Obstacles to Information Sharing and Enterprise Architecture

Here is the target architecture for information sharing:

An interesting document I read presented these five steps to architecting data and making it into useful and usable information for the organizations and its end users:

1. “Request the dots”—identifying and requesting data from the producers of data
2. “Get the dots”—capturing data through manual and automated systems
3. “Find the dots”—discovering needed data and having access to it
4. “Connect the dots”—processing the data into information by aggregating, processing, and integrating it
5. “Use the dots”—utilize information for enhanced decision making

And here are the major obstacles to finding, connecting, and using the dots, a.k.a. information sharing in our organizations:

According to the Association for Enterprise Integration (AFEI), Information Sharing Working Group, 15 January 2008, “There is a human predilection to guard what is ours. The information we hold and the resources we use to create it are no exception…[moreover], individual agencies/organizations are not motivated to treat information as a shared asset.”

Here are some other disincentives to information-sharing from a program manager’s perspective:

1. “Charity work”—“First, to a program manager, information sharing looks like ‘charity work.’ Sharing information beyond the scope of the program costs money, but is not directly accretive to the mission of the program.”
2. Elevated risk—“Information sharing poses a risk in the sense that it creates the prospect of uninvited critique, review, evidence for litigation, and so on.”
3. Standards cost time and money—Building to common standards for information sharing can be costly to a program; the standards may be more complex to implement, may require additional level of testing, and certification of compliance.

Perhaps, this statement sums up best the information sharing problem at the project level: “Remember, a program manager is incentivized to deliver on time and on budget per customer requirements. His/her tenure may be two to five years [for a project]. The fact that the systems they manage may last 20 years and may be difficult to integrate in the last 15 of those years is not a compelling argument for a program manager to change his/her behavior.”

The way to overcome information hoarding is to develop rock solid Information Governance, so that the decision making and management of information is taken out of the hands of the program and project manager and is put into the hands of Information governance boards, communities of interest, and information stewards.

“The governance framework must articulate the accountability and authority promote standards and guidelines; ensure a consistent well-defined approach, processes and procedures; adjudicate disconnects; establish legal and policy enforcement; and use performance measures to ensure progress towards achieving information sharing goals.” (DoD Information Sharing Strategy, May 2007)

Information is an enterprise and national asset. Shared information is valuable because it is captured once, but is “used any number of times, by any number of users.” (AFEI)

To maintain its value, information must be kept current, accurate, complete, be easy to understand, and readily accessible; this is quality information and it is valuable to our decision makers and enhances our ability to deliver on mission.

Only through active information governance will we be able to achieve this end state. It will start with changing the culture and mindset that currently dictates that information is power and information is currency, and questions why share it. And information sharing will be realized when everyone in the organization, from the top executives to the hourly workers on the front lines, understand, advocate, promote and demand that information sharing be the new norm; that it is the only acceptable and rational behavior for achieving mission success!

Obstacles to Information Sharing and Enterprise Architecture

Cyber Warfare and Enterprise Architecture

Security is a cross-cutting perspective in Enterprise Architecture, but I treat it as its own EA perspective because of its importance. And this is especially true in a law enforcement and defense readiness organization.

While security in EA is generally of a defensive nature, we must remember that as a nation, we must be ready to not only defend ourselves, but also to launch offensive operations and take out the enemy.

According to Military Information Technology Magazine, 9 April 2008, in an interview with Major General William T. Lord, the Department of Defense is standing up a new Cyberspace Command in the U.S. Air Force.

Why do we need this new Cyberspace Command?

There are many threats to us that emanate from cyberspace that include:

• Cyber-criminals—looking to steal your identity or your money
• Cyber-terrorists—“wants to disrupt, dissuade, or deter us from doing something
• Nation States—“some of which are out to interrupt U.S. interests anywhere in the world.”

Cyberspace is a dangerous place, especially if you’re DoD; they “get about 3 million attempted penetrations” a day!

This is why defense in depth is so important, so that if an enemy manages to get through the perimeter of our network security, we can still stop them at the second or third tiers of our defensive capabilities.

In terms of offensive capabilities, sometimes you have to take the battle to the enemy. At times, it is necessary to “disrupt an enemy prior to the conduct of kinetic combat operations, [so] that the enemy could not figure out what its command and control system was, had false data, could not see an attacking force, and was making decisions based on information systems that been manipulated in advance of combat operations.”

To architect the defensive and offensive cyberspace capabilities necessary to combat our enemies, it is imperative to continuously build information sharing and partnership between the parties involved, such as the Departments of Defense, Homeland Security, Justice and the Director of National Intelligence. This is a core tenet of user-centric EA.

Just as we invest in the latest and greatest kinetic weapons to defeat our enemies, we must also invest in non-kinetic weapons including “our electronic warfare, space systems, and cyber-systems. As Major General Lord, stated: “it’s not always about destroying things, but about changing behavior, so that an enemy concludes that the costs of whatever they had in mind is too great and will stop. [Then again,] sometimes you have to be able to whack somebody in the nose.”

Cyber Warfare and Enterprise Architecture

Enterprise Information Architecture

We all know that enterprise architecture is a strategic-level synthesis of business and technology information to drive enhanced decision-making. To develop the EA we must build out the individual perspectives, such as performance, business, information, services, technology, security, and human capital. This blog focuses on one of those, enterprise information architecture.

Enterprise Information Architecture (EIA) is the strategic-level information architecture for the organization.

Note: Information refers to both information (processed data) and data.

GOAL:

The overall goal of EIA is to provide the right information to the right people anytime, anywhere.

MANDATE:

Legislative:

The federal mandate in law enforcement is the Intelligence Reform and Prevention Act (IRTPA) of 2004. Further, The Office of the Director of National Intelligence (ODNI) has developed the Information Sharing Environment (ISE) Implementation Plan in 2006 and the Department of Defense created the Net-centric Data Strategy in 2001.

Common Sense:

We need information to perform our mission/business function and processes: we can’t do without it! Moreover, in an information economy, information is power and information is currency.

PROCESS:

Developing the enterprise information architecture is an outgrowth of developing the business, data, and system models to understand the business processes, the information required to perform those, and the systems that serve up the information.

