Open Group Newport Beach Conference Day Two Keynote Highlights

Mike The Architect Blog - Open Group Newport Beach Conference Day 2

Keynote: Big Data and the Cloud – We Better Get it Right

Wow, what a great way to kick off the second day!  I found that this presentation had so much
useful information for enterprise architects who want to build cloud based
solutions. It was less about telling the audience the specifics but rather
teaching them how to fish.

For those that read my blog it may not be a big secret that Mary
Ann and I share the same concerns when it comes to cloud risk management.

She talks about the notion of Security 2.0. Mary Ann
described Security 2.0 as the evolution of security where it shifts from being
a reactive infrastructure oriented response to a business oriented risk management
based approach. I couldn’t agree more and I have evangelized this heavily in the
Cloud Strategy and Planning Framework I built where the notion of Value and
Risk is core to understand before making investments into the cloud (Understanding
Which Investments Should go to the Cloud
Strategy Begins with Value and Balances Risk

“Information is the
life blood of your organization”

This is a key quote that I think is often overlooked but it
is so important. We also see similar principle statements of “data is a
strategic asset” but do we really treat data that way? I think this session highlights
that there is a lot more opportunity for us to address that aspect.

The session covered two high hitting areas:

  1. Current State of Security and Cloud
  2. Addressing Security and Cloud


Current State of
Security and Cloud

The message here is that the climate is really changing. Mary
Ann said that:

  • The business is changing – There are a number of
    forces on the business that are driving security
  • Explosion of data – The rate of data that is
    consumed has exploded
  • Real-time decisions – Consumers and business
    customers are expecting decisions and data in real-time.

The two slides shown drive this point home.

The first slide talks about the market research that HP done
with their customers and generated some really interesting statistics. 

Mike The Architect Blog - HP Research CIO Sec Concerns

The second slide goes into the specific concerns that
manifest from executives. 

Mike The Architect Blog - HP Research Customer Challenges

As a result of all this new data, increased access to it and
the seemingly lose control over it there has been an increase of regulation and
compliance. But since what we know as the traditional notion of a corporate fortress
is no more, we have a somewhat different model with new methods we need to

Mike The Architect Blog - Security 2

Addressing Security
and Cloud

The second major area of the presentation moved right into
how to think about addressing security concerns in the cloud.

The key message here was that one security solution isn’t
enough for cloud. There is a multifaceted approach. I agree with her on this. I
often see architects and other roles try to address security by through
infrastructure at the problem. However, with the cloud that all changes and we lose
control of the things we could walk down the hall for.

Two slides I think will be useful to many architects are
overlaying risk and security onto the NIST defined Cloud Service and Deployment

Cloud Service Models
& Security

Mike The Architect Blog Cloud Service Models and Security

Cloud Deployment Models
& Security

Mike The Architect Blog Cloud Deployment Models and Security

While Mary Ann talked about their methodology at a
high-level I don’t think she had to necessarily go into the details. The key
point is that HP / Mary Ann gets the fact that having a repeatable and
predictable method is a key part to the notion of Security 2.0.

Below is the HP ATOM methodology

Mike The Architect Blog - HP ATOM Security Method

Great job Mary Ann! I really enjoyed the presentation. 



Gartner Identifies the Top 10 Strategic Technology Trends for 2013

Late last month Gartner published their annual Top 10 Strategic Technology Trends for 2013. Based on the view that Gartner paints it looks to me as a evelotuionary year ahead rather than revelotionary. This is no way is a bad thing. It shows what revolutionary concepts from last year have made it and are continuing to be invested in.

Gartner analysis can be summerized into three core statements / trends:

  • It's clear that there is a shift of where computing happens, from your desk to your palm and fingers anywhere in the world (1) (2) (5)
  • Information is real-time, always on and universally connected (3) (7) (8)
  • Cloud architectures are the de facto standard for enterprises going forward (4) (6) (9) (10)


The top 10 strategic technology trends for 2013 include:

  1. Mobile Device Battles
  2. Mobile Applications and HTML 5
  3. Personal Cloud
  4. Enterprise App Stores
  5. The Internet of Things
  6. Hybrid IT and Cloud
  7. Strategic Big Data
  8. Actionable Analytics
  9. In Memory Computing
  10. Integrated Ecosystems


Mobile Device Battles

Gartner predicts that by 2013 mobile phones will overtake PCs as the most common Web access device worldwide and that by 2015 over 80 percent of the handsets sold in mature markets will be smartphones. However, only 20 percent of those handsets are likely to be Windows phones. By 2015 media tablet shipments will reach around 50 percent of laptop shipments and Windows 8 will likely be in third place behind Google’s Android and Apple iOS operating systems. Windows 8 is Microsoft’s big bet and Windows 8 platform styles should be evaluated to get a better idea of how they might perform in real-world environments as well as how users will respond. Consumerization will mean enterprises won't be able to force users to give up their iPads or prevent the use of Windows 8 to the extent consumers adopt consumer targeted Windows 8 devices. Enterprises will need to support a greater variety of form factors reducing the ability to standardize PC and tablet hardware. The implications for IT is that the era of PC dominance with Windows as the single platform will be replaced with a post-PC era where Windows is just one of a variety of environments IT will need to support.

Mobile Applications and HTML5

The market for tools to create consumer and enterprise facing apps is complex with well over 100 potential tools vendors. Currently, Gartner separates mobile development tools into several categories. For the next few years, no single tool will be optimal for all types of mobile application so expect to employ several. Six mobile architectures – native, special, hybrid, HTML 5, Message and No Client will remain popular. However, there will be a long term shift away from native apps to Web apps as HTML5 becomes more capable. Nevertheless, native apps won't disappear, and will always offer the best user experiences and most sophisticated features. Developers will also need to develop new design skills to deliver touch-optimized mobile applications that operate across a range of devices in a coordinated fashion.

