49
IT Architecture Resilience in the face of the Storm Aaron Tan Dani Founder and Chairman of IASA Asia Pacific Co-Author of ITABOK (IT Architecture Body of Knowledge) [email protected]

AaronTan Security Final

Embed Size (px)

Citation preview

Page 1: AaronTan Security Final

IT Architecture Resilience in the face of the Storm

Aaron Tan Dani Founder and Chairman of IASA Asia Pacific

Co-Author of ITABOK (IT Architecture Body of Knowledge) [email protected]

Page 2: AaronTan Security Final

Agenda  

Ø  The  context  of  IT  Architecture  

Ø  The  Top  5  Informa6on  security  breaches      Ø  How  ITABoK  addresses  IT  Security?      Ø  IT  Architect’s  Career  Path  

Ø  Conclusion  

Page 3: AaronTan Security Final

Once  upon  a  6me,  there  were  great  architects  among  us…  

Page 4: AaronTan Security Final

They  had  built  so  many  “wonders  of  the  world”  

Page 5: AaronTan Security Final

Un6l  one  day  disaster  happened  …  

Page 6: AaronTan Security Final

Challenges  faced  in  forming  American  Ins6tutes  of  Architects  (AIA)  

•   In  the  beginning,  there  was  no  formal  school  of  Architecture  and  also  no  Building  Architect  Profession  • 1857  Associa=on  was  formed  by  13  Building  Architects  and  started  off  as  New  York  Society  of  Architects  (NYSA)  • 1860  Chapters  established  in  more  ci=es  across  USA  • 1867  Held  the  1st  Conven=on  in  New  York  City  • 1880  Had  12  Chapters  across  city  in  USA  (aOer  23  years)  • 1884  Faced  rival  organiza=on  by  Western  Associa=on  of  Architects  but  later  both  merged  in  1889  to  form  AIA.  It  took  them  32  years.  •   hVp://www.aia.org/about/history/AIAB028819          

Page 7: AaronTan Security Final

•  Have seen too many large IT projects failed –  Minimum IT Architecture works –  Leave the IT Architecture works to most Junior staff

•  IT Architect works & roles have been overlooked –  No career path as an IT Architect –  IT Architects couldn’t find peers –  Want to BECOME AN IT ARCHITECT but don’t know how, none of

University offers Degree in IT Architecture

•  Issues Finding IT Architecture Resources –  Google Search Result for Books as of December 2010 =>

Marketing: ~29,000 – Publishing: ~171,000 – Building Architecture: 43,000 – Software or IT Architecture: ~700

The  IASA  Mo6va6on    

Page 8: AaronTan Security Final

IASA  is  The  Global  IT  Architecture  Professional  Body    •  Founded  in  2002,  IASA  is  the  preeminent  knowledge-­‐based  

associa=on  focused  on  the  IT  Architecture  profession  with  over  70,000  members  globally  

•  The  IASA  is  non-­‐profit  and  mostly  volunteer  •  The  IASA  is  run  by  and  for  all  IT  architects    -­‐  Infrastructure  

Architects,  SoOware  Architects,  Business  Architects  and  Informa=on  Architects  

•  The  IASA  is  centrally  governed,  locally  run  &  supported  by  Asian  Government  bodies  i.e.  KOSTA  (Korean  SoOware  Technology  Associa=on),  SoOware  Park  Thailand,  MDeC  (Malaysian  Development  Corpora=on/Malaysia  Super  Corridor),  IDA  (Singapore  Infocomm  Development  Authority),  HKCS  (Hong  Kong  Computer  Society),  etc.  

•  The  IASA  is  technology,  plaborm,  methodology  and  vendor  agnos=c  

8

Page 9: AaronTan Security Final

IASA  Thought  Leaders  &  Fellows  

•  Grady Booch – The father of Software Architecture •  John Zachman – The father of Enterprise

Architecture •  Bill Inmom – The father of Information Architecture •  Len Bass – The father of CMMi •  Eric Evans – The father of Domain Driven Design •  Angela Yochem – IASA Fellows & CIO of Dell •  Scott Ambler – The father of Agile Architecture

ScoV  Ambler  

Page 10: AaronTan Security Final

IASA  Events  &  Mee6ngs  

Page 11: AaronTan Security Final

The  IT  Architecture  Formal  Defini6on  as  defined  by  IASA  What  Are  defini=ons  of  other  Exis=ng  Professions?  

