January 30, 2008

Peer-to-Peer and Enterprise Architecture

Peer-to-peer (P2P)—“computer network uses diverse connectivity between participants in a network and the cumulative bandwidth of network participants rather than conventional centralized resources where a relatively low number of servers provide the core value to a service or application. Peer-to-peer networks are typically used for connecting nodes via largely ad hoc connections. Such networks are useful for many purposes. Sharing content files (see file sharing) containing audio, video, data or anything in digital format is very common, and realtime data, such as telephony traffic, is also passed using P2P technology. A pure peer-to-peer network does not have the notion of clients or servers, but only equal peer nodes that simultaneously function as both "clients" and "servers" to the other nodes on the network. This model of network arrangement differs from the client-server model where communication is usually to and from a central server. A typical example for a non peer-to-peer file transfer is an FTP server where the client and server programs are quite distinct, and the clients initiate the download/uploads and the servers react to and satisfy these requests… Peer-to-peer architecture embodies one of the key technical concepts of the Internet” (Wikipedia)

CNET news, 24 January 2008, reports that P2P technology is important for reducing network traffic and speeding up downloads from the web.

How does P2P help users?

P2P as a “distributed model is much more efficient and cost effective for distributing large files on the internet, than the traditional client-server model.”

P2P for media distribution helps companies so that they “don’t have to spend millions of dollars building out their own server farms and high-speed infrastructure.”

How does P2P work?

“P2P leverages “peers” in the network to host pieces of content…P2P allows the file to be downloaded once and shared many times. In fact, distribution gets more efficient the more people who want the file.”

What is the next target architecture for P2P?

“The P2P solution adds network intelligence to the peering process, so that P2P applications can make smarter decisions about where they get the content…if a P2P service can understand how the network is configured to request the file at the closest peers rather than arbitrarily getting it from a peer across the country or around the globe, it could save a log of network resources…what’s more, using peers that are closer also helps files download faster.”

From a User-centric EA perspective, the ability to use bandwidth more efficiently and to download files faster is a positive development for satisfying user needs for transport of ever greater amounts of data, voice, and video over the internet. Moreover, as the technologies for carrying these converge, we will continue to see even greater requirements to move these communications more efficiently and effectively. P2P is a viable technology for accomplishing this.


January 29, 2008

Intrusion-Prevention Systems and Enterprise Architecture

Firewalls have traditionally been used to “wall off” the enterprise from computer attack, but now intrusion-prevention systems are augmenting the organization’s defenses.

The Wall Street Journal, 28 January 2008 reports that “intrusion prevention systems promise an even smarter defense” than firewalls.

Firewalls are intended to keep intruders out. However, because certain traffic, such as email, needs to get through, holes or open ports allow in traffic that can carry viruses or malware into the network.

Intrusion-prevention systems work differently—they don’t wall off the enterprise networks like firewalls, but rather like a metal detector, they filter or scan every piece of traffic entering the organization for suspicious activity, and reject any item that is identified as a threat.

According to Wikipedia, Intrusion prevention systems (IPS)... [are] a considerable improvement upon firewall technologies, IPS make access control decisions based on application content, rather than IP address or ports as traditional firewalls had done.

Intrusion-prevention systems can be hardware that is physically attached to the network or software that is loaded onto individual computers.

Are intrusion-prevention systems really necessary?

Yes. “According to the Computer Security Institute 2007 Computer Crime and Security Survey, the average annual loss suffered by U.S. companies from computer crime more than doubled last year to $350,424 from $168,000 in 2006. And these reported losses tend to underestimate the number of attacks.”

Gartner analyst recommends antivirus on PCs and an intrusion –prevention system on the network.

Are there any problems with intrusion-prevention systems?

One of the biggest issues is false positives, which if not adjusted for will block desired incoming traffic. One way to handle this is to use the intrusion-prevention system to “detect threats and flag them,” rather than simply block them altogether. Additionally, the organization can adjust the filters that they may not need. This is the tuning required to ensure performance in terms of network speed and an appropriate level of filtering.

If your organization is not using an intrusion-prevention system, this is something your enterprise architecture needs to plan for and implement ASAP.


January 28, 2008

HSPD-12 and Enterprise Architecture

Homeland Security Presidential Directive 12, 27 August 2004, is a “Policy for a Common Identification Standard for Federal Employees and Contractors.”

HSPD-12 establishes a mandatory, Government-wide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors (including contractor employees).

The policy mandates promulgation and implementation of secure, reliable identification that covers Federally controlled facilities, Federally controlled information systems, and other Federal applications that are important for security. "Secure and reliable forms of identification" for purposes of this directive means identification that (a) is issued based on sound criteria for verifying an individual employee's identity; (b) is strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation; (c) can be rapidly authenticated electronically; and (d) is issued only by providers whose reliability has been established by an official accreditation process. The Standard will include graduated criteria, from least secure to most secure, to ensure flexibility in selecting the appropriate level of security for each application.”

In Government Computer News, 27 October 2007, Jack Jones, the CIO of the National Institute of Health (and Warren Suss, contractor) discuss how NIH leveraged the mandates of HSPD-12 to not only implement the common identification standard for more than 18,000 federal employees [and another 18,000 part time employees, contractors, fellows, and grant reviewers] on its main campus in Bethesda, Md., and at satellite sites nationwide,” but also modified and improved it's business processes to ensure a holistic and successful architectural implementation.

What business modifications were involved?

HSPD-12 was a catalyst for change at the institutes. The NIH Enterprise Directory (NED), which automated the process for registering and distributing badges to new NIH employees, needed to be revised to comply with HSPD-12...the conversation led to a re-examination of the broader set of processes involved in bringing a new employee onboard. In addition to registering new employees and issuing badges, NIH, like other federal agencies, must assign e-mail addresses, add new employees to multiple agency mailing lists, order new phones, assign new phone numbers and update the phone directory.”

How did NIH address this using enterprise architecture?

NIH changed its enterprise architecture through a formal, facilitated business modeling process that involved all NIH stakeholder groups. The results included clarifications in the policies and procedures for processing new employees along with the transformation of NED into a significantly improved tool to support better communication and collaboration in the broad NIH community.”

