Examining the current state of the enterprise architecture profession with The Open Group's Steve Nunn

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Sponsor: The Open Group.

Join an executive from The Open Group to examine the current state of enterprise architecture (EA) as part of The Open Group Conference in San Diego the week of Feb. 7, 2011. In this podcast summary blog, learn how EA is becoming more business-oriented and how organizing groups for the EA profession are consolidating and adjusting. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

Get an update on The Association of Open Group Enterprise Architects (AOGEA) and learn more about its recent merger with the Association of Enterprise Architects. What's more, receive an assessment of the current maturity levels and overall professionalism drive of EA, and learn more about what to expect from the EA field and these organizing groups over the next few years.

To delve into the current state of EA, we've interviewed Steve Nunn, Chief Operating Officer of The Open Group and CEO of The Association of Open Group Enterprise Architects. The discussion is moderated by BriefingsDirect's Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some Q&A excerpts:

Gardner: Is EA dead or outmoded as a professional category?

Nunn: Absolutely not. EA is very much the thing of the moment, but it's also something that’s going to be with us for the foreseeable future too. Both inside The Open Group and the AOGEA, we're seeing significant growth and interest in the area of EA. In the association, it’s individuals becoming certified and wanting to join a professional body for their own purposes and to help the push to professionalize EA.

Within The Open Group it’s entities and organizations. Whether they be commercial, governments, academic, they are regularly joining The Open Group Architecture Forum. So, it's far from dead and in terms of the importance of business overall, EA being relevant to business.

A plenary session here at the conference is a good example. It's about using EA for business transformation. It's about using EA to tie IT into the business. There is no point in doing IT for IT's sake. It's there to support the business, and people are finding that one way of doing that is EA.

Gardner: Are the major trends around mobile, security, and cyber risk putting wind in your sails?

Nunn: Absolutely. We're seeing increasingly that you can't just look at EA in some kind of silo. It's more about how it fits. It's so central to an organization and the way that organizations are built that it has all of the factors that you mentioned. Security is a good one, as well as cloud. They're all impacted by EA. EA has a role to play in all of those.

Inside the Open Group, what's happening is a lot of cross-functional working groups between the Architecture Forum, the Security Forum, and the Cloud Work Group, which is just recognition of that fact. But, the central tool of it is EA.

Gardner: What's important about certification for enterprise architects?

Nunn: Everyone seems to want to be an enterprise architect or an IT architect right now. It's that label to have on your business card. What we're trying to do is separate the true architects from one of these, and certification is a key part of that.

If you're an employer and you're looking to take somebody on to help in the EA role, then it’s having some means to assess whether somebody really has any experience of EA, whether they know any frameworks, and what projects they've led that involve EA. All those things are obviously important to know.

One of the great things we see is the general acceptance of certification as a means to telling the wood from the trees.

There are various certification programs, particularly in The Open Group, that help with that. The TOGAF Certification Program is focused on the TOGAF framework. At the other end of the spectrum is the ITAC Program, which is a skills and experience based program that assesses by peer review an individual’s experience in EA.

There are those, there are others out there, and there are more coming. One of the great things we see is the general acceptance of certification as a means to telling the wood from the trees.

Gardner: It was three years ago at this very event that The AOGEA was officially launched. Tell us what’s happened since .

Nunn: Three years ago, we launched the association with 700 members. We were delighted to have that many at the start. As we sit here today, we have over 18,000 members. Over that period, we added members through more folks becoming certified through not only The Open Group programs, but with other programs. For example, we acknowledged the FIAC Certification Program as a valid path to full membership of the association.

We also embraced the Global Enterprise Architecture Organization (GEAO), and those folks, relevant to your earlier question, really have a particular business focus. We've also embraced the Microsoft Certified Architect individuals. Microsoft stopped its own program about a year ago now, and one of the things they encouraged their individuals who were certified to do was to join the association. In fact, Microsoft would help them pay to be members of the association, which was good.

So, it reflects the growth and membership reflects the interest in the area of EA and the interest in individuals' wanting to advance their own careers through being part of a profession.

Valuable resource

Enterprise architects are a highly valuable resource inside an organization, and so we are both promoting that message to the outside world. For our members as individuals what we're focusing on is delivering to them latest thinking in EA moving towards best practices, white papers, and trying to give them, at this stage, a largely virtual community in which to deal with each other.

Where we have turned it in to real community is through local chapters. We now have about 20 local chapters around the world. The members have formed those. They meet at varying intervals, but the idea is to get face time with each other and talk about issues that concern enterprise architects and the advancement of profession. It’s all good stuff. It’s growing by the week, by the month, in terms of the number of folks who want to do that. We're very happy with what has gone in three years.

