Chris put it, you’re looking beyond the enterprise. Who owns it? That’s where the role of the ESB is different from the traditional concept.

Most Cloud platforms have cost factors associated with locality. If you have truly global enterprises and services, you need to factor in the ability to deal with safe harbor issues and you need to factor in variations and law in terms of security governance.

The platforms that are evolving are starting to provide this out of the box. The service consumer or a service provider needs to be able to support those. That’s going to become the role of their ESB in the future, to be able to consume a service, to be able to assert this quality-of-service guarantee, and manage constraints or data-in-flight and data-at-rest.

Gardner: Mats, are there other aspects of the concept of ESB that are now relevant to the Cloud?

Entire stack

Gejnevall: One of the reasons SOA didn’t really take off in many organizations three, four, or five years ago was the need to buy the entire stack of SOA products that all the consultancies were asking companies to buy, wanting them to buy an ESB, governance tools, business process management tools, and a lot of sort of quite large investments to just get your foot into the door of doing SOA.

These days you can buy that kind of stuff. You can buy the entire stack in the Cloud and start playing with it. I did some searches on it today and I found a company that you can play with the entire stack, including business tools and everything like that, for zero dollars. Then you can grow and use more and more of it in your business, but you can start to see if this is something for you.

In the past, the suppliers or the consultants told you that you could do it. You couldn’t really try it out yourself. You needed both the software and the hardware in place. The money to get started is much lower today. That’s another reason people might be thinking about it these days.

Gardner: It sounds as if there’s a new type of on-ramp to SOA values, and the componentry that supports SOA is now being delivered as a service. On top of that, you’re also able to consume it in a pay-as-you-go manner.

Harding: That’s a very good point, but there are two contradictory trends we are seeing here. One is the kind of trend that Mats is describing, where the technology you need to handle a complex stack is becoming readily available in the Cloud.

And the other is the trend that Nikhil mentioned: to go for a simpler style, which a lot of people term REST, for accessing services. It will be interesting to see how those two tendencies play out against each other.

Kumar: I’d like to make a comment on that. The approach for the on-ramp is really one of the key differentiators of the Cloud, because you have the agility and the lack of capital investment (CAPEX) required to test things out.

But as we are evolving with Cloud platforms, I’m also seeing with a lot of Platform-as-a-Service (PaaS) vendor scenarios that they’re trying the ESB in the stack itself. They’re providing it in their Cloud fabric. A couple of large players have already done that.

For example, Azure provides that in the forward-looking vision. I am sure IBM and Oracle have already started down that path. A lot of the players are going to provide it as a core capability.

Pre-integrated environment

Gejnevall: Another interesting thing is that they could get a whole environment that’s pre-integrated. Usually, when you buy these things from a vendor, a lot of times they don’t fit together that well. Now, there’s an effort to make them work together.

But some people put these open-source tools together. Some people have done that and put them out on the Cloud, which gives them a pretty cheap platform for themselves. Then, they can sell it at a reasonable price, because of the integration of all these things.

Gardner: The Cloud model may be evolving toward an all-inclusive offering. But SOA, by its definition, advances interoperability, to plug and play across existing, current, and future sets of service possibilities. Are we talking about SOA being an important element of keeping Clouds dynamic and flexible — even open?

Kumar: We can think about the OSI 7 Layer Model. We’re evolving in terms of complexity, right? So from an interoperability perspective, we may talk SOAP or REST, for example, but the interaction with AWS, SalesforceSmartCloud, or Azure would involve using APIs that each of these platforms provide for interaction.

Lock-in

So you could have an AMI, which is an image on the Amazon Web Services environment, for example, and that could support a lab stack or an open source stack. How you interact with it, how you monitor it, how you cluster it, all of those aspects now start factoring in specific APIs, and so that’s the lock-in.

From an architect’s perspective, I look at it as we need to support proper separation of concerns, and that’s part of [The Open Group] SOA Reference Architecture. That’s what we tried to do, to be able to support implementation architectures that support that separation of concerns.

There’s another factor that we need to understand from the context of the Cloud, especially for mid-to-large sized organizations, and that is that the Cloud service providers, especially the large ones — Amazon, Microsoft, IBM — encapsulate infrastructure.