IT  Architecture  (IASA):  

The  art  and  science  of  designing  and  delivering  valuable  technology  strategy  for  the  business.    i.e.  the  IT  Architecture  profession.  

Medicine:  

The  art  and  science  of  trea=ng  disease  with  drugs  or  cura=ve  substances,  as  dis=nguished  from  surgery  and  obstetrics.  i.e.  the  medical  profession.  

Building  Architecture:  

The  art  and  science  of  designing  and  erec=ng  buildings.  i.e.  the  building  architecture  profession.  

Page 12: AaronTan Security Final

Agenda  

Ø  The  context  of  IT  Architecture  

Ø  The  Top  5  Informa6on  security  breaches      Ø  How  ITABoK  addresses  IT  Security?      Ø  IT  Architect’s  Career  Path  

Ø  Conclusion  

Page 13: AaronTan Security Final

No.  1…  Informa6on  Security  Breach  

Page 14: AaronTan Security Final

No.  2…  Informa6on  Security  Breach  

Using  Personal  Email  to  send  Work’s  Related  files  

Page 15: AaronTan Security Final

No.  3…  Informa6on  Security  Breach  

Files/data  SHUFFLING  to  personal  email/hard  disk  

Page 16: AaronTan Security Final

No.  4…  Informa6on  Security  Breach  

Stolen  or  Lost  of  Devices/Notebook  

Page 17: AaronTan Security Final

No.  5…  Informa6on  Security  Breach  

Informa6on  Leakages  via  Web  Sites  Outbound  Post  

Caused  by:    -­‐ Careless  Programming  -­‐   Wrong  configura6on  in  one  of  the  web  server  farm  -­‐   Ignorance  of  the  important  of  informa6on/data,  etc    

Page 18: AaronTan Security Final

Agenda  

Ø  The  context  of  IT  Architecture  

Ø  The  Top  5  Informa6on  security  breaches      Ø  How  ITABoK  addresses  IT  Security?      Ø  IT  Architect’s  Career  Path  

Ø  Conclusion  

Page 19: AaronTan Security Final

Formal  Defini6on  of  BoK  based  on  Wikipedia  

Page 20: AaronTan Security Final

Medical Profession / Doctor

Body  of  Knowledge  in  other  Established  Professions  

Legal / Lawyers

Page 21: AaronTan Security Final

How  about  IT  Architect?  

Page 22: AaronTan Security Final

Seriously,  who  we  are?  

Page 23: AaronTan Security Final

•  Super-developer? •  Super-Database Administrator? •  IT/Development Manager? •  Developer Lead with business competence? •  Business person with technical competence? •  Network and System Specialist with having business

sense and strong IT Infrastructure competence? •  IT person who bridges between business &

technology ? •  All of the above? •  Technology Strategist for the business?

So,  Who  is  an  IT  Architect?  

Page 24: AaronTan Security Final

•  Strategic Architect (CTO/CIO) •  Security Architect •  Information/Data Architect •  Solutions Architect •  Infrastructure/Network Architect •  Software Architect •  Application Architect •  Business Architect •  User Experience Architect •  Enterprise Architect, etc

Various  IT  Architect  Roles  &  What  make  us  different  compared  to  Engineer?  

