Category Archives: Accreditations

The Open Group Austin 2016 Event Highlights

By Loren K. Baynes, Director, Global Marketing Communications, The Open Group

During the week of July 18th, The Open Group hosted over 200  attendees from 12 countries at the Four Seasons hotel on the beautiful banks of Lady Bird Lake in Austin, Texas, USA.

On Monday, July 18, Steve Nunn, President and CEO of The Open Group, welcomed the audience and set the stage for all the great upcoming speakers and content.

Steve’s remarks included the recent release of the Open Business Architecture (O-BA) Preliminary Standard Part I to Support Business Transformation.  This is the first in a series of installments that will help Business Architects get to grips with transformation initiatives and manage the demands of key stakeholders within the organization. Steve also referenced William Ulrich, President, Business Architecture Guild, who consulted on the development of the standard.

The plenary began with Jeff Scott, President, Business Innovation Partners, with his presentation “The Future of Business Architecture, Challenges and Opportunities”.  Jeff stated some interesting facts, which included noting that Architects are among the best and brightest members of our organizations.  He also stated that Business Architects need support from a wide group of senior managers, not just the CEO. The ultimate goal of Business Architecture is not to model the organization but to unlock organizational capacity and move forward.

By Loren K. Baynes

Jeff Scott

The Business Architecture (BA) theme continued with Aaron Rorstrom, Principal Enterprise Architect, Capgemini.  Aaron further elaborated on The Open Business Architecture (O-BA) Standard.  The O-BA Standard provides guidance to companies for establishing BA practice and addresses three transformation challenges: consistent communication, alignment and governance, systemic nature.

The sessions were followed by Q&A moderated by Steve Nunn.

Up next was “ArchiMate® 3.0 – A New Standard for Architecture” with Marc Lankhorst, Managing Consultant and Service Line Manager, Enterprise Architect, BiZZdesign and Iver Band, Enterprise Architect, Cambia Health Solutions.

Marc and Iver discussed practical experiences and a Healthcare case study, which included a discussion on personal health and wellness websites.

ArchiMate®, an Open Group standard, provides a language with concepts to describe architectures; a framework to organize these concepts; a graphical notation for these concepts; a vision on visualizations for different stakeholders. ArchiMate 3.0 has recently been released due to: the increasing demand for relating Enterprise Architecture (EA) to business strategy; technology innovations that mix IT and physical world; usage in new domains (i.e. manufacturing, healthcare, retail); improved consistency and comprehensibility; improved alignment between Open Group standards, notably TOGAF®.

The final session of Monday’s plenary featured a panel on “Architecture Standards Development” with Marc Lankhorst, Iver Band, Mike Lambert (Fellow of The Open Group) and Harry Hendrickx (Business Architect, Hewlett Packard Enterprise).  Moderated by Chris Forde, GM, Asia Pacific and VP, Enterprise Architecture, The Open Group, the panel represented a diverse group of the population contributing to the development of open standards.

In the afternoon, sessions were divided into tracks – Security, ArchiMate, Open Business Architecture.

Don Bartusiak, Chief Engineer, Process Control, ExxonMobil Research & Engineering presented “Security in Industrial Controls – Bringing Open Standards to Process Control Systems”.  Don went into detail on the Breakthrough R&D project which is designed to make step-change improvement to reduce cost to replace and to increase value generation via control system.  ExxonMobil is working with The Open Group and others to start-up a consortium of end user companies, system integrators, suppliers, and standards organizations for sustained success of the architecture.

Also featured was “Applying Open FAIR in Industrial Control System Risk Scenarios” by Jim Hietala, VP, Business Development and Security, The Open Group.  The focus of ICS systems is reliability and safety.  Jim also shared some scenarios of recent real life cyberattacks.

The evening concluded with guests enjoying a lively networking reception at the Four Seasons.

Day two on Tuesday, July 19 kicked off the Open Source/Open Standards day with a discussion between Steve Nunn and Andras Szakal, VP & CTO, IBM U.S. Federal. Steve and Andras shared their views on Executable Standards: convergence of creation of open source and innovation standards; the difference between Executable Standards and traditional standards (i.e. paper standards); emergence of open source; ensuring interoperability and standardization becomes more effective of time. They further explored open technology as driving the software defined enterprise with SOA, social, Open Cloud architecture, e-Business, mobile, big data & analytics, and dynamic cloud.

A panel session continued the conversation on Open Standards and Open Source.  The panel was moderated by Dave Lounsbury, CTO and VP, Services for The Open Group.  Panelists were Phil Beauvoir, Archi Product Manager, Consultant; John Stough, Senior Software Architect, JHNA, Inc.; Karl Schopmeyer, Independent Consultant and representing Executable Standards activity in The Open Group.  Topics included describing Archi, Future Airborne Capability Environment (FACE™, a consortium of The Open Group) and OpenPegasus™, an open-source implementation of the DMTF, CIM and WBEM standards.

The Open Group solves business problems with the development and use of open standards.  Interoperability is key.  Generally, no big barriers exist, but there are some limitations and those must be realized and understood.

Steve presented Karl with a plaque in recognition of his outstanding leadership for over 20 years of The Open Group Enterprise Management Forum and OpenPegasus Project.

Rick Solis, IT Business Architect, ExxonMobil Global Services Co. presented “Driving IT Strategic Planning at IT4IT™ with ExxonMobil”.  Business is looking for IT to be more efficient and add value. ExxonMobil has been successfully leveraging IT4IT concepts and value chain. The IT4IT™ vision is a vendor-neutral Reference Architecture for managing the business of IT.  Rich emphasized people need to think about the value streams in the organization that add up to the business value.  Furthermore, it is key to think seamlessly across the organization.

Joanne Woytek, Program Manager for the NASA SEWP Program, NASA spoke about “Enabling Trust in the Supply Chain”.  SEWP (Solutions for Enterprise-Wide Procurement) is the second biggest IT contract in the US government.  Joanne gave a brief history of their use of standards, experience with identifying risks and goal to improve acquisition process for government and industry.

Andras Szakal again took the stage to discuss mitigating maliciously tainted and counterfeit products with standards and accreditation programs.  The Open Trusted Technology Provider™ Standard (O-TTPS) is an open standard to enhance the security of the global supply chain and the integrity of Commercial Off The Shelf (COTS) Information and Communication Technology (ICT). It has been approved as an ISO/IEC international standard.

Afternoon tracks consisted of Healthcare, IT4IT™, Open Platform 3.0™ and Professional Development.  Speakers came from organizations such as IBM, Salesforce, Huawei, HPE and Conexiam.

The evening culminated with an authentic Texas BBQ and live band at Laguna Gloria, a historic lakefront landmark with strong ties to Texas culture.

By Loren K. Baynes

The Open Group Austin 2016 at Laguna Gloria

Wednesday, July 20 was another very full day.  Tracks featured Academia Partnering, Enterprise Architecture, Open Platform 3.0 (Internet of Things, Cloud, Big Data, Smart Cities), ArchiMate®.  Other companies represented include San Jose State University, Quest Diagnostics, Boeing, Nationwide and Asurion.

The presentations are freely available only to members of The Open Group and event attendees.  For the full agenda, please click here.

In parallel with the Wednesday tracks, The Open Group hosted the third TOGAF® User Group Meeting.  The meeting is a lively, interactive, engaging discussion about TOGAF, an Open Group standard.  Steve Nunn welcomed the group and announced there are almost 58,000 people certified in TOGAF.  It is a very large community with global demand and interest.  The key motivation for offering the meeting is to hear from people who aren’t necessarily ‘living and breathing’ TOGAF. The goal is to share what has worked, hasn’t worked and meet other folks who have learned a lot from TOGAF.

