The Need for Enterprise Architecture

June 2016

Every enterprise has a business strategy that is formulated in terms of business goals and strategic choices. This is driven at the top layer and set direction for design and delivery of business services that are composed of processes, functions and systems. Technology and information systems are true enablers of business services as they provide many of the functionalities at lower layers to form business services. As technology advances rapidly, it opens new business opportunities and provides competitive advantage for those adapting them quickly.

Information systems are built on complex technology and usually grown over time as the needs arise. IT is constantly busy integrating them into the pile of the portfolio and there is always less time to validate the integrity and consistency of them within the IT ecosystem of the enterprise. Complexity can easily be out of control as the continuous growth of IT reveals complex intricate systems where everything appears to be connected with everything and no one knows what happens when something changes, as no one has a clear view of the whole.

The New Cyber-Security Disease: Technology Over-Reliance

January 2016

Cyber security is a controversial field. Control frameworks, standards and good practice guidance; all point to similar matters from a perspective and describe sets of security controls, requirements, architectures or specifications. Regardless of the variety and wealth of material, they all sit on only a few key pillars;
  • know your information systems (asset management), 
  • manage access to them (access control),
  • prevent unauthorized disclosure (encryption, boundary defense, malware defense, secure design, etc.),
  • be prepared and informed if something goes wrong (testing, monitoring, threat intelligence, incident response, etc.).
Technology promise very much about delivering these capabilities with tons of fancy products out there. It is usually impressive and entertaining to inspect them in industry events, vendor demonstrations or proof of concept works. Nevertheless, integrating and running them within the existing IT landscape is often overlooked from the beginning.