From a User-centric EA perspective, this is a great example of EA supporting successful organizational change. NIH, like other federal agencies, was faced with the mandates of HSPD-12, and rather than just go out and procure a new system to meet the requirement, NIH used EA as a tool to look at its entire process for provisioning for new employees including policy. NIT EA modeled it business processes and made necessary modifications, and ensured a successful implementation of the identification system that is supported by sound business process and policy. Additionally, the CIO and the EA did not do this in some ivory tower, but rather in a collaborative “workshops with NIH stakeholder groups”. This collaboration with stakeholders hits on the essence of what User-centric EA is all about and how powerful it can be.


January 27, 2008

Breakthrough Thinking and Enterprise Architecture

Breakthrough thinking is at the heart of great enterprise architecture. Incremental improvements in the organization are one thing, but dramatic breakthroughs that take an organization to a whole new level is what EA dreams are made of.

Harvard Business Review (HBR), December 2007, reports on how to achieve this breakthrough in thinking.

Firstly, HBR contends that brainstorming does not work for a few reasons:

  1. No structure—“most people are not very good at unstructured, abstract brainstorming.” Outside the box thinking is too vague for people to really get their arms around the problem and provide concrete solutions.
  2. Data analysis is constrained—“slicing the data in new ways—almost always produces only small to middling insights…the contents of every database are structured to correspond to insights that are already recognized, not the ones that aren’t.”
  3. Customer requirements can’t tell the whole story—customers “can rarely tell you whether they need or want a product that they have never seen or imagined."

So what do you do to get breakthrough thinking?

The approach “takes a middle path between the two extremes of boundless speculation and quantitative data analysis.

For example, “one question that can generate insights in any business is, “what is the biggest hassle about using or buying our product or service that people unnecessarily tolerate without knowing it?”

When you ask questions that create new boxes to think inside, you can prevent people from getting lost in the cosmos and give them a basis for making and comparing choices and for knowing whether they’re making progress.”

Here are some questions that drive breakthrough thinking:

  • “What is the biggest hassle about using or buying our product or service that people unnecessarily tolerate without knowing it?”
  • “How would our product change if it were tailored for every customer?”
  • “Which customers use or purchase our product in the most unusual way?”
  • “Who uses our product in ways we never expected or intended?”
  • “Who else is dealing with the same generic problem as we are but for an entirely different reason? How have they addressed it?”
  • “Which technologies embedded in our product have changed the most since the product was last redesigned?”
“The most fertile questions focus the mind on a subset of possibilities that differ markedly from those explored before, guiding people to valuable overlooked corners of the universe of possible improvements.”

From a participant’s standpoint, do the following to encourage breakthrough thinking.

  1. Selection—“select participants who can product original insights.”
  2. Engagement—“ensure that everyone is fully engaged;” provide incentives as appropriate. People are competitive by nature and a little competition can go a long way to idea generation.
  3. Group size—break the participants into groups of around four, since that group size encourages everyone to participate and not hide-out.
  4. Focus—set boundaries using preselected questions; “don’t worry about stifling creativity. It is precisely such boundaries…that will channel their creativity.”
  5. Results—At the end of the brainstorming, “narrow the list of ideas to the ones you will seriously investigate…nothing is more deflating to the participants of a brainstorming session than leaving at the end with no confidence that anything will happen as a result of their efforts.”

From a User-centric EA perspective, what better way to serve the users than by thinking how to serve them better with improved products and services? The chief enterprise architect should facilitate breakthrough thinking to create the target architecture and transition plan for the enterprise.


January 26, 2008

Doomsday and Enterprise Architecture

Enterprise architecture is about planning and transitioning from the baseline to the target state.

However, as architects, there are times when we need to plan for the worst and hope for the best, as the saying goes.

As the price of oil has reached and exceeded $100 a barrel and significant new findings of oil are becoming a rarity, some people are starting to get nervous and are planning for a day when oil will be scarce, pricey, and society as we have come to know will cease to exist. Yikes, doomsday!

Are these people simply uninformed, pessimists, or non-believers that technological progress will outpace the demands we are placing on this planet’s resources?

The Wall Street Journal, 26 January 2008, reports about everyday people, like the Aaron Wissner in Middleville, Michigan, a school computer teacher with a wife and infant son, who became “peak-oil aware.” This term refers to his “embracing the theory that world’s oil production is about to peak.

These people fear the worst; “Oil supplies are dwindling just as world demand soars. The result: oil prices ‘will skyrocket, oil dependent economies will crumble, and resource wars will explode.’” Mr. Wissner’s forebodings include, “banks faltering” and “food running out.”

And they believe that we cannot stop this from happening. “no techno-fix was going to save us. Electric cars, biodiesel, nuclear power, wind and solar—none of it will cushion the blow.”

So Mr. Wissner and his family are preparing and transitioning themselves for the worst, they “tripled the size of his garden…stacked bags of rice in his new pantry, stashed gold…and doubled the size of his propane tank.”

According to the article there are thousands of people that adhere to the peak-oil theory.

Of course, there are many doomsday scenarios out there that end in war, famine, disease, and so on. During the cold war, people built bomb shelters in their back yards, and school children had drills hiding under their desks. These days, many fear that globalization will drive this country to economic ruin. Al Gore and other environmentalists espouse the global warming theory. And since 9/11, fears are heightened about terrorists hitting us with nuclear, biological, chemical, or radiological agents. Even Hollywood has entered the fray with movies such as Armageddon about meteors hitting the Earth or The Day After Tomorrow with the greenhouse effect sending us back to the ice-age.

Whether you adhere with any of these various doomsday scenarios or visions of the future (their believed target architecture, not necessarily their desired one) and how they are preparing (transitioning) to it or you think they are just a bunch of nut-balls, it seems important as an enterprise architect to recognize that targets are not always rosy pictures of growth and prosperity for an organization, and the transition plans are not always a welcome and forward movement. Sometimes as architects, we must plan for the worst--hoping, of course that it never comes--but never-the-less preparing, the best we can. As architects, we don’t have to put all the enterprise’s eggs in one basket. We can weigh the odds and invest accordingly in different scenarios. Our organization’s resources are limited, so we must allocate resources carefully and with forethought. Of course, no architecture can save us from every catastrophe.