Personal Cloud

The personal cloud will gradually replace the PC as the location where individuals keep their personal content, access their services and personal preferences and center their digital lives. It will be the glue that connects the web of devices they choose to use during different aspects of their daily lives. The personal cloud will entail the unique collection of services, Web destinations and connectivity that will become the home of their computing and communication activities. Users will see it as a portable, always-available place where they go for all their digital needs. In this world no one platform, form factor, technology or vendor will dominate and managed diversity and mobile device management will be an imperative. The personal cloud shifts the focus from the client device to cloud-based services delivered across devices.

Enterprise App Stores

Enterprises face a complex app store future as some vendors will limit their stores to specific devices and types of apps forcing the enterprise to deal with multiple stores, multiple payment processes and multiple sets of licensing terms. By 2014, Gartner believes that many organizations will deliver mobile applications to workers through private application stores. With enterprise app stores the role of IT shifts from that of a centralized planner to a market manager providing governance and brokerage services to users and potentially an ecosystem to support apptrepreneurs.

The Internet of Things

The Internet of Things (IoT) is a concept that describes how the Internet will expand as physical items such as consumer devices and physical assets are connected to the Internet. Key elements of the IoT which are being embedded in a variety of mobile devices include embedded sensors, image recognition technologies and NFC payment. As a result, mobile no longer refers only to use of cellular handsets or tablets. Cellular technology is being embedded in many new types of devices including pharmaceutical containers and automobiles. Smartphones and other intelligent devices don't just use the cellular network, they communicate via NFC, Bluetooth, LE and Wi-Fi to a wide range of devices and peripherals, such as wristwatch displays, healthcare sensors, smart posters, and home entertainment systems. The IoT will enable a wide range of new applications and services while raising many new challenges.

Hybrid IT and Cloud Computing

As staffs have been asked to do more with less, IT departments must play multiple roles in coordinating IT-related activities, and cloud computing is now pushing that change to another level. A recently conducted Gartner IT services survey revealed that the internal cloud services brokerage (CSB) role is emerging as IT organizations realize that they have a responsibility to help improve the provisioning and consumption of inherently distributed, heterogeneous and often complex cloud services for their internal users and external business partners. The internal CSB role represents a means for the IT organization to retain and build influence inside its organization and to become a value center in the face of challenging new requirements relative to increasing adoption of cloud as an approach to IT consumption.

Strategic Big Data

Big Data is moving from a focus on individual projects to an influence on enterprises’ strategic information architecture. Dealing with data volume, variety, velocity and complexity is forcing changes to many traditional approaches. This realization is leading organizations to abandon the concept of a single enterprise data warehouse containing all information needed for decisions. Instead they are moving towards multiple systems, including content management, data warehouses, data marts and specialized file systems tied together with data services and metadata, which will become the "logical" enterprise data warehouse.

Actionable Analytics

Analytics is increasingly delivered to users at the point of action and in context. With the improvement of performance and costs, IT leaders can afford to perform analytics and simulation for every action taken in the business. The mobile client linked to cloud-based analytic engines and big data repositories potentially enables use of optimization and simulation everywhere and every time. This new step provides simulation, prediction, optimization and other analytics, to empower even more decision flexibility at the time and place of every business process action.

In Memory Computing

In memory computing (IMC) can also provide transformational opportunities. The execution of certain-types of hours-long batch processes can be squeezed into minutes or even seconds allowing these processes to be provided in the form of real-time or near real-time services that can be delivered to internal or external users in the form of cloud services. Millions of events can be scanned in a matter of a few tens of millisecond to detect correlations and patterns pointing at emerging opportunities and threats "as things happen." The possibility of concurrently running transactional and analytical applications against the same dataset opens unexplored possibilities for business innovation. Numerous vendors will deliver in-memory-based solutions over the next two years driving this approach into mainstream use.

Integrated Ecosystems

The market is undergoing a shift to more integrated systems and ecosystems and away from loosely coupled heterogeneous approaches. Driving this trend is the user desire for lower cost, simplicity, and more assured security. Driving the trend for vendors the ability to have more control of the solution stack and obtain greater margin in the sale as well as offer a complete solution stack in a controlled environment, but without the need to provide any actual hardware. The trend is manifested in three levels. Appliances combine hardware and software and software and services are packaged to address and infrastructure or application workload. Cloud-based marketplaces and brokerages facilitate purchase, consumption and/or use of capabilities from multiple vendors and may provide a foundation for ISV development and application runtime. In the mobile world, vendors including Apple, Google and Microsoft drive varying degrees of control across and end-to-end ecosystem extending the client through the apps.



Enable Cloud Strategy and Planning with Predictable Methods, Models, and Tools

Mike The Architect Blog - Cloud Strategy and Planning

We previously
looked at why cloud is so important (Challenge
the Status Quo and Advance Business through Cloud Computing
, ),
approaches to cloud strategy (Understanding
Which Investments Should go to the Cloud
, Cloud
Strategy Begins with Value and Balances Risk
) and who the best
people (Why
Enterprise Architects Must Drive Cloud Strategy and Planning
) are to
execute. Today we’ll examine the methods, models, and tools that the enterprise
architect should use for effective cloud strategy and planning.

As far as methodologies go, it’s usually
better not to reinvent the wheel. There are already proven general frameworks EAs can use, so try to leverage
what is already out there whenever possible. When using an existing
general-purpose framework like TOGAF, apply cloud specifics to it.

