Short/Long Quiz D
Cargill Speaker: Linda Finley What is Architecture?
"Architecture is the practice of analyzing, designing, planning and implementing enterprise analysis to successfully execute on business strategies."
How to Operate like a tech company
"For tech to be a real driver of innovation and growth, IT needs to reorganize itself around flexible and independent platforms"
Quote from NYT
"The only way to make money is to get huge volume with cheap, illegal labor, and pollute the hell out of the environment"
When EA planning is done right:
1. Aligns business processes and technology 2. Selects the appropriate tools and vendors 3. Optimizes IT expenses (capital and recurring costs) 4. Leverages reusable technologies 5. Reduces redundancies 6. Enhances organizational flexibility and competitiveness 7. Identifies different talent and skills as needed or required
How to take a platform approach
1. Assess the fitness of the platform portfolio 2. Set up the initial platform teams and Mission Control 3. Transform platform by platform 4. Manafe through the executive committee
Mapping Business Capabilities across Architecture Layers
1. Business 2. Application 3. Data 4. Infrastructure
Why focus on EA?
1. Enterprises are undergoing significant changes and the underlying technologies are increasingly complex 2. Business and technology executives are launching digital transformation plans without considering enterprise architecture during strategic planning 3. Business transformation efforts can quickly spiral out of control or in the wrong direction 4. Enterprise architecture connects complex technologies with business context to drive desirable business outcomes 5. Digital transformation plans typically encompass
Platforms are distinct units, but their value is based on how effectively they work together.
1. Make Strategic and allocation decisions 2. Set and enforce standards for speed and interoperability 3. Manage and coordinate programs that cut across platforms
Assessments and audits are a method for determining compliance:
A compliance audit can determine if a company is adhering to the applicable laws by a systematic review of policies, procedures, operations, and controls.
Zachman Framework
A logical structure for identifying and organizing the descriptive representations (models) that are important in the management of enterprises and to the development of the systems, both automated and manual, that comprise them. Used in all types of Architecture building• Concept that shows relationships between objects• No set rules• Taken at enterprise level
Corporate Governance
A way to ensure public and private sector organizations ensure their IT support business strategies and objectives.
Compliance Management
Abilities to maintain and protect information, remediate problems, and provide adequate and compliance reports are essential.
How to choose a platform
All platforms are not created equal• Platforms are very different in how they perform• Selecting a platform is more about making the right trade-offs / decisions than it is about best technology
Technology Stack
Also called a solutions stack, is a list of all the technology services used to build and run one single application.
Who has to follow GDRP?
Any company that stores or processes personal information about EU citizens within the EU states must comply with the GDPR, even if they don't have a business presence in the EU.
Agile Framework
Architecture Driven• Feature Driven• Open Source• Combinations of all the above
More on Architecture Types
Architecture types are like layers in a cake, they build upon, interact with, and depend on each other to form a final product to delight the customer.
Future of Tech Stacks
Becoming independent entities, independent, stand alone, containerized, mini-stacks, business centric, purpose driven software, automated, and intelligent.
Who uses IT Governance
Both public and private sector organizations need a way to ensure that their IT functions support business strategies and objectives.
Types of Architectures
Business , Information, Application, Technical Applications Services, and Technical Infrastructure
Business Architecture
Business Model, Goals, & Strategy, Business Capability Assessment, Key Value Streams, Information Architecture
Tech Stacks Client and Server Sides
Client Side: user's browser and phone - javascript, css, html, native application Server Side: your server - web framework, database, web server, operating system
How to implement IT Governance Program/ What to choose
Commonly used frameworks like COBIT, ITIL, COSO, CMMI and FAIR COBIT and COSO are used mainly for risk, ITIL helps to streamline service and operations. CMMI involves processes in hardware and software development, service delivery and purchasing. FAIR is squarely for assessing operational and cybersecurity risks.
For the IT professional
Compliance includes the activities that maintain and provide systematic proof of both adherence to internal policies and the external laws, guidelines, or regulations imposed upon the company. Takes appropriate control of and protecting information, including how it is obtained, stored, secured, it's availability, and how the data is protected.
Step 4: Ecosystem
Consider the landscape of tools in your industry Keys to a successful MVP is reducing time to market
Top-Down Leadership
Corporate Governance starts at the top
Architecture Value Proposition
Create Context, Ensure Relevance, Deliver Value
Application Architecture
Current Architecture Design and Build References, Models, and Patterns Lifecycle Management Roadmap
Data Architecture
Current and Future State Architecture Roadmaps Governance and Management Data Certification
PWC Guest Speaker Ed Foppe
Customer obsession is critical! More value, higher quality More technology enabled experience A lower cost
Compliance
Describes the ability to act according to an order, set of rules or request
More on Enterprise Architecture
Describing the current and future structure and behavior of an organization's processes, information systems, personnel, and organizational business units so they align with the organization's strategic direction.
What is the purpose of a technology stack?
