IT Governance –Value Creation and Accountability

IT governance is something people tend to have a love/hate relationship with. They love it because they know they need it and will benefit from it; but they hate it because they don’t want to do it and be bound by it.

It sort of reminds me of the old TV show, The Little Rascals, when the mother “makes” her kid take the spoonful of awful tasting castor oil because it was good for him. And what a face the kid would make as that spoon glided into his mouth, and then a big smile would emerge.

DM Review, 8 February 2008, reports that enterprises are “Getting Serious about IT Governance.”

Here’s why IT governance is growing in importance:

1. Growing IT expenditures—“Worldwide IT spending has grown 5 percent to 8 percent in recent years and will approach $3 trillion for 2007”
2. IT project troubles—“IT project failures, security breaches, and compliance snafus are still abundant. Gartner estimated that more than $600 billion has been squandered on ill-conceived or poorly executed projects. And according to Standish Group, only 30 percent of projects are considered successful.”
3. Money won’t solve the problem—“Simply pouring more money into IT won’t necessarily fix a company’s problems or mitigate its risks.”

IT governance is a two-fold endeavor:

1. Value creation—“IT governance is about balancing the interests of investors and stakeholders by focusing resources on the creation of value…if the mission of IT is to provide systems the business wants, it is equally important to provide systems the business actually needs.”
2. Accountability—“IT governance is the system by which IT is directed and controlled. It should address the roles and responsibilities of groups and individuals…articulate the rules and procedures for making IT decisions, and provide a structure through which IT objectives are set, attained, and monitored.”

In the Federal IT Investment Management (ITIM) process for Capital Planning and Investment Control, value creation and accountability align well with the phases of Select-Control-Evaluate for IT investments.

• The Select phase supports value creation. It involves the selection of projects based on a combination of the following factors: alignment with mission/business strategy, highest return on investment, lowest risk, and alignment to and compliance with the enterprise architecture.
• The Control phase supports accountability. It involves monitoring and managing IT projects for cost, schedule, and performance parameters. Projects that deviate from their targets risk being reorganized, downsized, or entirely phased out.
• The Evaluate phase supports both value creation and accountability. It is the evaluation of whether IT projects meet their intended performance goals. This provides lessons learned for future IT project selections and for controlling their steady progress, as well as holding accountable the project sponsor and team for their IT project.

IT Governance –Value Creation and Accountability

Microsoft, Yahoo, and Enterprise Architecture

Microsoft offers to buy Yahoo for $44 billion—brilliant play or stupid move?

Some say it’s a brilliant move:

According to techcrunch.com, a combined Microsoft/Yahoo would be a technology behemoth and have $65 billion in revenue, $17.6 billion in profit, 90,000 employees, and 32.7% of the U.S. search market share.

Yahoo owns semi-valuable assets like Flickr, a photo sharing site and del.icio.us, a social bookmark site.

Others say it’s a stupid move:

1. Microsoft/Yahoo would still seriously trail Google’s U.S. search market share of 58.4%!
2. Other corporate acquirers, like Oracle, generally profess acquisitions only if it enables a clear #1 market position like it is with data warehouse management, business analytics, human capital management, customer relationship management, and contract lifecycle management.
3. Fortune Magazine, 18 February, 2008, says “Microsoft is paying too dearly for Yahoo.” Fortune asks “What exactly is Microsoft buying here? Technology? Yahoo has been managing a declining asset since Google invented a better way to do search…Technologists? Talent has been fleeing Yahoo Central since Terry Semel got there…a let’s not even talk about the clash of cultures that such a merger will create.”
4. Yahoo has made serious management missteps, such as backing out of a deal to buy Facebook in 2006 at a $1 billion bargain (Facebook was recently valued at $15 billion) and botching the acquisition of YouTube and losing out to Google.

Fortune concludes:

1. “Microsoft is buying an empty bag.”
2. “Yahoo will be Microsoft’s AOL” (comparing a Microsoft/Yahoo acquisition to the failed AOL/Time Warner one).
3. Microsoft should abandon the acquisition, unbundle itself from search, Xbox, and Zune, and instead focus on improving its core competency, the operating system.

From a User-centric Enterprise Architecture perspective, it’s an interesting dilemma: should companies (like Microsoft) diversify their products and services, similar to the way an individual is supposed to responsibly manage their financial investments through broad diversification in order to manage risk and earn a better overall long-run return. Or should companies do what they do best and focus on improving their core offering and be #1 in that field.

Historically, I understand that most mergers and acquisitions fail miserably (like AOL/Time Warner) and only a few really succeed (like HP/Compaq). Yet, companies must diversify in order to mitigate risk and to seek new avenues to grow. As the old saying goes, “don’t put all your eggs in one basket.” The key to successfully diversify is to architect a #1 market share strategy, like Oracle, acquire truly strategic assets like Compaq, and not overpay like with Yahoo and AOL.

Microsoft, Yahoo, and Enterprise Architecture

Love and Enterprise Architecture

Valentine’s Day is a celebration of love. For thousands of years, people have demonstrated their deepest expressions about love through intimacy, romance, gifts, song, poetry, and other personal and cultural expressions.

There is an interesting question though about love—what makes certain people (and animals) able to keep love alive and stay monogamous, while others not? Is there a architecture, so to speak, for love?

The Wall Street Journal, 8 February 2008, reports that “neuroscientists are probing why some married couples can maintain the spark for years.”

“Most couples find that the dizzying, almost-narcotic feeling of early love gives way to a calmer bond.” Yet, others seem to be able to maintain a “lifelong passion” and moreover grow their love over time.

My father always said something that I believed was profound about love; that with your life’s partner, the joy in life is twice the joy, and the sorrow, half the sorrow.