Using a framework like TOGAF can ensure that you
are not missing the critical steps, questions and outcomes that every good
architecture should have. This will also ensure that all the other architecture
work and this work is consistent and predictable with the outcomes it produces.
Below are a list of a few benefits for leveraging TOGAF as your methodology for
Cloud Strategy and Planning:

  • Broad Community – If a custom framework is built, very few people
    have expertise and experience. TOGAF has an extremely broad EA acceptance,
    adoption and certification.
  • Deliverables and ArtifactsTOGAF comes
    with a wealth of “out of the box” templates
    that can be leveraged to
  • Linkages to SOA and Cloud IP The Open Group which manages TOGAF, has
    other forums  and working groups that
    builds content for specific architecture areas and domains such as SOA,
    Cloud, Business Architecture and Security Architecture to name a few.
  • Associated Cloud Standards Bodies – The Open Group has done a great job of
    uniting multiple specialized and deep cloud standards bodies with the TOGAF
    standard to bring together the best of both worlds. The general purpose
    framework applied. These partners include NIST, Cloud Security Alliance and more.
    All this work has come together in The
    Open Group Cloud Computing Work Group

Below is a visual on how Cloud Strategy and Planning
extends TOGAF within this framework:

Mike The Architect Blog - Cloud Strategy and Planning TOGAF Method.jpg

Another great visual is from Serge Thorn where he shows this from
a native TOGAF view:

Mike The Architect Blog - Cloud Strategy and Planning TOGAF Detail

Check out his blog post, “Cloud
Computing Requires Enterprise Architecture and TOGAF

Is TOGAF the only methodology you use? No. Just
like any other architecture work there are many different facets other than
just architecture such as: Risk Management, Information Security, Project /
Program Management, Software Development and Operations. There are methodologies
and frameworks for each specialized area that complement your architecture

Some things to remember when adopting methodologies:

  • Strategy Methods are Universal – The same macro/basic steps are the same
    and can be applied to most anything. Just like with anything you will have to tailor
    slightly to your needs. DO NOT REINVENT
  • Make General Purpose Methods Specific – These were meant to be applied to a
    specific problem set. Cloud is
    no different.
  • Use Extensions – Cloud tools and techniques such as CSA, NIST,
    and Open Group-specific resources can be very useful in giving general-purpose
    frameworks meaning.


When we apply these
aspects to a cloud methodology you get The Cloud Strategy and Planning (CSP)
Framework. It is comprised of three simplified phases and seven activities.

Mike The Architect Blog - Cloud Strategy and Planning Method and Act

embraces and extends proven practices in the industry and the industry
resources from the following distinguished bodies:

  • The Open Group (TOGAF)
  • Cloud Security Alliance (CSA)
  • NIST Cloud Computing Working Groups
  • Sherwood Applied Business Security
    Architecture (SABSA)
  • Cloud Security Alliance (CSA)


Activity Descriptions

Below is a high-level overview of the activities with the description of
what occurs in each. The detailed steps are not shown below.



Establish Scope, and Approach

  • Conduct the Cloud Envisioning Workshop
  • Provide overview of cloud computing
  • Define the enterprise business model for
    cloud computing
  • Establish project charter



Understand Strategic Vision

  • Gather the IT and business strategic
  • Identify strategic cloud computing patterns
    and technologies
  • Analyze customer feasibility and readiness
  • State strategic vision for cloud computing



Identify and Prioritize Capabilities

  • Define evaluation criteria for key IT &
    business value drivers
  • Evaluate the capabilities based on these
  • Identify ~5 high-priority capabilities for
    deeper analysis



Cloud Valuation




  • Determine current state of capability
    maturity leveraging IO Maturity Tools
  • Execute Risk Analysis Method with
    corresponding assessments and remediation steps.
  • Profile the capability asset portfolios of
    information, technology, and processes and analyze by architectural fit, risk
    and readiness



Deployment Patterns


  • Research capability proven practices and
    market direction
  • Define target cloud capability requirements
  • Determine optimal cloud service and
    deployment patterns for the capabilities based on fit, value, and risk




Transformation Planning


and Prioritize Opportunities


  • Completely define opportunities to
    include  an overview, benefits, risks,
    assessment results, technology impacts, and project plan
  • Prioritize opportunities for detailed
    architecture and execution



Understand Strategic Vision

  • Assess implementation risks and dependencies
  • Develop and deliver a business
    transformation roadmap
  • Validate with the customer and edit




With respect to models, there are many out there readily available. Since
we are starting with  business value we
want to make sure we continue to do so and ensure there is a bridge from
strategy to implementation.

Mike The Architect Blog - Top Down Strategy

Given the top down
nature you will want to pull from models  that lend to our approach. When selecting
models, take a step back and ensure you fully understand the scope of what you
want to accomplish then select the most appropriate models from the many
sources at your disposal such as: analysts, standards bodies, industry bodies
or internal reference models.

For example, CSP
integrates SABSA to ensure that CSP has a classification scheme to capture business
requirements along with the identification, classification and management of risk.
The SABSA method focuses on the area of security while CSP extends this for cloud
computing. CSP incorporates a similar structure to SABSA and utilized the SABSA
matrix as a stellar example of using question-based analysis in IT
decision-making. By using the business requirements as the “red thread” through
the analysis, SABSA and CSP are both able to ensure that the business
objectives are being met. In the case of CSP, the business should be the
driving force behind the cloud transformation.

Mike The Architect Blog - SABSA Matrix

A common issue I
see when selecting models are that a model is selected either based on
preference or it is good enough. Don’t do that. Make sure you have a fit for
purpose model. If you don’t you may not get an accurate output.


Below are a good
set of models that can be used when rationalizing strategy:

  • Strategy maps
  • Business canvas
  • Hosen strategy
  • Net Present Value (NPV)
  • Business Scenarios
  • SWOT
  • Porters Five Forces Analysis
  • Motivation Model

Mike The Architect Blog - Strategy Map Example


 Now let’s talk about
the tools. These will allow us to automate the method along with helping align,
measure, quantify and qualify our work.