Gardner: There are several EA organizations, several communities, that have evolved around them. Now the AOGEA has announced its merger with the Association of Enterprise Architects (AEA). How does that shape up?

Nunn: Well, it is certainly a melding of the two. The two organizations actually became one in late fall last year, and obviously we have the usual post-merger integration things to take care of.

As we develop, we're getting closer to our goal of being able to really promote the profession of EA in a coherent way.

But, I think it’s not just a melding. The whole is greater than the sum of the parts. We have two different communities. We have the AOGEA folks who have come primarily through certification route, and we also have the AEA folks who haven’t been so, so focused on certification, but they bring to the table something very important. They have chapters in different areas than the AOGEA folks by and large.

Also, they have a very high respected quarterly publication called The Journal of Enterprise Architecture, along the lines of an academic journal, but with a leaning towards practitioners as well. That’s published on a quarterly basis. The great thing is that that’s now a membership benefit to the merged association membership of over 18,000, rather than the subscribed base before the merger.

As we develop, we're getting closer to our goal of being able to really promote the profession of EA in a coherent way. There are other groups beyond that, and there are the early signs of co-operation and working together to try to achieve one voice for the profession going forward.

Gardner: This also followed a year ago the GOAO merger with the AOGEA. It seems as if we're getting the definitive global EA organization. Tell me about this new über organization.

Nunn: Well, the first part of that is the easy part. We have consulted the membership multiple times now actually, and we are going to name the merged organization, The Association of Enterprise Architects. So that will keep things nice and simple and that will be the name going forward. It does encompass so far GEAO, AOGEA and AEA. It's fair to say that, as a membership organization, it is the leading organization for enterprise architects.

Role to play

There are other organizations in the ecosystem who are, for example, advocacy groups, training organizations, or certification groups, and they all have a role to play in the profession. But, where we're going with AEA in the future is to make that the definitive professional association for enterprise architects. It's a non-profit 501(c)(6) incorporated organization, which is there to act as the professional body for its members.

Gardner: Let’s get back to the notion of the enterprise architect as an entity. Where are we on a scale of 1 to 10?

Nunn: There's a long way to go, and I think to measure it on a scale of 1 to 10, I'd like to say higher, but it's probably about 2 right now. Just because a lot of things that need to be done to create profession are partly done by one group or another, but not done in a unified way or with anything like one voice for the profession.

It's interesting. We did some research on how long we might expect to take to achieve the status of a profession. Certainly, in the US at least, the shortest period of time taken so far was 26 years by librarians, but typically it was closer to 100 years and, in fact, the longest was 170-odd years. So, we're doing pretty well. We're going pretty quickly compared to those organizations.

There's a long way to go, but we've made good progress in a short numbers of years, really.

We're trying to do it on a global basis, which to my knowledge is the first time that's been done for any profession. If anything, that will obviously make things a little more complicated, but I think there is a lot of will in the EA world to make this happen, a lot of support from all sorts of groups. Press and analysts are keen to see it happen from the talks that we've had and the articles we've read. So, where there is a will there is a way. There's a long way to go, but we've made good progress in a short numbers of years, really.

Gardner: What's in these groups for the enterprise? What does a group like the AEA do for them?

Nunn: It's down to giving them the confidence that the folks that they are hiring or the folks that they are developing to do EA work within their enterprise are qualified to do that, knowledgeable to do that, or on a path to becoming true professionals in EA.

Certainly if you were hiring into your organization an accountant or a lawyer, you'd be looking to hire one that was a member of the relevant professional body with the appropriate certifications. That's really what we're promoting for EA. That’s the role that the association can play.

Confidence building

When we achieve success with the association is when folks are hiring enterprise architects, they will only look at folks who are members of the association, because to do anything else would be like hiring an unqualified lawyer or accountant. It's about risk minimization and confidence building in your staff.

Gardner: You wear two hats, Chief Operating Officer at The Open Group and CEO of the AEA. How do these two groups relate?

Nunn: It's something I get asked periodically. The fact is that the association, whilst a separately incorporated body, was started by The Open Group. With these things, somebody has to start them and The Open Group's membership was all you needed for this to happen. So, very much the association has its roots in The Open Group and today still it works very closely with The Open Group in terms of how it operates and certain infrastructure things for the association are provided by The Open Group.

The support is still there, but increasingly the association is becoming a separate body. I mentioned the journal that’s published in the association's name that has its own websites, its own membership.

It's one of the leading organizations in the EA space and a group that the association would be foolish not to pay attention to.