January 25, 2008

Big Brother is Watching and Enterprise Architecture

The enterprise architecture for law enforcement and security in the next decade will be focused on using technology to identify the bad guys and stop them in their tracks.
ComputerWorld, 14 January 2008, reports that “Homeland Security is bankrolling futuristic technology to nab terrorists before they strike.”
Here’s the target architecture:
“The year is 2012 [probably a bit optimistic on the date]. As soon as you walk into the airport, the machines are watching. Are you a tourist—or a terrorist posing as one? As you answer a few questions at the security checkpoint, the systems begin sizing you up. An array of sensors—video, audio, laser, infrared—feeds a stream of real-time data about you to a computer that uses specially developed algorithms to spot suspicious people. The system interprets your gestures and facial expressions, analyzes your voice and virtually probes your body to determine your temperature, heart rate, respiration rate, and other physiological characteristics—all in an effort to determine whether you are trying to deceive. Fail the test, and you’ll be pulled aside for a more aggressive interrogation and searches.”
Last July, The Department of Homeland Security, “human factors division asked researchers to develop technologies to support Project Hostile Intent, an initiative to build systems that automatically identify and analyze behaviors and physiological cues associated with deception.”

The intent is to use these screening technologies at airports, border crossings, as well as possibly in the private sector for building access control and candidate screening.
Sharla Rausch, director of DHS’s human factors division says that “in controlled lab setting, accuracy rates are in the range of 78% to 81%.”
Where is the current research focused?
  1. Recognition of gestures and microfacial expressions
  2. Analysis of variations in speech (i.e. pitch, loudness)
  3. Measurement of physiological characteristics
The hope is that by combining all three modalities, “the overall predictive accuracy rate” will improve.
What are some of the challenges with these technologies?
  1. Currently, too many false positives
  2. Existing technologies, like the polygraph have “long been questioned by scientists…and remain inadmissible in court.”
  3. Ability of algorithms to “correctly interrupt” suspicious behavior or cues
  4. Profiling is continuously objected too based on discriminatory grounds
  5. Privacy concerns about the personal data collected
  6. Testing is limited by security concerns in the field
  7. Deployment will be limited due to cost, leaving soft targets potentially at risk
Will this Big Brother screening technology come to fruition?
Absolutely. The challenges with the technologies will be resolved, and putting aside the profiling and privacy issues, these screening technologies will become essential to our protecting ourselves.


January 24, 2008

Creative Capitalism and Enterprise Architecture

CNET News, 24 January 2008 reports that Bill Gates calls for creative capitalism “in a speech Thursday at the World Economic Forum in Davos, Switzerland, Gates is calling on companies to think more broadly about how their products can benefit society.”

What is creative about creative capitalism?

For the last 500 hundred years or so, capitalism was considered the creative economic system based on private ownership of capital, a free enterprise, and a market economy. Capitalism was the economic “light unto the nations,” while socialism, an economic system, based on state ownership of capital and a managed economy, was deemed as inefficient and almost totalitarian in nature.

Capitalism generally refers to an economic and social system in which the means of production are predominantly privately owned and operated, and in which investments, distribution, income, production and pricing of goods and services are determined through the operation of a market economy. It is usually considered to involve the right of individuals and groups of individuals acting as "legal persons" or corporations to trade capital goods, labor, land and money. Capitalist economic practices became institutionalized in Europe between the 16th and 19th centuries, although some features of capitalist organization existed in the ancient world, and early forms of merchant capitalism flourished during the Middle Ages. Capitalism has been dominant in the Western world since the end of feudalism, It gradually spread from Europe, particularly from Britain, across political and cultural frontiers. In the 19th and 20th centuries, capitalism provided the main, but not exclusive, means of industrialization throughout much of the world.” (Wikipedia)

Well, as of today, Bill Gates has declared that capitalism is no longer creative, and we need a new capitalism called “creative capitalism”.

Is creative capitalism really a form of socialist capitalism, where the state and companies redistribute private capital based on economic and social factors? Hasn’t the country’s progressive tax system and various social programs (Medicaid, Food Stamps, Student Financial Aid…) been doing this all along, so that as a society we can take care of the needs of the less fortunate? This is an important aspect of social justice and an expression of humanity in our otherwise free enterprise system, where everyone must fend for themselves. In a purely capitalist society, you can be successful and rich beyond your wildest dreams, like Bill Gates or end up destitute and desperate. Socialist capitalism is a way to maintain an overall capitalist economy, but conceptually still take care of all people.

Is Bill Gates sincere?

“Forbes magazine's list of The World's Billionaires has ranked Gates as the richest person in the world from 1995 to 2007, with recent estimates putting his net worth over $56 billion.” (Wikipedia)

At the same time, Bill and Melinda Gates have become some of the world’s largest philanthropists (after Warren Buffet). “Much of Gates' work at the Bill & Melinda Gates Foundation has centered on two particular shortcomings of capitalism--solving health problems that affect only the poor and improving educational systems.” Of course, these are noble goals and the Bill and Melinda Gates and their foundation’s contributions have been magnanimous. Moreover, “in July, Gates will step down from full-time work at Microsoft and shift his focus to the foundation.”

Then again, it’s sort of easy to call for creative capitalism, when you’re the richest man in the world.

From a User-centric Enterprise Architecture perspective, the need to take care of those less fortunate in society, rings true and just as a principled architecture goal. Our nation and our enterprises must remain human and charitable, even while we compete in the global marketplace. We cannot architect our nation and organizations to succeed merely based on economic factors, but rather must instill human dignity and altruism in the fiber of our nation, organizations, and as individuals. And while of course companies can help by being altruistic and developing products that are cost-effective for those less fortunate (some examples are the One Laptop Per Child Initiative or the $2500 automobile by Tata Motors of India), at the end of the day government must really play the primary role in ensuring that the fundamental needs of all people in society are met.


Globalization, Localization, and Enterprise Architecture

The world economy is globalizing, but sales and marketing is still a local activity.

How should organizations architect the way forward to address the duality of globalization and localization?

The Wall Street Journal, 23 January 2008, reports that “Disney Localizes Mickey to Boost Hong Kong Theme Park.”

Disney has gone global and extended their famed theme parks to Asia. However, the first couple of years have not been a success. “Since it opened in 2005, Disney’s Hong Kong park, the media and entertainment company’s flagship for the booming Chinese kid’s market has struggled to connect with consumers. The park a joint venture with the Hong Kong government, missed public targets of 5.6 million visitors for its first year of operation, and attendance dropped nearly 30% in the second year to about four million.”

Where did Disney go wrong in going global?