If you were to go to Amazon, Microsoft, or IBM and use their IaaS networking capabilities, you’d have one of the largest WAN networks in the world, and you wouldn’t have to pay a dime to establish that infrastructure. Not in terms of the cost of the infrastructure, not in terms of the capabilities required, nothing. So that’s an advantage that the Cloud is bringing, which I think is going to be very compelling.

The other thing is that, from an SOA context, you’re now able to look at it and say, “Well, I’m dealing with the Cloud, and what all these providers are doing is make it seamless, whether you’re dealing with the Cloud or on-premise.” That’s an important concept.

Now, each of these providers and different aspects of their stacks are at significantly different levels of maturity. Many of these providers may find that their stacks do not interoperate with themselves either, within their own stacks, just because they’re using different run times, different implementations, etc. That’s another factor to take in.

From an SOA perspective, the Cloud has become very compelling, because I’m dealing, let’s say, with a Salesforce.com and I want to use that same service within the enterprise, let’s say, an insurance capability for Microsoft Dynamics or for SugarCRM. If that capability is exposed to one source of truth in the enterprise, you’ve now reduced the complexity and have the ability to adopt different Cloud platforms.

What we are going to start seeing is that the Cloud is going to shift from being just one à-la-carte solution for everybody. It’s going to become something similar to what we used to deal with in the enterprise context. You had multiple applications, which you service-enabled to reduce complexity and provide one service-based capability, instead of an application-centered approach.

You’re now going to move the context to the Cloud, to your multiple Cloud solutions, and maybe many implementations in a nontrivial environment for the same business capability, but they are now exposed to services in the enterprise SOA. You could have Salesforce. You could have Amazon. You could have an IBM implementation. And you could pick and choose the source of truth and share it.

So a lot of the core SOA concepts will still apply and are still applying.

Another on-ramp

Gardner: Perhaps yet another on-ramp to the use of SOA is the app store, which allows for discovery, socialization of services, but at the same time provides overnance and control?

Kumar: We’re seeing that with a lot of our customers, typically the vendors who support PaaS solution associate app store models along with their platform as a mechanism to gain market share.

The issue that you run into with that is, it’s okay if it’s on your cellphone or on your iPad, your tablet PC, or whatever, but once you start having managed apps, for example Salesforce, or if you have applications which are being deployed on an Azure or on a SmartCloud context, you have high risk scenario. You don’t know how well architected that application is. It’s just like going and buying an enterprise application.

When you deploy it in the Cloud, you really need to understand the Cloud PaaS platform for that particular platform to understand the implications in terms of dependencies and cross-dependencies across apps that you have installed. They have real practical implications in terms of maintainability and performance. We’ve seen that with at least two platforms in the last six months.

Governance becomes extremely important. Because of the low CAPEX implications to the business, the business is very comfortable with going and buying these applications and saying, “We can install X, Y, or Z and it will cost us two months and a few million dollars and we are all set.” Or maybe it’s a few hundred thousand dollars.

They don’t realize the implications in terms of interoperability, performance, and standard architectural quality attributes that can occur. There is a governance aspect from the context of the Cloud provisioning of these applications.

There is another aspect to it, which is governance in terms of the run-time, more classic SOA governance, to measure, assert, and to view the cost of these applications in terms of performance to your infrastructural resources, to your security constraints. Also, are there scenarios where the application itself has a dependency on a daisy chain, multiple external applications, to trace the data?

In terms of the context of app stores, they’re almost like SaaS with a particular platform in mind. They provide the buyer with certain commitments from the platform manager or the platform provider, such as security. When you buy an app from Apple, there is at least a reputational expectation of security from the vendor.

What you do not always know is if that security is really being provided. There’s a risk there for organizations who are exposing mission-critical data to that.

The second thing is there is still very much a place for the classic SOA registries and repositories in the Cloud. Only the place is for a different purpose. Those registries and repositories are used either by service providers or by consumers to maintain the list of services they’re using internally.

Different paradigms

There are two different paradigms. The app store is a place where I can go and I know that the gas I am going to get is 85 percent ethanol, versus I also have to maintain some basic set of goods at home to make that I have my dinner on time. These are different kind of roles and different kind of purposes they’re serving.

Above all, I think the thing that’s going to become more and more important in the context of the Cloud is that the functionality will be provided by the Cloud platform or the app you buy, but the governance will be a major IT responsibility, right from the time of picking the app, to the time of delivering it, to the time of monitoring it.