According to “one sociological study of marital satisfaction at the University of Nebraska-Lincoln and Penn State University [that] kept track of more than 2,000 married people over 17 years, average marital happiness fell sharply in the first 10 years, then entered a slow decline.”

Yet, other couples remain in love and full of passion over their lives and this has been confirmed using magnetic-resonance imaging (MRI) scans of the brain.

What’s really interesting is that lifelong coupling is not only endemic to many people, but also to certain species of animals from the prairie voles to gray foxes, gray-headed albatross, pygmy marmosets.

A neuroendocrinologist at the University of Illinois at Chicago has found a hormonal link in animals for lifelong mating with Oxytocin, “the love hormone.”

“There is much work ahead before scientists can map the human-attachment system and learn what factors affect it.”

So can love be architected?

Over the years many have tried to architect love through matchmakers, forced marriage, the largess of the dowry, and even through the fabled love potion.

However, at its essence, love is a deep emotion that manifests itself in human behavior, thinking, and feeling. While manifestations of love are visible to scientists using brain scans, and maybe even through endocrinology, ultimately love is an expression of the hearts of two people for each other.

Love and Enterprise Architecture

The Paperless Society and Enterprise Architecture

For years, we’ve all heard the promise that technology will soon make us a paperless society—but it hasn’t!

In the book, Sacred Cows Make The Best Burgers, by Kriegel and Brandt, the authors state that “most people’s desks look like they’ve been hit by a paper avalanche.”

Have things gotten better or worse?

Kriegel and Brandt state that between 1983 and about 1996, “shipments of paper actually increased by 51%.”

Further, they state that “a vice president of a major telecommunications company showed us a study that...on average, people got over 90 hours’ worth of “stuff” to read each week! And only 20 percent of that was electronic...the same study showed that despite all the advancements in information technology, the amount of paper received today had not been reduced from ten years ago.”

Do we need all this paper?

Absolutely not. “50 percent of a company’s paperwork could be eliminated without the slightest disruption to business.”

In fact, the authors recount a telling story about how a courageous manager and his/her employees slowly eliminated parts of a costly, time-consuming detailed 10 column monthly report they put together for the management committee, by first eliminating some columns and then more and more until finally they produced only 4 key columns quarterly. Instead of the management committee complaining, no one even noticed anything was missing (the columns or later the monthly report), until after a number of months, the CEO congratulated them on their good work with the new clear and simple quarterly report.

What has the government done to reduce paperwork?

• Paperwork Reduction Act of 1995, “one of the principal requirements of the PRA is that organizations must have OMB approval before collecting information from the public (such as forms, general questionnaires, surveys, instructions, and other types of collections).” (http://www.usa.gov/webcontent/reqs_bestpractices/laws_regs/paperwork_reduction.shtml)

• Government Paperwork Elimination Act of 2002 “requires that, when practicable, federal organizations use electronic forms, electronic filing, and electronic signatures to conduct official business with the public, by 2003.” (http://www.usa.gov/webcontent/reqs_bestpractices/laws_regs/gpea.shtml)

What should we do in our organizations to reduce the paperwork?

According to Kriegel and Brandt, if paperwork doesn’t “add value to the customer, increase productivity, or improve morale,” then it should be eliminated.

From a User-centric EA perspective, we need to ask our users and stakeholders if they really need or want the paperwork we’re giving them, and if not we need to update our business processes and enable technology solutions to eliminate the legacy paper-based solutions. To some extent this is occurring already, in other cases, it is not. The more we become an information-based society, the more we need and crave information and some people don’t trust the technology or simply want a hard-copy to read or for their records. Paper is not a bad thing. It is a tried and true method of recordkeeping and communication, but when we have so much that we cannot even keep up with it, then it’s definitely time to reevaluate our true needs and go a little easier on our environment. Why chop down all those trees, for reports, proposals, print-outs, and projections that often just end up, unread in the round file (i.e. the garbage) anyway?

The Paperless Society and Enterprise Architecture

Internet Apocalypse and Enterprise Architecture

It is the 21^st century and we are a nation dependent on everything internet. We rely on the internet for communications, like email, text messaging, and even voice over IP. We also use the internet for getting news and information, social networking, storing and sharing blogs, videos, music, and photos, accessing various applications, shopping, and conducting financial transactions.

What happens if the internet is attacked or otherwise fails us?

This is the question asked in ComputerWorld, 21 January 2008: “If the internet goes down will you be ready?”

ComputerWorld states: “It’s likely that the internet will soon experience a catastrophic failure, a multiday outage that will cost the U.S. economy billions of dollars. Or maybe it isn’t likely. In any case, companies are not prepared for such a possibility.”

The Business Roundtable says: “The threat is ‘urgent and real.’ There is a 10% to 20% chance of a ‘breakdown of the critical information infrastructure’ in the next 1o years brought on by ‘malicious code, coding error, natural disaster, [or] attacks by terrorists and other adversaries.’”

What will be the effect of a major internet interruption?

“An internet meltdown would result in reduced productivity and profits, falling stock prices, erosion of consumer spending, and potentially a liquidity crisis.” It would disrupt our everyday ability to communicate, get and share information, work and conduct transactions. And let’s not forget the effect on the human psyche—there would be chaos.

Why have we not prepared ourselves adequately?

The Business Roundtable says that “business executives often fail to realize how dependent they have become on the public network—for email, collaboration, e-commerce, public-facing and internal Web sites, and information retrieval by employees.”

Where are we most vulnerable?