Disney did not localize their brand or product to their foreign consumers. Instead, they expected the global consumer to behave the same as their U.S. counterpart with no differentiation for culture, nationality, beliefs, values, and so on. “In the past, it was the Chinese consumer who was expected to understand Disney, or so it seemed. Chinese tourists unfamiliar with Disney’s traditional stories were sometimes left bewildered by the Hong Kong park’s attractions.”

Disney also did not tailor their marketing to the local Chinese consumer, in a big snafu. “Disney’s marketing efforts also have misfired. A Hong Kong Disneyland ad in the summer of 2006 featured a family of consisting of two kids and two parents. China’s government, however, limits most couples to just one child.” Ouch!

So how is Disney changing their Mickey Mouse tune?

“Now, Disney is going on the offensive by going local. Its first big opportunity on the front is a stroke of astrological fortune. In the traditional Chinese calendar, it will soon be the year of the rat. As the Feb. 7 New Year holiday approaches, Disney is suiting up its own house rodents, Mickey and Minnie, in special red Chinese New Year outfits for its self-proclaimed Year of the Mouse.” This sounds good, though I’m just not sure Mickey and Minnie mouse appreciate being equated to rats, as in year of the rat.

Disney is also changing their park exhibitions to address local tastes. “Inside the parks, vendors hawk fried dumplings and turnip cakes. The parade down Main Street, U.S.A., is being joined by “Rhythm of Life Procession,” featuring a dragon dance and puppets of birds, flowers, and fish set to traditional Chinese music…” This also seems good and local, except shouldn’t this be Main Street, Hong Kong or China and not U.S.A.?

Anyway, according to Disney, they are going local all the way to their brand. “We are working as the ‘Chinese’ Walt Disney Company—ensuring that all the people who work in Disney understand the Chinese consumer to forge a deeper emotional connection with the brand.”

From the perspective of User-centric enterprise architecture, we need to focuses on the end-user and stakeholders. Going global and ignoring localized culture, nationality, beliefs, and values may be a cost conscious approach, but a poor architecture one. EA must respect individual, national, and cultural differences, and promote trust, respect, and integrity in doing so. A unified, consistent brand is good, but outreach to consumers based on their localized needs and requirements is absolute. Whether we are dealing with product, process, marketing, brand, or technology, EA must on one hand develop standards and seek out enterprise solutions where possible, but on the other hand, must tailor the enterprise’s offering to local tastes and requirements. It’s not always a one size fits all.


January 23, 2008

Mind Mapping, Social Graphing, and Enterprise Architecture

User-centric EA uses visualization techniques like mind mapping to brainstorm and develop information products that are useful and useable to the end user.

Mind map—“a diagram used to represent words, ideas, tasks or other items linked to and arranged radially around a central key word or idea. It is used to generate, visualize, structure and classify ideas, and as an aid in study, organization, problem solving, decision making, and writing. It is an image-centered diagram that represents semantic or other connections between portions of information. By presenting these connections in a radial, non-linear graphical manner, it encourages a brainstorming approach to any given organizational task, eliminating the hurdle of initially establishing an intrinsically appropriate or relevant conceptual framework to work within…The elements are arranged intuitively according to the importance of the concepts and they are organized into groupings, branches, or areas. The uniform graphic formulation of the semantic structure of information on the method of gathering knowledge, may aid recall of existing memories.” (Wikiepdia)

Mind maps are all about linking information and portraying it in a simple, clear, and easy-to-read way for people to understand and use.

Similar to a Mind Map that visualizes linked items to a central idea, the Social Graph is “an image of a person's connections to friends, family, and colleagues,” where the person is in the center and his connections (or links) span outward.

MIT Technology Review, on 28 December 2007 reports in “Mapping Professional Networks” that “IBM's Atlas tool aims to help businesses visualize connections between colleagues…[it] works in conjunction with its Connections software, [and] aims to help professionals network more efficiently within large companies. Its My Net component helps people visualize how closely they’re staying in touch with professional contacts. The closer a contact is to the center of the circle, the more frequently the user communicates with her.

The Atlas tool “collects information about professional relationships based not only on job descriptions and information readily available through the corporate directory, but also through blog tags, bookmarks, and group membership. Atlas can be configured to look at e-mail and instant-message patterns, and to weigh different types of information more or less heavily.”

“Atlas's four features are Find, Reach, Net, and My Net. Find and Reach are both focused on finding experts in particular fields. Through Find, a user enters search terms and receives a list of experts, ranked based on information gleaned from social data, the level of the expert's activity in the community, and any connections he may have to trusted associates of the user. Reach then helps the user plot the shortest path to make the connection, suggesting people the user already knows who could put him in touch with an expert. Net and My Net are primarily meant to help people analyze their existing networks. Net shows patterns of relationships within particular topic areas at a company-wide level. For example, it might analyze data on people interested in social computing and produce a map of how those people connect with each other through blog readership and community involvement. My Net allows individuals to analyze their own networks, showing them who they are connected to and how frequently they stay in touch with those people.”

The Atlas tool is a cool visualization technique that organizations can use, for example, after a merger or acquisition to see how well two organizations are integrating or that an individual in the organization can use to locate and stay connected with the subject matter experts they need to do their jobs.

Mind maps and social graphs are two interesting examples of how information visualization can be used to enable better organizational information understanding, analysis, and decision-making. User-centric EA maximizes the use of information visualization to communicate effectively. This is especially true when it comes to senior executives in the organization, who with their busy schedules, frequently look for a quick snapshot of actionable information, which summarizes lots of information for them, and helps them hone in on problems areas or opportunities, and options and recommendations for addressing these. In User-centric EA, Profiles (like mind maps or social graphs) are the high level products that portray a satellite view of information. Profiles capture a broad, strategic view of information and visualize it for executive consumption and decision-making. Further, user-centric EA links profile-level products to more detailed information products in the architecture, like models and inventories, so users can easily navigate up or down the hierarchy of information to get to what they need. Similarly, a mind map or social graph could also be a navigation mechanism to get to more detailed information on the objects or people linked to those products.


January 22, 2008

Portfolio Management and Enterprise Architecture

Enterprise architecture and portfolio management are closely linked activities. EA drives IT investment management (including the IT portfolio select, control, and evaluate phases) by conducting technical reviews of proposed new IT projects, products, and standards, and IT investment management provides important information updates to the EA (baseline, target, and transition plan).