Terry Blevins, Fellow of The Open Group, was the emcee.  The format was an “Oxford Style” debate with Paul Homan, Enterprise Architect, IBM and Chris Armstrong, President, Armstrong Processing Group (APG).  The Proposition Declaration: Business Architecture and Business Architects should be within the business side of an organization. Chris took the ‘pro’ position and Paul was ‘con’.

Chris believes there is no misalignment with Business and IT; business got exactly what they wanted.  Paul queried where do the Business Architectures live within the organization? BA is a business-wide asset.  There is a need to do all that in one place.

Following the debate, there was an open floor with audience questions and challenges. Questions and answers covered strategy in Architecture and role of the Architect.

The meeting also featured an ‘Ask the Experts’ panel with Chris Forde; Jason Uppal, Chief Architect, QRS; Bill Estrem, TOGAF Trainer, Metaplexity Associates; Len Fehskens, Chief Editor, Journal of Enterprise Architecture, along with Chris Armstrong and Paul.

Organizations in attendance included BMC Software, City of Austin, Texas Dept. of Transportation, General Motors, Texas Mutual Insurance, HPE, IBM.

A more detailed blog of the TOGAF User Group meeting will be forthcoming.

A special ‘thank you’ to all of our sponsors and exhibitors:  avolution, BiZZdesign, Good e-Learning, Hewlett Packard Enterprise, AEA, Orbus Software, Van Haren Publishing

@the opengroup #ogAUS

Hope to see you at The Open Group Paris 2016! #ogPARIS

By Loren K. BaynesLoren K. Baynes, Director, Global Marketing Communications, joined The Open Group in 2013 and spearheads corporate marketing initiatives, primarily the website, blog, media relations and social media. Loren has over 20 years experience in brand marketing and public relations and, prior to The Open Group, was with The Walt Disney Company for over 10 years. Loren holds a Bachelor of Business Administration from Texas A&M University. She is based in the US.

 

 

Comments Off on The Open Group Austin 2016 Event Highlights

Filed under Accreditations, ArchiMate, ArchiMate®, Association of Enterprise Architects, Business Architecture, Business Transformation, Certifications, Cloud, COTS, Cybersecurity, digital technologies, Digital Transformation, EA, enterprise architecture, Internet of Things, Interoperability, Jeff Kyle, O-TTPS, Open FAIR, Open Platform 3.0, Professional Development, Security, Standards, Steve Nunn, The Open Group Austin 2016, TOGAF®, TOGAF®

The Open Group London 2016 – Day One Highlights

By Loren K. Baynes, Director, Global Marketing Communications, The Open Group

On Monday, April 25th, The Open Group London 2016 kicked off with an opening speech from The Open Group President and CEO Steve Nunn to a packed room at the Central Hall Westminster.  The magnificent venue is just a stone’s throw from the iconic Westminster Abbey. Almost 300 guests from 27 countries around the globe have joined this exciting, informative event.

After a warm welcome and a recap of the successes of The Open Group IT4IT™ Forum to date – including the launch of the Standard and Management Guide – Steve went on to announce the launch of the IT4IT™ Certification Program.

The IT4IT Foundation Certification is now available to individuals who demonstrate knowledge and understanding of the IT4IT™ Reference Architecture, Version 2.0 standard. The first level of certification being launched provides validation that the candidate has gained knowledge of the terminology, structure, basic concepts, and understands the core principles of the IT4IT Reference Architecture and the IT Value Chain.

Monday’s plenary sessions continued the focus on  IT4IT, beginning with a presentation from Tony Price, Director, WW IT4IT Strategic Consulting, Hewlett Packard Enterprise, and Erik van Busschbach, World-Wide Chief Technologist for IT Management, HPE Software Services CTO Office, Hewlett Packard Enterprise. Erik and Tony explained how organizations can use IT4IT to move away from talking about Architecture towards discussions around business value. Every audience wants value but they all perceive this value in different ways. Tony explained the importance of contextualizing value to individuals in order for it to be effective.

By Loren K. Baynes, Director, Global Marketing Communications

Erik van Busschbach, Tony Price, Steve Nunn

The IT4IT discussion also featured a joint presentation on ‘Managing the Business of IT’ from Michael Fulton, Principal Architect, CC&C Solutions; David Hornford, Managing Partner, Conexiam; Luke Bradley, Principle Architect, Technology Shared Services Centre, Vodafone Group; David Gilmour, Director, Panastra Pte Ltd, Singapore.

The speakers went into detail about the impact IT4IT can have on an organization. Mike Fulton started with the basics of IT4IT and the Value Chain model, before going on to discuss where IT4IT fits into TOGAF®, an Open Group standard, COBIT and Agile. Luke Bradley provided insight into how IT4IT was being used at Vodafone Group, where there are four main areas of transformation – process, service model, organization, and technology. The importance of getting away from bulk renewal projects and moving towards smaller sensible building blocks was stressed by David Gilmour, who also explained how IT4IT was a “jolly good thing” for business, which raised a smile in the packed-out room.

Gunnar Menzel, Vice President & Chief Architect Officer, ‎Capgemini, came to the stage proudly displaying his medal from the London Marathon from the day before the event – many congratulations to him for a fantastic time of 03:52:15! His presentation focused on how IT4IT can help with Agile DevOps. Businesses that realize DevOps’ full potential are more agile in providing new products and services and can deliver superior quality, but enterprises often encounter difficulties due to the growing number of product choices, definitions and services.

Gunnar directed delegates to The Open Group whitepaper, ‘IT4IT™ Agile Scenario’, which was released in February 2016 and includes a DevOps definition, DevOps Maturity Model as well as a DevOps Implementation framework.

The final session before Monday’s break for lunch came from Henry Franken, CEO at BiZZdesign and chair of The ArchiMate® Forum at The Open Group. Henry presented the results of a survey looking at business transformation, noting that a “business as usual” approach is preventing effective business transformation, along with a lack of strategic design insights and a lack of organizational commitment. He explained how businesses should be taking small steps to embrace change, collaborate on change and make sure to utilize techniques to digitize change capabilities.

The afternoon saw additional tracks taking place on IT4IT, Security and Enterprise Architecture, including:

  • Trusted and Secure OpenStack Cloud, Shawn Mullen, Cloud Security Architect, IBM, US
  • Seven Reasons IT4IT™ is Good News for Architects, Daniel Warfield, Senior Enterprise Architect, CC&C Americas
  • A Future for Enterprise Architecture, Len Fehskens, Chief Editor, Association of Enterprise Architects
  • Mils Initiatives: Emerging Open Group Standards for Modular Approach to Critical Systems, Rance DeLong, Staff Scientist – EC Projects, The Open Group

Sally Long, Director of The Open Group Trusted Technology Forum (OTTF), also presented on OTTF in a session which focused on cybersecurity and supply chain risks, how the standard and the accreditation can address them, and what steps organizations can take to assure products are more secure and enterprises stay safe. The presentation was a recap of a recently recorded webinar which can be found here.

Robert Wiesman, CEO at Build the Vision Inc., took the opportunity to discuss his use of EA as a business technique to conduct Architecture-based planning for a huge business transformation.

After a full day of sessions, the first day of the London event concluded with drinks and networking at the Central Hall Westminster.

@theopengroup #ogLON

By Loren K. Baynes, Director, Global Marketing CommunicationsLoren K. Baynes, Director, Global Marketing Communications, joined The Open Group in 2013 and spearheads corporate marketing initiatives, primarily the website, blog, media relations and social media. Loren has over 20 years experience in brand marketing and public relations and, prior to The Open Group, was with The Walt Disney Company for over 10 years. Loren holds a Bachelor of Business Administration from Texas A&M University. She is based in the US.

