How to operationalize EA in support of business transformation.

According to a recent Forbes Insight/KPMG survey of over 900 executives at U.S. based firms, over half of the respondents defined transformation as “a continuous process of aligning a business model to support strategy”. The Federal Government’s Shared Services, Future-First, and Cloud-First strategies represent wide-scale transformation across the federal government. This is in line with commercial transformation priorities, too, with academia starting to catch up.
 Alignment of agency business models in support of these particular Federal strategies requires an “operational” Enterprise Architecture (EA) that can be utilized by many people involved within the planning and business model alignment process…one that can produce actionable roadmaps in 90-day increments!
Understanding the readiness of the organization to accept change, identifying the issues, and then dealing with them in the Implementation and Migration Plans is key to successful architecture transformation.According to the Open Source Group, recommended activities in an assessment of an organization's readiness to address business transformation are:

1. Determine the readiness factors that will impact the organization
2. Present the readiness factors using maturity models
3. Assess the readiness factors, including determination of readiness factor ratings
4. Assess the risks for each readiness factor and identify improvement actions to mitigate the risk
5. Work on Implementation and Migration Plan

Sample Enterprise Governance Organization model & PMO Overview

Below is the sample Governance organizational model which encompasses various functional areas as depicted in Figure :

Figure: Governance organization model

Enterprise Architecture includes sub domain architectures like business architecture, Application Architecture, Data Architecture and also Strategic Planning. 

EA Governance organization structure includes, EA development team,  Security and Risk Management team, Capital Planning team, and Quality Control teams.

Governance defines the standards and best practices while Project Management Office( PMO)  serves as the implementation arm of the Office of Chief Information Officer (OCIO).  PMO coordinators serve as single points of contact to the project teams.  PMO managers/coordinators are cross-functional and serve as coaches to the PMs on tools, processes and standards.  They also interface with OCIO Subject Matter Experts (SMEs) and facilitate the flow of information through a single channel.

Sample Security Plan Development process

 Sample Security Plan Development process in Federal Agency

The IT Security Program Plan is one of many initiatives to implement agency strategic information security vision.  IT Security will collaborate with key partners and agencies to centrally gather and document existing programs and identify areas that require increased attention based on requirements with security challenges.  This plan will be agile but effective enough to align with the specific needs and assets of an agency and its valued partners’ security goals and objectives. 

As mandated by FISMA, OMB, and Federal Department and benefiting from the direction and guidance of NIST and industry best practices, this security plan will provide a framework that addresses industry standard security areas such as:  

•   Policy and Procedures IT Internal Control.
•  Training and Awareness Security Authorization
•   Information Protection Security Operations
•   Continuity of Operations Incident Response
•    Access Control IT Privacy
•    Security Program Management
•     Implementing Security Activities into the SDLC Quality Assurance (QA) and Control Security Engineering and Architecture
•    Laws and Regulations Security Risk Management

There are four goals defined for an agency. Each goal is a high-level accomplishment necessary to achieve the agency CIO’s objective to “implement information security practices across the enterprise.”  Each goal consists of several objectives and initiatives.  Objectives are major accomplishments that an agency Security must reach in order to obtain the goal.  Initiatives are programmatic endeavors that must be completed in order to obtain the stated objectives.    

Goal 1: Security Management:

IT Security Management will provide oversight of security activities that protect IT information and assets in support of the Agency mission. Security Management will align and coordinate with Agency OCIO IT governance to establish security project and resource management, QA, policy and procedures, and training and awareness.

Goal 2:  Security Risk Management and Compliance 

Manage IT security risks to identify, analyze, and respond appropriately to security risks that adversely affect agency business objectives, establish an internal controls program to ensure compliance with federal requirements and internal policies and procedures, and enhance Plan of Action and Milestones (POA&M) oversight.  

Goal 3:  IT Security Operations  

Establish a robust security operations program that allows Agency IT to address organization and departmental security requirements, create transparency with IT stakeholders, and streamline complex processes to ensure efficient implementation of cost-effective solutions. 