Developers use tech stacks because it make it easier to communicate a lot of information how an application is built. Tech stack quickly summarizes the programming languages, frameworks, tools a developer would need to interface with an application
Technology Architecture
Digital Value Drivers Cloud Strategy Integration Strategy Security Strategy Infrastructure
Quote about EA
EA has a need to understand emerging technology opportunities and drive strategic business innovations."
Enterprise Architecture Use Cases
Enable growth, ensure compliance, reduce complexity
Topic Seven Takeaways
Enterprise Architecture connects complex technologies with business context to drive desirable business outcomes Enterprise Architecture frameworks provide methods and processes to manage the scale and complexity of any business or system The industry is shifting from products to platforms to create flywheel growth Tech Stacks set and enforce standards for speed and interoperability
Governance Risk and Compliance
Every part of every organization will encounter some element of GRC● Data Security and Privacy continue to be the top issues for organizations● This area is heavily influenced by political landscape and economic conditions● GRC programs continue to be complex, costly, and hard to implement ●
Step 1: Web vs. Mobile
Front-end tech stack Mobile first: building a responsive web app that adjusts well to all screen sizes Mobile only: MVP will be offered exclusively as a native mobile app downloaded from the app store. Mobile later: MVP should be a traditional web app with no consideration given to mobile design.
What is GRC
Governmental laws, partnership-imposed standards, industry regulations, and internal controls dictate how organizations collect, store and use data
Step 2: Backend
Hosting: backends are typically hosted on servers of some kind that sit in a datacenter Backend Stack: should be well matched to your hosting provider.
Governance
How do you set up a program that is structured, flexible and provides management with the tools to efficiently react to changes?
The Different Concerns in a Top-Down Enterprise Architecture Approach
In a top-down approach, going from the business to IT, it can be practical to separate the different concerns of business and IT on different plans, providing a common ground in between.
Delegation of Authority
Information systems play a key role in implementing "Delegation of Authority" to individuals in an organization and providing accountability mechanisms
IT Governance
Is a formal framework that provides a structure for organizations to ensure that IT investments support business objectives. Aligning IT strategy with business strategy By following a formal framework, organizations can produce measurable results toward achieving their strategies and goals.
GRC (Governance, Risk, and Compliance)
Is an integrated strategy to effectively and appropriately manage policies, processes, and controls.
LAMP
Linux based web servers consist of four software components, arranged in layers supporting one another. Common software components of a traditional open-source software stack: LAMP
Why does Enterprise Architecture Matter?
Microsoft vs. Apple
Why do we need Enterprise Architecture?
Numerous technology decisions need to be made to make an organization's systems work together• Use Business Architecture as starting point for Enterprise Architecture (EA)• Incorporates business processes and organizational design with IT programs and goals• Business and technology requires a well thought out plan• EA looks like a Lego brick wall with Business functions at the top to provide direction for key technology decisions below• EA builds business outcomes upon a variety of different technologies (hardware, software, networks, devices, partners)
Large System Implementation Project Governance
Our client asked us to act in a protect governance role on a large enterprise wide system implementation
Vendor Risk Management Program
Our client asked us to design, build and implement a comprehensive vendor risk management program that was heavily focused on IT/Information Security
Compliance Testing Program
Our client asked us to help with design, build and implement a compliance testing program - heavily focused on technology risk
Relationship between IT Governance and GRC
Practically the same thing. When a CISO reports to the CIO, the scope of GRC is often IT focused. Many organizations implement a formal IT governance program that provides a framework of best practices and controls.
Risk Management
Practice of mitigating and managing risk through system controls and is closely aligned as an integral function of IT GRC
Regulation
Primary purpose is definition of acceptable standards
What more does IT Governance do?
Provides Enterprise-wide visibility for compliance• Monitoring all existing processes is a difficult task• Requires access to numerous information systems and timely reporting
IT Governance
Provides a structure for aligning IT strategy with business strategy
Federal Framework
Provides government suite of tools to implement a common approach• Provides reference models for six sub-architecture domains Strategy Business Data Applications Infrastructure Security
Technology Stack
Refers to a set of technologies, software, and tools used in the development and deployment of sites, apps, and other digital products.
What a platform based company looks like
Removal of nonstrategic IT applications; modernization and accelerated shift of the target applications into the cloud; connectivity to enable swapping solutions in or out easily; and, most important, a major step-up in feature/solution development for the internal business clients. Think of a platform as a service or a "product" Platforms focus on business solutions to serve clients and to supply other platforms A platform-based company will have 20 to 40 platforms, each big enough to provide an important and discrete service but small enough to be manageable.
Risk
Risk assessment is key to any GRC program. It is all about managing risk - not eliminating risk.
Step 5: Scalability
Scaling is about how fast you can change/improve/modify features and how fast your can bring new people into your organization to enable growth.
Governance
Set of processes, policies, laws, customs, and rules affecting the way a corporation is directed, managed and controlled.
Step 3: Who will build it?
Shortage of engineering talent is a major challenge for early stage startups Make sure there are enough engineers in your area with the skills you require
Tips for IT compliance solutions
Stay up to date on current compliance requirements through integrations Standardize processes across all required IT GRC regulations Improve effectiveness with automated processes and workflow Maintain accurate records for audits Manage IT resources and ensure accountability
There is a public concern over privacy, so..