According to the Federal Enterprise Architecture, Data Reference Model, there are three parts to developing your information architecture.

1. Data Descriptions—identify what your information needs are.
2. Data Context—determining how the information is related.
3. Data Sharing—developing the mechanisms for discovering and exchanging information.

Data Descriptions is the semantics and syntax. It involves developing your “data asset catalogue” and the metadata. This includes developing a lexicon or data dictionary with harmonized terms and schemas to describe them, as well as tagging the data. This helps define what the terms mean and identifies the rules for arranging them.

Data Context is the relationships. It includes categorizing the information using taxonomies and ontologies. It includes developing models, such as entity relationship diagrams (ERDs) to identify entities or information objects (and their attributes or properties) and associating them.

Data Sharing is the transactional processes. It entails the decomposition of information exchanges (in an Information Exchange Matrix or in a Information Exchange Package Description, IEPD) to determine the provider, the consumer, the trigger, the frequency, the media, the security, and so forth for each type of transaction. This phases also includes developing information repositories/registries, information sharing access agreements, and other mechanisms for sharing the information, such as portals, web services, enterprise service bus (ESB), and so on.

In the end, EIA is about transforming the organization: Culturally, from information hoarding to information sharing; from a business process perspective, optimizing information flows and usage, and in terms of governance, managing information as an enterprise asset.

Enterprise Information Architecture

10 Obstacles to Enterprise Architecture

Here is an interesting list of 10 obstacles to the enterprise architecture from a colleague and friend, Andy Wasser, Associate Dean, Carnegie Mellon University School of Information Systems Management:

1. “Lack of Senior Management [Commitment] Support
2. Inability to obtain necessary resources (funds, personnel, time)
3. Business partner alienation
4. Internal IT conflicts and turf issues (no centralized authority)
5. Lack of credibility of the EA team
6. Inexperience with enterprise architecture planning or inexperience with the organization
7. Entrenched IT team [operational focus versus strategic]
8. Focus on EAP methodologies and tools [rather than on outputs and outcomes]
9. Uncertain payback and ROI
10. Disharmony between sharing data vs. protecting data

This is a good list for the chief enterprise architect to work with and develop strategies for addressing these. If I may, here are some thoughts on overcoming them:

1-4,7,9: Obtain Senior management commitment/support, resources, and business/IT partnership by articulating a powerful vision for the EA; identify the benefits (and mandates); preparing an EA program assessment, including lessons learned and what you need to do to make things “right”; developing an EA program plan with milestones that shows you have a clear way ahead. Providing program metrics of how you intend to evaluate and demonstrate progress and value for the business/IT.

5,6,8: Build credibility for EA planning, governance, and organizational awareness by hiring the best and the brightest and train, train, train; getting out of the ivory tower and working hand-in-hand in concert with business partners; building information products and governance services that are useful and usable to the organization (no shelfware!); using a three-tier metamodel (profiles, models, and inventories) to provide information in multiple levels of details that makes it valuable and actionable from everyone from the analyst to the chief executive officer; looking for opportunities (those that value EA and want to participate) and build incrementally (“one success at a time”).

10: Harmonize information sharing and security by developing an information governance board (that includes the chief information security officer) to vet information sharing and security issues; establishing data stewards to manage day-to-day issues including metadata development, information exchange package descriptions, discovery, accessibility, and security; creating a culture that values and promotes information sharing, but also protects information from inappropriate access and modification.

10 Obstacles to Enterprise Architecture

Disaster Preparedness and Enterprise Architecture

There are several disaster preparedness exercises that test and train our government and private sector partners’ ability to respond to incidents that could have catastrophic consequences. These exercises can be supported by a robust enterprise architecture; here is a brief description followed by a sketch of how EA can support disaster preparedness.

TOPOFF

“Top Officials (TOPOFF) is the nation’s premier terrorism preparedness exercise, involving top officials at every level of government, as well as representatives from the international community and private sector. Thousands of federal, state, territorial, and local officials engage in various activities as part of a robust, full-scale simulated response to a multi-faceted threat.” [Exercises have tested responses to chemical, biological, and radiological attacks.]

(http://www.dhs.gov/xprepresp/training/gc_1179350946764.shtm)

Cyber Storm

“The U.S. Department of Homeland Security’s (DHS) National Cyber Security Division (NCSD) successfully executed Cyber Storm, the first national cyber exercise Feb. 6 thru Feb. 10, 2006 [and a second biennial exercise was conducted in March 2008]. The exercise was the first government-led, full-scale cyber security exercise of its kind…Cyber Storm was designed to test communications, policies and procedures in response to various cyber attacks and to identify where further planning and process improvements are needed.”

(http://www.dhs.gov/xnews/releases/pr_1158340980371.shtm)

Government Computer News, 14 April 2008 reports on the Cyber Storm II exercise in which DHS “hosted federal, state, local, and international government agencies along with more than 40 private-sector companies” in these “high-stakes war games.”

Carl Banzhoff, the vice president and chief technology evangelist at McAfee summed it up as follows: “when the internet burns to the ground, how are you going to get updates?”

“The goal was to test communication coordination and partnerships across sectors.”

Bob Dix, the vice president of government affairs at Juniper Networks said that “the greatest impediment to sharing information still is trust.”

Whether the preparedness tests are for terrorism or cyber security, the essence is to test our ability in preparing, preventing, responding, and recovering from security incidents. This involves building capability for uninterrupted communications, information sharing, and coordinated response.

How can enterprise architecture support disaster preparedness?