 

Comments Off on The Open Group London 2016 – Day One Highlights

Filed under Accreditations, ArchiMate, ArchiMate®, Boundaryless Information Flow™, Certifications, digital business, Enterprise Architecture, Enterprise Transformation, interoperability, IT4IT, OTTF, standards, Steve Nunn, The Open Group London 2016, TOGAF®, TOGAF®

The Open Trusted Technology Provider™ Standard (O-TTPS) Approved as ISO/IEC International Standard

The Open Trusted Technology Provider™ Standard (O-TTPS), a Standard from The Open Group for Product Integrity and Supply Chain Security, Approved as ISO/IEC International Standard

Doing More to Secure IT Products and their Global Supply Chains

By Sally Long, The Open Group Trusted Technology Forum Director

As the Director of The Open Group Trusted Technology Forum, I am thrilled to share the news that The Open Trusted Technology Provider™ Standard – Mitigating Maliciously Tainted and Counterfeit Products (O-TTPS) v 1.1 is approved as an ISO/IEC International Standard (ISO/IEC 20243:2015).

It is one of the first standards aimed at assuring both the integrity of commercial off-the-shelf (COTS) information and communication technology (ICT) products and the security of their supply chains.

The standard defines a set of best practices for COTS ICT providers to use to mitigate the risk of maliciously tainted and counterfeit components from being incorporated into each phase of a product’s lifecycle. This encompasses design, sourcing, build, fulfilment, distribution, sustainment, and disposal. The best practices apply to in-house development, outsourced development and manufacturing, and to global supply chains.

The ISO/IEC standard will be published in the coming weeks. In advance of the ISO/IEC 20243 publication, The Open Group edition of the standard, technically identical to the ISO/IEC approved edition, is freely available here.

The standardization effort is the result of a collaboration in The Open Group Trusted Technology Provider Forum (OTTF), between government, third party evaluators and some of industry’s most mature and respected providers who came together as members and, over a period of five years, shared and built on their practices for integrity and security, including those used in-house and those used with their own supply chains. From these, they created a set of best practices that were standardized through The Open Group consensus review process as the O-TTPS. That was then submitted to the ISO/IEC JTC1 process for Publicly Available Specifications (PAS), where it was recently approved.

The Open Group has also developed an O-TTPS Accreditation Program to recognize Open Trusted Technology Providers who conform to the standard and adhere to best practices across their entire enterprise, within a specific product line or business unit, or within an individual product. Accreditation is applicable to all ICT providers in the chain: OEMS, integrators, hardware and software component suppliers, value-add distributors, and resellers.

While The Open Group assumes the role of the Accreditation Authority over the entire program, it also uses third-party assessors to assess conformance to the O-TTPS requirements. The Accreditation Program and the Assessment Procedures are publicly available here. The Open Group is also considering submitting the O-TTPS Assessment Procedures to the ISO/IEC JTC1 PAS process.

This international approval comes none-too-soon, given the global threat landscape continues to change dramatically, and cyber attacks – which have long targeted governments and big business – are growing in sophistication and prominence. We saw this most clearly with the Sony hack late last year. Despite successes using more longstanding hacking methods, maliciously intentioned cyber criminals are looking at new ways to cause damage and are increasingly looking at the technology supply chain as a potentially profitable avenue. In such a transitional environment, it is worth reviewing again why IT products and their supply chains are so vulnerable and what can be done to secure them in the face of numerous challenges.

Risk lies in complexity

Information Technology supply chains depend upon complex and interrelated networks of component suppliers across a wide range of global partners. Suppliers deliver parts to OEMS, or component integrators who build products from them, and in turn offer products to customers directly or to system integrators who integrate them with products from multiple providers at a customer site. This complexity leaves ample opportunity for malicious components to enter the supply chain and leave vulnerabilities that can potentially be exploited.

As a result, organizations now need assurances that they are buying from trusted technology providers who follow best practices every step of the way. This means that they not only follow secure development and engineering practices in-house while developing their own software and hardware pieces, but also that they are following best practices to secure their supply chains. Modern cyber criminals go through strenuous efforts to identify any sort of vulnerability that can be exploited for malicious gain and the supply chain is no different.

Untracked malicious behavior and counterfeit components

Tainted products introduced into the supply chain pose significant risk to organizations because altered products introduce the possibility of untracked malicious behavior. A compromised electrical component or piece of software that lies dormant and undetected within an organization could cause tremendous damage if activated externally. Customers, including governments are moving away from building their own high assurance and customized systems and moving toward the use of commercial off the shelf (COTS) information and communication technology (ICT), typically because they are better, cheaper and more reliable. But a maliciously tainted COTS ICT product, once connected or incorporated, poses a significant security threat. For example, it could allow unauthorized access to sensitive corporate data including intellectual property, or allow hackers to take control of the organization’s network. Perhaps the most concerning element of the whole scenario is the amount of damage that such destructive hardware or software could inflict on safety or mission critical systems.

Like maliciously tainted components, counterfeit products can also cause significant damage to customers and providers resulting in failed or inferior products, revenue and brand equity loss, and disclosure of intellectual property. Although fakes have plagued manufacturers and suppliers for many years, globalization has greatly increased the number of out-sourced components and the number of links in every supply chain, and with that comes increased risk of tainted or counterfeit parts making it into operational environments. Consider the consequences if a faulty component was to fail in a government, financial or safety critical system or if it was also maliciously tainted for the sole purpose of causing widespread catastrophic damage.

Global solution for a global problem – the relevance of international standards

One of the emerging challenges is the rise of local demands on IT providers related to cybersecurity and IT supply chains. Despite technology supply chains being global in nature, more and more local solutions are cropping up to address some of the issues mentioned earlier, resulting in multiple countries with different policies that included disparate and variable requirements related to cybersecurity and their supply chains. Some are competing local standards, but many are local solutions generated by governmental policies that dictate which country to buy from and which not to. The supply chain has become a nationally charged issue that requires the creation of a level playing field regardless of where your company is based. Competition should be based on the quality, integrity and security of your products and processes and not where the products were developed, manufactured, or assembled.

Having transparent criteria through global international standards like our recently approved O-TTPS standard (ISO/IEC 20243) and objective assessments like the O-TTPS Accreditation Program that help assure conformance to those standards is critical to both raise the bar on global suppliers and to provide equal opportunity (vendor-neutral and country-nuetral) for all constituents in the chain to reach that bar – regardless of locale.

The approval by ISO/IEC of this universal product integrity and supply chain security standard is an important next step in the continued battle to secure ICT products and protect the environments in which they operate. Suppliers should explore what they need to do to conform to the standard and buyers should consider encouraging conformance by requesting conformance to it in their RFPs. By adhering to relevant international standards and demonstrating conformance we will have a powerful tool for technology providers and component suppliers around the world to utilize in combating current and future cyber attacks on our critical infrastructure, our governments, our business enterprises and even on the COTS ICT that we have in our homes. This is truly a universal problem that we can begin to solve through adoption and adherence to international standards.

By Sally Long, OTTF DirectorSally Long is the Director of The Open Group Trusted Technology Forum (OTTF). She has managed customer supplier forums and collaborative development projects for over twenty years. She was the release engineering section manager for all multi-vendor collaborative technology development projects at The Open Software Foundation (OSF) in Cambridge Massachusetts. Following the merger of the OSF and X/Open under The Open Group, she served as director for multiple forums in The Open Group. Sally has a Bachelor of Science degree in Electrical Engineering from Northeastern University in Boston, Massachusetts.

Contact:  s.long@opengroup.org; @sallyannlong

Comments Off on The Open Trusted Technology Provider™ Standard (O-TTPS) Approved as ISO/IEC International Standard

Filed under Accreditations, Cybersecurity, OTTF, Standards, supply chain, Supply chain risk, The Open Group

The Open Group Baltimore 2015 Highlights

By Loren K. Baynes, Director, Global Marketing Communications, The Open Group

The Open Group Baltimore 2015, Enabling Boundaryless Information Flow™, July 20-23, was held at the beautiful Hyatt Regency Inner Harbor. Over 300 attendees from 16 countries, including China, Japan, Netherlands and Brazil, attended this agenda-packed event.