The tools below
will help

  • Charter – Template to authorize the
    project and define scope, stakeholders and timeline
  • Enterprise Capability Assessment
    Enterprise level 1 capability analysis to segment a customer’s portfolio for
    the discovery of cloud opportunities.
  • Business Heat Map – Graphical view of an
    organization based on business capabilities and cloud attributes like risk,
    value, fit and readiness
  • Capability Prioritization – Further
    refinement of each business capability with respect to cloud risk, fit and
  • Capability Profiling – Rollup dashboard
    of a given capability to determine the level of value and risk it provides in
    the context of cloud.
  • Cloud Pattern Valuation – Robust metric
    driven analysis tool used to determine which cloud service and deployment
    models should be used for a solution.
  • Cloud Pattern Matching – Graphical tool
    to connect service and deployment models with business or technical capabilities.
  • Portfolio Analysis – A tool to plot cloud
    opportunities to a grid based on Business Priority, Value, Risk and Effort to
    aid in the roadmapping.
  • Cloud Opportunity Dashboard  – A dashboard that provides a complete
    rollup of the Cloud Valuation assessments into one sheet to support decision
  • Cloud Taxonomy –This taxonomy provides a
    way of rationalizing cloud specific cloud implementation decisions.
  • Cloud Risk Framework – A risk reference
    model that identifies the key aspects of cloud risk to be assessed.
  • Cloud Risk Method – Process for applying
    a risk classification to a potential cloud solution.
  • CSP Project Planning – Examples of a
    defined project engagement, with timelines, milestones, activities and

A good example of a tool leveraged in CSP is The Capability Planning
Tool. It analyses Business and IT capabilities under seven areas that fall
under four assessment drivers: architectural fit, value, risk, and readiness:

  • Architectural
    : Adoption and Complexity
  • Value:
    Cost and Strategic Alignment
  • Risk:
    Significance and Regulations, Standards, and Policies
  • Readiness:
    Organizational Readiness and Technical Readiness

For all capabilities, the EA will ask the customer for the enterprise’s
score in each topic area. For example, for the business capability, Claims
Management, the EA will ask for the capability’s level of adoption based on the
following criteria: 5-Enterprise-Proven, 4-Tested, 3-Industry-Proven,
2-Emerging, and 1-Not Available.

This assessment is intended to capture a range from 1 to 5 for each
topic area under these assessment drivers. The end result is a rolled-up
dashboard with the scores of architectural fit, value, risk, readiness, and an
overall score for each capability. The final results presented in the dashboard
will allow the EA to determine the high-priority capabilities with the

Mike The Architect Blog - Capability Planning Tool Worksheet
Mike The Architect Blog - Capability Planning Tool Dashboard


The Cloud Strategy & Planning (CSP)
guidance helps establish a common context for cloud computing among all
business and IT stakeholders. Furthermore, it allows companies to define an
actionable cloud opportunity plan for qualified & validated cloud
opportunities to be architected for a specific service and deployment model.

The CSP guidance has 3 phases and 7
activities which give an overall structure to the approach. These allow the
client to assess and identify the current maturity level of their competences,
to find out which of these are best suited for cloud migration, and to evaluate
and better understand the opportunities for cloud solutions in the
organization. This assessment will ultimately lead to a business transformation
roadmap that is aligned with the enterprise’s technology and business

A few key points:

  • Focus on Maximizing Business Value – Leverage a business top down
    process of analysis and refinement, describing business capabilities to matched cloud technologies is essential
  • Capability
    – Respect both the business and IT dimensions of an organization
  • Balance
    Value and Risk
     – Identify cloud
    opportunities while also rationalizing the potential challenges
  • Leverage Industry Best Practices – Amplify value of proven methods, models
    and tools to reduce risk of a poorly planned and executed strategy.

Related articles

Technology Architecture Questions for Vendors
Challenge the Status Quo and Advance Business through Cloud Computing
TOGAF Templates

Challenge the Status Quo and Advance Business through Cloud Computing

In my previous post, I talked
about how Enterprise Architects can (and should) drive cloud strategy and
planning. Today, I would like us to take a look at a larger issue for EAs, CIOs, and anyone
invested in IT strategy as it relates to business planning: The cloud and it's ability to be a  game-changer. But first, I want to take a step back and talk about why this
warrants challenging in the first place.

In general, it’s not a good idea
for EAs to stir up conflict over every single technology innovation, but when there are game-changing
technology innovations in play, the gloves should come off. We should be
prepared to fight those battles, winning over the hearts and minds of executives
by demonstrating why they are critical for business. Specificly, EA can sow leadership in by showing business and IT executitves why cloud is such an important technology, but EA's should do it through their soft skills (EQ driven approaches) not driven by their hard skills talking about why cloud technollogies are the greatest. 

I have covered in previous posts this business and value first approach to cloud and will not repeat it here. Instead I want to take s step back and provide some context into how this very distruptive technology effects the industry and companies.

As cloud computing rapidly evolves, it has the
opportunity to become a true utility for information technology. It’s not 100 per
cent there yet, but the end goal is a visible possibility now more than ever.

The classic scenario for
enterprise architects is to use the “city planner analogy” to describe what
they do. Since we are talking about an architecture style, not a practice or EA
competency however, I’ll describe the actual city, rather than the person who
plans it.

The scenario we are in…


Think about IT as a city. But it’s not like a city we would know—it’s
a city that hasn’t yet embraced utility services. It has the technology of
today, but the execution of a couple hundred years ago.

