Standards and open access are increasingly important to users of cloud-based services. Yet security and control also remain top-of-mind for enterprises. How to make the two -- cloud and security -- work in harmony?
The Open Group is leading some of the top efforts to make cloud benefits apply to mission critical IT. To learn more about the venerable group's efforts I recently interviewed Allen Brown, president and CEO of The Open Group. We met at the global organization's 23rd Enterprise Architecture Practitioners Conference in Toronto.
Here are some excerpts:
Brown: We started off in a situation where organizations recognized that they needed to break down the boundaries between their organizations. They're now finding that they need to continue that, and that investing in enterprise architecture (EA) is a solid investment developing for the future. You're not going to stop that just because there is a downturn.Listen to the podcast. Find it on iTunes/iPod and Podcast.com. View a full transcript or download the transcript. Learn more. Sponsor: The Open Group.
In fact, some of our members who I've been speaking to see EA as critical to ready their organization for coming out of this economic downturn.
... We're seeing the merger of the need for EA with security. We've got a number of security initiatives in areas of architecture, compliance, audit, risk management, trust, and so on. But the key is bringing those two things together, because we're seeing a lot of evidence that there are more concerns about security.
... IT security continues to be a problem area for enterprise IT organizations. It's an area where our members have asked us to focus more. Besides the obvious issues, the move to cloud does introduce some more security concerns, especially for the large organizations, and it continues to be seen as an obstacle.
On the vendor side, the cloud community recognizes they've got to get security, compliance, risk, and audit sorted out. That's the sort of thing our Security Forum will be working on. That provides more opportunity on the vendor side for cloud services.
... We've always had this challenge of how do we breakdown the silos in the IT function. As we're moving towards areas like cloud, we're starting to see some federation of the way in which the IT infrastructure is assembled.
As far as the information, wherever it is, and what parts of it are as a service, you've still got to be able to integrate it, pull it together, and have it in a coherent manner. You’ve got to be able to deliver it not as data, but as information to those cross-functional groups -- those groups within your organization that may be partnering with their business partners. You've got to deliver that as information.
The whole concept of Boundaryless Information Flow, we found, was even more relevant in the world of cloud computing. I believe that cloud is part of an extension of the way that we're going to break down these stovepipes and silos in the IT infrastructure and enable Boundaryless Information Flow to extend.
One of the things that we found internally in moving from the business side of what our architecture is that the stakeholders understand to where the developers can understand, is that you absolutely need that skill in being able to be the person that does the translation. You can deliver to the business guys what it is you're doing in ways that they understand, but you can also interpret it for the technical guys in ways that they can understand.
As this gets more complex, we've got to have the equivalent of city-plan type architects, we've got to have building regulation type architects, and we've got to have the actual solution architect.
... We've come full circle. Now there are concerns about portability around the cloud platform opportunities. It's too early to know how deep the concern is and what the challenges are, but obviously it's something that we're well used to -- looking at how we adopt, adapt, and integrate standards in that area, and how we would look for establishing the best practices.