24

Page 25: AaronTan Security Final

Introducing  IT  Architect  Body  Of  Knowledge  (ITABOK)  

•  All specializations must be based on Foundation Body of Knowledge

•  Taxonomy includes 250 IT Skill Set Library

•  Skills must be practical, relevant and necessary

•  Taxonomy is versioned and maintained, Ver. 2.0 since November 2009

Founda=on  Body  of  Knowledge  

SoOware  Architecture  

Infrastructure  Architecture  

Informa=on  Architecture  

Business  Architecture  

Enterprise  Architecture  

Business  Technology  Strategy  

IT  Environment  

Quality  AVributes  

Human  Dynamics  

Design  

Page 26: AaronTan Security Final

Quality  Acributes  Described    

Founda=on  Body  of  Knowledge  

SoOware  Architecture  

Infrastructure  Architecture  

Informa=on  Architecture  

Business  Architecture  

Enterprise  Architecture  

Business  Technology  Strategy  

IT  Environment  

Quality  AVributes  

Human  Dynamics  

Design  

Ø   They  represent  horizontal  concerns  across  all  aspects  of  technology  strategy  and  IT  Architecture.      Ø   They  are  the  key  in  architec=ng  and  designing  a  robust  system.  Ø   They  are  affected  by:  

Ø   Times  Ø   Cost  Ø   Requirements    Ø   Skilled  Resources  

 

Page 27: AaronTan Security Final

    Essen6al   Very  important  

Somewhat  important  

Not  very  important  

Not  applicable  

at  all  

Priority  for  Career  Focus  

General  Quality  Acribute  skills  (category  ra6ng)   22.0%  (87)   50.8%  (201)   23.7%  (94)   2.8%  (11)   0.8%  (3)   73% Monitoring  and  Management   21.3%  (85)   50.9%  (203)   23.3%  (93)   4.5%  (18)   0.0%  (0)   72% IT  Security   54.5%  (217)   37.7%  (150)   7.8%  (31)   0.0%  (0)   0.0%  (0)   92% Balancing  and  Op6mizing  Quality  Acributes  29.6%  (118)   54.6%  (218)   14.8%  (59)   1.0%  (4)   0.0%  (0)   84% Performance   40.9%  (164)   48.4%  (194)   10.0%  (40)   0.7%  (3)   0.0%  (0)   89% Reliability,  Availability,  Scalability   59.1%  (237)   37.2%  (149)   3.7%  (15)   0.0%  (0)   0.0%  (0)   96% Manageability,  Maintainability   44.2%  (176)   45.2%  (180)   9.3%  (37)   1.3%  (5)   0.0%  (0)   89% Extensibility,  and  Flexibility   44.1%  (177)   50.1%  (201)   5.0%  (20)   0.7%  (3)   0.0%  (0)   94% Usability,  Localiza6on,  Accessibility,  Personaliza6on   31.3%  (123)   44.0%  (173)   20.4%  (80)   4.1%  (16)   0.3%  (1)   75%

Other  (please  list  and  describe)   6       answered  ques=on   402       skipped  ques=on   132  

Quality  Acributes  –  Survey  Says  

Page 28: AaronTan Security Final

IT  Security  

•  IT Security covers a broad field cutting across all aspect of IT projects: –  Regularly review compliance

issues –  Guide technical teams in

security implementation –  Develop security strategy to

secure baseline •  Tools and resources:

–  Various securities tools from products to frameworks

–  Http://www.itsecurity.com

IT  Architect  Skills  Analysis  (0-­‐10)  1.  I  am  aware  of  basic  security  principles  

and  concepts-­‐  2  pts  2.  I  have  studied  security  as  a  field  –  3  pts  3.  I  have  used  industry  standard  security  

components  on  projects  (NOT  HTTPS)  -­‐  4  pts  

4.  I  regularly  review  security  infrastructure  for  the  enterprise  –  5  pts  

5.  I  lead  the  field  in  an  aspect  of  security  –  6  pts  

Cost  of  not  knowing  1.  Monetary  loss  from  hackers  2.  Poor  customer  rela=ons  

3.  Regulatory  compliance  maVers  

Page 29: AaronTan Security Final

Performance  

•  Facts about performance: –  Performance is expensive –  Everyone wants more than they

need –  No one gives accurate

requirements –  It has a direct customer impact

•  Always get a concurrency and performance count before you create an IT Architecture solution