In Architecture and Governance Magazine, Issue 3 Volume 2, Nuttall and Houghton provide an overall framework that goes “Beyond Portfolio Management to Comprehensive Application Governance.”

The framework includes three main areas and one supporting process area, as follows:

  1. Application and License Management (tactical)—“It manages the demand side and user requests, the contract and compliance aspects of determining the number of licenses that are contractually allowed, along with the projects that bring new products into the portfolio while retiring older products that have been removed. In many ITIL organizations, a help desk/service desk would handle the demand for applications, while the license management aspects are often assigned to the procurement and/or configuration management functions.”
  2. Application Portfolio Management (strategic)—“determines the appropriate mix of applications in the portfolio. It s highly dependent on the strategic business drivers for the corporation and includes: portfolio strategy development, optimization, and planning.” Portfolio strategy development determines the drivers and priority of those. Portfolio optimization determines the right mix of applications to support those goals. And portfolio planning determines the risks and constraints in implementing the portfolio, such as architecture, infrastructure, and resource constraints.
  3. Financial Management—“budget and forecasting, account management, and allocations management;” these enable the planning of what money is available for the portfolio and what money is spent for applications.
  4. Supporting Processes—other process areas that impact portfolio management include: “knowledge management, communications management, management reporting, architecture strategy, risk management, operational delivery, and support management.”

“One thing is certain, though, as technology continues to drive productivity, comprehension of application governance will become an even more essential step for companies wishing to manage their risks and costs while continuing to gain strategic value from their portfolios.”

I think this model is very helpful in decomposing the traditional definition of governance from the strategic functions of portfolio selection, control, and evaluation to the additional tactical, strategic, and financial aspects involved in managing it. Particularly, I believe it is useful to separate out the business demand (licenses, new systems and technologies) from the portfolio development and optimization (“the right mix” to satisfy user needs). Additionally, the breakout of financial management from the portfolio development is important in making the distinction between the roles of the Investment Review Board/Enterprise Architecture Board and the financial or resources group that actually budget and accounts for the funding aspect of IT spend.

Nuttall and Houghton do not go into any depth with the supporting processes, so these are presented as high level touch points or supporting processes without any particular explanation of how they support portfolio management and governance.

One critical item, the authors did not include, but should have included is the Systems Development Life Cycle, which take the IT portfolio and governs it from planning through analysis, design, development, testing, deployment, operations and maintenance, and ultimately to disposition. The success of moving systems projects through the SDLC will impact the make-up of future portfolio decisions.


January 21, 2008

“Sacred Cows” and Enterprise Architecture

Enterprise architecture develops the organization’s baseline and target architecture and transition plan. EA is an endeavor of change and transformation from current state to future state. To achieve organizational change successfully, the “sacred cows” must be made change-ready.

In the book, Sacred Cows Make The Best Burgers, by Kriegel and Brandt, the authors explain that the greatest inhibitor to organizational change is people’s resistance—people are the gatekeepers of change and people are the enterprise’s most stubborn of sacred cows!

“Sacred Cow—An outmoded belief, assumption, practice, policy, system, or strategy generally invisible, that inhibits change and prevents responsiveness to new opportunities.”

What’s with this analogy to cows?

“Cows trample creative, innovative thinking. They inhibit quick response to change, and cost money and time. They roam everywhere…yet many organizations continue to worship their sacred cattle. They’re afraid to abandon what once made them successful, and they extract a heavy fine from those cow hunters who would ‘pasteur-ize’ them.”

What’s the imperative for change now?

“It’s hurricane season for American business. Winds of change are barreling in from all directions. Competition is tougher than ever and coming from places you least expected. The customer is more sophisticated and demanding. Technological change is incessant. Government regulations are tougher. And everyone is restructuring, reorganizing, reinventing, downsizing, outsourcing—all at ultrasonic pace.”

What are we doing about it?

“New programs, processes, and strategies have been introduced to help you keep ahead of these changes and eliminate sacred cows. In fact, they’re emerging almost as fast as the changes themselves…reengineering, total quality, virtual teams, ‘horizontal’ corporate structures…”

What are the results of these change efforts?

  • “Though it’s predicted that U.S corporations will spend $34 billion on reengineering, most efforts will flop.”
  • “Some statistics say seven out of ten reengineering initiatives fail.”
  • A McKinsey study found that “a majority of companies researched achieved less than a 5 percent change due to reengineering.”
  • Two-thirds of American managers think TQM has failed in their companies.”
  • “The number of applicants vying for the Malcolm Baldridge Award…has fallen since its peak year in 1991.”

In short, “The ’Q’ [quality] word has become cheap currency.”

Why do these change efforts fail?

  • “People’s resistance to change is ‘the most perplexing, annoying, distressing, and confusing part’ of reengineering.”
  • People resist change because “change is uncomfortable, unpredictable, and often seems unsafe. It’s fraught with uncertainty and always looks harder than it is….change brings us face-to-face with the unknown, and that evokes our worst imagined fears: We’ll be fired, humiliated, criticized. So we dig in our heels.”
  • “We’ve seen workers fight change for months and years because they didn’t understand it, were afraid of it, or didn’t see it being in their self interest. It’s naïve to assume that the bulk of the workforce will come around. Even when resistance seems to disappear, most often it’s just gone underground, and will resurface when you least expect it.”
  • “Management consultants who deal with companies in transition know that the ‘people’ part of change is critical. And that it is most often overlooked and undervalued.

The reason that three fourths of reengineering efforts fail…is that the focus of change is on work processes, new technology…and decentralized services rather than on the people who must implement change.”

From a User-centric EA perspective, this last point is critical. Enterprise architecture efforts, by definition, are focused on business, technology, and the alignment of the two. EA looks at business process improvement and reengineering and the introduction of new technologies to enable mission success. Traditionally, EA did not look at the human element—the people factor. The necessity of measuring people’s change readiness and assisting people in transitioning to new ways of doing things is one of the most important elements of any change initiative. As I’ve written previously, Human Capital is the missing performance reference model in the Federal Enterprise Architecture. All this points to the importance of transitioning from traditional EA to User-centric EA, where the end-users and stakeholders (i.e. people) are the most important element of the enterprise architecture. How would my kids phrase this, “in the end it’s not the business process or the technology, but the people, stupid!”