So, little by little, there will be more separation between the two, but the aims of the two or the interests of the two are both served by EA becoming recognized as profession. It just couldn't have happened without The Open Group, and we intend to pay a lot of attention to what goes on inside The Open Group in EA. It's one of the leading organizations in the EA space and a group that the association would be foolish not to pay attention to, in terms of the direction of certifications and what the members, who are enterprise architects, are saying, experiencing, and what they're needing for the future.

It's a very close partnership and along with partnerships with other groups. The association is not looking to take anyone's turf or tread on anyone’s toes, but to partner with the other groups that are in the ecosystem. Because if we work together, we'll get to this profession status a lot quicker, but certainly a key partner will be The Open Group.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Read a full transcript or download a copy. Sponsor: The Open Group.

You may also be interested in:

• The State of Enterprise Architecture: Vast Promise or Lost Opportunity?
• Cloud Computing, Enterprise Architecture Align to Make Each More Useful to Other, say Experts
• New Definition of Enterprise Architecture Emphasized 'Fit for Purpose' Across IT Undertakings
• Cyber security top of mind for enterprise architects at Open Group conference

Deployit 3.0 enhances deployment automation

XebiaLabs recently launched a new version of its deployment automation software. Deployit 3.0 promises to take away the risks associated with manual or scripted Java deployments, as well as out-of-date procedures. The end result: more productive DevOps teams.

Coert Baart, CEO, XebiaLabs, rightly points out that the escalating adoption of virtualization and cloud computing is causing increasingly complex application deployments -- especially with roles of development and operations teams crossing over.

“Issues of virtual sprawl, lengthy scripts, and error-prone manual processes become all the more burdensome for companies tackling deployments without the right technologies in place,” Baart says. “With Deployit 3.0, companies can relieve these burdens and achieve the productivity they need in today’s increasingly dynamic markets.”

Removing the red tape

Deployit 3.0 works to remove the complexity of managing deployments. Here’s the secret sauce: the ability to work with large numbers of applications and servers and manage large environments. XebiaLabs says the additional insight into configuration items and deployments empowers companies to implement secure, self-service deployments that set the stage for continuous deployment scenarios.

Deployit 3.0 executes multiple deployments at the same time with one mouse click. Additional new features in Deployit 3.0 include a new, user-friendly interface, Python command-line interface, and Maven plugin, as well as the ability to compare packages, servers and applications.

“At BGPI, part of Crédit Agricole, we constantly aim to deliver the best private banking services to our clients at competitive cost levels. However, too many errors in the deployment phase caused an increase in downtime for critical applications, leading to higher costs for our IT organization,” says Xavier Daguerre, Development Manager at BGPI. “With Deployit, we managed to significantly reduce the number of errors, as well as the time needed to deploy new applications or features. This contributed to lower deployment costs and overall, a higher business responsiveness.”

BriefingsDirect contributor Jennifer LeClaire provided editorial assistance and research on this post. She can be reached at http://www.linkedin.com/in/jleclaire and http://www.jenniferleclaire.com.

You may also be interested in:

• rPath rBuildiner 5.8 targets 'deployment dysfunction' for Windows apps, expands from Linux base
• HP eyes automated apps deployment, 'standardized' private cloud creation with integrated CloudStart package
• CollabNet delivers Subversion Edge to ease deployment, administration

Cloud computing drives need for open standards to define and describe a new enterprise environment

This guest post comes courtesy of Mark Skilton of Capgemini Global Applications, and The Open Group.

By Mark Skilton

I recently looked back at some significant papers that had influenced my thinking on cloud computing as part of a review on current strategic trends. In February 2009, a paper published at the University of California, Berkeley, “Above the Clouds: A Berkeley View of Cloud Computing," stands out as the first of many papers to drive out the issues around the promise of cloud computing and technology barriers to achieving secure elastic service.

The key issue unfolding at that time was the transfer of risk that resulted from moving to a cloud environment and the obstacles to security, performance and licensing that would need to evolve. But the genie was out of the bottle, as successful early adopters could see cost savings and rapid one-to-many monetization benefits of on-demand services. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

A second key moment was the realization that the exchange of services was no longer a simple request and response. Social networks had demonstrated huge communities of collaboration and online “personas” changing individual and business network interactions, but something else had happened -- less obvious but more profound.

This change was made most evident in the proliferation of mobile computing that greatly expanded the original on-premise move to off-premise services. A key paper by Intel Research titled “CloneCloud,” published around that same time period, exemplified this shift. Services could be cloned and moved into the cloud, demonstrating the possible new realities in redefining the real potential of how work gets done using cloud computing.

Remote services

The key point was that storage or processing transactions, media streaming, or complex calculations no longer had to be executed within a physical device. It could be provided as a service from remote source, a virtual cloud service.