The event kicked off on July 20th with a warm Open Group welcome by Allen Brown, President and CEO of The Open Group. The first plenary speaker was Bruce McConnell, Senior VP, East West Institute, whose presentation “Global Cooperation in Cyberspace”, gave a behind-the-scenes look at global cybersecurity issues. Bruce focused on US – China cyber cooperation, major threats and what the US is doing about them.

Allen then welcomed Christopher Davis, Professor of Information Systems, University of South Florida, to The Open Group Governing Board as an Elected Customer Member Representative. Chris also serves as Chair of The Open Group IT4IT™ Forum.

The plenary continued with a joint presentation “Can Cyber Insurance Be Linked to Assurance” by Larry Clinton, President & CEO, Internet Security Alliance and Dan Reddy, Adjunct Faculty, Quinsigamond Community College MA. The speakers emphasized that cybersecurity is not a simply an IT issue. They stated there are currently 15 billion mobile devices and there will be 50 billion within 5 years. Organizations and governments need to prepare for new vulnerabilities and the explosion of the Internet of Things (IoT).

The plenary culminated with a panel “US Government Initiatives for Securing the Global Supply Chain”. Panelists were Donald Davidson, Chief, Lifecycle Risk Management, DoD CIO for Cybersecurity, Angela Smith, Senior Technical Advisor, General Services Administration (GSA) and Matthew Scholl, Deputy Division Chief, NIST. The panel was moderated by Dave Lounsbury, CTO and VP, Services, The Open Group. They discussed the importance and benefits of ensuring product integrity of hardware, software and services being incorporated into government enterprise capabilities and critical infrastructure. Government and industry must look at supply chain, processes, best practices, standards and people.

All sessions concluded with Q&A moderated by Allen Brown and Jim Hietala, VP, Business Development and Security, The Open Group.

Afternoon tracks (11 presentations) consisted of various topics including Information & Data Architecture and EA & Business Transformation. The Risk, Dependability and Trusted Technology theme also continued. Jack Daniel, Strategist, Tenable Network Security shared “The Evolution of Vulnerability Management”. Michele Goetz, Principal Analyst at Forrester Research, presented “Harness the Composable Data Layer to Survive the Digital Tsunami”. This session was aimed at helping data professionals understand how Composable Data Layers set digital and the Internet of Things up for success.

The evening featured a Partner Pavilion and Networking Reception. The Open Group Forums and Partners hosted short presentations and demonstrations while guests also enjoyed the reception. Areas focused on were Enterprise Architecture, Healthcare, Security, Future Airborne Capability Environment (FACE™), IT4IT™ and Open Platform™.

Exhibitors in attendance were Esteral Technologies, Wind River, RTI and SimVentions.

By Loren K. Baynes, Director, Global Marketing CommunicationsPartner Pavilion – The Open Group Open Platform 3.0™

On July 21, Allen Brown began the plenary with the great news that Huawei has become a Platinum Member of The Open Group. Huawei joins our other Platinum Members Capgemini, HP, IBM, Philips and Oracle.

By Loren K Baynes, Director, Global Marketing CommunicationsAllen Brown, Trevor Cheung, Chris Forde

Trevor Cheung, VP Strategy & Architecture Practice, Huawei Global Services, will be joining The Open Group Governing Board. Trevor posed the question, “what can we do to combine The Open Group and IT aspects to make a customer experience transformation?” His presentation entitled “The Value of Industry Standardization in Promoting ICT Innovation”, addressed the “ROADS Experience”. ROADS is an acronym for Real Time, On-Demand, All Online, DIY, Social, which need to be defined across all industries. Trevor also discussed bridging the gap; the importance of combining Customer Experience (customer needs, strategy, business needs) and Enterprise Architecture (business outcome, strategies, systems, processes innovation). EA plays a key role in the digital transformation.

Allen then presented The Open Group Forum updates. He shared roadmaps which include schedules of snapshots, reviews, standards, and publications/white papers.

Allen also provided a sneak peek of results from our recent survey on TOGAF®, an Open Group standard. TOGAF® 9 is currently available in 15 different languages.

Next speaker was Jason Uppal, Chief Architecture and CEO, iCareQuality, on “Enterprise Architecture Practice Beyond Models”. Jason emphasized the goal is “Zero Patient Harm” and stressed the importance of Open CA Certification. He also stated that there are many roles of Enterprise Architects and they are always changing.

Joanne MacGregor, IT Trainer and Psychologist, Real IRM Solutions, gave a very interesting presentation entitled “You can Lead a Horse to Water… Managing the Human Aspects of Change in EA Implementations”. Joanne discussed managing, implementing, maintaining change and shared an in-depth analysis of the psychology of change.

“Outcome Driven Government and the Movement Towards Agility in Architecture” was presented by David Chesebrough, President, Association for Enterprise Information (AFEI). “IT Transformation reshapes business models, lean startups, web business challenges and even traditional organizations”, stated David.

Questions from attendees were addressed after each session.

In parallel with the plenary was the Healthcare Interoperability Day. Speakers from a wide range of Healthcare industry organizations, such as ONC, AMIA and Healthway shared their views and vision on how IT can improve the quality and efficiency of the Healthcare enterprise.

Before the plenary ended, Allen made another announcement. Allen is stepping down in April 2016 as President and CEO after more than 20 years with The Open Group, including the last 17 as CEO. After conducting a process to choose his successor, The Open Group Governing Board has selected Steve Nunn as his replacement who will assume the role with effect from November of this year. Steve is the current COO of The Open Group and CEO of the Association of Enterprise Architects. Please see press release here.By Loren K. Baynes, Director, Global Marketing Communications

Steve Nunn, Allen Brown

Afternoon track topics were comprised of EA Practice & Professional Development and Open Platform 3.0™.

After a very informative and productive day of sessions, workshops and presentations, event guests were treated to a dinner aboard the USS Constellation just a few minutes walk from the hotel. The USS Constellation constructed in 1854, is a sloop-of-war, the second US Navy ship to carry the name and is designated a National Historic Landmark.

By Loren K. Baynes, Director, Global Marketing CommunicationsUSS Constellation

On Wednesday, July 22, tracks continued: TOGAF® 9 Case Studies and Standard, EA & Capability Training, Knowledge Architecture and IT4IT™ – Managing the Business of IT.

Thursday consisted of members-only meetings which are closed sessions.

A special “thank you” goes to our sponsors and exhibitors: Avolution, SNA Technologies, BiZZdesign, Van Haren Publishing, AFEI and AEA.

Check out all the Twitter conversation about the event – @theopengroup #ogBWI

Event proceedings for all members and event attendees can be found here.

Hope to see you at The Open Group Edinburgh 2015 October 19-22! Please register here.

By Loren K. Baynes, Director, Global Marketing CommunicationsLoren K. Baynes, Director, Global Marketing Communications, joined The Open Group in 2013 and spearheads corporate marketing initiatives, primarily the website, blog, media relations and social media. Loren has over 20 years experience in brand marketing and public relations and, prior to The Open Group, was with The Walt Disney Company for over 10 years. Loren holds a Bachelor of Business Administration from Texas A&M University. She is based in the US.

Comments Off on The Open Group Baltimore 2015 Highlights

Filed under Accreditations, Boundaryless Information Flow™, Cybersecurity, Enterprise Architecture, Enterprise Transformation, Healthcare, Internet of Things, Interoperability, Open CA, Open Platform 3.0, Security, Security Architecture, The Open Group Baltimore 2015, TOGAF®

A Tale of Two IT Departments, or How Governance is Essential in the Hybrid Cloud and Bimodal IT Era

Transcript of an Open Group discussion/podcast on the role of Cloud Governance and Enterprise Architecture and how they work together in the era of increasingly fragmented IT.