The European Parliament adopted the GDPR in 2016. It carries provisions that require businesses to protect the personal data and privacy of EU citizens.
IT Compliances include:
The Sarbanes Oxley Act of 2002, Gramm-Leach-Bliley Act, The Federal Information Security Management Act, HIPAA, The Payment Card Industry Data Security Standard of 2001, Statement on Standards for Attestation Engagements, Basel III
Technology Stacks History
The journey of tech stacks evolved from just hardware in the 1970s to components and microservices today.
How to pick a stack
The order in which a stack is built matters. Each layer builds upon the last and buried layers can't easily be removed. Basic considerations for building technology stacks:1. Plan for the future2. Consider the application's purpose3. Use product analytics platforms4. Consider upkeep
Compliance
Ultimate goal is to be compliant in an efficient manner with a program that is flexible enough to adjust to changes in regulation and your business
Enterprise Architecture Frameworks
Zachman Framework• Agile Enterprise Framework• Federal Enterprise Architecture Framework (FEAF)• The Open Group Architecture Framework (TOGAF) • Object Management Group (UAF)
Solution Stack
a group of essential software that works together so often it is referred to by a name that represents the whole rather than each separate component. LAMP, WINS, MEAN, XAMPP
ISACA (Information Systems Audit and Control Association)
a member driven, non profit organization that provides news, journals, tools, education, resource sharing, and dialogue on compliance, risk management, audits, and cybersecurity.
Front-End development
a type of software development that involves all the parts of a website that a user can see and interact with. The goal is to make sure that the format is easy to read and navigate.
Functional Plan
after designing the major processes of an organization, major functional blocks can be identified.
Projects scope
architects from the governance team should ensure that the detailed technical requirements and project architectures are in compliance with the enterprise principles, policies, and uses of the enterprise common language.
GDPR Protects
basic identity information such as name, address, and ID numbers, web data such as location, IP address, cookie data, health and genetic data, biometric data, racial or ethnic data, political opinions, and sexual orientation
Thailand has what?
become a center of the industry even as activists push back and its government wrestles to balance competing interests of public safety with the profits to be made from the lucrative trade. Thailand banned the import of foreign e-waste.
Goals of IT compliance
build a technical, procedural, and strategic framework that provides the means to attain and prove a company's legal and ethical integrity.
Information Systems scope
defines new functional building blocks needed for the business processes as defined in the global business scope in the business processes plan.
E-Waste
discarded electronic equipment such as computers, cell phones, television sets, etc.
What is Enterprise Architecture?
elps businesses transform• EA focuses on bringing both legacy applications and processes together to create a seamless environment with new emerging technology and processes• EA is variable, and unique for each organization• Enterprise architects are responsible for enacting business strategy
The GDRP places...
equal liability on data controllers and data processors.
Back end development
focuses on servers, applications, and databases. Developers build and maintain the technology that powers those three components using a multitude of programming languages.
Business Processes Plan
focuses on the business processes in the context of a business strategy.
Full Stack development
if software developers are full stack, they are comfortable working with both back and front end technologies. They have a specialized knowledge of all software development stages.
Two areas to consider
internal compliances assure adherence to the rules, regulations, and best practices as defined by internal policies. External compliances practice following the laws, guidelines, and regulations imposed by external regulators.
GDRP (General Data Protection Regulation)
is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.
A minimum Viable product
is all about getting a product into the hands of your customers quickly and learning from their feedback.
IT Governance
is the function of managing and addressing the overriding technical, strategic, and procedural processes.
Risk Management
is the practice of mitigating and managing risk through system controls and is therefore aligned as an integral function of IT governance and IT compliance.
IT should be..
organized around a set of modular platforms run by accountable platform teams. This allows companies to accelerate, innovate, experiment, learn and scale quickly
Technology Stack
refers to a set of technologies, software, and tools that are used in the development and deployment of sites, apps, and other digital products. LAMP Stack
Enterprise Architecture
relates to the practice of business optimization that addresses business architecture, performance management, organizational structure, and process architecture.
Applications and Implementation plan
services implementation on the applications plan will depend on the types of services and the relation to the different SOA layers.
IT compliance solution
should be adaptable, allow for continuous internal investigation, dialogue, and education of those involved, and effectively manage any non-compliance issues.
Governance Team
should create and maintain assets reflecting the current state of the organization in terms of existing functional blocks.
Enterprise Architecture Goals
the main objectives of enterprise architecture is building a culture of reuse through a common language. This should be done in an evolutionary, not a revolutionary, way, with a governance team acting in an operational environment with different scopes: the global business and strategy scope, the information systems scope, and the projects scope.
Global business strategy and scope
the objective of providing an agile information system that can be adjusted easily to the continuous changes of the business.
TOGAF Framework
• The Open Group Architecture Framework• Iterative and inter-related process • Every step in the process validates against business requirements• Modular structure