Gardner: How is The Open Group allowing architects to better exercise SOA principles, as they’re grappling with some of these issues around governance, hybrid services delivery and management, and the use and demand in their organizations to start consuming more Cloud services?

Harding: The architect’s primary concern, of course, has to be to meet the needs of the client and to do so in a way that is most effective and that is cost-effective. Cloud gives the architect a usability to go out and get different components much more easily than hitherto.

There is a problem, of course, with integrating them and putting them together. SOA can provide part of the solution to that problem, in that it gives a principle of loosely coupled services. If you didn’t have that when you were trying to integrate different functionality from different places, you would be in a real mess.

What The Open Group contributes is a set of artifacts that enable the architect to think through how to meet the client’s needs in the best way when working with SOA and Cloud.

For example, the SOA Reference Architecture helps the architect understand what components might be brought into the solution. We have the SOA TOGAF Practical Guide, which helps the architect understand how to use TOGAF® in the SOA context.

We’re working further on artifacts in the Cloud space, the Cloud Computing Reference Architecture, a notational language for enabling people to describe Cloud ecosystems on recommendations for Cloud interoperability and portability. We’re also working on recommendations for Cloud governance to complement the recommendations for SOA governance, the SOA Governance Framework Standards that we have already produced, and a number of other artifacts.

The Open Group’s real role is to support the architect and help the architect to better meet the needs of the architect client.

From the very early days, SOA was seen as bringing a closer connection between the business and technology. A lot of those promises that were made about SOA seven or eight years ago are only now becoming possible to fulfill, and that business front is what that project is looking at.

We’re also producing an update to the SOA Reference Architectures. We have input the SOA Reference Architecture for consideration by the ISO Group that is looking at an International Standard Reference Architecture for SOA and also to the IEEE Group that is looking at an IEEE Standard Reference Architecture.

We hope that both of those groups will want to work along the principles of our SOA Reference Architecture and we intend to produce a new version that incorporates the kind of ideas that they want to bring into the picture.

We’re also thinking of setting up an SOA project to look specifically at assistance to architects building SOA into enterprise solutions.

So those are three new initiatives that should result in new Open Group standards and guides to complement, as I have described already, the SOA Reference Architecture, the SOA Governance Framework, the Practical Guides to using TOGAF for SOA.

We also have the Service Integration Maturity Model that we need to assess the SOA maturity. We have a standard on service orientation applied to Cloud infrastructure, and we have a formal SOA Ontology.

Those are the things The Open Group has in place at present to assist the architect, and we are and will be working on three new things: version 2 of the Reference Architecture for SOA, SOA for business technology, and I believe shortly we’ll start on assistance to architects in developing SOA solutions.

Dana Gardner is the Principal Analyst at Interarbor Solutions, which identifies and interprets the trends in Services-Oriented Architecture (SOA) and enterprise software infrastructure markets. Interarbor Solutions creates in-depth Web content and distributes it via BriefingsDirect™ blogs, podcasts and video-podcasts to support conversational education about SOA, software infrastructure, Enterprise 2.0, and application development and deployment strategies.

Comments Off

Filed under Cloud, Cloud/SOA, Service Oriented Architecture

Snapshots of Spain: The Open Group Conference Photo Contest

By The Open Group Conference Team

You’ve all seen the great photos our members produce during conferences, and as The Open Group Conference in Barcelona draws closer, it’s no surprise that we will be hosting the photo contest once again. The prize? A free pass to attend any one of the Open Group conferences in 2013!

Many of you are already familiar with the photo contest from previous conferences, but here are the details for those of you need a short refresher:

We will have two categories for this conference – which means you have two chances to win:

  • The Modernista Award for any photo taken in and around Barcelona.
  • Best of Barcelona Conference for any photo taken during the conference. This includes photos of any of the conference sessions, candid photos of Open Group members.

Similar to previous contests, all photos will be uploaded to The Open Group’s Facebook page, where members and Open Group Facebook fans can vote by “liking” a photo. Photos with the most “likes” in each category will be named the winner. Submissions will be uploaded in real-time, so the sooner you submit a photo, the more time members and fans will have to vote for it!

Conference attendees are free to participate, and winners of each category will receive a free conference pass to any global Open Group conference over the next year – an over $1,000/€ 900 value!