This is a city where the citizens are true do-it-yourselfers. There
is vibrant trade for goods, but with respect to basic infrastructure, ranging
from electricity, sewage, and roads to public transportation and telephone
services, the people pretty much have to do it for themselves.

The common thread between this analogy and the IT climate today is
that each homeowner is spending a lot of time and effort on the operation of
their own household. While today’s IT departments don’t have to worry about
collecting wood for fire or trudging to the outhouse during a snowstorm, they
are often still deploying technology services that could more efficiently be
delivered by a utility provider. This would effectively eliminate the need
for any IT organization to deploy technologies that are now considered
commodities, such as raw infrastructure, various application or portal
platforms, and email.


Applying this analogy to the image above, we can ask, “Does every IT organization
need to be the power plant, the power substation, the power lines, and the
wiring in the home?” My answer would be a firm NO. But unfortunately, this is
exactly what most IT organizations today are doing, from the plant, all the
way down to the wiring in the house.

It’s important to understand the impact that cloud has the potential
to make. It is the first viable option to truly take commodity technology
services off-premises. This is very different from previous models, and thus
should be treated as such.


Cloud has changed IT in several
key ways. It has provided a new backbone for the evolution of IT in the future,
completely changing the business paradigm and driving elevated expectations
with IT consumers.

There are three ways cloud is doing this:

  • It's the backbone of the future
  • Introduces a new business paradigm
  • Provides a transformative path forward

#1 The backbone of the future
new platform has spawned an entirely new generation of businesses, designed on
the cloud, for the cloud. Some cloud-based businesses are now cloud services
providers, thus creating a new “C2C” category. And venture capital firms are
now sitting up and noticing that cloud services are changing the way startups
utilize VC funding, skipping over infrastructure and traditional overhead
costs, and moving straight into development, marketing, and partnerships.

More evidence of this shift to this
paradigm is the major enterprise software vendors.  There is a radical shift in the business
models of these vendors from product selling to solution selling over the cloud.
IBM, Oracle, SAP and Microsoft are all at light speed to the cloud space. This
is occurring through major re-platforming, acquisitions and entirely new
business that put a high degree of risk on cannibalizing their own revenue
streams but if they pull it off they will win big.

Enterprises are seeing this as
further evidence that this is where the future is heading. Much like
distributed computing and SOA, the vendors set the tone for where the industry
is going and that leaves many enterprises in a course-correcting mode.

#2 A new business paradigm
has truly changed how IT does business, from the way we plan and build
software, to how it is selected and purchased. This revolutionary new
infrastructure has established cloud governance as a key component of
strategic planning, affecting everything from service selection and payment, to
standards creation and lifecycle/policy management.

With the landscape focus shifting from
infrastructure to software, a host of changes have rocked the business
paradigm. A move to the cloud forces organizations to drill down deeper into
vendor selection and security issues, and acclimate to the fact that with the
cloud, certain things will no longer be under a company’s direct control.

The advent of the cloud has turned a
lot of business processes upside down—in a good way.  Traditionally, the option to “try before you
buy” was not a realistic business model, but now, cloud computing makes it easy
for customers to test drive products within in the context of their own

With a new IT deployment, users previously
had to go to IT and be trained on new technologies before they could use them,
but today, they simply click on a link and they are up and running, without
concerns about training or security. And product lifecycle management has made
great strides with the cloud as well, offering users information that can be
utilized in real-time scenarios, along with connectivity across a company's
network of suppliers, time zones, and cultures, enabling an extendable

The cloud has also uncovered a
number of new initiatives, and magnified the importance of others. By opening
up operating scale to enable operational efficiencies, the cloud enables sales
and delivery reach to be significantly extended. The cloud also drives adoption
of service oriented architecture (SOA) across the enterprise, enabling
businesses to holistically address problems, and respond faster to changes in
the market.

The importance of security and
regulatory compliance are elevated with the cloud. Whereas before they were
treated as operational line items, today they have become business-critical as
a result of growing cloud adoption.

#3 Transformative Path Forward

Like with all transformations, the
path forward is difficult given all the past investments (legacy technology) is
complex, overwhelming and often times extremely political. For many companies,
there are systems that are living in their environment that have been around
since the mainframe. These systems are not easy to turn off, they process our
payments, track our receivables and payables, manage customer relationships, provide
complex business rule processing and much more. These systems are not SOA
enabled, internet connect nor cloud ready.

Think about this analogy, Hoarders
vs. Empty House. 


The Hoarders scenario (Legacy Technology Mess)

The Hoarders situation is a lot
like the legacy environments. There is a lot of stuff around that you don’t
need anymore: old records, 8 tracks, and CD’s that are now all online. However,
all that stuff isn’t all on the shelf neatly put away, it’s everywhere. Under
piles and piles of stuff in multiple rooms and may not be in the best condition
for conversion, matching or otherwise. The effort, time and overall success is
greatly hindered.


This isn’t an unfamiliar story
with our legacy technology environments. With layer after layer of solutioning
compounded with integration any change can be highly risky for an environment. Our hoarders scenario looks a little like this:


Empty House (Cloud / Greenfield)

With this scenario you enter into
environment in which there is no legacy/junk layered throughout the house. The
decisions are about what you what the room/house to ultimately be. This greatly
accelerates the process and allows you to focus on the business priorities
right away rather than managing all the change right away.


In this scenario, we start fresh
with a (relatively) clean slate. The inhibitors or “sins of the past” don’t
live here. It’s like what Yoda told Luke at the Dark Side Cave in Star Wars
Episode 5, “You don’t need the lightsaber. The only evil in there is the evil
you take with you”. That quote is very relevant to this scenario. If legacy
thinking is applied to this paradigm then bad results will happen. But if you
apply fresh thinking to a new way of doing things will go well.