But more significant was the term “multiplicity” in this concept. We see this everyday as we download apps, stream video, and transact orders. The fact was that you could do not only a few, but multiple tasks, simultaneously and pick and choose the services and results.

This signaled a big shift away from the old style of thinking about business services that had us conditioned to think of service-oriented requests in static, tiered, rigid ways. Those business processes and services missed this new bigger picture. Just take a look at the phenomenon called "hyperlocal services" that offer location specific on-demand information or how crowd sourcing can dramatically transform purchasing choices and collaboration incentives.

The new multiplicity based world of cloud enabled networks means you can augment yourself and your company’s assets in ways that change the shape of your industry.

Traditional ways of measuring, modeling and running business operations are under-utilizing this potential and under-valuing what can be possible in these new collaborative networks. The new multiplicity-based world of cloud-enabled networks means you can augment yourself and your company’s assets in ways that change the shape of your industry.

What is needed is a new language to describe how this shift feels and works, and how advances in your business portfolio can be realized with these modern ideas, often by examining current methods and standards of strategy visualization, metrics, and design to evolve a new expression of this potential.

Some two years have passed, and what has been achieved? Certainly we have seen the huge proliferation of services into a cloud hosting environment. Large strategic movements in private data centers seek to develop private cloud services, by bringing together social media and social networking through cloud technologies.

But what's needed now is a new connection between the potential of these technologies and the vision of the Internet, the growth of social graph associations, and the wider communities and ecosystems that are emerging in the movement’s wake.

With every new significant disruptive change, there is also the need for a new language to help describe this new world. Open standards and industry forums will help drive this. The old language focuses on the previous potential, and so a new way to visualize, define, and use the new realities can help the big shift toward the potential above the cloud.

This guest post comes courtesy of Mark Skilton of Capgemini Global Applications, and The Open Group.

You may also be interested in:

• Cyber security top of mind for enterprise architects at Open Group conference
• Take the Open Group survey to measure the true enterprise impact of cloud computing
• Open Group Conference next week focuses on role and impact of enterprise architecture amid shifting sands for IT and business

EMC Greenplum releases Community Edition of MPP database product, big data analysis gets cheaper still

EMC recently introduced a free Community Edition of the EMC Greenplum Database, its massively parallel processing (MPP) database, along with free analytic algorithms and data mining tools.

Building on earlier Greenplum “big data” releases, like the EMC Greenplum Data Computing Appliance, the Community Edition lowers the cost barrier to entry for big data power tools for more developers, data scientists, and other data professionals.

The tools help to developers better understand data and provide new data uses, as well provide deeper insights and to better visualize those insights. The release was made at the 2011 O'Reilly Strata Conference, by Scott Yara, vice president, EMC Data Computing Products Division. EMC acquired Greenplum last summer. [Disclosure: Greenplum is a sponsor of BriefingsDirect podcasts.]

With the easily accessible Community Edition stack, developers can build complex applications to collect, analyze and operationalize big data leveraging best of breed big data tools, including the Greenplum Database with its in-database analytic processing capabilities.

“Our new Community Edition provides a parallel-everything 'big data' stack with unequaled speed that enables analysts to perform next-generation data analytics and experiment with real-world data, and most importantly -- innovate,” explained Luke Lonergan, CTO and vice president, EMC Data Computing Products Division and co-founder of Greenplum. “This project is about empowering developers. They can program using the most popular tools and they have a place to contribute open source extensions to the stack.”

The free EMC Greenplum Community Edition includes:

• Greenplum Database CE, an industry-leading MPP database product for large-scale analytics and next-gen data warehousing.
  
• MADlib, an open source analytic algorithms library, providing data-parallel implementations of mathematical, statistical and machine learning methods for structured and unstructured data.
  
• Alpine Miner, an intuitive visual data mining modeler that delivers rapid "modeling to scoring" capabilities, leverages in-database analytics, and is purpose-built for "big data" applications.

Community benefits

The initial release of the Community Edition is designed for both first-time users and experienced Greenplum customers. First-time users gain access to a comprehensive, purpose-built business analytics environment that enables them to view, modify and enhance included demo data files, enabling experimentation with “big data” analytical tools within the Greenplum database. Existing users can download an upgraded version of Greenplum Database CE and analytic tools for integration into their development and research environments.

The Community Edition can be downloaded free of charge from http://community.greenplum.com as a pre-configured VMWare virtual appliance for use on laptops and desktops, or as a set of packages for deployment on user machines. All users are free to participate in new Greenplum community forums to get support, collaborate, post ideas, and test enhancements developed by various users independently.

