A thinking tool to ask and describe the alignment requirements of business, information, technology and security to improve and secure the management of process, data, application and infrastructure of performance.
5. ENTERPRISE
• "Enterprise" is an entity defined and organized
to create value
• The value creation is structured to be
composed of product, services, people,
location, performance, function, process,
data, application, technology, infrastructure
and providers.
johnmacasio@gmail.com
6. ARCHITECTURE
• Speaks of drawn model to describe
the holistic and particular view of the
system in actualizing the “value”
defined for the organization.
• Blueprint which define the baseline of
common and differentiated
information on how the system is
organized and expected to behave to
actualize the mandate, mission,
principles, vision, goals, objectives
and performance.
johnmacasio@gmail.com
16. VALUE OF ENTERPRISE ARCHITECTURE
“You are going to do
architecture, because without
architecture, you cannot do
any of these things:
• Alignment
• Integration
• Change
• Reduced Time-to-Market
-John Zachman
Enterprise Architecture Framework
johnmacasio@gmail.com
17. VALUE OF ENTERPRISE ARCHITECTURE
ALIGNMENT
• Enterprise architecture provides the
framework to enable better alignment of
business and information technology
objectives. The architecture used can also
serve as a communication tool.
18. VALUE OF ENTERPRISE ARCHITECTURE
INTEGRATION
• Enterprise architecture establishes the
infrastructure that enables business rules to
be consistently applied across the
organization, documents data flows, uses and
interfaces.
19. VALUE OF ENTERPRISE ARCHITECTURE
VALUE CREATION
• Enterprise architecture provides better
measurement of information technology
economic value in an environment
where there is a higher potential for
reusable hardware and software assets
20. VALUE OF ENTERPRISE ARCHITECTURE
CHANGE MANAGEMENT
• Enterprise architecture establishes consistent
infrastructure and formalizing the
management of the infrastructure and
information assets better enables an
organization-wide change management
process to be established to handle
information technology changes
21. VALUE OF ENTERPRISE ARCHITECTURE
COMPLIANCE
• Enterprise architecture provides the artifacts
necessary to ensure legal and regulatory
compliance for the technical infrastructure
and environment.
- Schekkerman, J. (2005). Trends in Enterprise Architecture,
Institute for Enterprise ArchitectureDevelopment
23. ARCHITECTURE DOMAINS
1. BUSINESS ARCHITECTURE
Definition of the business strategy, governance,
organization, and key business processes of the
enterprise
2. APPLICATION ARCHITECTURE
Provision of functional blueprint for the
individual application system to be deployed,
the interaction between application system, and
their relationship to the core business processes
of the enterprise
johnmacasio@gmail.com
24. ARCHITECTURE DOMAINS
3. DATA ARCHITECTURE
Structural definition of the logical and physical data
assets of the enterprise, and the associate data
management resources.
4. TECHNOLOGY ARCHITECTURE
Definition of the hardware, software and network
infrastructure to support the deployment of core
and mission-critical applications. It includes
description of technology standards and
methodology.
johnmacasio@gmail.com
25. ENTERPRISE ARCHITECTURE
COMPONENTS IN ICT SERVICES
USE CASE
APPLICATION
SYSTEM
DATA
SERVICES
APPLICATION
SERVICES
CONNECTIVITY
SERVICES
USERS
ACCESS
BUSINESS
PROCESSES
MEMBERSHIP
COLLECTION
BENEFITS
ACCREDITATION
DATA
ELEMENTS
DATABASE
SYSTEM
NETWORK
INFRASTRUCTURE
POINT OF PRESENCE
CUSTOMER
CLIENTS
PROVIDERS
SUPPLIERS
johnmacasio@gmail.com
26. E
Membership Collection Benefits Accreditation
CUSTOMER RELATIONSHIP MANAGEMENT
ENTERPRISE RESOURCE PLANNING
Planning Audit Risks Legal/Policy
ENTERPRISE PERFORMANCE MANAGEMENT
Finance
Human
Resource
Assets
Facilities
Technology
DATA
APPLICATION
BUSINESS
PROCESS
TECHNOLOGY
INFRASTRUCTURE
CASE: BUSINESS INFORMATION SYSTEM INTEGRATION VIEW
INFORMATION
SECURITY
E
N
T
E
R
P
R
I
S
E
A
R
C
H
I
T
E
C
T
U
R
E
johnmacasio@gmail.com
31. CASE: HEALTH INSURANCE
INFORMATION SECURITY
MEMBERSHIP
MANAGEMENT
COLLECTION
MANAGEMENT
BENEFITS
MANAGEMENT
ACCREDITATION
MANAGEMENT
payment
identification
claims
certification
johnmacasio@gmail.com
32. CASE: HEALTH INSURANCE
INFORMATION SECURITY
FINANCIAL
MANAGEMENT
PERSONNEL
MANAGEMENT
ASSET
MANAGEMENT
LEGAL
MANAGEMENT
johnmacasio@gmail.com
33. CASE: HEALTH INSURANCE
INFORMATION SECURITY
AUDIT
MANAGEMENT
STRATEGY
MANAGEMENT
RISK
MANAGEMENT
PROJECT
MANAGEMENT
johnmacasio@gmail.com
34. CASE: HEALTH INSURANCE
INFORMATION SECURITY
INFRASTRUCTURE
MANAGEMENT
NETWORK
MANAGEMENT
APPLICATION
MANAGEMENT
DATA
MANAGEMENT
johnmacasio@gmail.com
36. Security Policy Requirement
Governance
•Functional
Organization
•Roles and
Responsibilities
Competencies
•Knowledge, Skills and
Attitudes Requirements
•Training Program and
Certification
Process
•Business Workflow,
Procedures and Rules
•Risk Audit and Control
Procedures
Data
Infrastructure
•Acceptable Use
•Data Management
•Risk Audit and
Control Procedures
•Infrastructure
Management
•Sourcing &
Procurement
•Risk Audit and
Control
Governance
Guidance and
Implementation
Competency
Reference and
Assessment
Functions
Process
Models and
Control
Guidance
Data and Application
Security Models and
Acceptable Use
Physical Configuration
Network Models
Service Sourcing
Trusted Technology
Acceptable Use
No Need to
Reinvent the Wheel
1. Recognize security needs & question
2. Find the fitted practitioner standards
3. Apply standards to real life condition
4. Assess and improve the practice
johnmacasio@gmail.com
Governance
Competency
Process
Data
Infrastructure
38. What it means
to secure information…
1. Establish the governance and
management organization of
information security that
comply to best practice
standards.