By avoiding focusing on legacy
impacts by making changes within that environment, we are able to focus on the
future business needs and priorities unhindered. While in the past you could do
this with parallel environments (I did this with large CRM and ERM
implementations) Cloud ups this through not only providing a hardware stack but
a utility delivery and services model. 



So what does all this mean?

Businesses are fighting to survive
in a market that is evolving, changing and moving faster than it ever has
before thus IT must provide the vital technology innovations and services to
keep pace with an ever growing business climate. 

IT is in a real pinch. Like I talked about
above in my Hoarders scenario, IT has layers of technology like sedimentary
rock that make any change extremely difficult costly and risky. Business don’t
understand this problem completely and often times don’t care. They see the grass
on the ground not seeing the number of layers of legacy. This is because they
know that to survive and win in their markets they must transform themselves
from silo-based, inward-facing and disconnected to a highly agile business.

EA’s must challenge the status quo in order to advance the
business! There will be many naysayers just like with any advance in
technology. I heard it in the days of distributed computing and SOA on why not
to do it but ultimately it was needed and it had to happen.

As EA’s we know, the business must be competitive or they will face
severe consequences. It is the job of EA organizations to identify these advances,
embrace them and shift the organization. That is the reason to challenge.

However, go in with your eyes
open. Cloud will not solve the business agility, business
service enablement, IT process and delivery problems.

However, cloud is:

  • Technology enablement
  • New architecture style
  • Next advancement in computing
  • Cross consumer and enterprise aware
  • Ready for prime time

With this said, Cloud gives enterprises a unique ability to
start in a greenfield environment in a much easier and rapid way rather than in
the hoarders mess. By embracing this path you will be able to:

  • Avoid making large “big bang” investments
  • Hedge risks by migrating at your own pace
  • Focus on the future of your business rather than
    the old


I hope this helps!

Cloud Strategy Begins with Value and Balances Risk

Mike The Architect Blog: Cloud Strategy begins with Value and Balances Risk

My previous post, Understanding Which Investments Should go to the Cloud, I opened the door to a discussion around qualifying opportunities for the cloud, and looked at the best ways to determine what’s right for your organization. Today, I’m going to take that discussion one step further, and talk a bit about how to achieve balance between value and risk to get the most out of your cloud investment.

In recent years, cloud service providers have faced quite a bit of fear, uncertainty, and doubt from customers. The broad and impactful benefits of cloud can be overwhelming for decision makers as many aspects of their solutions need to be re-evaluated in a world where solutions are not safely behind a firewall.

While many of these concerns are valid, they also hold us back from making decisions and we often defer, ignore or discredit. To further this point, the 2010 ISACA IT Risk/Reward Barometer survey reported that nearly half of US IT professionals felt that the risks of cloud computing outweighed the benefits. The survey also indicated that 45 percent of IT professionals think that the risks of the cloud far outweigh the benefits—and only 10 percent of those surveyed said they’d consider moving mission-critical applications to the cloud.

And there’s more. In 2010, IDC stated that, “Cloud computing and virtualization change the risk profile of information assets. The layers of abstraction inherent in these technologies also pose challenges in effectively tracking and executing the technical controls around confidentiality, data integrity, and availability. These information governance issues impede higher adoption of cloud computing among organizations.”


Mike The Architect Blog: Cloud Strategy

Consider this: We have been implementing cloud-like architectural styles for many years before it was ever called “cloud.” As an example, think about the banking industry. They have been doing cloud-based work since the 1970s. The browsers were a bit more green and less graphical, but they nonetheless performed the same basic tasks as modern browsers. The service models were very similar, and the monetization model was eerily similar, charging only for usage, not the entire infrastructure.

Even the application of the technologies draws parallels. Software as a Service has been in use in banking since the dawn of Correspondent Banking, where a larger bank would build an application for its own purposes, but also build it in a multi-tenant way to offer it as a service to other banks. An example here is debit card services, where a bank can let other banks use all the debit processing services, and even issue cards under their own brand.


What has changed in the model is the technology enablement around this paradigm. It has opened this type of architecture for not just the largest of the large companies, but also for small and mid-sized businesses. Below is a depiction of how the modern cloud technologies have transformed how we handle this from a business, economic, and technology perspective.

Mike The Architect Blog: Cloud Strategy begins with Value and Balances Risk


So why do we start with value and then risk? It’s very simple: That is how businesses make decisions. Starting with risk alone can lead down a path of minimal value; the two must be assessed in the right order and then brought together in order to get an accurate view of the potential gains.

It’s important to take a value-driven approach to correctly understand how investments are made. Companies don’t make decisions in an uninformed way. They start by asking, “What is the value this technology can bring?” As shown below, starting with how the company generates value is provides context into the decision making process.


Mike The Architect Blog: Cloud Strategy begins with Value and Balances Risk


Value enables selection of the right cloud elements for investment, taking into consideration business strategy, IT strategy, value drivers, and enabling capabilities.

If we start from the opposite end with risk we may disqualify high-value investments without even knowing. For an action to be value-creating, it has to do one or more of the following:

  1. Increase operational efficiency with the solutions already in place
  2. Increase the return on capital—no matter how risky they are, if they have a marginal return on capital that exceeds the cost of capital, they will create value
  3. Leverage existing investments to avoid switching costs of new solution development and deployment
  4. Reduce the cost of capital that is applied to discount the cash flows (cost of financing); reducing the proportion of the costs that are fixed will make firms much less risky, and reduce their cost of capital


To execute on this, below is a basic checklist that you can use to derive to the right investments that add value.