The Internet Corporation for Assigned Names and Numbers (ICANN) says that “the Internet is pretty robust at the physical layer. There are just too many alternate paths available. But the Internet is not so robust at other layers.” Hence, the risk of operating system failures, penetration by worms, and denial of service attacks.

Is there any reason for optimism?

The CIO of Yuma County, Arizona, reminds us that the Internet “having been based on the Arpanet [from DoD] and designed to keep functioning when pieces are broken, it seems less likely that the entire Internet would stop working.”

What can enterprises do to prepare for the worst?

Of course, all organizations need to fully address security concerns in terms of managerial, operational, and technical controls.

They need the best and brightest security personnel.

Additionally, they need to perform regular risk assessments, vulnerability testing, intrusion detection and prevention, back-up and recovery.

They need to have strict access controls, security awareness training of employees and contractors, and an IT security policy.

Our organizations need a comittment to continuity of operations planning (COOP).

ComputerWorld points out that the financial services sector is out in front in making preparations Here’s some of the architectural preparations that financial companies have undertaken:

• Dedicated networks—“set up dedicated networks independent of phone companies.”
• Guaranteed diverse routing—“negotiate more aggressively with communications companies to guarantee diverse routing.”
• Geographic dispersal—“separate data centers and communications centers more widely geographically.”

In general, enterprises need “diversity and redundancy” of communications.

Most importantly, we need to recognize the risks out there and prepare, prepare, prepare.

Internet Apocalypse and Enterprise Architecture

“National Innovation Strategy” and Enterprise Architecture

I believe most people would say that the United States is one of the most innovative countries in the world. And this in no small way has led to immense wealth creation for the people of this nation collectively.

If you think about most of the modern day conveniences we have, I believe the vast majority were innovated right here in the good ‘ol US of A. For example, think internet, computer, automobile, airplane, and so on.

Nevertheless many have argued that our innovativeness and engineering prowess has declined over the years.

One interesting news blog on CNET on 7 February 2008 calls for the need for a “national innovation strategy,” to get us out from being “stuck in ‘incrementalism.’”


The author, a former Harvard Business School professor, gives a number of reasons that we should be concerned about our innovativeness:

1. Inadequate public education system—this one is not new; people have complained for years about the state of public education in this country. And while the No Child Left Behind initiative has helped, the system is still not where it should be. As the author states, “the U.S. public education system does not adequately prepare students.”
2. Federal grant system—“inconsistent priorities and lacks funding.”
3. Overseas opportunities—“there are more opportunities for students and scientists in places outside the United States.”
4. Fewer doctorates (and engineers)—For example, “Finland has twice as many Ph.D.’s per capita as the U.S.”
5. It’s a free for all—“different countries have different models, ranging from heavy government direction like Finland, to the U.S. style ‘let ‘er rip” system that relies on bottom-up innovation…a better model is a hybrid that involves many parties, including government, academia, business, and entrepreneurs.”

While I agree that we face many problems in retaining our edge in innovation, I do believe that at heart we are a nation of innovators. And this is founded in republicanism, liberty, capitalism, and our market economy, where we are taught from birth that anyone can be anything (even the President of the United States).

Moreover, I have never seen a dearth of good ideas being talked about, but rather the shortage is perhaps more in the ability to execute on those than in the creative process itself.

Enterprise architecture is itself a discipline founded in creativity, and hence the structure of defining the baseline, looking outward and establishing a target state, and planning the transition. This does not have to be about incrementalism, but can in fact represent true enterprise innovation.

“National Innovation Strategy” and Enterprise Architecture

Adding Value and Enterprise Architecture

What is the value-add of enterprise architecture?

In Architecture and Governance Magazine, Volume 4 Issue 1, an article entitled, “Architecture Planning” addresses this issue.

The author proposes that EA must find a balance between the necessity to “build and populate an EA framework with the effort to provide effective project support.”

With the wrong balance of these, the author, states: “you end up with an ivory tower [initiative] that delivers no value, or with a project support service that makes project-level architecture decisions rather than taking into account the enterprise perspective.”

The article sums up: “to reiterate, the architecture plan needs to meet two objectives. One, deliver an EA; two, deliver value to projects.”

From my perspective, the two objectives presented are not accurate. It is not a choice or balance between building EA or adding project value—never! Rather, it is always about adding value.

EA is never done for EA’s sake. That is not an objective.

Everything that EA does is to add value—either by fulfilling insight or oversight needs of the organization.

1. Insight—EA provides valuable information products to end-users in terms of business and technical information. EA captures, analyzes, catalogues, and provides findings and recommendation, which is used to aid IT planning and governance, and decision-making.
2. Oversight—EA provides valuable governance services by conducting architectural reviews of IT projects, products, and standards, thereby enabling sound IT investment decisions and more successful project delivery.

The article proposes that the organization should “initiate two streams of work. One identifies the framework within which enterprise-level information will be captured and shared, and the second focuses on identifying the key areas of need for projects…[i.e.] the need to provide real value to projects”

However, I would suggest that the two streams of work are not developing the EA framework and the need to provide “real value” to projects, but rather that the EA program develop both information products and governance services--simultaneously, both of which benefit the end-users and add value to the enterprise.

Further, the information products and governance services are mutually reinforcing. Technical reviews, conducted as part of the governance services, feed valuable information to the EA information products. And information products are used to conduct the architectural reviews by providing the basis for aligning to and complying with the EA baseline, target, and transition plan.

Adding Value and Enterprise Architecture

Virgin Group and Enterprise Architecture

User-centric EA establishes the baseline architecture, identifies user requirements, establishes a target architecture, conducts a gap analysis, and develops a transition plan to move from the baseline to the target. In some organizations, these steps are distinct, clear, and sequential; in other enterprises, the transformation occurs more fluidly and in parallel.