All photos must be submitted via email to photo@opengroup.org or via Twitter with the #ogPhoto hashtag. Please include your full name and the photo’s category upon submission. The submission period will end on Sunday, October 28 at 10:00 p.m. PT, with voting ending on Friday, November 2 at noon PT. The winners will be announced during the afternoon on Friday, November 2.

Below are the photo contest winners of the Washington, D.C. conference, which was held in July 2012:

Best of Washington, D.C.: Reflections of the Capital – by Jude Umeh

Capital City Award: Fun at a Local Pub – by Ron Schuldt

If you have any questions, please email kdene (at) bateman-group.com.

1 Comment

Filed under Conference

How the Operating System Got Graphical

By Dave Lounsbury, The Open Group

The Open Group is a strong believer in open standards and our members strive to help businesses achieve objectives through open standards. In 1995, under the auspices of The Open Group, the Common Desktop Environment (CDE) was developed and licensed for use by HP, IBM, Novell and Sunsoft to make open systems desktop computers as easy to use as PCs.

CDE is a single, standard graphical user interface for managing data, files, and applications on an operating system. Both application developers and users embraced the technology and approach because it provided a simple and common approach to accessing data and applications on network. With a click of a mouse, users could easily navigate through the operating system – similar to how we work on PCs and Macs today.

It was the first successful attempt to standardize on a desktop GUI on multiple, competing platforms. In many ways, CDE is responsible for the look, feel, and functionality of many of the popular operating systems used today, and brings distributed computing capabilities to the end user’s desktop.

The Open Group is now passing the torch to a new CDE community, led by CDE suppliers and users such as Peter Howkins and Jon Trulson.

“I am grateful that The Open Group decided to open source the CDE codebase,” said Jon Trulson. “This technology still has its fans and is very fast and lightweight compared to the prevailing UNIX desktop environments commonly in use today. I look forward to seeing it grow.”

The CDE group is also releasing OpenMotif, which is the industry standard graphical interface that standardizes application presentation on open source operating systems such as Linux. OpenMotif is also the base graphical user interface toolkit for the CDE.

The Open Group thanks these founders of the new CDE community for their dedication and contribution to carrying this technology forward. We are delighted this community is moving forward with this project and look forward to the continued growth in adoption of this important technology.

For those of you who are interested in learning more about the CDE project and would like to get involved, please see http://sourceforge.net/projects/cdesktopenv.

Dave LounsburyDave Lounsbury is The Open Group‘s Chief Technology Officer, previously VP of Collaboration Services.  Dave holds three U.S. patents and is based in the U.S.

Comments Off

Filed under Standards

#ogChat Summary – The Future of BYOD

By Patty Donovan, The Open Group

With over 400 tweets flying back and forth, last week’s BYOD Tweet Jam (#ogChat) saw a fast-paced, lively discussion on the future of the bring your own device (BYOD) trend and its implications in the enterprise. In case you missed the conversation, here’s a recap of last week’s #ogChat!

There were a total of 29 participants including:

Here is a high-level a snapshot of yesterday’s #ogChat:

Q1 What are the quantifiable benefits of BYOD? What are the major risks of #BYOD, and do these risks outweigh the benefits? #ogChat

Participants generally agreed that the main risk of BYOD is data security and benefits include cost and convenience.

  • @MobileGalen Data policy is core because that’s where the real value is in business. Affects access and intrusion/hacking of course secondarily #ogChat
  • @technodad Q1 #BYOD transcends time/space boundaries – necessary for a global business. #ogChat
  • @AWildCSO Q1 Risks: Risk to integrity and availability of corporate IT systems – malware into enterprise from employee owned devices #ogChat

Q2 What are the current security issues with #BYOD, and how should organizations go about securing those devices? #ogChat

The most prominent issue discussed was who owns the responsibility of security. Many couldn’t agree on whether responsibility fell on the user or the organization.

  • @AWildCSO Q2: Main issue is the confidentiality of data. Not a new issue, has been around a while, especially since the advent of networking. #ogChat
  • @cebess .@ MobileGalen Right — it’s about the data not the device. #ogChat
  • @AppsTechNews Q2 Not knowing who’s responsible? Recent ITIC/KnowBe4 survey: 37% say corporation responsible for #BYOD security; 39% say end user #ogChat
  • @802dotchris @MobileGalen there’s definitiely a “golden ratio” of fucntionality to security and controls @IDGTechTalk #ogChat
  • @MobileGalen #ogChat Be careful about looking for mobile mgmt tools as your fix. Most are about disablement not enablement. Start w enable, then protect.