1. Requirements—EA can capture strategic, high-level requirements from mission areas across the many functional areas of homeland security and weave these into a core map of capabilities to build to. For example, we have a requirement for system security that is mandated by law and policy, and securing our communications and infrastructure is a core capability for our information systems that must be executed. The weakest link in security has the potential to jeopardize all components and their response capability.
2. Planning—EA analyzes problem areas and uncovers gaps, redundancies, inefficiencies, and opportunities and uses these to drive business process improvement, reengineering, and the introduction of new technologies. Improved business processes and enabling technologies can enable integration, interoperability, standardization, modernization, and information sharing that can enable a better prepared homeland security infrastructure. For example, identifying shared mission communities and building information sharing and collaboration among stakeholders in these improves our preparedness abilities.
3. Governance—EA brings the various stakeholders to the table to vet decisions and ensure sound business process improvement and IT investments. Governance involves sharing information, building trust, and making decisions towards a unified way forward. For example, through the DHS Enterprise Architecture Board (EAB), the CIOs of all components can collaborate and engage in developing targets that will lead to implementation of best practices and standards across the Department that will improve overall efficiency of all components.

Of course, EA is not the be-all and end-all for preparedness, but it provides critical elements of requirements management, planning, and governance that contributes to disaster preparedness.

Disaster Preparedness and Enterprise Architecture

Port Security and Enterprise Architecture

[This Blog is based entirely on public information and represents my views alone and not those of the U.S. Coast Guard, Department of Homeland Security, or other Federal agency.]

Maritime and port security is critical to this nation, particularly after the events we witnessed on 9-11.

The largest border for the United States is our coastline at 95,000 miles. Moreover, there are approximately 361 major ports (according to the Council on Foreign Relations). Securing the maritime border is the purview of the United States Coat Guard (USCG), for which I have the privilege to work, and securing the ports is a collaborative effort between the U.S. Coast Guard, Customs and Border Protection (CBP), Department of Justice, and state and local law enforcement.

National Defense Magazine, April 2008, reports that “under project SeaHawk [a pilot project], port security officials during the past three years have developed the software, sensors, and communications infrastructure needed to maintain a 24/7 watch on this regional port [Charleston, S.C.]—the sixth largest in the United States.”

From an enterprise architecture perspective, the keys to the success of SeaHawk are business process integration, information sharing and collaboration.

“Before SeaHawk it wasn’t uncommon for the different agencies with jurisdiction in the port to duplicate their efforts, said CAPT Michael McAllistar, Coast Guard sector commander and Charleston’s captain of the port. “’My boarding teams would run into Custom’s boarding teams at the bow of a ship.’ Today, boardings are carried out in a more efficient manner that allows the different agencies to make better use of their limited resources.”

The Safe Port Act of 2006 calls “for the creation of similar operational centers at ‘high priority’ ports by October 2009.”

National Defense Magazine identifies the many components comprising the successful architecture for port security:

• Advance Notice of Arrival— provides the captain of the port the information of ships due to arrive, their cargo, and their people 96 hours in advance.
• Automated Identification System (AIS)—“is a beacon that transmits the ship’s identity and bearing.”
• Radar—tracks the ship as it approaches.
• Law Enforcement Dossier—law enforcement—USCG, CBP, and Immigrations and Customs Enforcement (ICE)—compile a dossier that identifies whether any of the crew have criminal records, “whether a ship recently changed ownership or flags, and whether it has been caught with contraband before.”
• Risk Analysis—vessels of interest are color coded and tracked and decisions are made whether to conduct a boarding by USCG and/or CBP or “dispatch CBP canine units that specialize in either drugs or explosive detection.”
• Cameras—“as the ship approaches the port, it is captured by long- and medium-range electro-optical and infrared cameras.”
• Hawkeye System—“combines the data from cameras, radar, and AIS into a common operating picture [COP]. If the ship suddenly veers off course that would raise a red flag.
  
• Wall of Knowledge--“like most modern operation centers, all these cameras, sensors, and tracking systems are displayed on a series of monitors spread across a wall”.

According to the article, one of the architectural challenges is standardizing the technologies and business processes for the various ports, given the challenge that “each port is different” in terms of geography and law enforcement risks (for example, some ports, like Charleston, emphasize port security while others, like in Florida, have a higher risk factors for drugs and illegal immigration). SeaHawk has been successful in this standardization with an 85% solution—“the information software portal has already been adopted by the Coast Guard’s captains of the ports.”

In the future, we can all look forward to seeing SeaHawk rolled out to other major ports, enhancing the security of our nation.

Port Security and Enterprise Architecture

Conflict Theory and Enterprise Architecture

“Conflict theory states that the society or organization functions so that each individual participant and its groups struggle to maximize their benefits… The essence of conflict theory is best epitomized by the classic 'pyramid structure' in which an elite dictates terms to the larger masses. All major institutions, laws, and traditions in the society are created to support those who have traditionally been in power, or the groups that are perceived to be superior in the society according to this theory. This can also be expanded to include any society's 'morality' and by extension their definition of deviance. Anything that challenges the control of the elite will likely be considered 'deviant' or 'morally reprehensible.” (Wikipedia)

In the organization that we work in, today—modern times—is everything copascetic or is there inherent conflict, and how does this affect EA? And how is this impacted by EA?

We all hear and read the message from the top—from the executive(s) in charge—messages of unity of command, unity of purpose, and unity of structure. “We’re all in this together!”

However, the reality is that there are power struggles up and down, sideways, and on the diagonals, of the organization—this is conflict theory! Those at the top, wish to stay there. Those at the lower rungs, wish to climb up and check out the view. The organization is a pyramid, with fewer and fewer senior level positions as you go higher and higher up. Everyone in the organization is evaluated by measures of performance and is competing for resources, power, influence, and advancement.

I remember learning at Jewish day school, that people are half animal and half angel. Sort of like the age old conflict of good and evil. Freud, for the individual, put it in terms of the id and superego.

On one hand, conflict theory pits egocentric and selfish behavior against the greater needs of the organization (and the goals of EA) to share, collaborate, integrate, and go forward as the army slogan states, “an army of one!” The individual or group in the enterprise wants to know the proverbial, “what’s in it for me?”

On the other hand, User-centric EA is about collaboration: collaboration between business and IT, collaboration within the business, collaboration within IT, and even collaboration outside the agency (such as through alignment to the department, the federal EA, and so on). The collaboration takes the form of information sharing, structured governance, an agreed on target and plan, and the building of interoperability, standards, efficiencies, enterprise solutions, and overall integration!