Goal 4:  Security Architecture and Engineering Management 

Support the information security concerns of Agency and its partners by implementing a strategy dedicated to assuring the security architecture and design of information systems, build security into the SDLC process.

What is IT Architecture Capability Maturity Model

IT Architecture Capability Maturity Model

• Ensure that the Department continues to build on IT Architecture efforts and
fully realizes the benefits

• Assess IT processes

• Ascertain where we are and where we should be headed within the
organization

• Enhance the overall odds for success

• CIOs use as a self-assessment tool

• Identify weak areas and provide a defined path towards improvement

• As the Architecture matures it should increase the benefits it offers the
organization

Characteristics of Operating Units' IT Architecture Processes at Different Maturity
Levels

• Business Linkage
• Senior-Management Involvement 
• Operating Unit Participation 
• Architecture Process Definition 
• Architecture Development 
• Architecture Communication 
• Governance 
• Program Management 
• Holistic Enterprise Architecture 
• IT Investment, and Procurement Strategy Levels  Characteristics of Operating Units' IT Architecture Processes at Different Maturity

National Information Exchange Model (NIEM)

I want to introduce National Information Exchange Model (NIEM) , a federal initiative for the data exchange across federal agencies.

Data and information are one of this Nation’s most valuable assets, yet the majority of it is locked away in disconnected systems across a multitude of data centers. Many years of decentralized IT oversight, redundant IT software development and hardware purchasing, a disjointed approach to infrastructure, and failed IT projects created an information technology patchwork that increases the cost of government and puts mission-critical systems at risk.
The Federal Government has seen little productivity improvements on the over $600 billion spend on information technology over the past decade.1
Delivering services effectively and efficiently is expected from our public in this new society that demands immediate data delivery to our finger tips anyway and anywhere it’s needed. The American public wants from its government the type of service delivery they get at home and on their smart device. They want the simplicity of searching with one word and finding what they need across the vast resources of the web. Simply, the federal government's approach to IT infrastructure is not sufficient to meet current public expectations.
Government Chief Information Officers (CIOs) have been trying to adopt best practices for years yet progress within Government is far behind that of its private sector counterparts. The challenge to improve the deployment of information technology is squarely on the table for these CIOs to solve. These CIOs are struggling with tight budgets and resource constraints in an ever-changing IT landscape.
As technology has become an increasingly important service delivery tool, Government IT organizations have seen their missions expanded beyond consolidating server rooms and optimizing back-end software. It is not enough to address building the right technology infrastructure or to address consolidating data centers or to leverage cloud computing capabilities. Today's challenge includes recognizing that data within an agency is more valuable than the hardware or software used to collect, store and manage it. Improving information technology includes deploying shared services to increase mission performance, optimize information sharing and exchange, and ensuring data security and protection when leveraging cloud computing services. Gains for addressing today's challenges within government information technology should be focused on organizing the vast data in its inventory.
Since its inception in 2005, the National Information Exchange Model (NIEM) has been focused on data: understanding it, ensuring it is discoverable and standardizing it as it moves in between the current siloed stores across the Government. NIEM is not a software program, a computer system or a data repository but rather presents an approach to driving standardized connections among and between governmental entities as well as with private sector and international partners which enable disparate systems to share, exchange, accept, and translate information. With the use of the NIEM framework comes greater agility and efficiency in satisfying business needs and implementing repeatable processes. The common data connections developed using NIEM result in reusable artifacts that reduce future development costs resulting in cost avoidance.

Thanks,
Sudhir

What should be Enterprise Strategy in moving applications into cloud.

Following enterprise strategy was drafted for our organization (XYZ) to move applications into Cloud.

 There are two main areas of focus in creating a “Cloud First” initiative within the organization:
1. Developing new applications for the cloud
2. Migrating legacy applications to the cloud

The XYZ organization  Cloud Strategy will leverage a “Cloud First” mentality in the adoption, evaluation, and selection of new technologies within the Organization.  The approach will be used on all new and existing technologies for acceptance within the Organization. XYZ’s “Cloud First” approach for IT modernization shall include a thorough evaluation of Cloud alternatives to IT solutions as new requirements are developed and capabilities are analyzed.  XYZ will adopt the insertion of technology components leveraging Cloud services such as IaaS, PaaS, and SaaS where appropriate.  Additionally, a full alternatives analysis will provide insight as to why a “Cloud First” approach is not applicable prior to use of traditional systems implementation at XYZ.