What happens if we don’t recognize the centrality of people to the change process?

Plain and simple, change efforts will continue to fail. Money and time will be wasted. Our competition will continue to gain on us and overtake us. Our organizations will be made obsolete by our own inattention to our most important asset—our people!


January 19, 2008

The Power of Marketing and Enterprise Architecture

Enterprise architecture is all about planning and governance to enable organizational success. But despite all the astute architectural planning and sound governance, why is it that the better product so frequently loses out to better marketing?

We’ve seen this happen with the more innovative and better functional Apple products losing out to Microsoft. We seen VCRs beat out Betamax, even though at the time Betamax was seen as the superior format. And again, we’ve seen CDMA become the dominant cellular network standard in the USA, despite GSM initially being the superior technology and had 73% worldwide market penetration.

Now once again, the superior product has lost in the market and is no longer being made, the Hydrox chocolate sandwich cookie made by Kellogg Company has lost out to the inferior Oreo cookies made by Kraft Foods Inc.

The Wall Street Journal, 19-20 2008 reports that ”The Hydrox Cookie is Dead, and Fans Won’t Get Over It.”

Hydrox enthusiasts “preferred Hydrox’s tangy, less-sweet filling. Many fans seem to remember that the cookies held together better than Oreos when dipped in a glass if cold milk. Some argue Hydrox cookies were more healthful than Oreos, since Oreos used to contain lard.” In fact, in a 1998 taste test by Advertising Age, 29 tasters voted for Hydrox and only 16 for Oreo. Yet despite these preferences, Hydrox lost out to “the dominant Oreos, one of the country’s best-selling snack foods.”

“For many years, the contest between Oreo and Hydrox was akin to that of Coke versus Pepsi, the Beatles again the Rolling Stones, dog people and cat people.”

In the end, Hydrox lost to Oreo; “Oreo had all the advertising, but those in the know ate Hydrox.” Over the years, Nabisco (now owned by Kraft Foods) had the far larger marketing budget, and Hydrox was discontinued in 2003.

Fans still hope that “Kellog changes its mind, especially since this year is the cookie’s 100th anniversary.”

So is marketing stronger than product, like the pen is mightier than the sword?

This lesson seems pertinent in a presidential election year, where fund raising by candidates and advertising by them is seeing reaching astronomical levels. “After nine months of fundraising, the candidates for president in 2008 have already raised about $420 million. This presidential money chase seems to be on track to collect an unprecedented $1 billion total. By some predictions, the eventual nominees will need to raise $500 million apiece to compete--a record sum.” (http://www.opensecrets.org/pres08/index.asp)

So will the best candidate win to be the next president of the United States or simply the candidate with the deepest pockets and best marketers?

From a User-centric EA perspective, I find this contest of product versus marketing to be akin to content versus design in developing EA information products. For example, an EA program can have wonderful and valuable EA information content, but if it does not employ User-centric EA principles of design and communication (such as using profiles, models, and inventories or information visualization and so on), then the EA program will not reach its potential. Every consumer product has both content and design or product and marketing. The high-end luxury companies have learned this lesson well and often capitalize on this by offering products with superior design, flair, packaging, and marketing and are thus able to develop formidable brands and command superior prices. So a word to the wise, do not ignore the power of marketing, communications, and design as part of your EA or other product development endeavors.


“Tear Down Those Silos!” and Enterprise Architecture

One of enterprise architecture’s “targets” is to transform the organization from being purely monolithic, functional-based silos (like operations, sales, marketing, finance, HR, legal, IT and so on) to an interoperable, cost-effective, mission and results-driven enterprise.

Matejka and Murphy in the book, Making Change Happen, clearly states that a “barrier to the successful implementation of any change is the division of the organization into silos. The grouping of the same or similar tasks (creating pockets of specialized knowledge) provides distinct opportunities for the disruption of the seamless implementation of new strategic initiatives.”

The authors ask “what is a silo and why does the term have such a negative connotation these days?

They then consult that Random House Dictionary for definitions of silo, as follows:

“A silo is ‘a tall, cylindrical structure in which grain is stored’ or ‘a sunken shelter for storing and launching missiles.’ Hmm. Very interesting. So a silo is a valuable protector of precious materials, but a single –purpose, single-use, fragmented, isolated, fairly impenetrable piece of organizational architecture.”

What makes organizational silos the enemy of change and transformation?

  • Professional jargon
  • Professional memberships
  • Turf and resource protection
  • Comfort zones…Discrimination”
“In a specialized professional department, is the employee’s real allegiance to the company or to the profession? The answer might surprise you. Many managers we have worked with would privately state that it is the profession.” This is why in functional- based siloed organizations, they cannot achieve the unity, integration, and synergy to make successful change happen."

To break down the silos and implement true “enterprise” architecture, you don’t need to get rid of the functions (since they serve a purpose and are important), you just need to use cross-functional teams, reward cross-functional performance and strategic thinking, broaden the perspective of functional silos by providing cross functional training and development.


January 18, 2008

SWOT Analysis and Enterprise Architecture

“SWOT Analysis is a strategic planning tool used to evaluate the Strengths, Weaknesses, Opportunities, and Threats involved in a project or in a business venture. It involves specifying the objective of the business venture or project and identifying the internal and external factors that are favorable and unfavorable to achieving that objective.”

SWOT factors can be broken down in internal/external factors and helpful/harmful factors, as follows:

  • INTERNAL/EXTERNAL—SWOT looks at both organizational or internal factors (strengths and weaknesses) and environmental or external factors (opportunities and threats).
  • HELPFUL/HARMFUL—SWOT examines those factors that are helpful (strengths and opportunities) and harmful (weaknesses and threats) to an organization’s objectives .

SWOT analysis is used to generate strategies, as follows:

  1. How can we use each strength?
  2. How can we stop each weakness?
  3. How can we exploit each opportunity?
  4. How can we defend against each threat?

(Adapted from Wikipedia)

According to the American Management Association, “SWOT is perhaps most useful as a tool for organizing data and allowing you to distill them down to a few strategic priorities.”