Value Assessment Checklist

clip_image001 Determine value

clip_image001[1] Understand key company strategies

clip_image001[2] Identify value-generating opportunities

clip_image001[3] Outline focus on business capability areas

clip_image001[4] Define an investment priority list to map to risk factors


Here is a starting point on creating a benefits frame:

Mike The Architect Blog: Cloud Strategy begins with Value and Balances Risk


Once you have determined what benefit levers you want to apply to your company, division, or specific business unit, you can then start to do the actual analysis, which may look something like this:

Mike The Architect Blog: Cloud Strategy begins with Value and Balances Risk


Once measurable value has been established, companies determine the level of risk that will come with making that decision. By listing the ways that risk can manifest itself in each specific scenario (business, governance, technical, operational), it’s easier to ascertain that risks identified are true business risks—not fear driven by uncertainty.


Risk Assessment Checklist

clip_image001[12] Clarify business intent

clip_image001[13] Analyze the solutions on risk value

clip_image001[14] Prioritize high-risk solutions with the highest business value

clip_image001[15] Determine acceptable risk tolerance

clip_image001[16] Understand impact and probability

clip_image001[17] Identify options to mitigate risk


In addition, there are also concerns around regulations in general, the US Patriot Act for Europeans, and data sovereignty. Despite those concerns however, the cloud is here to stay. It is quickly becoming the de facto platform for businesses, in a large part to the value it brings back.

By delivering on the concepts of decreased costs and increased business agility, the cloud has persuaded increasing numbers of organizations to move more IT processes and capabilities to that environment. Yes, there are still risks, but savvy CIOs are putting risk management processes in place that enable them to identify and mitigate risk prior to a cloud deployment. This approach to evaluating cloud opportunities doesn’t over compensate on value or risk, but instead takes a balanced risk-adjusted value view.

Through this risk a risk-adjusted value view you can generate capability opportunity sheets for each capability you want to cloud enable. Below is an example of such a opportunity sheet.

Mike The Architect Blog: Cloud Strategy begins with Value and Balances Risk  


At the end of this exercise, you should derive a few models that
can help you balance value and risk. Below is a sample of how this initial assessment can be overlaid onto a business capability model to aid in the prioritization process. As you can see, our sample assessment indicates that the high-risk solutions with the highest business value lie within internal control functions for HR, facility, and employee event management, and in management control and reporting for planning.


Mike The Architect Blog: Cloud Strategy begins with Value and Balances Risk


As we’ve discussed, balancing risk and value is the smartest, most efficient way to identify concrete opportunities in the cloud, and set the stage for the best possible outcomes. Through this top-down, business driven method we want to ensure that we maximize our implementation efforts, reduce the risks of project failures, increase the value to the business and ensure that the right investments at the right time move into this new way of computing.

In my next post, I want to look further into who will lead a cloud strategy effort. It takes a unique role with both business and IT savvy. Thus I will discuss the reasons why Enterprise Architects are vital roles and should step up to drive cloud strategy and planning efforts for enterprises.


Understanding Which Investments Should go to the Cloud

Mike The Architect: Understanding Which Investments Should go to the Cloud

In my last post in this series, “CIO Priorities for the Next 3 Years”, we examined the future of Corporate IT, and made some predictions on what CIO priorities for the next three years might be. According to research from IDC, IBM, and Gartner, the three areas that CIOs are expected to invest most heavily in will be data, mobility, and the cloud.

Today, we will take a closer look at the most recent and most aggressively growing of these three niches: The cloud. Our friends at Gartner estimate that, over the next five years, enterprises will likely spend about $112 billion cumulatively (no pun intended) on cloud services. Another example comes from a new survey of 600 large companies by Tata Consultancy Services. The Tata survey points out that companies in all regions expect their cloud usage to grow dramatically by 2014. For example, U.S. companies expect that 34 percent of their total applications will be cloud-based in two years. European respondents said they expect cloud applications to hit 25 percent in that period.

Clearly, the cloud is here to stay, so let’s talk about the power of the cloud. Specifically, what game changing elements does the cloud bring to businesses in the future?

Below is how I think about it from a Strategy and an Enterprise Architecture oriented way. This should resonate with most CIOs:

  • Convergence – The cloud is the ultimate power networker, bringing together the essential elements that enable both legacy and emerging technologies. The analyst community bears this out, positioning the cloud as the nerve center of the IT of the future. Gartner calls it the “CSMI Nexus,” and describes it as a junction of cloud, social, mobility and information. I agree with Gartner’s position that the future will be more integrated and connected when it comes to these four technologies, but the cloud will always be at the center, enabling all of this to occur.
  • A New Financial Model – Because the cloud requires no upfront investment for hardware and software, it enables a shift from capital expenditures to operational expenditures, wherein the bulk of the costs are absorbed into a utility model, with low monthly fees for applications and services. The challenge with this is that often, the implementation time and costs significantly reduce the value of the capital expenditure, and the investment is nearly depreciated before the value can be extracted. This can cause a bit of CFO angst.
  • Agility and Scalability – An agile, scalable enterprise is needed to support the rhythm of modern business—not all business cycles, after all, are static. Take for example the banking industry, which has a peak transaction volume between Thanksgiving and January 1; or healthcare and insurance, which are driven respectively by staggered enrollment periods and policy renewals. On-premises systems present a high barrier for agility, as they require sophisticated virtualization software, and significant investment in hardware and data communication equipment. Conversely, the cloud offers much greater flexibility via an on-demand environment that makes it easy to add more capacity as businesses evolve.
  • Streamlined IT – From deployment and management through administration and support, the cloud may deliver the biggest gifts to IT departments. Getting up and running is almost a no-brainer, often requiring nothing more than a standard internet connection. Standardizing PC environments and managing system and desktop updates are all made easier using the cloud. Cloud-based management also help drive down the cost of support. With a cloud-based system, it’s easier to proactively detect and manage issues to reduce help-desk calls, and to ensure that all managed PCs have the latest security updates using online distribution and management.
  • Productivity – The gains in productivity that can be garnered with the cloud are invaluable, given that more and more organizations have global workforces these days. Using the cloud to give users all the latest productivity tools is only the beginning. When employees have access to office desktops, files, and applications any time, from any location, they can get more done, faster—and even physically dispersed teams can collaborate more easily.