Developing new applications for the cloud
As businesses within the agency require new applications for mission support, the XYZ should design and develop applications to be deployed directly to the cloud, or build applications with the ability migrate to the cloud in the future. By integrating this “Cloud First” mentality into the design and development of business applications, the XYZ will save time and money as it creates applications and services that are cloud ready.

Migrating legacy applications to the cloud
All legacy applications within the XYZ should be evaluated for their cloud readiness – or the ability to migrate the application to a private or public cloud. Legacy applications that are coming to their end of life should be evaluated for new development for the cloud.

Cloud considerations

When implementing any cloud strategy, the XYZ should abide by the following 5 considerations when selecting a cloud provider.

1 Availability
2 Customer support
3 Compliance requirements
4 Billing
5 Expanding business needs

Thanks
skm5573@psu.edu

Leveraging IT for Enterprise Architecture at Federal agency XYZ’s (our organization):

XYZ’s Enterprise Architecture fundamentally changes how the Department interacts with, and provides information and services to its customers, stakeholders and employees. Its Enterprise Architecture Division (EAD) strategically partners with all agencies to provide value to its mission areas, business processes, and Information Technology (IT) capabilities.

Information technology (IT) is leveraged to deliver innovative, cost-effective solutions to support the business delivery needs of mission areas. XYZ’s shared purpose is to realize rural prosperity, preservation and maintenance of forests and working lands, sustainable agriculture, and alternative, renewable fuels and bio-based products; however, the Department and its Agencies, as well as farmers, ranchers and agri-businesses in the United States will not thrive without advances in IT. To ensure the secure, effective, and efficient implementation and oversight of innovative IT solutions, the Office of the Chief Information Officer (OCIO), as part of XYZ’s Departmental Management (DM) organization, is transforming how Agencies and Staff Offices collaborate through the use of EA.

Is Enterprise Architecture IT Centric?

At the topmost level there is (optimally) only one Mission or one Strategic Plan.  This level manages a portfolio of transformative investments, shown at the next level down, as one portfolio.  This is the level which addresses enterprise level architecture. ...Could you say this level is IT centric? Only if you are doing it wrong. You could say it is mission centric, or strategy centric or investment centric- but Information technology has no place here." (Matthew Kern -LinkedIn) “

This debate recurs again and again as the underlying misunderstanding are never cured. Ego-centric IT Organizations who are obsessed with their own importance. They often consider IT architecture as Enterprise Architecture. If EA is the focal point of a strategy capability, IT is one of the responders to the strategy and the architecture.

EA is outcome centric designing people, process and technology to deliver stakeholder desired value.

EA Governance: The main integrating piece in the EA stack.

EA governance
EA governance primarily revolves around decisions that are taken that will influence the future design of the IT environment. EA governance sets in place design related Policies, Standards, Guidelines and Procedures that must be complied with. EA governance is concerned with ensuring a design integrity of the business as a whole and will govern decisions that are outside of the domain of IT.

IT governance
IT governance is more operational and relates to the services delivered by IT operations. IT governance addresses aspects like project management, configuration management, incident and problem management, business continuity planning and disaster recovery planning. IT governance will set up vendor contracting and procurement policies, standards, guidelines and procedures.

In summary
- Both IT and EA governance provides policies, standards, guidelines and procedures to follow.
All of IT is subjected to EA governance but EA governance does not cover all IT activities.
- EA governance covers decision making beyond the scope of IT, IT governance only apply to the IT environment.
- If there is a conflict between EA governance and IT governance then EA governance applies.

Bottom line:
The primary difference for me between IT governance and EA governance:
- IT governance is primarily operational and secondary strategic with the focus on directing how IT services enables business operations.
- EA governance is primarily strategic and focused on directing the evolution of the IT and business environment towards a desired design of a future state that will enable a new competitive competency.