Listen to the podcast. Find it on iTunes. Get the mobile app for iOS or Android. Sponsor: The Open Group

Dana Gardner: Hello, and welcome to a special Thought Leadership Panel Discussion, coming to you in conjunction with The Open Group’s upcoming conference on July 20, 2015 in Baltimore.

I’m Dana Gardner, Principal Analyst at Interarbor Solutions, and I’ll be your host and moderator as we examine the role that Cloud Governance and Enterprise Architecture play in an era of increasingly fragmented IT.

Not only are IT organizations dealing with so-called shadow IT and myriad proof-of-concept affairs, there is now a strong rationale for fostering what Gartner calls Bimodal IT. There’s a strong case to be made for exploiting the strengths of several different flavors of IT, except that — at the same time — businesses are asking IT in total to be faster, better, and cheaper.

The topic before us today is how to allow for the benefits of Bimodal IT or even Multimodal IT, but without IT fragmentation leading to a fractured and even broken business.

Here to update us on the work of The Open Group Cloud Governance initiatives and working groups and to further explore the ways that companies can better manage and thrive with hybrid IT are our guests. We’re here today with Dr. Chris Harding, Director for Interoperability and Cloud Computing Forum Director at The Open Group. Welcome, Chris.

Dr. Chris Harding: Thank you, Dana. It’s great to be here.

Gardner: We’re also here with David Janson, Executive IT Architect and Business Solutions Professional with the IBM Industry Solutions Team for Central and Eastern Europe and a leading contributor to The Open Group Cloud Governance Project. Welcome, David.

David Janson: Thank you. Glad to be here.

Gardner: Lastly, we here with Nadhan, HP Distinguished Technologist and Cloud Advisor and Co-Chairman of The Open Group Cloud Governance Project. Welcome, Nadhan.

Nadhan: Thank you, Dana. It’s a pleasure to be here.

IT trends

Gardner: Before we get into an update on The Open Group Cloud Governance Initiatives, in many ways over the past decades IT has always been somewhat fragmented. Very few companies have been able to keep all their IT oars rowing in the same direction, if you will. But today things seem to be changing so rapidly that we seem to acknowledge that some degree of disparate IT methods are necessary. We might even think of old IT and new IT, and this may even be desirable.

But what are the trends that are driving this need for a Multimodal IT? What’s accelerating the need for different types of IT, and how can we think about retaining a common governance, and even a frameworks-driven enterprise architecture umbrella, over these IT elements?

Nadhan: Basically, the change that we’re going through is really driven by the business. Business today has much more rapid access to the services that IT has traditionally provided. Business has a need to react to its own customers in a much more agile manner than they were traditionally used to.

We now have to react to demands where we’re talking days and weeks instead of months and years. Businesses today have a choice. Business units are no longer dependent on the traditional IT to avail themselves of the services provided. Instead, they can go out and use the services that are available external to the enterprise.

To a great extent, the advent of social media has also resulted in direct customer feedback on the sentiment from the external customer that businesses need to react to. That is actually changing the timelines. It is requiring IT to be delivered at the pace of business. And the very definition of IT is undergoing a change, where we need to have the right paradigm, the right technology, and the right solution for the right business function and therefore the right application.

Since the choices have increased with the new style of IT, the manner in which you pair them up, the solutions with the problems, also has significantly changed. With more choices, come more such pairs on which solution is right for which problem. That’s really what has caused the change that we’re going through.

A change of this magnitude requires governance that goes across building up on the traditional governance that was always in play, requiring elements like cloud to have governance that is more specific to solutions that are in the cloud across the whole lifecycle of cloud solutions deployment.

Gardner: David, do you agree that this seems to be a natural evolution, based on business requirements, that we basically spin out different types of IT within the same organization to address some of these issues around agility? Or is this perhaps a bad thing, something that’s unnatural and should be avoided?

Janson: In many ways, this follows a repeating pattern we’ve seen with other kinds of transformations in business and IT. Not to diminish the specifics about what we’re looking at today, but I think there are some repeating patterns here.

There are new disruptive events that compete with the status quo. Those things that have been optimized, proven, and settled into sort of a consistent groove can compete with each other. Excitement about the new value that can be produced by new approaches generates momentum, and so far this actually sounds like a healthy state of vitality.

Good governance

However, one of the challenges is that the excitement potentially can lead to overlooking other important factors, and that’s where I think good governance practices can help.

For example, governance helps remind people about important durable principles that should be guiding their decisions, important considerations that we don’t want to forget or under-appreciate as we roll through stages of change and transformation.

At the same time, governance practices need to evolve so that it can adapt to new things that fit into the governance framework. What are those things and how do we govern those? So governance needs to evolve at the same time.

There is a pattern here with some specific things that are new today, but there is a repeating pattern as well, something we can learn from.

Gardner: Chris Harding, is there a built-in capability with cloud governance that anticipates some of these issues around different styles or flavors or even velocity of IT innovation that can then allow for that innovation and experimentation, but then keep it all under the same umbrella with a common management and visibility?

Harding: There are a number of forces at play here, and there are three separate trends that we’ve seen, or at least that I have observed, in discussions with members within The Open Group that relate to this.

The first is one that Nadhan mentioned, the possibility of outsourcing IT. I remember a member’s meeting a few years ago, when one of our members who worked for a company that was starting a cloud brokerage activity happened to mention that two major clients were going to do away with their IT departments completely and just go for cloud brokerage. You could see the jaws drop around the table, particularly with the representatives who were from company corporate IT departments.

Of course, cloud brokers haven’t taken over from corporate IT, but there has been that trend towards things moving out of the enterprise to bring in IT services from elsewhere.

That’s all very well to do that, but from a governance perspective, you may have an easy life if you outsource all of your IT to a broker somewhere, but if you fail to comply with regulations, the broker won’t go to jail; you will go to jail.

So you need to make sure that you retain control at the governance level over what is happening from the point of view of compliance. You probably also want to make sure that your architecture principles are followed and retain governance control to enable that to happen. That’s the first trend and the governance implication of it.

In response to that, a second trend that we see is that IT departments have reacted often by becoming quite like brokers themselves — providing services, maybe providing hybrid cloud services or private cloud services within the enterprise, or maybe sourcing cloud services from outside. So that’s a way that IT has moved in the past and maybe still is moving.

Third trend

The third trend that we’re seeing in some cases is that multi-discipline teams within line of business divisions, including both business people and technical people, address the business problems. This is the way that some companies are addressing the need to be on top of the technology in order to innovate at a business level. That is an interesting and, I think, a very healthy development.

So maybe, yes, we are seeing a bimodal splitting in IT between the traditional IT and the more flexible and agile IT, but maybe you could say that that second part belongs really in the line of business departments, rather than in the IT departments. That’s at least how I see it.

Nadhan: I’d like to build on a point that David made earlier about repeating patterns. I can relate to that very well within The Open Group, speaking about the Cloud Governance Project. Truth be told, as we continue to evolve the content in cloud governance, some of the seeding content actually came from the SOA Governance Project that The Open Group worked on a few years back. So the point David made about the repeating patterns resonates very well with that particular case in mind.

Gardner: So we’ve been through this before. When there is change and disruption, sometimes it’s required for a new version of methodologies and best practices to emerge, perhaps even associated with specific technologies. Then, over time, we see that folded back in to IT in general, or maybe it’s pushed back out into the business, as Chris alluded to.

My question, though, is how we make sure that these don’t become disruptive and negative influences over time. Maybe governance and enterprise architecture principles can prevent that. So is there something about the cloud governance, which I think really anticipates a hybrid model, particularly a cloud hybrid model, that would be germane and appropriate for a hybrid IT environment?

David Janson, is there a cloud governance benefit in managing hybrid IT?

