Monday, September 14, 2009

Cloud and Security Join Boundaryless Information as Top-of-Mind Issues for The Open Group

Transcript of a sponsored BriefingsDirect podcast with Allen Brown, president and CEO of The Open Group, on the state of the organization. Recorded live at The Open Group's 23rd Enterprise Architecture Practitioners Conference in Toronto.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Learn more. Sponsor: The Open Group.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to BriefingsDirect.

Today, we welcome our listeners to a sponsored podcast discussion coming to you from The Open Group’s 23rd Enterprise Architecture Practitioners Conference in Toronto.

Our topic for this podcast, part of a series from the conference, centers on The Open Group itself. We're going to be talking with Allen Brown, president and CEO of The Open Group, about the organization and its recent fast growth. Welcome back to the show, Allen.

Allen Brown: Hi, Dana. It’s good to be talking to you again.

Gardner: Well, the last time you and I spoke, you were just unveiling the TOGAF 9 Framework, and from all indications, this has really become quite popular.

Brown: There have been more than 30,000 downloads of TOGAF 9, since we launched it, bringing us to about 125,000 TOGAF downloads in total. We've sold more than 21,000 hard copies of the TOGAF book, and certification is continuing to grow. We've passed the 10,000 number milestone for TOGAF certified practitioners. It has just been growing and taking off. It's fantastic.

Gardner: Of course, this has been happening during a difficult economic environment. Do we have some larger takeaways about enterprise architecture (EA) in general from these results?

Brown: I sometimes just think that we're very fortunate to be where we are, but there must be something more than that, I guess. We've been working on TOGAF for many, many years.

We started off in a situation where organizations recognized that they needed to break down the boundaries between their organizations. They're now finding that they need to continue that, and that investing in EA is a solid investment developing for the future. You're not going to stop that just because there is a downturn.

In fact, some of our members who I've been speaking to see EA as critical to ready their organization for coming out of this economic downturn.

Gardner: We've also seen a great deal of interest in security issues. I noticed at the previous conference, as well as this one, a significant devotion to security issues. How important are enterprise architects to the general health of an organization when it comes to security?

Brown: We're seeing more and more of that come along. We're seeing the merger of the need for EA with security. We've got a number of security initiatives in areas of architecture, compliance, audit, risk management, trust, and so on. But the key is bringing those two things together, because we're seeing a lot of evidence that there are more concerns about security.

As one CIO of a major organization in the U.S. explained to me, "We're using EA. We're using TOGAF. We've modified it. We've pretty much got the integration stuff down, but the biggest concern that I have is security."

Gardner: I've noticed also from some of the presentations here at the conference a rather dramatic increase in the global uptake in EA, and TOGAF is an indication of that. Perhaps you could give us a sense of where this is welling up in terms of growth around the world.

International growth


Brown: Well, it’s been quite dramatic. We've entered into agreements with organizations to represent us, in a franchise kind of way, in different countries. We've had an agreement with Japan for many years. We then went into South Africa. But, in this last quarter, we launched The Open Group China. We had a fantastic launch event in Beijing in May.

We had the first conference of The Open Group France in this quarter, with some brilliant presentations by people like Air France, KLM, showing how EA is used to benefit their merger. We've also entered into an agreement with an organization that is going to represent us in the Arabic speaking countries, as well.

Gardner: One of the things that’s impressed me in tracking TOGAF and The Open Group for the past several years is the emphasis you’ve put on Boundaryless Information Flow. A few years ago, that played a great role in services orientation and the movements around that, but now its also playing quite a role in what’s being referred to in many cores as cloud computing.

In cloud, there are various sourcing options, different approaches to the economics that support IT, but in doing so perhaps are even making IT and business processes more agile. How do you see this vision that The Open Group has had around "boundarylessness" relate to cloud computing.

Brown: We looked again at boundaries, because each year we review our strategy, and we were

You’ve got to be able to deliver it not as data, but as information to those cross-functional groups -- those groups within your organization that may be partnering with their business partners.

wondering about whether the vision was still sustainable. Obviously it came from our Customer Council, our end-user organization members in the first place, and driven again by that need for information to be integrated, aggregated, and delivered to those that were entitled to it whenever they needed it.

