Thursday, September 30, 2010

Are SOA and Enterprise Architecture Now the Same Thing?

ebizQ editor, Peter Schooff, started an excellent discussion today on the ebizQ SOA forum today asking the question as to whether SOA and EA have converged into the "same thing". The question was inspired from David Linthicum's blog, Do SOA and enterprise architecture now mean the same thing?' Yes, they do.

So, where do I stand in this heated debate?

I cannot answer the question definitively. However, my hypothesis is that if they are the same thing then you should be able to map ANY accepted EA Framework such as TOGAF with the elements of SOA.

So for example, continuing with TOGAF, which defines EA as the aggregation of four different architectures, namely:

  1. A Business Architecture that defines the business strategy, governance, organization, and key business processes.
  2. A Data Architecture that describes the structure of an organization's logical and physical data assets and data management resources. Data architecture does not include the design of the actual physical data stores (or database).
  3. An Applications Architecture that provides the blueprint for the individual application systems to be deployed, their interactions, and their relationships to the core business processes of the organization. The application architecture in TOGAF is not concerned with the actual software applications but rather limits the term application to a logical grouping of functionality.
  4. A Technology Architecture that describes the logical software and hardware capabilities that are required to support the deployment of business, data, and application services. This includes IT infrastructure, middleware, networks, communications, processing, standards, etc.
So, does SOA map to each of these four architecture subsets of TOGAF? The bottom line is: Making an assertion is one thing; proving your assertion with a fact-based mapping is the proverbial "the proof is in the pudding."

* Originally posted in the ebizQ SOA forum on September 30, 2010.

Tuesday, September 28, 2010

My Podcast - Privacy in the Public Cloud

My latest podcast on Privacy in the Public Cloud is now available.

Click on the thumbnail below for an intuitive, clickable image that summarizes the gist of the entire podcast.

Privacy in the Public Cloud

Feel free to send comments. I look forward to your feedback and suggestions for future podcasts.

Friday, September 10, 2010

Hot off the Press: FISMA 2010 - What it Means for IT Security Professionals

Finally, an article I first wrote over ONE year ago, back in August 2009, just got published and is out on the streets in Volume 5 of the highly prestigious ISACA Journal. ISACA is the organization that administers and confers the highly sought CISA, CISM, CGEIT, and CRISC certifications.

Unfortunately, you have to be a subscriber of the ISACA Journal to view the complete article. For those of you who are not currently members of the ISACA, here is a teaser as incentive for you to join! :)

FISMA 2010 - What it Means for IT Security Professionals

New threats related to cybersecurity are causing a shift in focus from compliance to risk-based protection, resulting in new requirements for system security and contingency plans, a greater push for continuous monitoring, and a stronger emphasis on configuration management and incident response.

Are you ready?

The US Federal Information Security Management Act (FISMA), originally enacted in 2002 and currently undergoing considerable revision, establishes clear criteria to improve US federal agencies’ cybersecurity programs. But, even as federal agencies struggle to implement
their existing information security programs, cybersecurity breaches have become increasingly common, with a 200 percent hike in such breaches over the past three years, according to numbers from a recently released Government Accountability Office (GAO) report in which the number of cybersecurity breach-related incidents reported by US federal agencies has risen from 5,503 in fiscal year 2006 to 16,843 in 2008.

This article looks at how FISMA and its family of key National Institute of Standards and Technology (NIST) Special Publications (SPs) are changing to meet the challenges posed by increasingly elusive hackers who are using better and more sophisticated tools and techniques to attack increasingly lucrative targets. Complacency is definitely not an option. The only option is to stay one step ahead of the game.

Want to read more? It'a all in Volume 5 of the ISACA Journal... so join now! :)

Tuesday, September 7, 2010

Mainstream Adoption of Cloud Computing - Decades Away?

On August 23, 2010, Brian Stevens, Chief Technology Officer (CTO) of Red Hat Inc., mentioned that the "evolution" of Cloud Computing was still "decades" away from where we would see the kind of maturation necessary to sway the big business to the cloud.

As one would expect, it was only a matter of time until ebizQ editor Peter Schooff picked this story up and asked the question on the Cloud Computing forum.

Make no mistake Cloud Computing is already here just as much as Open Source (for example, Red Hat Linux) is already here. Asking the question whether Cloud Computing will ever be mature enough where every big business is comfortable using a Public Cloud is similar to asking whether Open Source will ever be mature enough where no business will ever use any commercial software.

Is Cloud Computing only limited to Public Clouds? Even the most widely accepted definition of Cloud Computing from NIST identifies three other deployment models for Clouds - Private, Hybrid, and Community Clouds. With that in mind, isn't it ridiculous to claim that the adoption of Clouds is decades away? There are already so many well-documented examples of businesses (and government agencies) successfully adopting Cloud Computing.

* Originally posted on the ebizQ Cloud Computing Forum on September 7, 2010.