Saturday, November 12, 2011

Essentials in Value Demonstration for EA Group

The enterprise architecture function provides value add to the enterprise if conducted, observed and applied correctly. In fact it is among the top questions senior management wants an answer from its EA group as they propel forward in pushing technology as a optimized strategy and service level component.  The EA group should approach by addressing the value question posed by lending clarity to organizational processes, identifying the stakeholders (internal & external) and creating  a matrix of value chain expectations that are measurable and reportable to the senior leadership.

The matrix essentially has weights attached to it and the EA group can go as specific as possible. The complexity rises if there is a PMO office and multi-level projects and programs are being executed in tandem. The weights of the matrix should try to constitute or answer to a value class that your EA group is trying to address to show results. These value classes' primarily relate to strategic direction, portfolio management and continuous process improvement for service programs and project initiatives. 

In the strategic direction class the EA group is demonstrating the understanding of the strategic initiatives of the organization as it should/would represent a state of representation some time in the future. This will mean creating and adhering to standards, best practices and how closely alignment happens on EA investments to the overall arching organization's mission and vision. 

In the portfolio management the EA group is demonstrating a how portfolio of programs and projects are managed, how is value being assessed for transformation in relation to achieving the objectives of the programs being implemented, the lessons that are being learnt in terms of adjustment to planning and alignment to strategic objectives, improvement of internal and external communication. 

Finally in terms of continuous process improvement for service programs and project support the EA group will strive to demonstrate how each member's time are directed to projects tasks, knowledge management, skill sets orientation, training all based of feedback built within systems. The feedback becomes input to next release of improvements for high value returns. 

Thoughts,

Sam Kurien

Friday, November 11, 2011

Vulnerability Research

Recently one of our clients is going through a major transition of implementing new systems with few other vendors, actually a chaos of new systems interacting with each other. The implementation has been rushed and  though the system functions as they are supposed to as stand alone out of the box solutions without fulfilling much of the business's initiatives. There are some major vulnerabilities within the system architecture, the implementation has been driven by lack of understanding of the domain and the business logic that drives it.

I spent less time reading about vulnerability research and QA control mechanisms, but the current implementation  at XYZ corp. has spiked my interest back in this area. The vulnerabilities market for security experts is not as lucrative as it used to be but I suspect this will have its own economic shift cycles as information and services of organizations move more into the cloud and SAAS based environments.

Currently there remains a lack of information awareness and a gap (along with a huge divide) among the IT professionals within small and medium scaled organizations (non-profit & for-profit). And more importantly vulnerability research being a part of the CIO's responsibilities and policy making functions; my recommendation here is that information technology directors and CIO actively create policies and conduct periodic penetration and vulnerability testing on all their IT infrastructure systems internal and the ones that they stick in the cloud or out-source, these include but not limited to sql injection tests, malware checking and reporting, social engineering hacks, reverse-engineering of services and products, mobile management of BYOD as wells company supplied and routine network testings.

Create policies that aim  for zero-day vulnerabilities in such a way that annually (or every two years) an IT auditing firm's view point is gathered and incorporated in the discussions of strategic planning with senior management.

Thoughts,

Sam Kurien