AaronTan Security Final

IT Architecture Resilience in the face of the Storm

Aaron Tan Dani Founder and Chairman of IASA Asia Pacific

Co-Author of ITABOK (IT Architecture Body of Knowledge) [email protected]

Agenda

Ø  The context of IT Architecture

Ø  The Top 5 Informa6on security breaches Ø  How ITABoK addresses IT Security? Ø  IT Architect’s Career Path

Ø  Conclusion

Once upon a 6me, there were great architects among us…

They had built so many “wonders of the world”

Un6l one day disaster happened …

Challenges faced in forming American Ins6tutes of Architects (AIA)

•  In the beginning, there was no formal school of Architecture and also no Building Architect Profession • 1857 Associa=on was formed by 13 Building Architects and started off as New York Society of Architects (NYSA) • 1860 Chapters established in more ci=es across USA • 1867 Held the 1st Conven=on in New York City • 1880 Had 12 Chapters across city in USA (aOer 23 years) • 1884 Faced rival organiza=on by Western Associa=on of Architects but later both merged in 1889 to form AIA. It took them 32 years. •  hVp://www.aia.org/about/history/AIAB028819

•  Have seen too many large IT projects failed –  Minimum IT Architecture works –  Leave the IT Architecture works to most Junior staff

•  IT Architect works & roles have been overlooked –  No career path as an IT Architect –  IT Architects couldn’t find peers –  Want to BECOME AN IT ARCHITECT but don’t know how, none of

University offers Degree in IT Architecture

•  Issues Finding IT Architecture Resources –  Google Search Result for Books as of December 2010 =>

Marketing: ~29,000 – Publishing: ~171,000 – Building Architecture: 43,000 – Software or IT Architecture: ~700

The IASA Mo6va6on

IASA is The Global IT Architecture Professional Body •  Founded in 2002, IASA is the preeminent knowledge-‐based

associa=on focused on the IT Architecture profession with over 70,000 members globally

•  The IASA is non-‐profit and mostly volunteer •  The IASA is run by and for all IT architects -‐ Infrastructure

Architects, SoOware Architects, Business Architects and Informa=on Architects

•  The IASA is centrally governed, locally run & supported by Asian Government bodies i.e. KOSTA (Korean SoOware Technology Associa=on), SoOware Park Thailand, MDeC (Malaysian Development Corpora=on/Malaysia Super Corridor), IDA (Singapore Infocomm Development Authority), HKCS (Hong Kong Computer Society), etc.

•  The IASA is technology, plaborm, methodology and vendor agnos=c

8

IASA Thought Leaders & Fellows

•  Grady Booch – The father of Software Architecture •  John Zachman – The father of Enterprise

Architecture •  Bill Inmom – The father of Information Architecture •  Len Bass – The father of CMMi •  Eric Evans – The father of Domain Driven Design •  Angela Yochem – IASA Fellows & CIO of Dell •  Scott Ambler – The father of Agile Architecture

ScoV Ambler

IASA Events & Mee6ngs

The IT Architecture Formal Defini6on as defined by IASA What Are defini=ons of other Exis=ng Professions?

IT Architecture (IASA):

The art and science of designing and delivering valuable technology strategy for the business. i.e. the IT Architecture profession.

Medicine:

The art and science of trea=ng disease with drugs or cura=ve substances, as dis=nguished from surgery and obstetrics. i.e. the medical profession.

Building Architecture:

The art and science of designing and erec=ng buildings. i.e. the building architecture profession.

Agenda



Ø  Conclusion

No. 1… Informa6on Security Breach


Using Personal Email to send Work’s Related files


Files/data SHUFFLING to personal email/hard disk


Stolen or Lost of Devices/Notebook


Informa6on Leakages via Web Sites Outbound Post

Caused by: -‐ Careless Programming -‐  Wrong configura6on in one of the web server farm -‐  Ignorance of the important of informa6on/data, etc

Agenda



Ø  Conclusion

Formal Defini6on of BoK based on Wikipedia

Medical Profession / Doctor

Body of Knowledge in other Established Professions

Legal / Lawyers

How about IT Architect?