It is not easy for EA to be a counterbalance for conflict theory. The organization needs to provide incentives for positive behavior (and disincentives for negative behavior), so that everyone is encouraged to team, collaborate, share, and look at the bigger picture for the success of overall enterprise!

I’ve seen organizations take steps toward building unity through team awards, criteria in everyone’s performance evaluation for teamwork, and actual mandates to share information. These are positive steps, but more needs to be done to make the enterprise flatter, more collaborative, and remind all employees that they work for the end-user.

Conflict Theory and Enterprise Architecture

Leadership, Change, and Enterprise Architecture

Enterprise architecture is about planning, managing, and measuring change in an organization. To effect change requires true leadership, and this requires multiple skills.

In the book, The Leadership Triad by Dale Zand, three essential forces of leadership are presented—knowledge, trust, and power. These leadership forces guide constructive organizational change.

“Like three horses pulling a chariot, these forces, if coordinated and working together, provide a swift and exhilarating ride. But if one force is mismanaged or pulls against the others, the ride is bumpy and can end in disaster.”

Effective leaders integrate the three forces of knowledge, trust, and power to drive effective change and maintain efficient operations in their organizations: “They know what should be done, they have the trust of their people, and they use power appropriately:

1. Knowledge—“leaders know or can find out what should be done…they have vision and they know how to fulfill that vision. They set clear, challenging goals, and they know what needs to be done to reach the goals…they know how to gain access to the knowledge of others, and they know how to work with people to convert that knowledge into action.”
2. Trust—“people trust effective...leaders, giving them loyalty and commitment… [They] earn trust by disclosing relevant information, sharing influence, and competently using knowledge. They earn trust by fairness in their dealings with others—fulfilling the spirit of their agreements, sharing rewards and hard times and not abusing their power.”
3. Power—“leaders use their power appropriately. They know how to be directive or to delegate. They know how to review and evaluate constructively. They know how to be consultants, providing guidance rather than issuing commands.”

Why not just lead in a command and control fashion like in the military or law enforcement organization?

“The heroic fantasy of one person at the head of a column and followers shouting ‘charge’ as they mount the battlements is outdated. Instead leaders need to learn to use the sensing, searching, and thinking ability of all people within the organization.”

How are these leadership skills similar to those necessary for implementing enterprise architecture?

Knowledge, trust, and power are the cornerstones of an enterprise architecture program.

1. EA makes information transparent and provides information products to distribute knowledge and enable better decision-making. EA information is critical to decision-making, particularly in terms of ensuring sound IT investment management decisions, IT planning, analysis of problem areas—uncovering gaps, redundancies, inefficiencies, and opportunities--driving business process improvement, reengineering, and the introduction of new technologies to the organization.

“In the twentieth century society crossed…into the information age, marked by the emergence of the knowledge organization.”

“Competitive advantage in the information age is in constant jeopardy—knowledge is fluid, and creative thinkers leapfrog over existing knowledge.”

“Knowledge travels with the speed of thought, but can be blocked by the smallest emotional barrier. It can enlighten the entire organization’s operation, yet it can easily be concealed if people do not want leaders to see it. People throughout organizations continually acquire and create important, critical knowledge about customers, [suppliers], products, technology, costs, and competitors. But that knowledge can remain hidden and inaccessible to leaders. In the new world leaders need to liberate knowledge and creative thinking at all levels and in all corners of the organization. To compete, leaders need to move knowledge from where it is to where it can be used to define and achieve appropriate goals.”

EA helps to synthesize information and liberate knowledge to meet strategic goals.

2. EA is based on the trust of business and technical leaders and staff across the enterprise. EA synthesizes business and technology information. It relies on the trust of divisions, departments, and subject matter experts (SMEs) throughout the organization to share (and not hoard) information and build a results-driven, process-oriented, interoperable, standardized, cost-effective organization, rather than a siloed, ineffective one. In an EA-directed organization, siloed functions and management relinquish their own personal interests and perhaps, selfish motives and instead plan for the good of the overall organization. For example, decisions on IT investments are made based on enterprise priorities and cost-benefit-risk-architecture considerations, rather than who has the money to spend.

“Trust regulates the disclosure of information—how open people are with relevant information…trust regulates mutual influence—how receptive people are to each other’s goals and concerns, and trust regulates control—the intention to fulfill the spirit of a decision and willingness to rely on another person to implement her part of the decision.”

“Mistrust causes people to censor, delay, and distort relevant information. Social uncertainty compounds ambiguity, masks difficulties and deprives leaders of the opportunity to make high-quality decisions

3. The EA Board (chaired by the chief enterprise architect) ensures that proposed new IT projects, products, and standards align to and comply with the enterprise architecture. EA must have the power to mandate and enforce alignment and compliance or else the target architecture and transition plan is just a sham that will not yield enterprise results and achieve stated goals. Additionally, EA must have the ability to require SMEs to contribute regularly to the development, maintenance, and use of the EA. The business and technical SMEs are the owners of the EA content and must be partners with the EA team in ensuring that the architecture is kept current, accurate, and complete.

“Power is the ability to influence others so that they do or do not do something.”

“Leaders have legitimate power to determine the process by which decisions will be made.”

Knowledge, trust, and power are three dimensions of leadership that are the foundation for an effective EA program. EA ensures that the information needs of the organization are met in terms of business and technical baseline and target architectures and transition plans. EA relies on the trust of its organizational partners in the business and technical domains to share information and adhere to architectural decision and standards that are in the best interests of the overall organization, rather than any one individual, group, or function. And finally, EA requires the power to ensure alignment to and compliance with the architecture and the decisions of the architecture board or else EA is just a paper tiger and will fail.

Leadership, Change, and Enterprise Architecture

Information Integrity and Enterprise Architecture

We are in an information economy and now more than ever business needs information to conduct their functions, processes, activities, and tasks.

To effectively conduct our business, the information needs to be relevant and reliable. The information should be current, accurate, complete, understandable, and available.

Information integrity is essential for enabling better decision-making, improving effectiveness, and reducing risk and uncertainty.

However, according to DMReview, 8 February 2008, “information within the [corporate] data warehouse continues to be inaccurate, incomplete, and often inconsistent with its sources. As a result, data warehouses experience low confidence and acceptance by users and consumers of downstream reports.”