SWOT Analysis is a tool that can be used by User-centric EA in analyzing the business and technology baseline of the enterprise and coming up with strategic priorities to address in the target architecture and transition plan. Of course, the target architecture will capitalize on organizational strengths (by building on the strength of its people, process, and technologies), mitigate weaknesses (through skilled performance management, business process improvement, information sharing, and technological solutions), exploit opportunities and defend against threats (through integration and differentiation, partnerships and alliances, marketing and communciations, and so on). SWOT Analysis tells the EA practitioner what he/she needs to know to develop strategies for the enterprise to target.

January 16, 2008

Enterprise Architecture Terms and Taxonomy

A key foundation to developing enterprise architecture is getting the EA terms and taxonomy right for the organization, so that there is a common language and understanding by business and technical subject matter experts of what all things EA means.

Here are some fundamental terms and a high-level taxonomy for them (prior to having these, I found considerable confusion in the enterprise as to what many of these terms meant and they were used incorrectly and interchangeably by various users):

1) C4&IT—Any equipment or interconnected system or subsystem of equipment, or techniques used in the automatic acquisition, storage, manipulation, management, transmission, or reception of digital, voice, or video data or information to the appropriate levels of command. This includes command and control, networks, common operational picture systems, information assurance services, communication products and standards, computers, ancillary equipment, software, firmware, procedures, services (including support services) and related resources. (short definition─Command, Control, Communications, Computers, and Information Technology)

2) FISMA Systems—An application or general support system that meets the requirements of the Federal Information Systems Management Act (FISMA) of 2002, including completion of certification and accreditation, risk assessments, policies, and procedures, security plans, security awareness training, annual security testing, remediation procedures, incident response procedures, and contingency plans. (short definition—systems as defined by FISMA).

a. Application Systems—A discrete set of information resources [i.e. applications] organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. (short definition—one or more applications).

i. Applications—the use of information resources (information and information technology) [i.e. hardware, software, and database] to satisfy a specific set of user requirements. (short definition—combination of hardware, software, and database).

b. General Support Systems—An interconnected set of information resources under the same direct management control that share common functionality. It normally includes hardware, software, information, data, applications, communications, and people [i.e. infrastructure]. (short definition—IT infrastructure).

3) Products and Standards

a. Products—Includes hardware, the physical parts of a computer system, and software, the programs or other “instructions” that a computers needs to perform specific tasks.

b. Standards-- Guidelines that reflect agreement on products, practices, or operations by nationally or internationally recognized industrial, professional, trade associations, or government bodies.

The way to read the taxonomy is that C4&IT at the top is the CIO world of work and it is composed of Command, Control, Communication, Computers, and IT. C4&IT decomposes to FISMA Systems (since all systems must be FISMA compliant). FISMA Systems decompose to Application Systems (and their applications) and General Support Systems (infrastructure). And these systems (applications systems and general support systems) decompose into hardware and software products and standards.

The short working definitions are fairly straight forward and the longer definitions are based on public information definitions from National Institute of Science and Technology (NIST), Office of Management and Budget (OMB), The Department of Homeland Security (DHS), and The Department of Defense (DOD).

These terms and taxonomy should help enterprise architects and their users differentiate C4&IT, Systems, Application Systems, General Support Systems, Products, and Standards, and maybe even widgets by inference. :-)


Change Drivers, Inhibitors, and Enterprise Architecture

There are a number of drivers and inhibitors of organizational change that are important for enterprise architects to know about and understand.

In the book Making Change Happen by Matejka and Murphy, the authors break these down as follows:

Change Drivers:

  1. External drivers (adapting to environmental shifts)
    1. Competitive pressures—globalization, emerging economies, industry consolidation or fragmentation, new entrants, shareholder value
    2. Customer expectations—changing buying behavior, global markets, rising standards, search for variety or customization, service and convenience requirements, fads
    3. Technological advancements—instant information and communication, e-commerce, artificial intelligence, and so on
    4. Social trends—demographics, immigration, employment trends, workforce diversity
    5. Economic cycles and adjustments—business cycles, currency fluctuations, labor supply and demand, political/ideological collapses
    6. Regulatory pressures—industry regulation/deregulation, intellectual property laws, tariffs, EEOC, affirmative actions, NAFTA, Americans with Disabilities Act
  2. Internal drivers (building improved internal capabilities)
    1. Strategic leadership—supplying the vision of executive management and the strategy to achieve competitive advantage
    2. Customer value—delivering to customers on the organization value proposition
    3. People and culture—people possessing the knowledge, skills, and abilities, and organizational culture determining acceptable behavior
    4. Technological infrastructure—having the proper equipment, automation, and systems
  3. Business strategy (developing competitive advantage)
    1. Dominance—“keep growing market share”
    2. Cost—“low-cost provider”
    3. Niche—“unique market segment leader”
    4. Product—“price premium through innovation”
    5. Service—“the customer is always right”

Change Inhibitors:

  1. Conflict with organizational culture
  2. Personal fears, threats, and insecurities (“what’s in it for me?”)
  3. Inadequate sponsorship
  4. Turf battles and functional silos
  5. Inadequate budget for staffing, supplies, and support

From a User-centric EA perspective, by understanding the drivers of change, architects can better develop viable targets and transition plans to address environmental shifts, build internal capabilities, and develop competitive advantage (i.e. architects know what to be on the lookout for and what types of issues they need to address). Additionally, being aware of potential change inhibitors can help architects to recognize and prioritize the potential barriers to change and develop risk mitigation strategies. Architecting change is a true talent especially when the drivers for change are everywhere and the barriers to change are potent.


January 15, 2008

Business Technology Trends and Enterprise Architecture

There are a number of key business technology trends that enterprise architects need to be aware of─McKinsey Quarterly reports these on 26 December 2007.

1) Managing Relationships

  • Distributing co-creation—“The Internet and related technologies give companies radical new ways to harvest the talents of innovators working outside corporate boundaries. Today…companies routinely involve customers, suppliers, small specialist businesses, and independent contractors in the creation of new products. … By distributing innovation through the value chain, companies may reduce their costs and usher new products to market faster by eliminating the bottlenecks that come with total control.” Examples include Linux and Wikipedia
  • Using consumers as innovators—“As the Internet has evolved--an evolution prompted in part by new Web 2.0 technologies--it has become a more widespread platform for interaction, communication, and activism…Companies that involve customers in design, testing, marketing (such as viral marketing), and the after-sales process get better insights into customer needs and behavior and may be able to cut the cost of acquiring customers, engender greater loyalty, and speed up development cycles.”
  • Tapping into a world of talent—“Software and Internet technologies are making it easier and less costly for companies to integrate and manage the work of an expanding number of outsiders [globally], and this development opens up many contracting options for managers of corporate functions…This trend should gather steam in sectors such as software, health care delivery, professional services, and real estate, where companies can easily segment work into discrete tasks for independent contractors and then reaggregate it.”
  • Extracting more value from interactions—“Technology tools that promote tacit interactions, such as wikis, virtual team environments, and videoconferencing, may become no less ubiquitous than computers are now. As companies learn to use these tools, they will develop managerial innovations--smarter and faster ways for individuals and teams to create value through interactions.”