Q3 How can an organization manage corporate data on employee owned devices, while not interfering with data owned by an employee? #ogChat

Most participants agreed that securing corporate data is a priority but were stumped when it came to maintaining personal data privacy. Some suggested that organizations will have no choice but to interfere with personal data, but all agreed that no matter what the policy, it needs to be clearly communicated to employees.

  • @802dotchris @jim_hietala in our research, we’re seeing more companies demand app-by-app wipe or other selective methods as MDM table stakes #ogChat
  • @AppsTechNews Q3 Manage the device, manage & control apps running on it, and manage data within those apps – best #BYOD solutions address all 3 #ogChat
  • @JonMoger @theopengroup #security #ogChat #BYOD is a catalyst for a bigger trend driven by cultural shift that affects HR, legal, finance, LOB.
  • @bobegan I am a big believer in people, and i think most employees feel that they own a piece of corporate policy #ogChat
  • @mobilityofficer @theopengroup Q3: Sometimes you have no choice but to interfere with private data but you must communicate that to employees #ogChat

Q4 How does #BYOD contribute to the creation or use of #BigData in the enterprise? What role does #BYOD play in #BigData strategy? #ogChat

Participants exchanged opinions on the relationship between BYOD and Big Data, leaving much room for future discussion.

  • @technodad Q4 #bigdata created by mobile, geotgged, realtime apps is gold dust for business analytics & marketing. Smart orgs will embrace it. #ogChat
  • @cebess .@ technodad Context is king. The device in the field has quite a bit of contextual info. #ogChat
  • @bobegan @cebess Right, a mobile strategy, including BYOD is really about information supply chain managment. Must include many audiences #ogChat

Q5 What best practices can orgs implement to provide #BYOD flexibility and also maintain control and governance over corporate data? #ogChat

When discussing best practices, it became clear that no matter what, organizations must educate employees and be consistent with business priorities. Furthermore, if data is precious, treat it that way.

  • @AWildCSO Q5: Establish policies and processes for the classification, ownership and custodianship of information assets. #ogChat
  • @MobileGalen #ogChat: The more precious your info, the less avail it should be, BYOD or not. Use containered apps for sensitive, local access for secret
  • @JonMoger @theopengroup #BYOD #ogChat 1. Get the right team to own 2. Educate mgmt on risks & opps 3. Set business priorities 4. Define policies

Q6 How will organizations embrace or reject #BYOD moving forward? Will they have a choice or will employees dictate use? #ogChat

While understanding the security risks, most participants embraced BYOD as a big trend that will eventually become the standard moving forward.

A big thank you to all the participants who made this such a great discussion!

Patricia Donovan is Vice President, Membership & Events, at The Open Group and a member of its executive management team. In this role she is involved in determining the company’s strategic direction and policy as well as the overall management of that business area. Patricia joined The Open Group in 1988 and has played a key role in the organization’s evolution, development and growth since then. She also oversees the company’s marketing, conferences and member meetings. She is based in the U.S.

Comments Off

Filed under Tweet Jam

PODCAST: The Open Group FACE™ Consortium is Providing the Future of Airborne Systems

By The Open Group Staff

Recently, Judy Cerenzia, director of The Open Group Future Airborne Capability Environment (FACE™) Consortium sat down with Defense IQ to talk about FACE and its support for open architectures. The interview is in conjunction with the Interoperable Open Architecture (IOA) Conference taking place in London from October 29 31, 2012.

In the podcast interview, Judy talks about the FACE Consortium, an aviation-focused professional group made up of U.S. industry suppliers, customers and users, and its work to create a technologically appropriate open FACE reference architecture, standards and business models that point the way to the warfighter of tomorrow. Judy also discusses the evolution of FACE standards and business guidelines and what that means to the marketplace.

About IOA 2012

The IOA Conference will take place October 29-31, 2012 in London. The conference looks to make open systems truly open by empowering attendees to base future platforms architectures on publically available standards. More information about IOA is available on its website, and registration is available here.