Regular Community Edition updates will be made available online. The Community Edition is intended for experimentation, development and research purposes only. Current single-node edition users can deploy the new Community Edition in their single-node production environments. Greenplum commercial licenses must be purchased prior to using code for internal data processing or for any commercial or production purpose.

You may also be interested in:

• Greenplum speeds creation of 'self-service' data warehouses with Enterprise Data Cloud release
• IBM acquires Netezza as big data market continues to consolidate around appliances, middle market, new architecture
• Aster Data's newest offerings provide row and column functionality for big data MPP analytics

Cyber security top of mind for enterprise architects at Open Group conference

SAN DIEGO -- The Open Group 2011 conference opened here yesterday with a focus on cyber security, showing how the risk management aspects of IT, architecture, and business stand as a high priority and global imperative for enterprises.

It's hard to plan any strategy for business and the IT forces that drive it, if the continuity of those services is suspect. Social media and the accelerating uses of mobile devices and networks are only adding more questions to the daunting issues around privacy and access. And, the Wikileaks affair has clearly illustrated how high the stakes can be. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

Three cyber security thought leaders plunged into the issues for the attendees: Bruce McConnell, Cybersecurity Counselor, National Protection and Programs Directorate (NPPD), US Department of Homeland Security; James Stikeleather, Chief Innovation Office, Dell; and Ben Calloni, Lockheed Martin Fellow for Software Security, Lockheed Martin Corp. Each speaker shared his thoughts on the current state of cyber security and where they see the industry heading in the future. Top of mind: The importance of trust, frameworks, and their impact on the security of critical infrastructure systems.

Following a brief introduction from Allen Brown, President and CEO of The Open Group, McConnell set the stage by discussing the current state of the security ecosystem.

Computing systems today often consist of numerous security hardware and software implementations working completely independently of each other. An improved security ecosystem would not only improve computing performance, but would also create an environment where interoperability would usher in governance and completeness. Facilitating information sharing between security systems would improve overall security by enabling systems to react in a more efficient manner when addressing security threats, he said.

The Department of Homeland Security (DHS) protects the federal executive branch, and works with critical infrastructure (gas, oil, electricity, telecom, etc.) to help them better protect themselves. DHS is currently working on a cyber security awareness campaign.

Stop, Think, Connect

Last year, DHS launched the “Stop, think, connect” campaign, which is directed at teens, young adults and parents of teens. With increased awareness, DHS believes that the threat of cyber security attacks will be lessened. For more information on the campaign, please go to http://www.dhs.gov/files/events/stop-think-connect.shtm.

McConnell mentioned that President Obama spoke on importance of private sector innovation earlier yesterday. He also stated that cyberspace is a new domain that is vital to our way of life. Therefore, it needs to be made more secure. Of course, government must play an important role in this process, but since cyber security is a civilian space, no one actor can secure it alone.

Given the global market of cyberspace, McConnell argued that the U.S. should continue to lead the security effort working together with consumers to achieve security. He then went on to suggest that an open, broad interoperability regime online would be able to validate attributes for online systems, but also emphasized that anonymity must be preserved.

Like every other function in IT, security, too, needs to be clearly defined in order to move forward.

McConnell concluded his keynote by speaking about a future white paper on the health of the cyber ecosystem, which will be based on the premise of a more secure cyberspace, where participants can work together in real-time to work against attacks. This cyber ecosystem would require automation, authentication and interoperability, enabling participating devices at any edge of a network to communicate with each other by policy established by the system owner. The ultimate purpose of the white paper is to encourage discussion and participation in an ecosystem that is more secure.

Dell innovation guru Stikeleather continued the plenary by emphasizing the need for a “Law of the Commons.” Like every other function in IT, security, too, needs to be clearly defined in order to move forward, he said. Clear definitions will enable the transparency and the common understanding needed for organizations and governments to communicate and discuss what goals the cyber community should strive to attain. This would not only lead to increased security, but it would also lead to improved trust, when addressing the growing concern of consumer privacy.

Co-evolution

The consequences of the Web’s evolution is actually a co-evolution, he said, in which people depend more on technology and we are restructuring how we see data (augmented reality); while technology is becoming contextual, dependent on who is making the request, how and when they are making it, and what their intentions are in making it.

In such a fluid environment trust is essential, but can there realistically be trust? We have created an untrustworthy environment, Stikeleather said, and the tipping point will be smart phones in the enterprise. This technology, in particular, is creating greater cracks in a complex environment that is destined to ultimately fail.

We’ve created rules for shared international usage of the world’s oceans and for outer space, and cyberspace should be no different.