Virgin Group is an example of the second type of User-centric EA.

“Virgin, a leading branded venture capital organisation, is one of the world's most recognised and respected brands. Conceived in 1970 by Sir Richard Branson, the Virgin Group has gone on to grow very successful businesses in sectors ranging from mobile telephony, to transportation, travel, financial services, leisure, music, holidays, publishing and retailing. Virgin has created more than 200 branded companies worldwide, employing approximately 50,000 people, in 29 countries. Revenues around the world in 2006 exceeded approx. $20 billion.” (http://www.virgin.com/)

Virgin is run by Richard Branson, a very dominant and visionary leader, who enables the rapid and fluid transformation of Virgin from one initiative to the next. Virgin is constantly identifying new opportunities and going after their targets, and they are not afraid to fail. Failure is viewed as part of being an innovative organization that seeks out new targets, ways of doing business, and new ventures.

The Wall Street Journal, 6 January 2008, provides an enlightening interview with Richard Branson with a callout of a quote as follows: “We’re not afraid of occasionally falling flat on our face.”

“Big-think is part of Mr. Branson’s M.O,” and transformation from current to target architectures is second nature for him.

“When he started Virgin Atlantic Airways, he was a 30-something music exec, and everyone thought he was crazy, including his own board of directors…eventually, Virgin Records, his first business, was sold to help support the growing airline… [and] the sales of his record company in 1992 came at the best possible time, just before the traditional music industry headed into a downward spiral that continues to this current day.”

Baseline architecture to identifying target architecture and successfully through transition—mission accomplished!

How is this enterprise architecture? Branson is planning and executing almost in parallel. He synthesizes business and technology and transforms his current organization to ever-greater endeavors.

For example, Virgin Group is now initiating “Virgin Galactic,” which “plans next year to begin taking tourists to the edge of space in a special aircraft.”

Now with the global credit crisis, Branson and Virgin are again on the EA prowl. They’ve identified Northern Rock (a UK mortgage lender) for possible acquisition. As Branson states, “In times of strife, there are certainly opportunities.”

Branson has set his sights on many other ventures—business, environmental, and philanthropic. In 1994, he launched Virgin Cola, going head-to-head with Coke. Recently, Virgin has committed $100M to their Green Fund for investment in alternate energy. “This year, he launched a service of health workers riding around on motorbikes in Africa to help build an elephant corridor in Kenya.”

Virgin is open to tackling the most difficult of problems. These include: finding ways to incentivize countries not to cut down rain forests, and creating massive inland lakes in Africa and Asia to deal with rising sea levels to prevent flooding and cool the earth, and fertilize deserts. These also include helping to counter climate change, and even, through a group called the Elders, to tackle world peace.

No target or plan is too big or far-fetched for Virgin, and it undertakes change with fluidity and grace. Virgin identifies the needs and opportunities to make a difference, establishes its target, and works creatively to transition to the target and achieve its goal. Failure at the margins is acceptable as long as the aspirations and successes loom large.

Virgin Group is a good example of EA performed fluidly and with great success.

Virgin Group and Enterprise Architecture

Organizational Blues and Enterprise Architecture

Organizations are like people, they have ups and downs. They have a beginning and an end (even as they transition or morph into something else). And somewhere in the middle or in numerous little points along the way, the organization/person experiences questioning, doubts, reevaluation or mere generally speaking, “the blues.”

The Wall Street Journal, 2-3 February 2008, has an editorial that describes “a massive American-British study of some two million souls throughout 80 counties confirming, empirically, that middle age immiserates us all without regard to income, culture, gender, marital status, or previous experience.”

The study demonstrates the “mood swing of life” with a “U-curve, in which mental stability and happiness bottoms out in our 40s and into our 50s. We then get more cheerful as we round the curve into the final stretch.”

What happens in mid-life crisis?

“Mid-life is a time when the mirage of life’s perfectibility and symmetry, as envisioned in one’s youth, come back to trouble you like a conscience…one might call it a last chance at happiness, or of “getting it right…the last opportunity to shape your fate before you have to accept it; a phase when you are suddenly taunted by the lives unlived.”

Not only people, but organizations go through mid-life crisis:

The stock market swoon of company’s stocks (representing their market values) is one gauge of their oft meteoric rise and death-defying falls. Just some recent examples of companies in the news today: Technology titans, Microsoft with an intraday low of $0.80 in 1986 and a high of $53.97 in 1999, and Yahoo $0.65 in 1996 and $125.031 in 2000, and both are slightly above or below $30 today. Another example, Starbucks has been off nearly 50% in the past year.

The rise and fall of enterprises is a reflection of their even changing environment. Life is not status quo. We are all tested, all the time. It is how we respond to those tests that determine where we go next.

How do we respond?

Some people respond to mid-life crisis by changing themselves, their jobs, careers, and even partners (some opt for the flashy red convertible sport car deluxe!). People are trying to remake themselves—for better or worse. Organizations do the same thing; they seek transformation, reengineering, and strategic change, and hence they undertake initiatives like Six Sigma, Total Quality Management, The Baldridge Award, Kaizen, and other varied change management endeavors (even enterprise architecture to an extent). We as people and organizations look in the mirror and realize that we cannot continue as we are if we are to survive and thrive to fight another day.

Organizational Blues and Enterprise Architecture

Web 3.0 and Enterprise Architecture

While the Web 1.0 is viewed as an information source, and Web 2.0 as participatory, Web 3.0 is envisioned as Semantic (or the Semantic Web).