Comments Off

Filed under Conference, FACE™

Take a Lesson from History to Integrate to the Cloud

By E.G. Nadhan, HP

In an earlier post for The Open Group Blog on the Top 5 tell-tale signs of SOA evolving to the Cloud, I had outlined the various characteristics of SOA that serve as a foundation for the cloud computing paradigm.  Steady growth of service oriented practices and the continued adoption of cloud computing across enterprises has resulted in the need for integrating out to the cloud.  When doing so, we must take a look back in time at the evolution of integration solutions starting with point-to-point solutions maturing to integration brokers and enterprise services buses over the years.  We should take a lesson from history to ensure that this time around, when integrating to the cloud, we prevent undue proliferation of point-to-point solutions across the extended enterprise.

We must exercise the same due-diligence and governance as is done for services within the enterprise. There is an increased risk of point-to-point solutions proliferating because of consumerization of IT and the ease of availability of such services to individual business units.

Thus, here are 5 steps that need to be taken to ensure a more systemic approach when integrating to cloud-based service providers.

  1. Extend your SOA strategy to the Cloud. Review your current SOA strategy and extend this to accommodate cloud based as-a-service providers.
  2. Extend Governance around Cloud Services.   Review your existing IT governance and SOA governance processes to accommodate the introduction and adoption of cloud based as-a-service providers.
  3. Identify Cloud based Integration models. It is not a one-size fits all. Therefore multiple integration models could apply to the cloud-based service provider depending upon the enterprise integration architecture. These integration models include a) point-to-point solutions, b) cloud to on-premise ESB and c) cloud based connectors that adopt a service centric approach to integrate cloud providers to enterprise applications and/or other cloud providers.
  4. Apply right models for right scenarios. Review the scenarios involved and apply the right models to the right scenarios.
  5. Sustain and evolve your services taxonomy. Provide enterprise-wide visibility to the taxonomy of services – both on-premise and those identified for integration with the cloud-based service providers. Continuously evolve these services to integrate to a rationalized set of providers who cater to the integration needs of the enterprise in the cloud.

The biggest challenge enterprises have in driving this systemic adoption of cloud-based services comes from within its business units. Multiple business units may unknowingly avail the same services from the same providers in different ways. Therefore, enterprises must ensure that such point-to-point integrations do not proliferate like they did during the era preceding integration brokers.

Enterprises should not let history repeat itself when integrating to the cloud by adopting service-oriented principles.

How about your enterprise? How are you going about doing this? What is your approach to integrating to cloud service providers?

A version of this post was originally published on HP’s Enterprise Services Blog.

HP Distinguished Technologist and Cloud Advisor, E.G.Nadhan has over 25 years of experience in the IT industry across the complete spectrum of selling, delivering and managing enterprise level solutions for HP customers. He is the founding co-chair for The Open Group SOCCI project and is also the founding co-chair for the Open Group Cloud Computing Governance project. Twitter handle @NadhanAtHP.

1 Comment

Filed under Cloud, Cloud/SOA

The Open Group Barcelona Conference – Early Bird Registration ends September 21

By The Open Group Conference Team

Early Bird registration for The Open Group Conference in Barcelona ends September 21. Register now and save!

The conference runs October 22-24, 2012. On Monday, October 22, the plenary theme is “Big Data – The Next Frontier in the Enterprise,” and speakers will address the challenges and solutions facing Enterprise Architecture within the context of the growth of Big Data. Topics to be explored include:

  • How does an enterprise adopt the means to contend with Big Data within its information architecture?
  • How does Big Data enable your business architecture?
  • What are the issues concerned with real-time analysis of the data resources on the cloud?
  • What are the information security challenges in the world of outsourced and massively streamed data analytics?
  • What is the architectural view of security for cloud computing? How can you take a risk-based approach to cloud security?

Plenary speakers include:

  • Peter Haviland, head of Business Architecture, Ernst & Young
  • Ron Tolido, CTO of Application Services in Europe, Capgemini; and Manuel Sevilla, chief technical officer, Global Business Information Management, Capgemini
  • Scott Radeztsky, chief technical officer, Deloitte Analytics Innovation Centers
  • Helen Sun, director of Enterprise Architecture, Oracle

On Tuesday, October 23, Dr. Robert Winter, Institute of Information Management, University of St. Gallen, Switzerland, will kick off the day with a keynote on EA Management and Transformation Management.