•  Tools and resources: –  Code analysis –  Performance testing suites

IT  Architect  Skills  Analysis  (0-­‐10)  1.  I  am  aware  of  the  elements  of  

enterprise  performance-­‐  2  pts  2.  I  have  used  numerous  

performance  tools  –  4  pts  3.  I  have  led  the  adop=ons  of  

performance  standards  -­‐  5  pts  4.  I  regularly  mentor  teams  on  

performance  analysis  and  delivery–  6  pts  

5.  I  impact  the  industry  understanding  of  performance  capabili=es  –  6  pts  

Cost  of  not  knowing  1.  Huge  customer  impact  2.  IT  become  stopper  to  business  

opera=ons  

Page 30: AaronTan Security Final

Example  of  Quality  Acributes  Trade  Off  

Given  a  specific  Time,  Cost,  Requirement  and  Resources,  below  are  some  of  the  Quality  AVributes  metrics:  

Page 31: AaronTan Security Final

Agenda  

Ø  The  context  of  IT  Architecture  

Ø  The  Top  5  Informa6on  security  breaches      Ø  How  ITABoK  addresses  IT  Security?      Ø  IT  Architect’s  Career  Path  

Ø  Conclusion  

Page 32: AaronTan Security Final

The  Industry  needs  more  IT  Architects  –  2010  The  Best  Job  in  US  is  Sonware  Architect  among  other  100  Jobs  

32  

Page 33: AaronTan Security Final

IT  Architect  Seniority  in  par  with  the  Highest  Level  in  IT  Management      

33  

hVp://www.computerworld.com/spring/salary-­‐survey/2011/job_level/5    

Page 34: AaronTan Security Final

THREE  out  of  Six  Hocest  New  Jobs  in  IT  are  Architects  

34  

hVp://www.infoworld.com/t/informa=on-­‐technology-­‐careers/the-­‐6-­‐hoVest-­‐new-­‐jobs-­‐in-­‐it-­‐052?page=0,0    

Page 35: AaronTan Security Final

IT  Architecture  –  the  Highest  Industry  Growth    

35  

In  July  2011,  Robert  Half  highlighted  that  IT  Architecture  sectors  are  at  the  highest  industry  growth  by  Mr.  Steven  McGowan,  Director  of  Robert  Half  Technology  Robert  Half  is  the  Global  leader  in  Professional  

Staffing  Services  since  1948  with  the  2010  revenue  of  US$3.1billion  and  13,000  employees  hVp://www.eventsta=on.sg/ipdf2011/slides/Talent%20Mangement%20and%20AVrac=on%20-­‐%20Next%20Genera=on%20Infocomm%20Professionals.pdf    

Page 36: AaronTan Security Final

IT  Architect  Career  Map  Defined  

Page 37: AaronTan Security Final

IT  Architecture  Career  Path  

BUSINESS  Architect  

INFORMATION  Architect  

INFRASTRUCTURE  Architect  

SOFTWARE  Architect  

Page 38: AaronTan Security Final

IT  Architecture  Bootcamp  

IT  Architecture  Core  

 IASA  CERTIFIED  PROFESSIONAL  IT  ARCHITECT  (CITA-­‐P)  

     

BPI  

Business  Requirement  Architecture  (BRA)  

Business  Process  Architecture  Redesign  &  Strategy  (BPARS)  NC  -­‐  EXAM  

Business  Technology  Strategy  (Core)  IT  Environment  (Core)  Quality  AVributes  (Core)  Human  Dynamics  (Core)  Design  (Core)                                                                                

Business  Architecture  (Specializa/on)  

ADVA

NCE

 Bo

ard  Pane

l  Interview

 AS

SOCIAT

E  FO

UNDA

TION  

BPI  

 IASA  CERTIFIED  MASTER  IT  ARCHITECT  (CITA-­‐M)  

     

Iasa  Cer6fica6on  Path  

ASSOCIATE  BUSINESS  ARCHITECT/  JUNIOR  BUSINESS  ARCHITECT  

Role  

Business  Analysts  System  Analysts  Project  Managers  Team  Leaders    Developers  

Sonware  Engineers  Solu6on  Specialists  

   

Database  Administrators  System  Engineers  Network  Engineers  Security  Specialists  