You've got situations now where information can flow within organizations and it can flow between organization, and we're breaking down the silos within departments in organizations. We've always had this challenge of how do we breakdown the silos in the IT function. As we're moving towards areas like cloud, we're starting to see some federation of the way in which the IT infrastructure is assembled.

As far as the information, wherever it is, and what parts of it are as a service, you've still got to be able to integrate it, pull it together, and have it in a coherent manner. You’ve got to be able to deliver it not as data, but as information to those cross-functional groups -- those groups within your organization that may be partnering with their business partners. You've got to deliver that as information.

The whole concept of Boundaryless Information Flow, we found, was even more relevant in the world of cloud computing. I believe that cloud is part of an extension of the way that we're going to break down these stovepipes and silos in the IT infrastructure and enable Boundaryless Information Flow to extend.

Gardner: The role of the enterprise architect seems also be benefiting from this abstraction to a variety of sourcing options. To just focus on the solution architecture, a technological or platform architectural approach, or technology set doesn’t get to that higher value of the top-down look, and bringing what could be a series of services in a process to the betterment of the business itself, the outcomes that the business is seeking.

Do you think that there is also some relationship? Now that we have more sources of compute applications data and infrastructure, we expect more. There's a relationship between the uptake in your framework and the architectural view and this added layer of complexity?

Raising competence

Brown: Absolutely. As the layer of complexity increases, we need more capability from enterprise architects. That’s why we're concerned, and our members are concerned, about raising the level of professional competence amongst enterprise architects, because they actually have to have the skills, not only technical, but also the people skills, the softer skills, to be able to bring this together.

One of the things that we found internally in moving from the business side of what our architecture is that the stakeholders understand to where the developers can understand, is that you absolutely need that skill in being able to be the person that does the translation. You can deliver to the business guys what it is you're doing in ways that they understand, but you can also interpret it for the technical guys in ways that they can understand.

As this gets more complex, we've got to have the equivalent of city-plan type architects, we've got to have building regulation type architects, and we've got to have the actual solution architect.

Many of us are responding to business demands for where architecture needs to go. So, it’s not architecture for architecture's sake. We're not doing EA because it sounds cool. We're doing it because we have real business concerns. Some of them are developing new product, but a lot of them are reducing risk -- operational risk and security risk.

So, as the organization does this, we've got to ensure that we find ways of bringing it back together into some sort of coherent whole. The real skill of the architect is to bring that all together.

Gardner: I've also noticed, sticking with the cloud topic a bit, that small and medium-sized businesses (SMBs) have been very interested in cloud. Perhaps they're early adopters even more so than large enterprises, and perhaps they've been getting used to cloud vis-à-vis their use of software-as-a-service (SaaS), certain applications coming across the Web. Is there a role for EA in these SMBs as well?

Brown: There absolutely is, because SMBs are becoming more complex themselves. They are

One of the reasons that SMBs go to the cloud is because it's more secure than they can do themselves.

looking at integrated applications and integrated solutions. So it is much more complex in a small organization than it used to be.

But, at the same time, you don't have the availability of the skills, and so one of the big challenges we have in serving SMBs effectively with EA is to provide ways of enabling them to get access to those skills.

Our members did a survey of Open Group Architecture Forum members, and one of the things that came out of that survey was that the average number of enterprise architects in an organization is between two and four percent of the IT organization. For small business, that's maybe two hours a week. Any more than that is not affordable, and it's out of scale with the large organizations. So we've got that challenge.

The other part is about outsourcing and using cloud effectively by small organization. I know that we've heard a lot about one of the issues with cloud being security. One of the reasons that SMBs go to the cloud is because it's more secure than they can do themselves. So, there is always that tradeoff.

But, we do need to provide ways in which they can have more available expertise on hand to help them with EA.

Sourcing issues

Gardner: For these SMBs and enterprises that are looking to the cloud to improve their productivity in general, perhaps by reducing costs and offloading some capital expenditures, that security issue seems to be coming up all the more often, as they really pursue these issues around sourcing and cloud.

