Adapting Enterprise Architecture for Digital Transformations

July 2017

This is the digital era. This is about transforming behaviours and expectations with disruptive business models and technologies. These are challenging times for traditional enterprises as disruption starts from inside the organisation, to build the culture of agility and flexibility so that they can offend (or defend) the market place.

Adapting Agile methods is imperative to provision services fast and respond to continuous wants and needs of the business, hence the (r)evolving market place. While many argue the pros and cons of Agile (that I am following with interest), I will discuss how Enterprise Architecture (EA) should be adapted for organisations embracing Agile development and delivery.

Architecting Cyber Security?

March 2017

Cyber Security is a controversial field. It is difficult to measure performance or demonstrate value. It is therefore considered later and relegated to a few add-on fixes when all design decisions have been made. Typical arguments are;

  • Security hinders the business process rather than helping - just focusing upon "security" rather than real business value?
  • Security tries to deliver controls in isolation without clear understanding of service context, priorities, risks or opportunities?
  • Security leads to increased complexity and cost of delivery and support?
Traditional approaches to Security often contribute to these arguments when;
  • Security (process & technology) design is isolated into domains (or control sets) and incapable of being integrated together (tactical approach).
  • Security and business strategy is loosely coupled (i.e. weak traceability / justification of security investments for business value).
  • Checklist / compliance approach - just checking the links (security controls) in the chain exist but do not test that the links actually fit together to form a secure chain.
Architectural approach to Security will resolve above by bringing disconnected pieces together within a structured framework that breaks down the complexity into modular blocks of simplified views. This is achieved by layering techniques and modular representations of security capabilities and reference solutions managed in an organised repository altogether.