Additionally, government and enterprise can’t agree on what the world should look like from a security perspective, due to differing cultural concepts in cyberspace, creating the need for a "Law of the Commons." We’ve created rules for shared international usage of the world’s oceans and for outer space, and cyberspace should be no different.

At the end of the day, everything is an economic survival issue, Stikeleather said. The real value of the Web has been network effects. If we were to lose trust in privacy and security, we'd lose the currency of that global network exchange and the associated economic model, which in turn could actually mean the collapse of the global economy, he said. A catastrophic event is likely to happen, he predicted. What will the world without trust look like? A feudal cyber world with white lists, locked clients, fixed communication routes, locked and bound desktops, limited transactions, pre-established trading partners, information hoarders, towers of Babel.

Underlying structure

We have a unique opportunity with cloud, Stikeleather said, to get it right early and put thought into what the underlying structure of cloud needs to look like, and how to conduct the contextual nature of evolving technology. Meantime, people should own the right to their own identity and control their information, and we need to secure data by protecting it within content.

There were a lot of car analogies during the plenary, whether intentional or not, and my favorite one of the day came from Calloni of Intel – “security needs to be built-in, not bolt-on.” I’ve thought of this analogy many times before when discussing IT, especially in regards to enterprise architecture.

Calloni said that given human nature’s tendency to use technology to engineer ways to make our life easier, better, more functional, etc., we increase the risk by increasing exposure. Drawing a comparison to a Ford Pinto, he stated that if organizations can purely focus on security, their probability of success would increase exponentially. However, when we add functionalities where focus will be more distributed, security will decrease as the attack surface increases.

He outlined key questions that each organization should ask when determining security:

• Who has access?
  
• What are the criteria for gaining access/clearance?
  
• Who has controls?
  
• What function is most important? Is being balanced key?
  
• What type of security do you need?

Security is expensive, so the need to reduce an organization’s attack surface is critical, when establishing a security policy. In order to build a security policy that will protect your organization, Calloni argued that you must be able to look at what area or parts of your system/network are available for an assailant to compromise. Five key areas that must be looked at include:

• Vulnerability -- to have it, an attacker must be able to access it
  
• Threats -- any potential hazard of harm to the data, systems or environment by leveraging a vulnerability; Individual taking advantage of a vulnerability
  
• Risk -- the probability of the threats using the vulnerabilities; higher risks come with more vulnerabilities and increased threats
  
• Exposure -- the damage done through a threat taking advantage of a vulnerability
  
• Countermeasures -- processes and standards that are used to combat and mitigate the risks

Like a car's drivetrain, security needs to be built-in, not bolted-on. Security frameworks need to have the solid foundation in which organizations can build-on in order to address the ever-changing cyber threats. Bolt-ons will only provide temporary band-aids that will leave your organization vulnerable to cyber threats, he emphasized.

As organizations move toward the cloud and as cyber threats are becoming more commonplace, it will be interesting to see what importance organizations place on the themes discussed yesterday. They definitely apply to the remaining conference tracks. I’m especially looking forward to how what the enterprise architecture and cloud speakers will address these topics.

If you want a real-time view of the 2011 San Diego Conference, please search for the Twitter hashtag #ogsdg.

You may also be interested in:

• Cloud security panel: Is cloud computing more or less secure than on-premises IT?
• HP Panel examines proper security hurdles on road to successful enterprise cloud computing adoption
• Adopting cloud-calibre security now pays dividends across all IT security concerns

Take The Open Group survey to measure the true enterprise impact of cloud computing

This guest post comes from Dave Lounsbury, Chief Technical Officer at The Open Group.

By Dave Lounsbury

Everyone in the IT industry knows by now that cloud computing is exploding. Gartner said cloud computing was its number-one area of inquiry in 2010, and hype for the popular computing movement peaked last summer according to its 2010 Hype Cycle for Cloud Computing.

Regardless of what the media says, cloud is now a real option for delivery of IT services to business, and organizations of all sizes need to determine how they can generate real business benefit from using cloud. Industry discussion about its benefits still tend to be more focused on such IT advantages as IT capacity and utilization versus business impacts such as competitive differentiation, profit margin, etc. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

The Open Group’s Cloud Work Group has created a series of White Papers to help clarify the business impacts of using cloud and, as a next step, The Open Group at our San Diego Conference today launched a public survey that will examine the measurable business drivers and ROI to be gained from the cloud. We encourage you to spend a few minutes completing the online survey.

We’re specifically looking for input from end-user organizations about their business requirements, outcomes and initial experience measuring ROI around their cloud projects.