What do you have in store for security? I know there are several activities out there. There is Jericho and the Cloud Alliance. I'm wondering what the next shoe to fall might be in terms of The Open Group and cloud security.

Brown: IT security continues to be a problem area for enterprise IT organizations. It's an area where our members have asked us to focus more. Besides the obvious issues, the move to cloud does introduce some more security concerns, especially for the large organizations, and it continues to be seen as an obstacle.

On the vendor side, the cloud community recognizes they've got to get security, compliance, risk, and audit sorted out. That's the sort of thing our Security Forum will be working on. That provides more opportunity on the vendor side for cloud services.

On the customer side, there is widespread recognition that getting security requirements expressed now is critical, so that the cloud-service vendors develop the right controls and processes to meet enterprise security requirements.

Gardner: Are there any working groups or activities that you're devoting specifically to cloud to ameliorate some of these security concerns, so that we get the best of both worlds?

Brown: We're working on a number of areas. One of the things that we've always done in The Open Group is to look to our customer members, the end user organizations that are our

On the customer side, there is widespread recognition that getting security requirements expressed now is critical, so that the cloud-service vendors develop the right controls and processes to meet enterprise security requirements.

members. We always look to them first. They were the people who came along 15 or 16 years ago and said, "We have to have standards for how to do EA." These are the people who came along and said, "We need access to integrated information and we need a Boundaryless Information Flow."

Right now, we're looking to them. On Wednesday morning, here in Toronto, we will be conducting what we call a "business scenario." Business scenarios are a method within TOGAF, which is itself a method.

We'll be conducting a business scenario to look at the customer requirements, pain points, challenges, and concerns with cloud computing. That's really an absolute catalyst for us, looking at what the customers actually want, because that drives the market.

We've also got activity within the Security Forum itself. They're focused on that security in Jericho. They're both focused on cloud activities. We're looking to announce -- tomorrow, I believe -- a cloud work group within The Open Group.

Working collaboratively

As with everything, The Open Group never believes that we have all of the answers or that we're going to solve everything. We have to work collaboratively with other standards organizations, other consortia, with the vendors and the customers, and we will define what we believe our role is to be. It's never the center of the universe. It's always a contributor to these part, and that's what we're going to be talking about on Tuesday.

On Wednesday evening, we're hosting a cloud camp, just trying to support that area of activity. Since we're in Toronto, we thought that was a good idea.

Gardner: As we work through the evolution of security for cloud activities and a comfort level develops around that, I think the next part of the discussion will be around neutrality or portability for data applications, run time environments, just general intellectual property. I know it's a bit early in the evolution of this, but is there any sense of what role The Open Group might play in terms of this portability and neutrality issue?

Brown: That takes me back a while. When I first joined The Open Group, too many years ago to remember, portability was what we were doing. We did the X/Open Portability Guide -- XPG4 was the one that really took off -- unifying the Unix operating platform.

We can see that there are concerns. We've come full circle. Now there are concerns about portability around the cloud platform opportunities. It's too early to know how deep the concern is and what the challenges are, but obviously it's something that we're well used to -- looking at how we adopt, adapt, and integrate standards in that area, and how we would look for establishing the best practices.

Gardner: We've been discussing the role of The Open Group since the beginning of the year. They had a very big roll out with TOGAF 9, and there are several prominent issues -- security and xloud not the least among them -- that are top of mind for architects moving forward. I want to thank our guest Allen Brown, president and CEO of The Open Group.

Brown: Well, thanks for talking to us, Dana.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. You've been listening to a special BriefingsDirect podcast coming from The Open Group's 23rd Enterprise Architecture Practitioners Conference in Toronto. We're here the week of July 20, 2009. Thanks for listening, and come back next time.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Learn more. Sponsor: The Open Group.

Transcript of a sponsored BriefingsDirect podcast with Allen Brown, president and CEO of The Open Group, on the state of the organization. Recorded live at The Open Group's 23rd Enterprise Architecture Practitioners Conference in Toronto. Copyright Interarbor Solutions, LLC, 2005-2009. All rights reserved.
Post a Comment