MIT Technology Review, March 2007 reports in an article entitled “A Smarter Web” by John Borland that Web 3.0 will “give computers the ability—the seeming intelligence—to understand content on the World Wide Web.” The goals is to “take the web and make it …a system that can answer questions, not just get a pile of documents that might hold an answer.”

In The New York Times, November 2007, John Markoff defined Web 3.0 “as a set of technologies that offer efficient new ways to help computers organize and draw conclusions from online data.”

Not only individuals would benefit from the Semantic Web, but companies too that “are awash in inaccessible data on intranets, in unconnected databases, even on employees’ hard drives.” The idea is to bring the data together and make it useful.

Many of you have heard of the Dewey Decimal System for organizing information. Melvin “Dewey was no technologist, but the libraries of his time were as poorly organized as today’s Web. Books were often placed in simple alphabetical order, or even lined up by size…Dewey found this system appalling: order, he believed, made for smoother access to information.” (MIT Technology Review) Melvin Dewey developed in 1876 what became The Dewey Decimal System, a library classification attempts to organize all knowledge.” (Wikipedia) In the Dewey system, books on a similar subject matter are co-located aiding discovery and access to information.

MIT Technology Review contends that like Melvin Dewey, web browser and search engine companies, like Microsoft and Google, want to help consumers locate information more efficiently.

“By the mid-1990’s, the computing community as a whole was falling in love with the idea of metadata, a way of providing Web pages with computer-readable instruction or labels…metadata promised to add the missing signage. XML—the code underlying today’s complicated websites, which describes how to find and display content, emerged as one powerful variety.” The problem with this was that it was not a systematic way of labeling data, since each developer used “their own custom ‘tags’—as if different cities posted signs in related but mutually incomprehensible dialects.”

In 1999, the World Wide Web Consortium (W3C) came up with the Resource Description Framework (RDF) for locating and describing information. Since then the vision has been for “a web that computers could browse and understand much as humans do…analogous to creating detailed road signs that cars themselves could understand and upon which they could act,” independent of human action. However, the obstacles remain for how to create ontologies that everyday busy people would use to relate data across the web—data that is currently described in myriad number of ways today—so that computers could then read and understand the data.

A second area of doubt on the realism of a Semantic Web is whether computers can truly understand the intricacies (or connotations) of human language. For example, can a computer realistically make sense of a word like marriage that can have subtle distinctions of “monogamy, polygamy, same-sex relationships, and civil unions?”

Despite the perceived obstacles, many remain not only fixated, but enamored with the notion of a Semantic Web that can not only provide amazing amounts of information, but also, like a human being, is able to analyze the data holistically, and provide actionable artificial intelligence (AI).

To enterprise architects, the Semantic Web (or Web 3.0) would be an incredible leap forward enabling organizations and individuals to get more intelligence from the web, be more productive, and ultimately provide for more efficient and effective business processes, supported by a higher order of computing enablement. Additionally, for enterprise architects themselves that deal with inordinate amounts of business and technical data—structured and unstructured—Web 3.0 technologies and methods for better mining and analyzing the data would be a welcome capability for advancing the discipline.

Web 3.0 and Enterprise Architecture

SOA, Data Management and Enterprise Architecture

Often I hear business and IT people say that Service Oriented Architecture (SOA) is the way ahead to achieve greater interoperability of systems, process integration, and business efficiency in the enterprise. Usually, this is quickly followed by discussion about rolling out the Enterprise Service Bus (ESB). However, very infrequently do I hear discussion about the necessary data architecture to achieve the vision of SOA.

Stephen Lahanas has an interesting article, “Enable SOA Transformation and Cross-Domain Data Fusion” in DM Review Magazine, January 2008 that addresses the importance of Data Management to SOA. (http://www.dmreview.com/issues/2007_43/10000444-1.html)

“While SOA has long considered universal description, discovery and integration (UDDI) as its primary discoverability mechanism, the reality is that nearly all integration with an SOA environment is based upon data exchange and will ultimately be demonstrated through data exploitation interfaces (agile BI). Once SOA architects fully realize the implications of this revelation, then agile data architecture will become the facilitating mechanism for cross-domain data fusion and enterprise integration.

Mr. Lahanas provides four fundamental elements for building an agile data architecture, as follows:

1. Actionable enterprise architecture—“a tangible way to connect architecture layers (EA, segment and implementation) and perspectives (application, process, data). One of the main reasons that large integration projects fail is due to the inability to successfully map the various architectures within a meaningful combined picture. Every agile data architecture begins here.”
2. Federated data orchestration—“allow data owners to collaboratively manage resources across domains based upon a shared set of rules rather than a shared single data model. This is an excellent example of a user-centric approach. One of the major shortcomings of massive data warehouse projects has been the lost connections between users and developers and resulting data integrity issues.
3. Enterprise Master Data Management—“Metadata is not just a technical consideration; it can define productivity in our knowledge economy.”
4. Agile Business Intelligence—“A new generation of BI capabilities is bringing user control to more sophisticated report generation tools with much more accurate results… Based upon user queries and activities, we gather metadata, optimize caches and determine cross-domain mapping strategies.”

Two ideas that I particularly like in Stephen’s article are:

1. Linkage of SOA to Data Architecture—“Agile data architecture is a parallel and complementary design philosophy and methodology to SOA and agile application development. Both can be mapped together within the larger actionable enterprise architecture.”
2. Focus on User-centricity—“User-centricity is the primary motivating force behind the development of all agile solutions. The user provides:

• Immediacy – the desire for near-term real-world capability.
• Relevance and context.
• Performance expectations.
• Direction, domain knowledge and the logic behind every solution.”

In developing SOA, we cannot forget the necessity of building a meaningful data architecture that facilitates the discovery and exchange of data via SOA and ESB. Further, all our architecture and IT solutions must be user-centric if they are to be relevant and effective to the enterprise’s end-users.