“The Data Warehousing Institute estimates that companies lose more than $600 million every year due to bad information.”

What are some of the challenges to information integrity?

1. “Complex environments, [in which organizations] constantly generate, use, store, and exchange information and materials with customers, partners, and suppliers.”
2. “Accelerating change in the business environment [and] changing needs of business users”
3. “Increasing complexity of source systems and technology”
4. “Expanding array of regulations and compliance requirements”

“Change and complexity introduce information integrity risk. Accelerating change accelerates information integrity risk. Compliance makes information integrity an imperative rather than an option.”

What are the particular challenges with data warehouses?

1. Questionable input information—“Several source systems feed a data warehouse. Data may come from internal and external systems, in multiple formats, from multiple platforms.”
2. Lack of downstream reconciliation—“As information traverses through the source systems to a data warehouse, various intermediate processes such as transformations may degrade the integrity of the data. The problem becomes more acute when the data warehouse feeds other downstream applications.”
3. Inadequate internal controls—these include controls over data input, processing, and output, as well as policies and procedures for change management, separation of duties, security, and continuity of operations planning.

From an enterprise architecture perspective, information integrity is the linchpin between the businesses information requirements and the technology solutions that serves up the information to the business. If the information is no good, then what good are the technology solutions that provide the information to the business? In other words, garbage in, garbage out (GIGO)!

As enterprise architects, we need to work with the business and IT staffs to ensure that data captured is current, accurate, and complete, that it is entered into the system correctly, processed accurately, and that outputs are distributed on a need to know basis or as required for information sharing purposes, and is protected from unauthorized changes.

Using business, data, and systems models to decompose the processes, the information required for those, and the systems that serve them up helps to identity possible information integrity issues and aids in designing processes that enable quality information throughput.

Additionally, security needs to be architected into the systems from the beginning of their lifecycle and not as an afterthought. Information confidentiality, integrity, availability, and privacy are essential for an information secure enterprise and for information quality for mission/business performance.

Information Integrity and Enterprise Architecture

Governance and Enterprise Architecture

Enterprise architecture is critical to effective IT governance. EA establishes the baseline and target architectures and the transition plan and enforces these through the EA Board, who conducts technical reviews of proposed new IT projects, products, and standards. EA guides the organization to performance results, business-technology alignment, information sharing and accessibility, systems interoperability and component reuse, technology standardization and simplification, and security, including confidentiality, integrity, availability, and privacy. In short, EA ensures information transparency of business and technology to enhance organizational decision-making.

But what happens when organizational governance, whether EA governance or corporate boards, that is supposed to ensure transparency, does not?

The Wall Street Journal, 14 January 2008, reports “Why CEOs Need to Be Honest with Their Boards.”

“People who have spent time in corporate boardrooms say honest communication is often lacking between CEOs and their fellow directors. ‘Communication and transparency being a problem is more the rule rather than the exception.’”

Sometimes this makes headlines, such as when CEOs conduct activities without informing or getting permission from their directors, such as:

1. Backdating stock options
2. Holding merger and acquisition talks
3. Trying to solve problems independently that need to be vetted

“‘Many times it’s the thing not said, or overly optimistic positioning that gets CEOs in trouble’…as leaders, they want to take charge and inspire confidence, even when things are turning sour. But that instinct can lead them to be less than forthcoming about problems—which can snowball into severe tensions with directors.”

CEOs who do not keep their board up-to-date do so at their own peril—“In 2006, 31.9% of CEOs who stepped down world-wide did so due to conflicts with the board…the forced departures were ‘nearly always because of transparency issues...[this leads to a] slow deterioration of trust, so the termination is generally packaged as a ‘loss of confidence.’”

Things have definitely changed in the relationship between boards and CEOs─ “‘There used to be a bright, clear line: We, the management made the decision and they, the board, reviewed and approved those decisions”…that bright, clear line has gotten really fuzzy now.”

Why does the CEO resist this transparency with the board?

“It’s the CEO’s job to ‘put a good face on things to mobilize and drive the changes that any company needs going forward…this requires inspiring people and giving them confidence that if you only make this last push you will get there.” CEO’s don’t want to admit that things are not progressing as expected. They don’t want to concede that they don’t have all the answers.

What’s the lesson here for User-centric EA?

We can’t think that we have all the answers. Collaboration, vetting, and information transparency is critical to enabling better decision-making. Whether information transparency is coming from EA to business and technical information stakeholders or from the CEO to his board of directors, information transparency inspires trust and “breeds self-correcting behavior” (as the U.S. Coast Guard Commandant often reminds us). Hiding problems, being overly optimistic or self-reliant, or working in stealth are not the cornerstones for good enterprise governance. Rather, openness and frankness about program, projects, products, and plans (EA or otherwise) enables good governance. Hearing opposing points of views leads to better decision-making. Even if it is sometimes painful to hear or slows down the process some; a little enterprise introspection goes a long way to improving the end result.

Governance and Enterprise Architecture

Web 2.0 and Enterprise Architecture

Web 2.0─”a perceived second generation of web-based communities and hosted services — such as social-networking sites, wikis, and folksonomies — which aim to facilitate creativity, collaboration, and sharing between users. The term gained currency following the first O'Reilly Media Web 2.0 conference in 2004. Although the term suggests a new version of the World Wide Web, it does not refer to an update to any technical specifications, but to changes in the ways software developers and end-users use webs."

“Web 2.0 websites allow users to do more than just retrieve information. They can build on the interactive facilities of "Web 1.0" to provide "Network as platform" computing, allowing users to run software-applications entirely through a browser. Users can own the data on a Web 2.0 site and exercise control over that data. These sites may have an "Architecture of participation" that encourages users to add value to the application as they use it. This stands in contrast to very old traditional websites, the sort which limited visitors to viewing and whose content only the site's owner could modify. Web 2.0 sites often feature a rich, user-friendly interface based on Ajax, Flex or similar rich media. The sites may also have social-networking aspects.”

