Enterprise Architecture And Cartography: From P...
An enterprise architecture (EA) is a conceptual blueprint that defines the structure and operation of organizations. The intent of enterprise architecture is to determine how an organization can effectively achieve its current and future objectives. Enterprise architecture involves the practice of analyzing, planning, designing and eventual implementing of analysis on an enterprise.
Concepts of enterprise architecture are variable, so it will not look the same for each organization. Different parts of an organization may also view EA differently. For example, programmers and other technical IT professionals regard enterprise architecture strategies in terms of the infrastructure, application and management components under their control. However, enterprise architects are still responsible for enacting business structure analysis.
Enterprise architecture will help multiple departments in a business understand the broader business model and articulate challenges and business risks. Because of this, enterprise architecture has an important role in unifying and coordinating departmental processes across an organization. Being able to access and understand business capability should also help individuals identify gaps in their business, and from there, they can make more informed decisions.
The main goals of enterprise architecture may be to create a map or blueprint of the structure and operations of an organization. This blueprint should include information such as a map of IT assets and business processes.
Microsoft's Michael Platt, a director in the strategic projects group, offers a view of enterprise architecture as containing four points of view: the business perspective, the application perspective, the information perspective and the technology perspective. The business perspective defines the processes and standards by which the business operates on a day-to-day basis. The application perspective defines the interactions among the processes and standards used by the organization. The information perspective defines and classifies the raw data (such as document files, databases, images, presentations and spreadsheets) that the organization requires to operate efficiently. The technology perspective defines the hardware, operating systems, programming and networking tools used by the organization.
The term may have various meanings to professionals in different areas who work with different EA frameworks. For example, programmers and other technical IT professionals regard enterprise architecture strategies in terms of the infrastructure, application and management components under they have control over.
High-level programmers will use enterprise architecture when referring to the hardware and software components in a design. For a website, that might comprise a web server, database, the NoSQL database cache, the API endpoints and the content delivery network.
Others could view enterprise architecture based on quality attributes. These are attributes that must exist for software to work and are unlikely to fit in a specification document. Examples include reliability, capacity, scalability and security. Quality elements are not functional requirements, but are ways to determine acceptable operating conditions and necessary tradeoffs to get there.
Enterprise architecture, in a business context, may have organizations distinguish their enterprise architecture from the technical architecture required to build and run applications. Working from within an enterprise architecture framework will help define this.
Enterprise architectures are typically implemented as frameworks. There are many different frameworks, and some will be a better fit than others when it comes to any one organization. For example, a framework focused on consistency and relationships between various parts of an overarching enterprise will be more helpful to larger organizations with many moving parts compared to small ones. In this case, a framework like the Unified Architecture Framework (UAF) may work.
ISACA is fully tooled and ready to raise your personal or enterprise knowledge and skills base. No matter how broad or deep you want to go or take your team, ISACA has the structured, proven and flexible training options to take you from any level to new heights and destinations in IT audit, risk management, control, information security, cybersecurity, IT governance and beyond.
Implementing security architecture is often a confusing process in enterprises. Traditionally, security architecture consists of some preventive, detective and corrective controls that are implemented to protect the enterprise infrastructure and applications. Some enterprises are doing a better job with security architecture by adding directive controls, including policies and procedures. Many information security professionals with a traditional mind-set view security architecture as nothing more than having security policies, controls, tools and monitoring.
By using a combination of the SABSA frameworks and COBIT principles, enablers and processes, a top-down architecture can be defined for every category in figure 2. As an example, when developing computer network architecture, a top-down approach from contextual to component layers can be defined using those principles and processes (figure 4).
TOGAF is a framework and a set of supporting tools for developing an enterprise architecture.4 The TOGAF architecture development cycle is great to use for any enterprise that is starting to create an enterprise security architecture. Similar to other frameworks, TOGAF starts with the business view and layer, followed by technology and information (figure 5).5
Like any other framework, the enterprise security architecture life cycle needs to be managed properly. It is important to update the business attributes and risk constantly, and define and implement the appropriate controls.
Regardless of the methodology or framework used, enterprise security architecture in any enterprise must be defined based on the available risk to that enterprise. The enterprise frameworks SABSA, COBIT and TOGAF guarantee the alignment of defined architecture with business goals and objectives.
The simplified agile approach to initiate an enterprise security architecture program ensures that the enterprise security architecture is part of the business requirements, specifically addresses business needs and is automatically justified.
Rassoul Ghaznavi-Zadeh, CISM, COBIT Foundation, SABSA, TOGAFHas been an IT security consultant since 1999. He started as a computer network and security professional and developed his knowledge around enterprise business, security architecture and IT governance. Ghaznavi-Zadeh is an IT security mentor and trainer and is author of several books about enterprise security architecture and ethical hacking and penetration, which can be found on Google Play or in the Amazon store.
While widely used for mind mapping and other non-technical architecture designs, Lucidchart has a number of technology-focused architecture diagram options available in its library. A quick search will find everything from database diagramming using UML notation to Kubernetes deployments like the one above with a pre-defined template using GCP cloud architecture.
Gliffy is another modern online solution for architecture diagrams that cater to software engineers. It has similar icons to choose from when compared to Lucidcharts or Diagrams.net, but I was particularly appreciative of its sleek two-dimensional images. It may have one of the more complete libraries for cloud architects with icons for container orchestration systems and specific icons for Azure, GCP, and AWS architecture diagrams to map out your entire hybrid cloud architecture.
Modern Enterprise GIS (at the time of writing, Q3 2018) is most commonly implemented using a multi-tiered, database driven, services-oriented architecture (SOA) in which maps, data, and tools are exposed as REST or SOAP endpoints over HTTP(S), and then further wrapped in customized applications. Both commercial and open-source software tends to follow this general pattern of data persisting in a relational, spatially enabled database; cartography can be done using both full-featured GIS clients and increasingly through lightweight web mapping portals; maps and functionality can be delivered on the web as services directly to other applications, or as applications targeted to the end user user cases, which often can be developed from templates with little or no programming.
BUSINESSES IN most industries have a classic oligopolistic structure, with a small number of companies competing on similar vertical value chains. In many cases, this will evolve into a much more diverse architecture of horizontal layers: shared infrastructure on the bottom, producing and consuming communities on the top, and traditional oligopolists competing in the middle. Borrowing a metaphor from technology, we call these industrial ecosystems \"stacks.\" 59ce067264