SOA, Data Management and Enterprise Architecture

Simplification and Enterprise Architecture

Enterprise architecture seeks to simplify organizational complexity through both business processes reengineering and technology enablement. Technology itself is simplified through standardization, consolidation, interoperability, integration, modernization, and component reuse.

Harvard Business Review, December 2007, reports on simplifying the enterprise.

“Large organizations are by nature complex, but over the years circumstances have conspired to add layer upon layer of complexity to how businesses are structured and managed. Well-intentioned responses to new business challenges—globalization, emerging technologies, and regulations…--have left us with companies that are increasingly ungovernable, unwieldy, and underperforming. In many more energy is devoted to navigating the labyrinth than to achieving results.”

Having worked for a few large organizations myself, I can “feel the pain.” Getting up to 8 levels of signature approval on routine management matters is just one such pain point.

What causes complexity?

“Complexity is the cumulative byproduct or organizational changes, big and small that over the years weave complications (often invisibly) into the ways that work is done.”

What is sort of comical here is that the many change management and quality processes that are put in place or attempted may actually do more harm than good, by making changes at the fringes—rather than true simplification and process reengineering at the core of the enterprise.

Here is a checklist for cutting complexity out of your organization:

• “Make simplification a goal, not a virtue—include simplicity…[in] the organization’s strategy; set targets for reducing complexity; create performance incentives that reward simplicity.
• Simplify organizational structure—reduce levels and layers…consolidate similar functions.
• Prune and simplify products and services—employ product portfolio strategy; eliminate, phase out, or sell low-value products; counter feature creep.
• Discipline business and governance processes—create well-defined decision structures (councils and committees); streamline operating processes (planning, budgeting, and so on).
• Simplify personal patterns—counter communication overload; manage meeting time; facilitate collaboration across organizational boundaries.”

Leading enterprise architecture and IT governance for a number of enterprises has shown me that these initiatives must be focused on the end-user and on simplifying process and improving results, rather than creating more unnecessary complexity. The chief architect needs to carefully balance the need for meaningful planning, helpful reviews, and solid documentation and an information repository with simplifying, streamlining, consolidating, reengineering, and facilitating an agile, nimble, and innovative culture.

Simplification and Enterprise Architecture

IT Consolidation adds Up To Cost Savings and Enterprise Architecture

For CIOs, one of the secrets of the trade for building cost efficiency is consolidation of IT assets, such as data centers and help desks. Of course, to accomplish this you need to executive commitment and user buy-in.

The Wall Street Journal, 29 January 2008, reports that “H-P Hits Snag in Quest for Savings through System Consolidation.”

“Since July 2005 [the Compaq merger]…the firm [HP] has been in a project to cut the number of computer program is uses by more than half [from 6000 to 1600], and reduce the number of its data centers…to six from 85.”

Have the benefits of consolidation been documented?

In a survey of 1500 CIOs by Gartner last year, “reducing costs through IT consolidation and other means is one of their top ten priorities.”

Further, according to Forrester Research, “the benefits can be significant” In a survey, last fall, of eight companies that consolidated IT, “nearly all ‘lowered …overall operational costs by at least 20%.’”

What are some of the critical success factors?

1. User buy-in—“vice president often aren’t used to taking order from the chief information officer on what computer programs they can use. ‘It’s about politics.’” The way to get around this and develop buy-in is to set the targets with the CEO and CFO, but let the users decide which systems to keep and which to fold into the consolidation.
2. Executive commitment— “The solution is to get management support from the top. ‘Getting the CEO lined up is hard, and that’s the key person.’” At HP the CEO “threatened some with termination” that didn’t follow along with his commitment to consolidate.

From a User-centric EA perspective, IT standardization, consolidation, and cost efficiency are important goals. Of course, this needs to be done in the context of developing a sound, secure, reliable, state-of-the-art IT infrastructure. Achieving cost effectiveness must involve building enterprise solutions, merging disparate data centers and help desks, consolidated purchasing, and otherwise standardizing products and streamlining operations. Of course, user buy-is a prerequisite when using a User-centric EA approach.

IT Consolidation adds Up To Cost Savings and Enterprise Architecture

Governance and Enterprise Architecture

Enterprise architecture is critical to effective IT governance. EA establishes the baseline and target architectures and the transition plan and enforces these through the EA Board, who conducts technical reviews of proposed new IT projects, products, and standards. EA guides the organization to performance results, business-technology alignment, information sharing and accessibility, systems interoperability and component reuse, technology standardization and simplification, and security, including confidentiality, integrity, availability, and privacy. In short, EA ensures information transparency of business and technology to enhance organizational decision-making.

But what happens when organizational governance, whether EA governance or corporate boards, that is supposed to ensure transparency, does not?

The Wall Street Journal, 14 January 2008, reports “Why CEOs Need to Be Honest with Their Boards.”

“People who have spent time in corporate boardrooms say honest communication is often lacking between CEOs and their fellow directors. ‘Communication and transparency being a problem is more the rule rather than the exception.’”

Sometimes this makes headlines, such as when CEOs conduct activities without informing or getting permission from their directors, such as:

1. Backdating stock options
2. Holding merger and acquisition talks
3. Trying to solve problems independently that need to be vetted

“‘Many times it’s the thing not said, or overly optimistic positioning that gets CEOs in trouble’…as leaders, they want to take charge and inspire confidence, even when things are turning sour. But that instinct can lead them to be less than forthcoming about problems—which can snowball into severe tensions with directors.”