johnmacasio@gmail.com
39. What it means
to secure information…
2. Identify the information
assets, and perform the
assessment of vulnerabilities
and threats that surround
the creation, storage, use
and sharing of information.
johnmacasio@gmail.com
40. What it means
to secure information…
3. Develop, document and
implement policies, standards,
procedures, and guidelines that
ensure confidentiality, integrity,
and availability in the person,
process, data, application and
infrastructure of information.
johnmacasio@gmail.com
41. What it means
to secure information…
4. Evaluate, acquire and use
security management tools to
classify data and risk, to audit
information system, to assess
and analyze risks in the solution
development and infrastructure,
to monitor and control areas of
vulnerabilities. and implement
security controls and appropriate
reactive responses to threats.
johnmacasio@gmail.com
43. CHANGE…
1. We can only evaluate that which
is measurable
2. We can only test that which is
agreed.
3. We can only improve that which
is actualized.
4. We can only change that which
is established.
johnmacasio@gmail.com
Editor's Notes
Manual re-keying
Manual re-keying might not be the biggest cost companies pay from bad architecture, but it’s certainly the most obvious one. Hiring human beings to serve as the interface engine connecting incompatible applications isn’t just expensive; it’s de-humanizing.
Collection of point solutions
Everyone wants their work supported by a “best of breed” solution. Define “their work” too narrowly, though, and everyone has to visit so many applications to get their work done that there isn’t enough time to get their work done.
Meanwhile, unless IT spends a lot of time building interfaces to connect all of these point solutions, you’re back to re-keying again.
Redundant applications
Every business application solves business problems. Solving business problems is good, so solving them more than once must be even better, right?
Of course not, and yet a lot of companies keep lots of redundant applications around, either because they overlap but still have a few unique areas they support, or because they’ve grown through mergers and acquisitions but aren’t very good at integrating everyone into one business after the papers have been signed.
Either way, the money spent to support all of this redundancy is pure waste.
Redundant data
Very often, different applications need the same information to get their jobs done. You have two choices: Point them all to the same underlying database, which isn’t always possible, or synchronize their separate databases, which is often pretty messy.
Or there’s always that manual re-keying option....
Too many interfaces
When you have redundant data and you decide to keep it synchronized, you need to build an interface. Even if you don’t, you often have to feed one system with results from a different one.
Either way, the more systems and databases you have, the more interfaces you end up building. It’s better than not having them, but as they accumulate, your architecture becomes more and more fragile, and you spend more and more time managing the interfaces instead of building new functionality.
Faux-elegant integration
So you decide to solve your interface dilemma with an elegant enterprise application integration system, or a services bus, or some other form of middleware-plus-metadata that keeps everything clean.
And then, your developers figure two things out: (1) what your cool new system does is make solving the easy problems even easier; and (2) it doesn’t solve the hard problems at all. So instead of arguing with you, they rebuild the same old spiderweb of interfaces, but hide it inside the EAI system so you don’t know about it.
Kludges and workarounds
Maybe you were competing with an outside developer who lowballed a project. Maybe the business sponsor insisted on too short a deadline. Or maybe building a solution well would have ruined the business case for the project.
Whatever the reason, you wake up one day to discover a lot of your systems are held together with Band-Aids, chewing gum, and duct tape.
If you’re lucky, nobody will notice until after you leave or retire.
Obsolete technology
It’s mission-critical! It satisfies the business need perfectly! What do you mean you have to spend money to maintain it?
When you’ve built something on a version of Visual Basic that Microsoft hasn’t supported in a decade, that can’t read and write from any version of SQL Server that isn’t at least seven years old, and the only versions of Windows they’ll run on don’t have drivers for any of the printers you have in production -- that’s what you mean. You have to spend money to maintain it.
White papers
You see a bunch of warning signs. You organize an enterprise technical architecture management group. You hire an expert or two. And their productivity is enormous.
Enormous, that is, if you measure productivity in terms of the number of white papers they publish. Changing how work gets done in IT? Of course they’ll change it. So long, that is, as everyone reads their white papers, admires their business, and follows their instructions.
Confidentiality: This means that information is only being seen or used by people who are authorized to access it.
Integrity: This means that any changes to the information by an unauthorized user are impossible (or at least detected), and changes by authorized users are tracked.
Availability: This means that the information is accessible when authorized users need it.