“The concept of Web-as-participation-platform captures many of these characteristics. Bart Decrem, a founder and former CEO of Flock, calls Web 2.0 the "participatory Web" and regards the Web-as-information-source as Web 1.0.” (Wikipedia, including Tim O’Reilly and Dion Hinchcliffe)

From a User-centric EA perspective, Web 2.0 has implications for all perspectives of the architecture:

• Performance—enterprise’s results of operations will be enhanced by the ability to do more (in terms of automation, applications, and collaboration) over the web.
• Business—they way organizations conduct their process and activities will be simpler and more collaborative through a more user-friendly web and participatory web (for example, many business are developing in-house blogs, wikis, and web portals, like SharePoint.).
• Information—the web is transformed from a source of information to a mechanism for controlling, updating, and even analyzing information (for example, viewing financial information, updating account information, and running portfolio analysis tools).
• Services—applications are available on demand on the web and are available as interoperable services rather than monolithic stovepipe systems (i.e. SOA); additionally, user can participate in the development of the applications themselves (for example, Linux).
• Technology—while Web 2.0 itself is not based on new technologies, the new participatory uses of the web are spurring technology advances in accessing the web and its more profound social networking and collaborative capabilities (for example with mobile media devices such as PDAs and cell phones).
• Security—with greater user participation on the web and the ability to control data and applications, there of course is greater security vulnerabilities (for example, identity theft).

Architects need to recognize and build the power of Web 2.0 and its participatory and collaboration capabilities into their target architectures and transition plans.

Web 2.0 and Enterprise Architecture

Information Privacy and Enterprise Architecture

The Privacy Act of 1974 states: “no agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains.” However, there are certain exception for statistical, archival, and law enforcement purposes.

What is privacy?

In MIT Technology Review, “The Talk of The Town: You—Rethinking Privacy In an Immodest Age” (November/December 2007), by Mark Williams, the author states Columbia University professor emeritus of public law Alan F. Westin defines privacy as, ‘the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.’”

Do we have privacy?

Already in 1999, Sun Microsystems chairman Scott ­McNealy stated, “You have zero privacy anyway. Get over it.”

These days, there is no illusion of privacy, as young people routinely put their biographical details and images online at a myriad of social-networking websites. Moreover, “kids casually accept that the record of their lives could be Googled by anyone at any time…some even considered their elders' expectations about privacy to be a weird, old-fogey thing--a narcissistic hang-up.”

Privacy is certainly not an absolute, especially since we need to balance the right to privacy against the first amendment guarantee of free speech. However, when people think their rights to privacy has been abused they have recourse to tort, defamation, and privacy law.

EA’s role in privacy:

User-centric EA supports the Investment Review Board selection, prioritization, and funding of new IT investments with architecture reviews and assessments; these EA reviews include a detailed appraisal of everything in the “information” perspective, including information management, sharing, accessibility, assurance, records, and of course privacy issues.

Furthermore, more detailed privacy impact assessments (PIAs) must be conducted, according to the the E-Government Act of 2002, “when developing or procuring IT systems or projects that collect, maintain or disseminate information in identifiable form from or about members of the public.”

Although Generation Y does not particularly seem to value their privacy as you'd expect, EA, along with the privacy officer and the chief information security officer, plays a critical role in monitoring and ensuring the privacy of information managed by the enterprise.

Information Privacy and Enterprise Architecture

Master Data Management and Enterprise Architecture

“Master Data Management (MDM), also known as Reference Data Management, is a sub-discipline of data architecture within Information Technology (IT) that focuses on the management of reference or master data that is shared by several disparate IT systems and groups. MDM is required to enable consistent computing between diverse system architectures and business functions.” (Wikipedia)

“Master data are the critical nouns of a business and fall generally into four groupings: people, things, places, and concepts. Further categorizations within those groupings are called subject areas, domain areas, or entity types…Master data can be described by the way that it interacts with other data. For example, in transaction systems, master data is almost always involved with transactional data. A customer buys a product. A vendor sells a part, and a partner delivers a crate of materials to a location… Master data can be described by the way that it is Created, Read, Updated, Deleted, and searched. This life cycle is called the CRUD cycle…Why should I manage master data? Because it is used by multiple applications, an error in master data can cause errors in all the applications that use it. (“The What, Why, and How of Master Data Management” by Wolter and Haselden, Microsoft Corporation, November 2006)

How can MDM software help manage MDM? Wolter and Haselden identify three primary methods:

• Single-copy of master data—where all changes and additions are made to the master and all applications accessing it use the current master data set
• Multiple copies of master data—master data is updated in a single master, but the data is sent out to the source systems where data sets are stored locally and changes to non-master data can be made)
• Continuous merge—where changes are made to the source data sets and are sent to the master to be merged and resent out to the source data sets again.

CIO.com, in “Demystifying Master Data Management”, 30 April 2007 reports that “unfortunately, most companies don't have a precise view about their customers, products, suppliers, inventory or even employees. Whenever companies add new enterprise applications to "manage" data, they unwittingly contribute to an overall confusion about a corporation's overall view of the enterprise. As a result, the concept of master data management (MDM)—creating a single, unified view of an organization—is growing in importance.” However, the article notes that adding MDM technologies will not magically correct an organization’s data quality issues, as noted in “a recent report from The Data Warehousing Institute that found 83 percent of organizations suffer from bad data for reasons that have nothing to do with technology. Among the causes of poor-quality data were inaccurate reporting, internal disagreements over which data is appropriate and incorrect definitions rendering the data unusable.”

So the essence of an MDM initiative is to first improve data quality by developing the process to define, categorize, and identify authoritative sources for data, and only then to apply MDM software to build a single view of the data.

MDM is important to enterprise architecture for a number of reasons:

• Information sharing—MDM is critical to information sharing, data integration, and reconciliation, as it establishes an authoritative source of data that can be shared between systems or organizational entities.
• Data governance—MDM helps establish the basis for sound data governance, since data owners, stewards, and users need to be able to distinguish good data from bad data, define data objects, establish data standards, metadata requirements and registries for discoverability, access rights, transfer protocols and methods, and maybe most importantly a governance process that defines who is allowed to change system data and how.
• Business Intelligence—MDM enables business intelligence by providing for an integration of data for mining, reporting, and decision support.