CEOs who do not keep their board up-to-date do so at their own peril—“In 2006, 31.9% of CEOs who stepped down world-wide did so due to conflicts with the board…the forced departures were ‘nearly always because of transparency issues...[this leads to a] slow deterioration of trust, so the termination is generally packaged as a ‘loss of confidence.’”

Things have definitely changed in the relationship between boards and CEOs─ “‘There used to be a bright, clear line: We, the management made the decision and they, the board, reviewed and approved those decisions”…that bright, clear line has gotten really fuzzy now.”

Why does the CEO resist this transparency with the board?

“It’s the CEO’s job to ‘put a good face on things to mobilize and drive the changes that any company needs going forward…this requires inspiring people and giving them confidence that if you only make this last push you will get there.” CEO’s don’t want to admit that things are not progressing as expected. They don’t want to concede that they don’t have all the answers.

What’s the lesson here for User-centric EA?

We can’t think that we have all the answers. Collaboration, vetting, and information transparency is critical to enabling better decision-making. Whether information transparency is coming from EA to business and technical information stakeholders or from the CEO to his board of directors, information transparency inspires trust and “breeds self-correcting behavior” (as the U.S. Coast Guard Commandant often reminds us). Hiding problems, being overly optimistic or self-reliant, or working in stealth are not the cornerstones for good enterprise governance. Rather, openness and frankness about program, projects, products, and plans (EA or otherwise) enables good governance. Hearing opposing points of views leads to better decision-making. Even if it is sometimes painful to hear or slows down the process some; a little enterprise introspection goes a long way to improving the end result.

Governance and Enterprise Architecture

Peer-to-Peer and Enterprise Architecture

Peer-to-peer (P2P)—“computer network uses diverse connectivity between participants in a network and the cumulative bandwidth of network participants rather than conventional centralized resources where a relatively low number of servers provide the core value to a service or application. Peer-to-peer networks are typically used for connecting nodes via largely ad hoc connections. Such networks are useful for many purposes. Sharing content files (see file sharing) containing audio, video, data or anything in digital format is very common, and realtime data, such as telephony traffic, is also passed using P2P technology. A pure peer-to-peer network does not have the notion of clients or servers, but only equal peer nodes that simultaneously function as both "clients" and "servers" to the other nodes on the network. This model of network arrangement differs from the client-server model where communication is usually to and from a central server. A typical example for a non peer-to-peer file transfer is an FTP server where the client and server programs are quite distinct, and the clients initiate the download/uploads and the servers react to and satisfy these requests… Peer-to-peer architecture embodies one of the key technical concepts of the Internet” (Wikipedia)

CNET news, 24 January 2008, reports that P2P technology is important for reducing network traffic and speeding up downloads from the web.

How does P2P help users?

P2P as a “distributed model is much more efficient and cost effective for distributing large files on the internet, than the traditional client-server model.”

P2P for media distribution helps companies so that they “don’t have to spend millions of dollars building out their own server farms and high-speed infrastructure.”

How does P2P work?

“P2P leverages “peers” in the network to host pieces of content…P2P allows the file to be downloaded once and shared many times. In fact, distribution gets more efficient the more people who want the file.”

What is the next target architecture for P2P?

“The P2P solution adds network intelligence to the peering process, so that P2P applications can make smarter decisions about where they get the content…if a P2P service can understand how the network is configured to request the file at the closest peers rather than arbitrarily getting it from a peer across the country or around the globe, it could save a log of network resources…what’s more, using peers that are closer also helps files download faster.”

From a User-centric EA perspective, the ability to use bandwidth more efficiently and to download files faster is a positive development for satisfying user needs for transport of ever greater amounts of data, voice, and video over the internet. Moreover, as the technologies for carrying these converge, we will continue to see even greater requirements to move these communications more efficiently and effectively. P2P is a viable technology for accomplishing this.

Peer-to-Peer and Enterprise Architecture

Intrusion-Prevention Systems and Enterprise Architecture

Firewalls have traditionally been used to “wall off” the enterprise from computer attack, but now intrusion-prevention systems are augmenting the organization’s defenses.

The Wall Street Journal, 28 January 2008 reports that “intrusion prevention systems promise an even smarter defense” than firewalls.

Firewalls are intended to keep intruders out. However, because certain traffic, such as email, needs to get through, holes or open ports allow in traffic that can carry viruses or malware into the network.

Intrusion-prevention systems work differently—they don’t wall off the enterprise networks like firewalls, but rather like a metal detector, they filter or scan every piece of traffic entering the organization for suspicious activity, and reject any item that is identified as a threat.

According to Wikipedia, Intrusion prevention systems (IPS)... [are] a considerable improvement upon firewall technologies, IPS make access control decisions based on application content, rather than IP address or ports as traditional firewalls had done.

Intrusion-prevention systems can be hardware that is physically attached to the network or software that is loaded onto individual computers.

Are intrusion-prevention systems really necessary?

Yes. “According to the Computer Security Institute 2007 Computer Crime and Security Survey, the average annual loss suffered by U.S. companies from computer crime more than doubled last year to $350,424 from $168,000 in 2006. And these reported losses tend to underestimate the number of attacks.”

Gartner analyst recommends antivirus on PCs and an intrusion –prevention system on the network.

Are there any problems with intrusion-prevention systems?

One of the biggest issues is false positives, which if not adjusted for will block desired incoming traffic. One way to handle this is to use the intrusion-prevention system to “detect threats and flag them,” rather than simply block them altogether. Additionally, the organization can adjust the filters that they may not need. This is the tuning required to ensure performance in terms of network speed and an appropriate level of filtering.

If your organization is not using an intrusion-prevention system, this is something your enterprise architecture needs to plan for and implement ASAP.