Janson: There most definitely is. I tend to think that hybrid IT is probably where we’re headed. I don’t think this is avoidable. My editorial comment upon that is that’s an unavoidable direction we’re going in. Part of the reason I say that is I think there’s a repeating pattern here of new approaches, new ways of doing things, coming into the picture.

And then some balancing acts goes on, where people look at more traditional ways versus the new approaches people are talking about, and eventually they look at the strengths and weaknesses of both.

There’s going to be some disruption, but that’s not necessarily bad. That’s how we drive change and transformation. What we’re really talking about is making sure the amount of disruption is not so counterproductive that it actually moves things backward instead of forward.

I don’t mind a little bit of disruption. The governance processes that we’re talking about, good governance practices, have an overall life cycle that things move through. If there is a way to apply governance, as you work through that life cycle, at each point, you’re looking at the particular decision points and actions that are going to happen, and make sure that those decisions and actions are well-informed.

We sometimes say that governance helps us do the right things right. So governance helps people know what the right things are, and then the right way to do those things..

Bimodal IT

Also, we can measure how well people are actually adapting to those “right things” to do. What’s “right” can vary over time, because we have disruptive change. Things like we are talking about with Bimodal IT is one example.

Within a narrower time frame in the process lifecycle,, there are points that evolve across that time frame that have particular decisions and actions. Governance makes sure that people are well informed as they’re rolling through that about important things they shouldn’t forget. It’s very easy to forget key things and optimize for only one factor, and governance helps people remember that.

Also, just check to see whether we’re getting the benefits that people expected out of it. Coming back around and looking afterward to see if we accomplish what we thought we would or did we get off in the wrong direction. So it’s a bit like a steering mechanism or a feedback mechanism, in it that helps keep the car on the road, rather than going off in the soft shoulder. Did we overlook something important? Governance is key to making this all successful.

Gardner: Let’s return to The Open Group’s upcoming conference on July 20 in Baltimore and also learn a bit more about what the Cloud Governance Project has been up to. I think that will help us better understand how cloud governance relates to these hybrid IT issues that we’ve been discussing.

Nadhan, you are the co-chairman of the Cloud Governance Project. Tell us about what to expect in Baltimore with the concepts of Boundaryless Information Flow™, and then also perhaps an update on what the Cloud Governance Project has been up to.

Nadhan: Absolutely, Dana. When the Cloud Governance Project started, the first question we challenged ourselves with was, what is it and why do we need it, especially given that SOA governance, architecture governance, IT governance, enterprise governance, in general are all out there with frameworks? We actually detailed out the landscape with different standards and then identified the niche or the domain that cloud governance addresses.

After that, we went through and identified the top five principles that matter for cloud governance to be done right. Some of the obvious ones being that cloud is a business decision, and the governance exercise should keep in mind whether it is the right business decision to go to the cloud rather than just jumping on the bandwagon. Those are just some examples of the foundational principles that drive how cloud governance must be established and exercised.

Subsequent to that, we have a lifecycle for cloud governance defined and then we have gone through the process of detailing it out by identifying and decoupling the governance process and the process that is actually governed.

So there is this concept of process pairs that we have going, where we’ve identified key processes, key process pairs, whether it be the planning, the architecture, reusing cloud service, subscribing to it, unsubscribing, retiring, and so on. These are some of the defining milestones in the life cycle.

We’ve actually put together a template for identifying and detailing these process pairs, and the template has an outline of the process that is being governed, the key phases that the governance goes through, the desirable business outcomes that we would expect because of the cloud governance, as well as the associated metrics and the key roles.

Real-life solution

The Cloud Governance Framework is actually detailing each one. Where we are right now is looking at a real-life solution. The hypothetical could be an actual business scenario, but the idea is to help the reader digest the concepts outlined in the context of a scenario where such governance is exercised. That’s where we are on the Cloud Governance Project.

Let me take the opportunity to invite everyone to be part of the project to continue it by subscribing to the right mailing list for cloud governance within The Open Group.

Gardner: Thank you. Chris Harding, just for the benefit of our readers and listeners who might not be that familiar with The Open Group, perhaps you could give us a very quick overview of The Open Group — its mission, its charter, what we could expect at the Baltimore conference, and why people should get involved, either directly by attending, or following it on social media or the other avenues that The Open Group provides on its website?

Harding: Thank you, Dana. The Open Group is a vendor-neutral consortium whose vision is Boundaryless Information Flow. That is to say the idea that information should be available to people within an enterprise, or indeed within an ecosystem of enterprises, as and when needed, not locked away into silos.

We hold main conferences, quarterly conferences, four times a year and also regional conferences in various parts of the world in between those, and we discuss a variety of topics.

In fact, the main topics for the conference that we will be holding in July in Baltimore are enterprise architecture and risk and security. Architecture and security are two of the key things for which The Open Group is known, Enterprise Architecture, particularly with its TOGAF® Framework, is perhaps what The Open Group is best known for.

We’ve been active in a number of other areas, and risk and security is one. We also have started a new vertical activity on healthcare, and there will be a track on that at the Baltimore conference.

There will be tracks on other topics too, including four sessions on Open Platform 3.0™. Open Platform 3.0 is The Open Group initiative to address how enterprises can gain value from new technologies, including cloud computing, social computing, mobile computing, big data analysis, and the Internet of Things.

We’ll have a number of presentations related to that. These will include, in fact, a perspective on cloud governance, although that will not necessarily reflect what is happening in the Cloud Governance Project. Until an Open Group standard is published, there is no official Open Group position on the topic, and members will present their views at conferences. So we’re including a presentation on that.

Lifecycle governance

There is also a presentation on another interesting governance topic, which is on Information Lifecycle Governance. We have a panel session on the business context for Open Platform 3.0 and a number of other presentations on particular topics, for example, relating to the new technologies that Open Platform 3.0 will help enterprises to use.

There’s always a lot going on at Open Group conferences, and that’s a brief flavor of what will happen at this one.

Gardner: Thank you. And I’d just add that there is more available at The Open Group website, opengroup.org.

Going to one thing you mentioned about a standard and publishing that standard — and I’ll throw this out to any of our guests today — is there a roadmap that we could look to in order to anticipate the next steps or milestones in the Cloud Governance Project? When would such a standard emerge and when might we expect it?

Nadhan: As I said earlier, the next step is to identify the business scenario and apply it. I’m expecting, with the right level of participation, that it will take another quarter, after which it would go through the internal review with The Open Group and the company reviews for the publication of the standard. Assuming we have that in another quarter, Chris, could you please weigh in on what it usually takes, on average, for those reviews before it gets published.

Harding: You could add on another quarter. It shouldn’t actually take that long, but we do have a thorough review process. All members of The Open Group are invited to participate. The document is posted for comment for, I would think, four weeks, after which we review the comments and decide what actually needs to be taken.

Certainly, it could take only two months to complete the overall publication of the standard from the draft being completed, but it’s safer to say about a quarter.

Gardner: So a real important working document could be available in the second half of 2015. Let’s now go back to why a cloud governance document and approach is important when we consider the implications of Bimodal or Multimodal IT.

One of things that Gartner says is that Bimodal IT projects require new project management styles. They didn’t say project management products. They didn’t say, downloads or services from a cloud provider. We’re talking about styles.

So it seems to me that, in order to prevent the good aspects of Bimodal IT to be overridden by negative impacts of chaos and the lack of coordination that we’re talking about, not about a product or a download, we’re talking about something that a working group and a standards approach like the Cloud Governance Project can accommodate.

David, why is it that you can’t buy this in a box or download it as a product? What is it that we need to look at in terms of governance across Bimodal IT and why is that appropriate for a style? Maybe the IT people need to think differently about accomplishing this through technology alone?

First question

Janson: When I think of anything like a tool or a piece of software, the first question I tend to have is what is that helping me do, because the tool itself generally is not the be-all and end-all of this. What process is this going to help me carry out?