IT  Managers  SQA  Engineers  

Business  Consultants    

CITA  PROFESSIONAL  -­‐  BUSINESS  ARCHITECT/  CHIEF  BUSINESS  ARCHITECT/  

PRINCIPAL  BUSINESS  ARCHITECT/  SENIOR  BUSINESS  ARCHITECT  

     

 CITA  MASTER  -­‐  BUSINESS  ARCHITECT/  

GURU      

Business  Architect  Specializa6on  Career  Path  

EXAM  EXAM  EXAM  EXAM  

EXAM  

EXAM  

EXAM  

EXAM  

NC  -­‐  EXAM  

Page 39: AaronTan Security Final

IT  Architecture  Career  Path  

BUSINESS  Architect  

INFORMATION  Architect  

INFRASTRUCTURE  Architect  

SOFTWARE  Architect  

Page 40: AaronTan Security Final

ASSO

CIAT

E  FO

UNDA

TION  

ASSOCIATE  INFORMATION  ARCHITECT/  JUNIOR  INFORMATION  ARCHITECT  

Database  Analysts  Informa6on  Analysts  

Data  Analysts  User  Experience  Analysts  User  Interface  Designers  

Project  Leaders  Technical  Consultants  

   

Data  Warehouse  Specialist  Integra6on  Specialists  

Database  Administrators  Database  Designers  Datacenter  Engineers  

System  Analyst  Informa6on  Consultant  

   

CITA  PROFESSIONAL  INFORMATION  ARCHITECT/  CHIEF  INFORMATION  ARCHITECT/  

PRINCIPAL  INFORMATION  ARCHITECT/  SENIOR  INFORMATION  ARCHITECT  

   

 CITA  MASTER  INFORMATION  ARCHITECT/  

GURU      

Informa6on  Architect  Specializa6on  Career  Path  

IT  Architecture  Bootcamp  

IT  Architecture  Core  

 IASA  CERTIFIED  PROFESSIONAL  IT  ARCHITECT  (CITA-­‐P)  

     

Business  Requirement  Architecture  (BRA)  

Business  Technology  Strategy  (Core)  IT  Environment  (Core)  Quality  AVributes  (Core)  Human  Dynamics  (Core)  Design  (Core)  

Informa=on  Architecture  (Specializa/on)  

 IASA  CERTIFIED  MASTER  IT  ARCHITECT  (CITA-­‐M)  

     

Iasa  Cer6fica6on  Path   Role  

BPI  

BPI  

ADVA

NCE

 Bo

ard  Pane

l  Interview

 

EXAM  

EXAM  EXAM  EXAM  EXAM  EXAM  

EXAM  

EXAM  

NC  -­‐  EXAM  

Page 41: AaronTan Security Final

IT  Architecture  Career  Path  

BUSINESS  Architect  

INFORMATION  Architect  

INFRASTRUCTURE  Architect  

SOFTWARE  Architect  

Page 42: AaronTan Security Final

ASSO

CIAT

E  FO

UNDA

TION  

ASSOCIATE  INFRASTRUCTURE  ARCHITECT/  JUNIOR  INFRASTRUCTURE  ARCHITECT  

System  Engineers  Network  Engineers  Datacenter  Engineers  

BCP  Specialists  DR  Specialists  

Server  Engineers  Security  Engineers  

 

Team  Leaders  Infrastructure  Engineers  System  Configura6on  

Managers  System  Administrators  

System  Managers  System  Consultants  

   

CITA  PROFESSIONAL  INFRASTRUCTURE  ARCHITECT/  CHIEF  INFRASTRUCTURE  ARCHITECT/  

PRINCIPAL  INFRASTRUCTURE  ARCHITECT/  SENIOR  INFRASTRUCTURE  ARCHITECT  

   

 CITA  MASTER  INFRASTRUCTURE  ARCHITECT/  

GURU    

Infrastructure  Architect  Specializa6on  Career  Path  

IT  Architecture  Bootcamp  

IT  Architecture  Core  

 IASA  CERTIFIED  PROFESSIONAL  IT  ARCHITECT  (CITA-­‐P)  

     