Creating authoritative master data is an imperative for data and systems integrity, and good decision making based on sound enterprise data.

Master Data Management and Enterprise Architecture

An Online Only World and Enterprise Architecture

How long will it be before the internet becomes our primary means of storing personal data and running software applications (web-based)?

MIT Technology Review, 3 December 2007, reports that one core vision for the evolution of technology (that of Google) is that we are moving from a computer-based technical environment to an online-only world, where “digital life, for the most part, exists on the Internet”—this is called cloud computing.

Already, users can perform many applications and storage functions online. For example:

• “Google Calendar organizes events,
• Picasa stores pictures,
• YouTube holds videos,
• Gmail stores email, and
• Google Docs houses documents, spreadsheets, and presentations.”
  

Moreover, MIT Technology Review reports that it is rumored that Google is working on an umbrella application that will pull these disparate offerings together for a holistic cloud computing solution.

What’s the advantage of cloud computing?

A computer hard drive is no longer important. Accessibility to one’s information is limited only by one’s access to the internet, which is becoming virtually ubiquitous, and information can be shared with others easily. “The digital stuff that’s valuable… [is] equally accessible from his home computer, a public internet café, or a web-enabled phone.”

What are some of the issues with cloud computing?

• Privacy—“user privacy …becomes especially important if Google serves ads that correspond to all personal information, as it does in Gmail.”
• Encryption—“Google’s encryption mechanisms aren’t flawless. There have been tales of people logging into Gmail and pulling up someone else’s account.”
• Copyright—“one of the advantages of storing data in the cloud is that it can easily be shared with other people, but sharing files such as copyrighted music and movies is generally illegal.”
• Connectivity—“a repository to online data isn’t useful if there’s no Internet connection to be had, or if the signal is spotty.”

Still Google’s vision is for “moving applications and data to the internet, Google is helping make the computer disappear.” Human-computer interaction has evolved from using command lines to graphical user interface to a web browser environment. “It’s about letting the computer get out of our way so we can work with other people and share our information.”

Of course, Google’s vision of an online-only world isn’t without challenge: Microsoft counters that “it’s always going to be a combination of [online and offline], and the solution that wins is going to be the one that does the best job with both.” So Microsoft is building capability for users “to keep some files on hard drives, and maintain that privacy, while still letting them access those files remotely.”

I will not predict a winner-take-all in this architecture battle of online and offline data and applications. However, I will say that we can definitely anticipate that information sharing, accessibility, privacy, and security will be centerpieces of what consumers care about and demand in a digital world. Online or offline these expectations will drive future technology evolution and implementation.

An Online Only World and Enterprise Architecture

Teamwork and Enterprise Architecture

User-centric EA helps people in the enterprise work together as a team, rather than in individual or functional silos.

EA helps foster teamwork by:

• Information Transparency: creating repositories of information that everyone can use and share
• Bridging Disparate Parts of the Enterprise: aligning business and information technology and thereby bridging the gap between operations and support in the organization
• Showing People Where They Fit: Modeling business processes, information requirements, and technology solutions, so all users and entities in the organization understand where and how they fit.
• Consolidating and Coordinating a Common Way Ahead: developing consolidated strategies, enterprise plans and solutions versus individual or stove-piped ones.

How does teamwork help an enterprise succeed?

Well for one, teams are where most innovations takes place and innovation and creativity are key for an organization to survive and thrive.

The Wall Street Journal in conjunction with MIT Sloan School of Management on 15 September 2007 reports that “most companies assume that innovation comes from an individual genius or small, sequestered teams. Yet…most innovations are created through networks—groups of people working in concert. To lay the groundwork, organizations must make it easy for employees to talk to their peers, share ideas, and collaborate. Among other strategies, companies should make an effort to break down the walls between company departments and rapidly test and refine ideas.”

Also, teams are where ideas are shared and vetted. You get a better end-product by valuing individual and cultural diversity and hearing opposing points of view.

EA benefits from and contributes to teamwork and innovation by bringing together, documenting and making transparent information, planning, and governance across the enterprise. This aids people in sharing ideas, projects, products, and standards, and in capitalizing on sound innovations by developing these into new IT investments and possibly enterprise solutions. EA, teamwork, and innovation go hand-in-hand.

Teamwork and Enterprise Architecture

The Situation in Myanmar and Enterprise Architecture

The Wall Street Journal, 28 September 2007 reports that “as Myanmar’s regime cracks down on a growing protest movement, ‘citizen journalists’ are are breaking the news to the world.”

Cellphone cameras, text messaging, blogging, and even satellite phones are enabling democracy movements to subvert oppressive governments from restricting communications into and out of their regimes and sanitizing media coverage of their repressive, cruel rule.

While soldiers fired automatic weapons into a crowd of pro-democracy demonstrators, Burmese citizens were sending photos and text messages to news agencies around the world. And the world responded with warnings and sanctions against the Myanmar government, keeping the death toll to only nine people so far.

“Even in countries like Myanmar, the spread of the Internet and mobile phones has meant the footage will always continue to get through and the story will be told, one way or another.”

If only this technology existed when the Nazis where herding the Jews unto cattle cars and taking them to the myriad of concentration (i.e. extermination) camps—perhaps, the shocking, real-time information and brutal photos would’ve moved the world to action sooner.

In fact, even the last time there was a large scale protest in Myanmar in 1988, the technology was not widely available and the result was a military massacre of more than 3000 civilians!

“Technology has changed everything…now in a split second, you have the story.”

From a User-centric EA perspective, we apply technology solutions to meet information requirements of the end-users in the enterprise. The business of EA is information and technology—those things that are opening up democracy in Myanmar. In EA, the results are improved mission execution and results of operation. That’s in a business or government setting. But how does information flow and technology affect geopolitics?