So, before I would think about tools, I want to step back and think about what are the changes to project-related processes that new approaches require. Then secondly, think about how can tools help me speed up, automate, or make those a little bit more reliable?

It’s an easy thing to think about a tool that may have some process-related aspects embedded in it as sort of some kind of a magic wand that’s going to automatically make everything work well, but it’s the processes that the tool could enable that are really the important decision. Then, the tools simply help to carry that out more effectively, more reliably, and more consistently.

We’ve always seen an evolution about the processes we use in developing solutions, as well as tools. Technology requires tools to adapt. As to the processes we use, as they get more agile, we want to be more incremental, and see rapid turnarounds in how we’re developing things. Tools need to evolve with that.

But I’d really start out from a governance standpoint, thinking about challenging the idea that if we’re going to make a change, how do we know that it’s really an appropriate one and asking some questions about how we differentiate this change from just reinventing the wheel. Is this an innovation that really makes a difference and isn’t just change for the sake of change?

Governance helps people challenge their thinking and make sure that it’s actually a worthwhile step to take to make those adaptations in project-related processes.

Once you’ve settled on some decisions about evolving those processes, then we’ll start looking for tools that help you automate, accelerate, and make consistent and more reliable what those processes are.

I tend to start with the process and think of the technology second, rather than the other way around. Where governance can help to remind people of principles we want to think about. Are you putting the cart before the horse? It helps people challenge their thinking a little bit to be sure they’re really going in the right direction.

Gardner: Of course, a lot of what you just mentioned pertains to enterprise architecture generally as well.

Nadhan, when we think about Bimodal or Multimodal IT, this to me is going to be very variable from company to company, given their legacy, given their existing style, the rate of adoption of cloud or other software as a service (SaaS), agile, or DevOps types of methods. So this isn’t something that’s going to be a cookie-cutter. It really needs to be looked at company by company and timeline by timeline.

Is this a vehicle for professional services, for management consulting more than IT and product? What is n the relationship between cloud governance, Bimodal IT, and professional services?

Delineating systems

Nadhan: It’s a great question Dana. Let me characterize Bimodal IT slightly differently, before answering the question. Another way to look at Bimodal IT, where we are today, is delineating systems of record and systems of engagement.

In traditional IT, typically, we’re looking at the systems of record, and systems of engagement with the social media and so on are in the live interaction. Those define the continuously evolving, growing-by-the-second systems of engagement, which results in the need for big data, security, and definitely the cloud and so on.

The coexistence of both of these paradigms requires the right move to the cloud for the right reason. So even though they are the systems of record, some, if not most, do need to get transformed to the cloud, but that doesn’t mean all systems of engagement eventually get transformed to the cloud.

There are good reasons why you may actually want to leave certain systems of engagement the way they are. The art really is in combining the historical data that the systems of record have with the continual influx of data that we get through the live channels of social media, and then, using the right level of predictive analytics to get information.

I said a lot in there just to characterize the Bimodal IT slightly differently, making the point that what really is at play, Dana, is a new style of thinking. It’s a new style of addressing the problems that have been around for a while.

But a new way to address the same problems, new solutions, a new way of coming up with the solution models would address the business problems at hand. That requires an external perspective. That requires service providers, consulting professionals, who have worked with multiple customers, perhaps other customers in the same industry, and other industries with a healthy dose of innovation.

That’s where this is a new opportunity for professional services to work with the CxOs, the enterprise architects, the CIOs to exercise the right business decision with the rights level of governance.

Because of the challenges with the coexistence of both systems of record and systems of engagement and harvesting the right information to make the right business decision, there is a significant opportunity for consulting services to be provided to enterprises today.

Drilling down

Gardner: Before we close off I wanted to just drill down on one thing, Nadhan, that you brought up, which is that ability to measure and know and then analyze and compare.

One of the things that we’ve seen with IT developing over the past several years as well is that the big data capabilities have been applied to all the information coming out of IT systems so that we can develop a steady state and understand those systems of record, how they are performing, and compare and contrast in ways that we couldn’t have before.

So on our last topic for today, David Janson, how important is it for that measuring capability in a governance context, and for organizations that want to pursue Bimodal IT, but keep it governed and keep it from spinning out of control? What should they be thinking about putting in place, the proper big data and analytics and measurement and visibility apparatus and capabilities?

Janson: That’s a really good question. One aspect of this is that, when I talk with people about the ideas around governance, it’s not unusual that the first idea that people have about what governance is is about the compliance or the policing aspect that governance can play. That sounds like that’s interference, sand in the gears, but it really should be the other way around.

A governance framework should actually make it very clear how people should be doing things, what’s expected as the result at the end, and how things are checked and measured across time at early stages and later stages, so that people are very clear about how things are carried out and what they are expected to do. So, if someone does use a governance-compliance process to see if things are working right, there is no surprise, there is no slowdown. They actually know how to quickly move through that.

Good governance has communicated that well enough, so that people should actually move faster rather than slower. In other words, there should be no surprises.

Measuring things is very important, because if you haven’t established the objectives that you’re after and some metrics to help you determine whether you’re meeting those, then it’s kind of an empty suit, so to speak, with governance. You express some ideas that you want to achieve, but you have no way of knowing or answering the question of how we know if this is doing what we want to do. Metrics are very important around this.

We capture metrics within processes. Then, for the end result, is it actually producing the effects people want? That’s pretty important.

One of the things that we have built into the Cloud Governance Framework is some idea about what are the outcomes and the metrics that each of these process pairs should have in mind. It helps to answer the question, how do we know? How do we know if something is doing what we expect? That’s very, very essential.

Gardner: I am afraid we’ll have to leave it there. We’ve been examining the role of cloud governance and enterprise architecture and how they work together in the era of increasingly fragmented IT. And we’ve seen how The Open Group Cloud Governance Initiatives and Working Groups can help allow for the benefits of Bimodal IT, but without necessarily IT fragmentation leading to a fractured or broken business process around technology and innovation.

This special Thought Leadership Panel Discussion comes to you in conjunction with The Open Group’s upcoming conference on July 20, 2015 in Baltimore. And it’s not too late to register on The Open Group’s website or to follow the proceedings online and via social media such as Twitter, LinkedIn and Facebook.

So, thank you to our guests today. We’ve been joined by Dr. Chris Harding, Director for Interoperability and Cloud Computing Forum Director at The Open Group; David Janson, Executive IT Architect and Business Solutions Professional with the IBM Industry Solutions Team for Central and Eastern Europe and a leading contributor to The Open Group Cloud Governance Project, and Nadhan, HP Distinguished Technologist and Cloud Advisor and Co-Chairman of The Open Group Cloud Governance Project.

And a big thank you, too, to our audience for joining this special Open Group-sponsored discussion. This is Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator for this thought leadership panel discussion series. Thanks again for listening, and do come back next time.

Listen to the podcast. Find it on iTunes. Get the mobile app for iOS or Android.

Sponsor: The Open Group

Transcript of an Open Group discussion/podcast on the role of Cloud Governance and Enterprise Architecture and how they work together in the era of increasingly fragmented IT. Copyright The Open Group and Interarbor Solutions, LLC, 2005-2015. All rights reserved.

Join the conversation! @theopengroup #ogchat #ogBWI

You may also be interested in:

Comments Off on A Tale of Two IT Departments, or How Governance is Essential in the Hybrid Cloud and Bimodal IT Era

Filed under Accreditations, Boundaryless Information Flow™, Cloud, Cloud Governance, Interoperability, IoT, The Open Group Baltimore 2015

Open FAIR Certification for People Program

By Jim Hietala, VP Security, and Andrew Josey, Director of Standards, The Open Group

In this, the final installment of this Open FAIR blog series, we will look at the Open FAIR Certification for People program.

