Search Results for: security reference model

Make Swift Security Attestation Painless – Invest in Bizzdesign’s Swift CSP Compliance

by

If you’re in charge or part of the compliance team for Swift pre-attestation, you’ll know the complexities of getting the job finished. Bizzdesign’s Swift CSP Compliance (link to webpage) enables you to complete the mandatory annual Security Attestation, which forms part of the Customer Security Program (CSP), using architecture models built on our enterprise architecture…

European Interoperability Reference Architecture

by

European Interoperability Reference Architecture The European Interoperability Reference Architecture (EIRA) is an architecture content metamodel defining the most salient architectural building blocks (ABBs) needed to build interoperable e-Government systems. On 8 June 2015, release 0.9.0 beta of the EIRA entered an eight-week public review period. Stakeholders working for public administrations in the field of architecture […]

Enable Cloud Strategy and Planning with Predictable Methods, Models, and Tools

by

We previously looked at why cloud is so important (Challenge the Status Quo and Advance Business through Cloud Computing, ), approaches to cloud strategy (Understanding Which Investments Should go to the Cloud, Cloud Strategy Begins with Value and Balances Risk…

Time to Rain on the “Cloud Service Model” Parade

by
The Cloud community have been talking recently about Everything is a Service; they call it EaaS. At first hearing it’s an interesting idea, another acronym to complement IaaS, PaaS and SaaS. Unfortunately it’s rather like the tail wagging the dog!  The Cloud community use the term Service liberally but with minimal consistency.


It must be said that the NIST reference architecture document has been incredibly helpful in sorting out the three Cloud service models of IaaS, PaaS and SaaS. However in order to read the document you have to suspend all your knowledge and belief of services and read the document interpreting all references to service as “provision or access to some capability”. In other words as a generic IS service of some sort.


Actually most Cloud infrastructure resources are provisioned as well formed services governed by interface and SLA contracts. There are a few SaaS providers that have implemented an SOA – in compliance with generally accepted principles of loose coupling, separation etc. However most Cloud services are multi-tenant application resources with integration capabilities delivered as Web services. Yet perceived wisdom generally says that SOA is essential for Cloud!


I noted an interesting paper from Intel recently[i]; the thing that really struck me was the way the paper describes how Cloud development as the Wild West (my words), and the author is advocating ideas that amount to rediscovering the SOA wheel!

SaaS and PaaS providers are circumventing traditional enterprise architecture. Compliance and visibility has decreased. Simply put, your enterprise is likely already part of the app economy. The question is, how are you managing your API traffic? Do you have a control point to manage that participation? Enterprise APIs are not science projects; they’re conducting enterprise-class business and require enterprise class visibility and control. What path can enterprises take to prepare for secure use of APIs? Dan Woods, Chief Analyst, CITO Research and Colleagues, May 2012

And the author goes on to describe how Cloud needs to move beyond point to point integration to introduce something that sounds very much like an ESB! So the notion that de facto Cloud practices should form the basis for EaaS sounds fanciful.


Yet despite this, I believe we should look closely at the idea of Everything as a Service. It’s the vision that CBDI and other pioneers painted years ago. What’s really required is a convergence of business and IT service concepts that would provide consistent views for all the various stakeholders in both IT and business domains including the service owner, business service designer, IT service architect, IT service designer, service security architect, provider, IT service manager, service broker, service consumer and so on and so forth. Today we have disparate service models in both business and IT that positively encourage silo disciplines.


To produce some form of unified service model wouldn’t be just an academic exercise.  First it might just facilitate better understanding of service architecture across business and IT stakeholders. Second it might assist in better service design, delivered services that are fully integrated with people, product, process and technology and engineered to deliver individualized services to customers that are architected to be responsive to business change!


But the place to start is to understand the needs and opportunities in a unified service model. This will leverage the Cloud, and hopefully cause more service owners to demand their services are first class software services in order to deliver better customer service. Maybe this will encourage NIST to revisit its reference architecture and give the service perspective a little more integrity.


In this month’s CBDI Journal we publish an article exploring how such a unified model might look, and the business value that it might deliver. We welcome feedback and comments.


Abstract: The Cloud movement is discussing the term Everything as a Service (EaaS or XaaS).  In principle this is a welcome development, encouraging business and IT participants to adopt services and service oriented concepts everywhere. However it appears that the E/XaaS initiative may be more about marketing than reality. In this article we suggest how this very promising idea might be developed to clarify Cloud Service taxonomy and deliver convergence of business and IT perspectives in a Unified Service Model.   

EA metamodel: two questions

by

Following on from the previous work on EA metamodels, I keep coming back to those two questions from Graeme Burnett: for everything in a context, we need to be able to ask “tell me about yourself?” and “tell me what you’re associated with?”. That focus does help to keep things simple here… (Please remember that […]

EA metamodel – a possible structure

by

What would this ‘generic modelling metamodel’ look like? And how could we implement it? This continues the work from previous posts on this theme, such as ‘More detail on EA metamodel‘ and ‘EA metamodel and method‘. The legal bit: The aim is that this should contribute towards an open standard, and should not be used […]

Upwards and sideways from business-model

by

The past few posts in this series have focussed on moving ‘downward’ from the business-model, towards implementation, such as might be modelled in Archimate notation. That’s an aspect of the business-architecture / enterprise-architecture interface that makes immediate and practical sense to most people.
Yet to complete and verify the business-model and its proposed implementation, we also […]

Modelling people in enterprise-architecture

by

As mentioned in the previous post, one of the key characteristics of ‘crossing the chasm’ to a viable whole-of-enterprise architecture is the explicit inclusion of people. In short, we need to be able to model and map where people fit in relation to the architecture.
But there’s a catch. A big catch. People should not be […]

Glossary

by

A collection of Enterprise Architecture terms and definitions from a variety of sources: EA3 Cube, Introduction to Enterprise Architecture, The Common Approach to Federal Enterprise Architecture (FEAF-II), ISO 42010:2011 and TOGAF 9. 00