The answer is greatly, as we can see from the events in Myanmar:

Information technology is not only important to business and consumers, governments and citizens, but it is critical to the world’s progress—IT has geopolitical implications, including:

1. Spreading freedom and human rights
2. Feeding the world’s hungry
3. Healing of the world’s sick
4. Imposing peace and order

“Information is power” and this is enabled and magnified by the application of technology and modern communications. If we use the information technology wisely, we can make the world a better place for everyone!

The Situation in Myanmar and Enterprise Architecture

24 TV Series and Enterprise Architecture

“24, last year’s most Emmy Award-winning television series with five Emmys, including Outstanding Lead Actor in a Drama Series (Kiefer Sutherland) and Outstanding Drama Series, is one of the most innovative, thrilling and acclaimed drama series on television.” (TV.com)

What makes 24 so thrilling?

Well there is the drama, the intrigue, the ever twisting plot and constant terrorist threats, and of course, Keifer Sutherland and the rest of the 24 team.

There is also the technology and its application to track the terrorists, communicate effectively, and the business intelligence to decipher the terrorist plots. While the technology is not perfect and often it is used by the terrorists to thwart CTU as well, it still comes across quite impressively.

On a Bluetooth technology website, I found this:

“Fox's hit television show ’24’ has always displayed the latest in cutting edge technology.CTU (Counter Terrorist Unit) agents and terrorists alike. But which model of Bluetooth headsets are they actually wearing?” (bluetomorrow.com) During this season (Day 5) of 24, Bluetooth wireless headsets can be seen constantly being used by both

The technology used in 24 is viewed as cutting-edge and trend-setting (i.e. everyone wants to know which model CTU is using).

On another site, Government Computer News, 7 January, 2007, it states: “Federal superspy Jack Bauer battles fate and countless foes on the hit TV show “24”—a drama unfolding in real time and depicted on several windows within the screen. Like the Bauer character, who himself is the fictional successor to an earlier superagent who liked his tipple “shaken, not stirred,” federal IT users frequently will have to share information quickly if they hope to prevail or even survive in 2007.” (http://www.gcn.com/print/26_01/42874-1.html)

Again, the 24 series is viewed as a model for information technology users and IT sharing.

In the same GCN article, Homeland Security Department, G. Guy Thomas, the Coast Guard’s science and technology adviser for the Maritime Domain Awareness Project, states: “The ultimate goal that technologists and policy-makers should strive for is user-definable interfaces, which would provide a ‘common operational picture [COP] that serves as an interface to a collaborative information environment.’”

The COP contains an operational picture of relevant information shared by more than one command and facilitates collaborative planning and assists all echelons to achieve situational awareness. This type of operating picture is often seen being used in CTU to track and ultimately catch (with Bauer’s help) the terrorists.

For Homeland Security enterprise architecture, 24 can serve as a target state forsynthesizing business process and technology. For example, the integration between the business processes and the technology is virtually flawless in CTU, where business intelligence at the Los Angeles office is communicated and made virtually immediately available to the agents in the field for quickly following up on leads and cornering conspirators.

Additionally, even the character Jack Bauer himself displays not only tremendous heroism and patriotism in his efforts to protect this nation and its citizens, but also his innovative and can-do persona is a model for enterprise architecture development of creative yet grounded target technology states and transition plans for our organizations.

Additionally, from a User-centric EA perspective, we need to look outside our agencies at business and technology best practices in the public and private sectors, and yes, even at fictional portrayals. It is even from dramas like 24, and maybe especially from such visionary elements that EA can adapt information, creativity, and innovation to plan a genuine target state for our enterprises.

24 TV Series and Enterprise Architecture

When Information Sharing Becomes Destructive

This week Columbia University hosted a true demagogue to speak.

The Wall Street Journal 25 September 2007 states in the editorial “Columbia’s Conceit” that the the acting dean of Columbia University’s School of International and Public Affairs, not only defended having this horrific demagogue speak to the students of Columbia University, but he remarked that “if Hitler were in the United States and…if he were willing to engage in a debate and discussion to be challenged by Columbia students and faculty, we would certainly invite him.”

I assume even Osama Bin Laden would be welcome to discuss his views on killing 3000 Americans on 9-11. Free and open debate of ideas, right?

How unbelievably low Columbia University has sunk!

I grew up on the Upper West Side in Manhattan, and I fondly remember as a child taking many wonderful strolls through the the Columbia University campus. With its magnificant buildings, monuments, landscaping, and courtyards, I walked with awe and amazement up and down the paths of what I then believed to be a noble and prestigious higher learning institution.

With utter shock and dismay, I watched this week as this world demagogue and grand enemy of the United States and Israel was welcomed to Columbia and given a platform and opportunity to share his hatred and distort the truth about the nature of this country, Zionism, and even the horrific events of the Holocaust.

Columbia’s president stated “Columbia, as a community dedicated to learning and scholarship, is committed to confronting ideas.”

Well, when does confronting ideas and sharing information go from constructive to destructive? Is there a point, when allowing anyone to say anything they want, even if it is full of hatred and lies, goes beyond the point of rational ‘debate and discussion’?

I am not a lawyer, but even in this great and free country, we do not allow someone to yell fire in a crowded theatre. Nor, do we allow people to incite others to violence. There are limits to free speech and the sharing of baseless hatred and distorting the truth. In fact, our justice system is supposed to be dedicated to truth and our vast news reporting to keeping the public duly informed.

I understand now that Columbia University has agreed to invite the devil himself to speak to its students and faculty (for lively debate and discussion). The only condition placed on the devil is that he leave his pitchfork outside the campus limits. Apparently, Columbia University has not only invited the devil, but has decided to sell their soul to him as well.

So much for the great and noble institution of higher learning that a little boy once looked upon and marveled at.

As a professional enterprise architect, I believe that there are a couple of lessons here:

• In building the architecture and plans for the enterprise, full and open debate and vetting of ideas is not only encouraged, but absolutely necessary to get the best product. However, when constructive debate turns to venting, naysaying, personal insults, and destructive criticism, then the time for debate is over.
• The enterprise architecture is a knowledge base for the organization, and it is the role of the architects in conjunction with leadership, stakeholders, and end users to ensure that the knowledge base has integrity. Bad data just enables bad decision-making.

When Information Sharing Becomes Destructive