Intrusion-Prevention Systems and Enterprise Architecture

HSPD-12 and Enterprise Architecture

Homeland Security Presidential Directive 12, 27 August 2004, is a “Policy for a Common Identification Standard for Federal Employees and Contractors.”

HSPD-12 establishes a mandatory, Government-wide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors (including contractor employees).

The policy mandates promulgation and implementation of secure, reliable identification that covers Federally controlled facilities, Federally controlled information systems, and other Federal applications that are important for security. "Secure and reliable forms of identification" for purposes of this directive means identification that (a) is issued based on sound criteria for verifying an individual employee's identity; (b) is strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation; (c) can be rapidly authenticated electronically; and (d) is issued only by providers whose reliability has been established by an official accreditation process. The Standard will include graduated criteria, from least secure to most secure, to ensure flexibility in selecting the appropriate level of security for each application.”

In Government Computer News, 27 October 2007, Jack Jones, the CIO of the National Institute of Health (and Warren Suss, contractor) discuss how NIH leveraged the mandates of HSPD-12 to not only implement the common identification standard for more than 18,000 federal employees [and another 18,000 part time employees, contractors, fellows, and grant reviewers] on its main campus in Bethesda, Md., and at satellite sites nationwide,” but also modified and improved it's business processes to ensure a holistic and successful architectural implementation.

What business modifications were involved?

“HSPD-12 was a catalyst for change at the institutes. The NIH Enterprise Directory (NED), which automated the process for registering and distributing badges to new NIH employees, needed to be revised to comply with HSPD-12...the conversation led to a re-examination of the broader set of processes involved in bringing a new employee onboard. In addition to registering new employees and issuing badges, NIH, like other federal agencies, must assign e-mail addresses, add new employees to multiple agency mailing lists, order new phones, assign new phone numbers and update the phone directory.”

How did NIH address this using enterprise architecture?

“NIH changed its enterprise architecture through a formal, facilitated business modeling process that involved all NIH stakeholder groups. The results included clarifications in the policies and procedures for processing new employees along with the transformation of NED into a significantly improved tool to support better communication and collaboration in the broad NIH community.”

From a User-centric EA perspective, this is a great example of EA supporting successful organizational change. NIH, like other federal agencies, was faced with the mandates of HSPD-12, and rather than just go out and procure a new system to meet the requirement, NIH used EA as a tool to look at its entire process for provisioning for new employees including policy. NIT EA modeled it business processes and made necessary modifications, and ensured a successful implementation of the identification system that is supported by sound business process and policy. Additionally, the CIO and the EA did not do this in some ivory tower, but rather in a collaborative “workshops with NIH stakeholder groups”. This collaboration with stakeholders hits on the essence of what User-centric EA is all about and how powerful it can be.

HSPD-12 and Enterprise Architecture

Breakthrough Thinking and Enterprise Architecture

Breakthrough thinking is at the heart of great enterprise architecture. Incremental improvements in the organization are one thing, but dramatic breakthroughs that take an organization to a whole new level is what EA dreams are made of.

Harvard Business Review (HBR), December 2007, reports on how to achieve this breakthrough in thinking.

Firstly, HBR contends that brainstorming does not work for a few reasons:

1. No structure—“most people are not very good at unstructured, abstract brainstorming.” Outside the box thinking is too vague for people to really get their arms around the problem and provide concrete solutions.
2. Data analysis is constrained—“slicing the data in new ways—almost always produces only small to middling insights…the contents of every database are structured to correspond to insights that are already recognized, not the ones that aren’t.”
3. Customer requirements can’t tell the whole story—customers “can rarely tell you whether they need or want a product that they have never seen or imagined."

So what do you do to get breakthrough thinking?

The approach “takes a middle path between the two extremes of boundless speculation and quantitative data analysis.

For example, “one question that can generate insights in any business is, “what is the biggest hassle about using or buying our product or service that people unnecessarily tolerate without knowing it?”

When you ask questions that create new boxes to think inside, you can prevent people from getting lost in the cosmos and give them a basis for making and comparing choices and for knowing whether they’re making progress.”

Here are some questions that drive breakthrough thinking:

• “What is the biggest hassle about using or buying our product or service that people unnecessarily tolerate without knowing it?”
• “How would our product change if it were tailored for every customer?”
• “Which customers use or purchase our product in the most unusual way?”
• “Who uses our product in ways we never expected or intended?”
• “Who else is dealing with the same generic problem as we are but for an entirely different reason? How have they addressed it?”
• “Which technologies embedded in our product have changed the most since the product was last redesigned?”

“The most fertile questions focus the mind on a subset of possibilities that differ markedly from those explored before, guiding people to valuable overlooked corners of the universe of possible improvements.”

From a participant’s standpoint, do the following to encourage breakthrough thinking.

1. Selection—“select participants who can product original insights.”
2. Engagement—“ensure that everyone is fully engaged;” provide incentives as appropriate. People are competitive by nature and a little competition can go a long way to idea generation.
3. Group size—break the participants into groups of around four, since that group size encourages everyone to participate and not hide-out.
4. Focus—set boundaries using preselected questions; “don’t worry about stifling creativity. It is precisely such boundaries…that will channel their creativity.”
5. Results—At the end of the brainstorming, “narrow the list of ideas to the ones you will seriously investigate…nothing is more deflating to the participants of a brainstorming session than leaving at the end with no confidence that anything will happen as a result of their efforts.”

From a User-centric EA perspective, what better way to serve the users than by thinking how to serve them better with improved products and services? The chief enterprise architect should facilitate breakthrough thinking to create the target architecture and transition plan for the enterprise.

Breakthrough Thinking and Enterprise Architecture