We’re specifically looking for input from end-user organizations about their business requirements, outcomes and initial experience measuring ROI around their cloud projects. The survey both builds on the work already done by the Cloud Work Group, and the results of the survey will help guide its future development on the financial and business impact of cloud computing.

The survey will be open until Monday, March 7, after which we’ll publish the findings. Please help us spread the word by sharing the link -- http://svy.mk/ogcloud -- to our survey with others in your network who are either direct buyers of cloud services or have influence over their organization’s cloud-related investments.

This guest post comes from Dave Lounsbury, Chief Technical Officer at The Open Group.

You may also be interested in:

• Open Group forms Cloud Work Group to spur enterprise cloud adoption and security via open standards
• HP enters public cloud market, puts its muscle behind hybrid comuting value and management for enterprises
• Platform ISF 2.1 improves use, breadth of private cloud management, sets stage for use of public cloud efficiencies

Android gaining as enterprises ramp up mobile app development across platforms and business models

It's a post-PC world, and mobile development is the name of the game. According to a report from Appcelerator and IDC, businesses and developers are racing to define a winning mobile strategy, while keeping an eye on platforms and business models.

The first-quarter report, garnered from a survey of 2,235 Appcelerator Titanium developers, shows that while the iPhone and iPad are still the leaders of the pack, Android smartphones and tablets are gaining large amounts of developer interest. Google has nearly caught up to Apple in smartphones and is closing the gap on tablets.

Businesses are increasingly taking a multi-platform approach. On average, respondents said they plan to deploy apps on at least four different devices.

The report also shows that for enterprises the days of mobile app exploration are drawing to a close and companies are moving, or have moved, into an acceleration phase, with an eye toward greater innovation. This year, developers and businesses expect to triple their app development efforts, and the average developer is now building for four different devices.


In addition, there is a dramatic increase in the integration of geo-location, social, and cloud connectivity services, along with increased plans to integrate advertising and in-app purchase business models.

With the growth in the market, Appcelerator and IDC have developed a "Mobile Maturity Model" to describe the three phases of mobility adoption -- exploration, acceleration, and innovation.

Last year, most respondents (44 percent) said they were in the exploration phase of their mobile strategy. A simple app or two -- typically on iPhone -- and a focus on free brand-affinity apps was standard practice. This year, 55 percent of respondents said they are now shifting into the ‘acceleration’ phase.

Summary of findings

Other findings from the report:

• On average, each respondent said they plan to develop 6.5 apps this year, up 183 percent over last year.
  
  
• Businesses are increasingly taking a multi-platform approach. On average, respondents said they plan to deploy apps on at least four different devices (iPhone, iPad, Android Phone, Android Tablet) this year, up two-fold over 2010.
  
  
• Ubiquitous cloud-connectivity: 87 percent of developers said their apps will connect to a public or private cloud this year, up from only 64 percent deploying cloud-connected apps last year.

  In addition to cloud services, integration of social and location services will explode in 2011 and will define the majority of mobile experiences this year.

  
  
  
• Always connected, personal, and contextual: in addition to cloud services, integration of social and location services will explode in 2011 and will define the majority of mobile experiences this year. Interest in commerce apps is also on the rise, with PayPal beating Apple as the most preferred method for payments.
  
  
• Business models are evolving along with these more engaging mobile app experiences. Developers are shifting away from free brand affinity apps and becoming less reliant on 99-cent app sales. Increasingly, the focus is on user engagement models such as in-app purchasing and advertising, with mobile commerce on the horizon.
  
  
• Outsource goes in-house: the enterprise takes control of its mobile destiny. 81 percent of respondents said they insource their development, with the majority saying they have an integrated in-house web and mobile team.

A mobile strategy

What do Appcelerator and IDC recommend for business trying to develop a mobile strategy? It's a four pronged approach:

• Platforms: Cross-platform is mandatory, as is deploying to multiple form factors like tablets. In the third innovation phase, a business is thinking about possibilities across all major platforms and devices.
  
  
• Customer: This perspective considers the shift away from simple content-based apps that inform or entertain to more complex and engaging applications that make use of location, social, and cloud services to transactional applications such as mobile commerce. As the customer experience evolves, so does application sophistication, customer expectations, business transformation opportunities, and the underlying business models. Free branded apps and a reliance on purely app store sales give way to advertising, in-application purchasing, and mobile commerce.

  What starts as a tactical outsourcing of development “to get an app done fast” quickly turns into a more strategic discussion.

  
  
  
• People: There is an increasing shift from outsourcing to in-house development. What starts as a tactical outsourcing of development “to get an app done fast” quickly turns into a more strategic discussion around competitive advantage, control over a sustainable long-term mobile strategy, and rapid time-to-market considerations.
  