Tracks include:

  • Practice-driven Research on Enterprise Transformation (PRET)
  • Trends in Enterprise Architecture Research (TEAR)
  • TOGAF® and ArchiMate® Case Studies
  • Information Architecture
  • Distributed Services Architecture
  • Holistic Enterprise Architecture Workshop
  • Business Innovation & Technical Disruption
  • Security Architecture
  • Big Data
  • Cloud Computing for Business
  • Cloud Security and Cloud Architecture
  • Agile Enterprise Architecture
  • Enterprise Architecture and Business Value
  • Setting Up A Successful Enterprise Architecture Practice

For more information or to register: http://www.opengroup.org/barcelona2012/registration

Comments Off

Filed under Conference

Challenges to Building a Global Identity Ecosystem

By Jim Hietala and Ian Dobson, The Open Group

In our five identity videos from the Jericho Forum, a forum of The Open Group:

  • Video #1 explained the “Identity First Principles” – about people (or any entity) having a core identity and how we all operate with a number of personas.
  • Video #2 “Operating with Personas” explained how we use a digital core identifier to create digital personas –as many as we like – to mirror the way we use personas in our daily lives.
  • Video #3 described how “Trust and Privacy interact to provide a trusted privacy-enhanced identity ecosystem.
  • Video #4 “Entities and Entitlement” explained why identity is not just about people – we must include all entities that we want to identify in our digital world, and how “entitlement” rules control access to resources.

In this fifth video – Building a Global Identity Ecosystem – we highlight what we need to change and develop to build a viable identity ecosystem.

The Internet is global, so any identity ecosystem similarly must be capable of being adopted and implemented globally.

This means that establishing a trust ecosystem is essential to widespread adoption of an identity ecosystem. To achieve this, an identity ecosystem must demonstrate its architecture is sufficiently robust to scale to handle the many billions of entities that people all over the world will want, not only to be able to assert their identities and attributes, but also to handle the identities they will also want for all their other types of entities.

It also means that we need to develop an open implementation reference model, so that anyone in the world can develop and implement interoperable identity ecosystem identifiers, personas, and supporting services.

In addition, the trust ecosystem for asserting identities and attributes must be robust, to allow entities to make assertions that relying parties can be confident to consume and therefore use to make risk-based decisions. Agile roots of trust are vital if the identity ecosystem is to have the necessary levels of trust in entities, personas and attributes.

Key to the trust in this whole identity ecosystem is being able to immutably (enduringly and changelessly) link an entity to a digital Core Identifier, so that we can place full trust in knowing that only the person (or other type of entity) holding that Core Identifier can be the person (or other type of entity) it was created from, and no-one or thing can impersonate it. This immutable binding must be created in a form that guarantees the binding and include the interfaces necessary to connect with the digital world.  It should also be easy and cost-effective for all to use.

Of course, the cryptography and standards that this identity ecosystem depends on must be fully open, peer-reviewed and accepted, and freely available, so that all governments and interested parties can assure themselves, just as they can with AES encryption today, that it’s truly open and there are no barriers to implementation. The technologies needed around cryptography, one-way trusts, and zero-knowledge proofs, all exist today, and some of these are already implemented. They need to be gathered into a standard that will support the required model.

Adoption of an identity ecosystem requires a major mindset change in the thinking of relying parties – to receive, accept and use trusted identities and attributes from the identity ecosystem, rather than creating, collecting and verifying all this information for themselves. Being able to consume trusted identities and attributes will bring significant added value to relying parties, because the information will be up-to-date and from authoritative sources, all at significantly lower cost.

Now that you have followed these five Identity Key Concepts videos, we encourage you to use our Identity, Entitlement and Access (IdEA) commandments as the test to evaluate the effectiveness of all identity solutions – existing and proposed. The Open Group is also hosting an hour-long webinar that will preview all five videos and host an expert Q&A shortly afterward on Thursday, August 16.

Jim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT security and risk management programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

 

Ian Dobson is the director of the Security Forum and the Jericho Forum for The Open Group, coordinating and facilitating the members to achieve their goals in our challenging information security world.  In the Security Forum, his focus is on supporting development of open standards and guides on security architectures and management of risk and security, while in the Jericho Forum he works with members to anticipate the requirements for the security solutions we will need in future.

1 Comment

Filed under Identity Management, Uncategorized