In early 2012, The Open Group Security Forum began exploring the idea of creating a certification program for Risk Analysts. Discussions with large enterprises regarding their risk analysis programs led us to the conclusion that there was a need for a professional certification program for Risk Analysts. In addition, Risk Analyst professionals and Open FAIR practitioners expressed interest in a certification program. Security and risk training organizations also expressed interest in providing training courses based upon the Open FAIR standards and Body of Knowledge.

The Open FAIR People Certification Program was designed to meet the requirements of employers and risk professionals. The certification program is a knowledge-based certification, testing candidates knowledge of the two standards, O-RA, and O-RT. Candidates are free to acquire their knowledge through self-study, or to take a course from an accredited training organization. The program currently has a single level (Foundation), with a more advanced certification level (Certified) planned for 2015.

Several resources are available from The Open Group to assist Risk Analysts preparing to sit for the exam, including the following:

  • Open FAIR Pocket Guide
  • Open FAIR Study Guide
  • Risk Taxonomy (O-RT), Version 2.0 (C13K, October 2013) defines a taxonomy for the factors that drive information security risk – Factor Analysis of Information Risk (FAIR).
  • Risk Analysis (O-RA) (C13G, October 2013) describes process aspects associated with performing effective risk analysis.

All of these can be downloaded from The Open Group publications catalog at http://www.opengroup.org/bookstore/catalog.

For training organizations, The Open Group accredits organizations wishing to offer training courses on Open FAIR. Testing of candidates is offered through Prometric test centers worldwide.

For more information on Open FAIR certification or accreditation, please contact us at: openfair-cert-auth@opengroup.org

By Jim Hietala and Andrew JoseyJim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT Security, Risk Management and Healthcare programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on Information Security, Risk Management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

 

By Andrew JoseyAndrew Josey is Director of Standards within The Open Group. He is currently managing the standards process for The Open Group, and has recently led the standards development projects for TOGAF® 9.1, ArchiMate® 2.0, IEEE Std 1003.1-2008 (POSIX), and the core specifications of the Single UNIX® Specification, Version 4. Previously, he has led the development and operation of many of The Open Group certification development projects, including industry-wide certification programs for the UNIX system, the Linux Standard Base, TOGAF, and IEEE POSIX. He is a member of the IEEE, USENIX, UKUUG, and the Association of Enterprise Architects.

 

 

 

Comments Off on Open FAIR Certification for People Program

Filed under Accreditations, Certifications, Cybersecurity, Enterprise Architecture, Information security, Open FAIR Certification, Professional Development, RISK Management, Security, Uncategorized

The Open Group Executive Round Table Event at Mumbai

By Bala Peddigari, Head – HiTech TEG and Innovation Management, Tata Consultancy Services Limited

The Open Group organized the Executive Round Table Event at Taj Lands End in Mumbai on November 12, 2014. The goal was to brief industry executives on how The Open Group can help in promoting Enterprise Architecture within the organization, and how it helps to stay relevant to the Indianized context in realizing and bringing in positive change. Executives from the Government of Maharastra, Reserve Bank of India, NSDL, Indian Naval Service, SVC Bank, Vodafone, SVC Bank, SP Jain Institute, Welingkar Institute of Management, VSIT,Media Lab Asia, Association of Enterprise Architects (AEA), Computer Society of India and others were present.

By Bala PeddigariJames de Raeve, Vice President, Certification of The Open Group introduced The Open Group to the executives and explained the positive impact it is creating in driving Enterprise Architecture. He noted most of the EA functions, Work Groups and Forums are driven by the participating companies and Architects associated with them. James revealed facts stating that India is in fourth position in TOGAF® certification and Bangalore is second only to London. He also discussed the newest Forum, The Open Group IT4IT™ Forum and its objective to solve some of the key business problems and build Reference Architecture for managing the business of IT.  The mission of The Open Group IT4IT Forum is to develop, evolve and drive the adoption of the vendor-neutral IT4IT Reference Architecture.

Rajesh Aggarwal, Principal Secretary IT, Government of Maharashtra, attended the Round Table and shared his view on how Enterprise Architecture can help some of the key Government initiatives drive citizen-centric change. An example he used is the change in policies for senior citizens who seek pension. They show up every November at the bank to identify themselves for Life Certificate to continue getting pension. This process can be simplified through IT. He used an excellent analogy of making phone calls to have pizza delivered from Pizza Hut and consumer goods from Flipkart. Similarly his vision is to get Smart and Digital Governance where citizens can call and get the services at their door.

MumbaiRajeesh Aggarwal

70886-uppalJason Uppal, Chief Architect (Open CA Level 3 Certified), QR Systems in Canada presented a session on “Digital Economy and Enterprise Architecture”. Jason emphasized the need for Enterprise Architecture and why now in the networked and digital economy you need intent but not money to drive change. He also shared his thoughts on tools for this new game – Industrial Engineering and Enterprise Architecture focus to improve the performance capabilities across the value chain. Jason explained how EA can help in building the capability in the organization, defined value chain leveraging EA capabilities and transforming enterprise capabilities to apply those strategies. The key performance indicators of Enterprise Architecture can be measured through Staff Engagement, Time and Cost, Project Efficiency, Capability Effectiveness, Information Quality which explains the maturity of Enterprise Architecture in the organization. During his talk, Jason brought out many analogies to share his own experiences where Enterprise Architecture simplified and brought in much transformation in Healthcare. Jason shared an example of Carlos Ghosn who manages three companies worth $140 billion USD. He explains further the key to his success is to protect his change-agents and provide them the platform and opportunity to experiment. Enterprise Architecture is all about people who make it happen and bring impact.

The heart of the overall Executive Round Table Event was a panel session on “Enterprise Architecture in India Context”. Panelists were Jason Uppal, Rakhi Gupta from TCS and myself who shared perspectives on the following questions:

  1. Enterprise Architecture and Agile – Do they complement?
  2. How are CIOs seeing Enterprise Architecture when compared to other CXOs?
  3. I have downloaded TOGAF, what should I do next?
  4. How is Enterprise Architecture envisioned in the next 5 years?
  5. How can Enterprise Architecture help the “Make in India” initiative?
  6. Should Enterprise Architecture have a course in academics for students?

I explained how Enterprise Architecture is relevant in academics and how it can enable the roots to build agile-based system to quickly respond to the changes. I also brought in my perspective how Enterprise Architecture can show strengths while covering the weaknesses. Furthermore, TOGAF applies and benefits the context of the Indian future economy. Jason explained the change in dynamics in the education system to build a query-based learning approach to find and use. Rakhi shared her thoughts based on experience associated with Department of Posts Transformation keeping a citizen-centric Enterprise Architecture approach.

Overall, it has created a positive wave of understanding the importance of Enterprise Architecture and applying the TOGAF knowledge consistently to pave the road for the future. The event was well organized by Abraham Koshy and team, with good support from CSI Mumbai and AEA Mumbai chapters.

By Bala PeddigariBala Prasad Peddigari has worked with Tata Consultancy Services Limited for over 15 years. Bala practices Enterprise Architecture and evangelizes platform solutions, performance and scalable architectures and Cloud technology initiatives within TCS.  He heads the Technology Excellence Group for HiTech Vertical. Bala drives the architecture and technology community initiatives within TCS through coaching, mentoring and grooming techniques.

Bala has a Masters in Computer Applications from University College of Engineering, Osmania. He is an Open Group Master IT Certified Architect and serves as a Board Member in The Open Group Certifying Authority. He received accolades for his cloud architectural strengths and published his papers in IEEE.  Bala is a regular speaker in Open Group and technology events and is a member of The Open Group Open Platform 3.0™.

 

Comments Off on The Open Group Executive Round Table Event at Mumbai

Filed under Accreditations, architecture, Certifications, Cloud, Conference, Enterprise Architecture, Open CA, Open CITS, Open Platform 3.0, Standards, TOGAF, TOGAF®