  
• Technology: In order to meet the demand for more apps, new devices, frequent updates, and deeper customer engagement, a business needs to drive down costs, time-to-market, and complexity by developing and leveraging reusable components. Ultimately, this results in the need for a cross-platform, fully integrated mobile architecture that spans a company’s entire app portfolio.

A copy of the full report is available from the Appcelerator site.

You may also be interested in:

• Mobile access and social collaboration form a cloud catalyst for enterprises
• Why HTML5 enables more business to deliver more apps to more mobile devices with greater ease
• Analysts probe future of client architectures as HTML5 and client virtualization loom over desktops

Open Group conference next week focuses on role and impact of enterprise architecture amid shifting sands for IT and business

Next week's The Open Group conference in San Diego comes at an important time in the evolution of IT and business. And it's not too late to attend the conference, especially if you're looking for an escape from the snow and ice.

From Feb. 7 through 9 at the Marriott San Diego Mission Valley, the 2011 conference is organized around three key themes: architecting cyber security, enterprise architecture (EA) and business transformation, and the business and financial impact of cloud computing. CloudCamp San Diego will be held in conjunction with the conference on Wednesday, Feb. 9. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

Registration is open to both members and non-members of The Open Group. For more information, or to register for the conference in San Diego please visit: http://www.opengroup.org/sandiego2011/register.htm. Registration is free for members of the press and industry analysts.

The Open Group is a vendor- and technology-neutral consortium, whose vision of Boundaryless Information Flow™ will enable access to integrated information within and between enterprises based on open standards and global interoperability.

I've found these conferences over the past five years an invaluable venue for meeting and collaborating with CIOs, enterprise architects, standards stewards and thought leaders on enterprise issues. It's one of the few times when the mix of technology, governance and business interests mingle well for mutual benefit.

The Security Practitioners Conference, being held on Feb. 7, provides guidelines on how to build trusted solutions; take into account government and legal considerations; and connects architecture and information security management. Confirmed speakers include James Stikeleather, chief innovation officer, Dell Services; Bruce McConnell, cybersecurity counselor, National Protection and Programs Directorate, U.S. Department of Homeland Security; and Ben Calloni, Lockheed Martin Fellow, Software Security, Lockheed Martin Corp.

Change management processes requiring an advanced, dynamic and resilient EA structure will be discussed in detail during The Enterprise Architecture Practitioners Conference on Feb. 8. The Cloud Computing track, on Feb. 9, includes sessions on the business and financial impact of cloud computing; cloud security; and how to architect for the cloud -- with confirmed speakers Steve Else, CEO, EA Principals; Pete Joodi, distinguished engineer, IBM; and Paul Simmonds, security consultant, the Jericho Forum.

General conference keynote presentation speakers include Dawn Meyerriecks, assistant director of National Intelligence for Acquisition, Technology and Facilities, Office of the Director of National Intelligence; David Mihelcic, CTO, the U.S. Defense Information Systems Agency; and Jeff Scott, senior analyst, Forrester Research.

I'll be moderating an on-stage panel on Wednesday on the considerations that must be made when choosing a cloud solution -- custom or "shrink-wrapped" -- and whether different forms of cloud computing are appropriate for different industry sectors. The tension between plain cloud offerings and enterprise demands for customization is bound to build, and we'll work to find a better path to resolution.

I'll also be hosting and producing a set of BriefingsDirect podcasts at the conference, on such topics as the future of EA groups, EA maturity and future roles, security risk management, and on the new Trusted Technology Forum (TTF) established in December. Look for those podcasts, blog summaries and transcripts here over the next few days and weeks.

For the first time, The Open Group Photo Contest will encourage the members and attendees to socialize, collaborate and share during Open Group conferences, as well as document and share their favorite experiences. Categories include best photo on the conference floor, best photo of San Diego, and best photo of the conference outing (dinner aboard the USS Midway in San Diego Harbor). The winner of each category will receive a $25 Amazon gift card. The winners will be announced on Monday, Feb. 14 via social media communities.

It's not too late to join in, or to plan to look for the events and presentations online. Registration is open to both members and non-members of The Open Group. For more information, or to register for the conference in San Diego please visit: http://www.opengroup.org/sandiego2011/register.htm. Registration is free for members of the press and industry analysts.

You may also be interested in:

• The Open Group's cloud work group advances undersdtanding of cloud-use benefits for enterprises
• Harvard Medical School use of cloud computing provides harbinger for new IT business valule, Open Group panel finds
• FACE initiative takes aim at improved interoperability and standards among future military avionics platforms
• The Open Group bridges SOA definitions gap with release of new technical standard SOA Ontology