2) Managing capital and assets

  • Expanding the frontiers of automation—“Companies, governments, and other organizations have put in place systems to automate tasks and processes: forecasting and supply chain technologies; systems for enterprise resource planning, customer relationship management, and HR; product and customer databases; and Web sites. Now these systems are becoming interconnected through common standards for exchanging data and representing business processes in bits and bytes. What's more, this information can be combined in new ways to automate an increasing array of broader activities, from inventory management to customer service…The trick is to strike the right balance between raising margins and making customers happy.”
  • Unbundling production from delivery—“Technology helps companies to utilize fixed assets more efficiently by disaggregating monolithic systems into reusable components, measuring and metering the use of each, and billing for that use in ever smaller increments cost-effectively. Information and communications technologies handle the tracking and metering critical to the new models and make it possible to have effective allocation and capacity-planning systems.”
3) Leveraging information in new ways
  • Putting more science into management—“Just as the Internet and productivity tools extend the reach of and provide leverage to desk-based workers, technology is helping managers exploit ever-greater amounts of data to make smarter decisions and develop the insights that create competitive advantages and new business models. From "ideagoras" (eBay-like marketplaces for ideas) to predictive markets to performance-management approaches, ubiquitous standards-based technologies promote aggregation, processing, and decision making based on the use of growing pools of rich data.”
  • Making businesses from information—“Accumulated pools of data captured in a number of systems within large organizations or pulled together from many points of origin on the Web are the raw material for new information-based business opportunities…[For example,] A retailer using digital cameras to prevent shoplifting could also analyze the shopping patterns and traffic flows of customers through its stores, and could also use these insights to improve its layout or placement of promotional displays.

From a User-centric EA perspective, many of the business technology trends not only ring true, but are in fact essential to the practice of good User-centric EA.

  • First, managing relationships, whether through co-creation with partners, customer involvement, outsourcing, or making interactions more valuable, all point to the “User-centric” aspect of User-centric EA, in which we bring the users, stakeholders, and subject matter experts collaboratively into the EA process to provide them more value from EA information products and governance services, so that the EA is useful and usable to them.
  • Second, in terms of leveraging information “to make smarter decisions,” this is the value proposition of EA—information transparency to enhance decision-making. McKinsey underscores the growing importance of information, such as EA provides as follows: “Given the vast resources going into storing and processing information today, it's hard to believe that we are only at an early stage in this trend. Yet we are. The quality and quantity of information available to any business will continue to grow explosively as the costs of monitoring and managing processes fall. Leaders should get out ahead of this trend to ensure that information makes organizations more effective, rather than less. Information is often power; broadening access and increasing transparency will inevitably influence organizational politics and power structures.”
  • Third, in better managing capital assets through additional automation, interoperability of systems, and utilizing reusable components, these too are core elements and principles of EA, particularly in terms of applying and implementing technology (automation) to align with business requirements, and developing interoperable systems and using service oriented architecture to deliver reusable component services. This is all about more effective management of our technology base and the development of a farther reaching, stretch target to continue to get more value from technology.

All signs from Mckinsey point to the importance of User-centric EA as the way forward in this field.


January 14, 2008

The Sigmoid Curve and Enterprise Architecture

The Sigmoid Curve is critical for understanding the need, timing, and challenge for organization transformation efforts.

According to Charles Handy in the book “The Empty Raincoat,” The Sigmoid Curve, which is a S-shaped curve is the metaphor for the life-cycle of all things: from a product’s waxing and waning in popularity to the rise and fall of empires.

What can individuals or organizations do to survive beyond the Sigmoid Curve?

The secret of constant growth is to start a new Sigmoid Curve before the first one peters out.” And the right time to start the second curve is before reaching pinnacle of the first, so that there is time and resources to get the new curve off the ground (this is at point A). The challenge with starting a transformation effort or new Sigmoid Curve at point A is that “all messages coming through…are that everything is going to be fine, that it would be folly to change when the current recipes are working so well.” Unfortunately, if we wait until the sign of downturn and disaster is apparent (point B), then it is probably too late to make the leap to a new Sigmoid Curve, “leaders are discredited…resources are depleted,” and morale is damaged.

Another challenge with starting a new Sigmoid Curve and undertaking a transformation effort is that from point A to the pinnacle of the first Sigmoid Curve, it is “a time of great confusion. Two groups of people, or more, and two sets of ideas are competing for the future.”

“The discipline of the second curve requires that you always assume that you are near the peak of the first curve, at point A, and should therefore be starting to prepare a second curve. Organizations should assume that their present strategies will need to replaced within two to three years…it may well be that the assumption turns out to be wrong that the present trends can be prolonged longer…nothing has been lost. Only the exploratory phase of the second curve has been done. No major commitments will have been undertaken until the second curve overtakes the first.”

However, the importance of preparing for the second curve is that “it will have forced one to challenge the assumptions underlying the first curve and to devise some possible alternatives. It is tempting to think that the world has always been arranged the way it is and to delude ourselves that nothing will ever change. The discipline of the second curve keeps one skeptical, curious, and inventive.”

From a User-centric EA perspective, the first Sigmoid Curve is the current or baseline architecture and the second Sigmoid Curve is the target architecture. The Sigmoid Curves demonstrate to us the constant need to reinvent ourselves and our organizations—to transform from the as-is state to the to-be state. “Moving on requires a belief in…curvilinear logic, the conviction that the word and everything in it really is a Sigmoid Curve, that everything has its ups and then its downs, and that nothing last forever or was there forever.” This is the mandate for enterprise architecture; it is the way of constant vigilance, innovation, and transformation to survive to the next Sigmoid Curve of life.
Moreover, “the accelerating pace of change shrinks every Sigmoid Curve.”