Business  Technology  Strategy  (Core)  IT  Environment  (Core)  Quality  AVributes  (Core)  Human  Dynamics  (Core)  Design  (Core)  

Infrastructure  Architecture  (Specializa/on)  

 IASA  CERTIFIED  MASTER  IT  ARCHITECT  (CITA-­‐M)  

     

Iasa  Cer6fica6on  Path   Role  

BPI  

BPI  

EXAM  

EXAM  EXAM  EXAM  EXAM  EXAM  

EXAM  

EXAM  

ADVA

NCE

 Bo

ard  Pane

l  Interview

 

Page 43: AaronTan Security Final

IT  Architecture  Career  Path  

BUSINESS  Architect  

INFORMATION  Architect  

INFRASTRUCTURE  Architect  

SOFTWARE  Architect  

Page 44: AaronTan Security Final

IT  Architecture  Bootcamp  

IT  Architecture  Core  

 IASA  CERTIFIED  PROFESSIONAL  IT  ARCHITECT  (CITA-­‐P)  

     

Business  Requirement  Architecture  (BRA)  

Architec=ng  SoOware  with  Object  Oriented  Analysis  &  Design  (ASOOAD)  

Business  Technology  Strategy  (Core)  IT  Environment  (Core)  Quality  AVributes  (Core)  Human  Dynamics  (Core)  Design  (Core)  

SoOware  Architecture  (Specializa/on)  

 IASA  CERTIFIED  MASTER  IT  ARCHITECT  (CITA-­‐M)  

     

ASSO

CIAT

E  FO

UNDA

TION  

ASSOCIATE  SOFTWARE  ARCHITECT/  JUNIOR  SOFTWARE  ARCHITECT  

System  Analysts  Programmer  Analysts  Sonware  Engineers  Project  Leaders  Project  Managers  SQA  Managers  

Testers    

IT  Analysts  Sonware  Designers  Technical  Advisors  

Sonware  Consultants  Sonware  Configura6on  

Managers  Web  Analysts  

CITA  PROFESSIONAL  SOFTWARE  ARCHITECT/  CHIEF  SOFTWARE  ARCHITECT/  

PRINCIPAL  SOFTWARE  ARCHITECT/  SENIOR  SOFTWARE  ARCHITECT  

   

 CITA  MASTER  SOFTWARE  ARCHITECT/  

GURU    

Sonware  Architect  Specializa6on  Career  Path  

Iasa  Cer6fica6on  Path   Role  

NC  -­‐  EXAM  

NC  -­‐  EXAM  

EXAM  

EXAM  EXAM  EXAM  EXAM  EXAM  

EXAM  

EXAM  

BPI  

BPI  

ADVA

NCE

 Bo

ard  Pane

l  Interview

 

Page 45: AaronTan Security Final

TOGAF  Origins  

•  A customer initiative •  A framework, not an architecture

–  A generic framework for developing architectures to meet different business needs

–  Not a “one-size-fits-all” architecture

•  Originally based on TAFIM (U.S. DoD)

Page 46: AaronTan Security Final

ATDLearning  IT  Architects’  Career  path  

 CITA-­‐M  

CITA-­‐P  

IASA  Associate  Cer6fied  Level  1  &  2  

TOGAF  9  Level  1  &  2  

IT  Architecture  Core  

IT  Architecture  Bootcamp  For  all  IT  &  Business  Professionals    

For  Aspiring  IT  Architects  

For  Associate  IT  Architects  

For  Professional  IT  Architects  

For  Master  IT  Architects  

For  Aspiring  IT  Architects  

Page 47: AaronTan Security Final

Agenda  

Ø  The  context  of  IT  Architecture  

Ø  The  Top  5  Informa6on  security  breaches      Ø  How  ITABoK  addresses  IT  Security?      Ø  IT  Architect’s  Career  Path  

Ø  Conclusion  

Page 48: AaronTan Security Final

Architecture & Standard

Conclusion  

     The  IT  Architecture  excellent  must  be  accompanied  by  the  “Right”  IT  Security  Strategy  started  right  from  Business  Requirements  

 

Page 49: AaronTan Security Final

Thank You Q&A