So what does this all mean for traditional, on-premises systems? The IBM Tech Trends Survey reports that 91% of IT professionals are anticipating that cloud will completely overtake on-premises computing in the next 5 years. Essentially, the challenge for on-premises systems with the advent of the cloud is their essential lack of innovation in the market. When faced with the explosive growth in the cloud paradigm that offers businesses more choice, extended capabilities, and exciting new emerging technologies, on-premises simply can’t compete.


The Financial Transition to the Cloud

From a financial aspect, it seems like a straightforward move: Operating primarily with a “pay-to-play” model, the cloud appears to be both cutting edge and cost-effective. But is it really that simple?

The truth is, most companies significantly underestimate the scope of change required to establish cloud services until it’s too late. In the traditional model, companies buy technology from a vendor as a capital investment, and continue to invest in maintaining and servicing it over time. With the cloud being a service, however, the financial model should be treated more like a utility, requiring the reallocation of budget from capital expenses into operating expenses.

We also have to consider that this monetization model could change over time. A recent in the Harvard Business Review Blog Network entitled, “The Truth About Cloud Economics” it talks about a potential and very valid shift in the way cloud providers will monetize their services. Below is the conclusion that Drue Reeves and Daryl Plummer make about this shift:

So, to combat this kind of risk, cloud providers will enter into what are called "enterprise agreements," where the two parties can define the parameters of the relationship based on mutual risk sharing. Essentially, this ensures that each party has a vested interest in the financial success of the other party. There’s risk, but there’s also reward for better service.

In the end, providers that deliver better service and better guarantees will ask for — and get — more money. Consumers, on the other hand, will get the flexibility of "pay-as-you-go." As long as they can figure out a way to pay for it.


What I think this means is that we should consider the value and risk for cloud providers as well as ourselves when making these de
cisions. The future financial viability for our cloud providers are important in this equation as well. Simply put, if they are not making money in the cloud business, there is no reason to have a cloud business.

From a CFO perspective, they will have a bone to pick, pointing out that this shift can present challenges when a company must still also pay to maintain legacy infrastructure. And if the new cloud services aren’t replacing existing services, new lines of expenditure must be created, which is rarely a smooth process.

Governance is also an issue to consider. With the ease of cloud deployment, it’s important to consider the ramifications of being able to add services quickly as a company grows and needs change. Having a predictable cloud requisition/governance strategy in place can go a long way toward making future service acquisitions easy.


Making the right choice

So now that we have identified some of the significant financial issues around the cloud, how do you determine what’s right for your organization?

  1. Rationalize your strategy. Understand where your business wants to go, what is important, and why. In this process, you need to distill the business and IT strategies to identify cloud-ready capabilities that align to strategy, and provide the maximum amount of value with minimal risk to the business.
  2. Get clear on capabilities. Understand what business capabilities will be a good fit for the cloud through a valuation process. This way, you’ll understand what investments should go to the cloud through a rigorous evaluation of the prioritized set of opportunities identified through strategy rationalization. Through this valuation an assessment of the business and technology capabilities will uncover the value and risk that each capability would bring the company if ported to the cloud.
  3. Make a plan. Create a business transformation plan that will prioritize investment opportunities, balanced across the enterprise and integrated into a transformation roadmap.


Below is a simple three phased approach to making a top down, business value driven decision on which investments to port to the cloud. It’s important that we take this value driven approach to ensure that we don’t make the mistakes we made with other very large technology initiatives such as SOA, CRM or ERP. We should focus on the value add capabilities first to realize value sooner, more reliably and predictably.


Mike The Architect: Understanding Which Investments Should go to the Cloud


We want to take a top-down business value driven approach to process, analyze and refine. This in turn will allow us to describe the business capabilities and to match those with cloud technologies enabling maps to the business-driven strategy that cloud services support. Entering into cloud assessments at a lower level can diminish the level of business impact—and the amount of value—that an organization will realize with the cloud, as seen below.

Mike The Architect: Understanding Which Investments Should go to the Cloud


This picture tells is that the lower in the “stack” we go the lower the overall business value we will realize. This is critical for decision makers to understand as we make decision to go to the cloud.

By respecting both the business and IT dimensions of an organization, and balancing value and risk to identify cloud opportunities while mitigating threats, companies can be assured that the cloud solutions chosen will be flexible, adaptable, and reusable—and just the right fit for their needs.

So that’s it for today. Next time, I’m going to dig a little bit deeper, and talk about how we can balance value and risk through effective cloud strategy.


Additional Resources


Open Group Conference Presentation–Why EA’s Must Drive Cloud Strategy and Planning

Mike Walker's Blog: Why EA's Must Drive Cloud Strategy and Planning

First and foremost, a big thank you to the attendees of my session.  We filled the room! All the interaction and questions were top notch. I really enjoyed presenting to all of you.

Mike Walker's Blog: Mike Walker presenting Why EA's Must Drive Cloud Strategy and Planning 

In my session,  Why EA’s Must Drive Cloud Strategy and Planning I drove the core message around why the EA should lead Cloud Strategy efforts but then quickly diving into how EA’s can drive this. I use a real world example and show a framework and method I created to provide a repeatable and predictable set of outcomes.

For those that would like to view my presentation you can find it below:


I will continue to provide more detail in future posts.