Seriously, who we are?

•  Super-developer? •  Super-Database Administrator? •  IT/Development Manager? •  Developer Lead with business competence? •  Business person with technical competence? •  Network and System Specialist with having business

sense and strong IT Infrastructure competence? •  IT person who bridges between business &

technology ? •  All of the above? •  Technology Strategist for the business?

So, Who is an IT Architect?

•  Strategic Architect (CTO/CIO) •  Security Architect •  Information/Data Architect •  Solutions Architect •  Infrastructure/Network Architect •  Software Architect •  Application Architect •  Business Architect •  User Experience Architect •  Enterprise Architect, etc

Various IT Architect Roles & What make us different compared to Engineer?

24

Introducing IT Architect Body Of Knowledge (ITABOK)

•  All specializations must be based on Foundation Body of Knowledge

•  Taxonomy includes 250 IT Skill Set Library

•  Skills must be practical, relevant and necessary

•  Taxonomy is versioned and maintained, Ver. 2.0 since November 2009

Founda=on Body of Knowledge

SoOware Architecture

Infrastructure Architecture

Informa=on Architecture

Business Architecture

Enterprise Architecture

Business Technology Strategy

IT Environment

Quality AVributes

Human Dynamics

Design

Quality Acributes Described

Founda=on Body of Knowledge

SoOware Architecture

Infrastructure Architecture

Informa=on Architecture

Business Architecture

Enterprise Architecture

Business Technology Strategy

IT Environment

Quality AVributes

Human Dynamics

Design

Ø  They represent horizontal concerns across all aspects of technology strategy and IT Architecture. Ø  They are the key in architec=ng and designing a robust system. Ø  They are affected by:

Ø  Times Ø  Cost Ø  Requirements Ø  Skilled Resources

Essen6al Very important

Somewhat important

Not very important

Not applicable

at all

Priority for Career Focus

General Quality Acribute skills (category ra6ng) 22.0% (87) 50.8% (201) 23.7% (94) 2.8% (11) 0.8% (3) 73% Monitoring and Management 21.3% (85) 50.9% (203) 23.3% (93) 4.5% (18) 0.0% (0) 72% IT Security 54.5% (217) 37.7% (150) 7.8% (31) 0.0% (0) 0.0% (0) 92% Balancing and Op6mizing Quality Acributes 29.6% (118) 54.6% (218) 14.8% (59) 1.0% (4) 0.0% (0) 84% Performance 40.9% (164) 48.4% (194) 10.0% (40) 0.7% (3) 0.0% (0) 89% Reliability, Availability, Scalability 59.1% (237) 37.2% (149) 3.7% (15) 0.0% (0) 0.0% (0) 96% Manageability, Maintainability 44.2% (176) 45.2% (180) 9.3% (37) 1.3% (5) 0.0% (0) 89% Extensibility, and Flexibility 44.1% (177) 50.1% (201) 5.0% (20) 0.7% (3) 0.0% (0) 94% Usability, Localiza6on, Accessibility, Personaliza6on 31.3% (123) 44.0% (173) 20.4% (80) 4.1% (16) 0.3% (1) 75%

Other (please list and describe) 6 answered ques=on 402 skipped ques=on 132

Quality Acributes – Survey Says

IT Security

•  IT Security covers a broad field cutting across all aspect of IT projects: –  Regularly review compliance

issues –  Guide technical teams in

security implementation –  Develop security strategy to

secure baseline •  Tools and resources:

–  Various securities tools from products to frameworks

–  Http://www.itsecurity.com

IT Architect Skills Analysis (0-‐10) 1.  I am aware of basic security principles

and concepts-‐ 2 pts 2.  I have studied security as a field – 3 pts 3.  I have used industry standard security

components on projects (NOT HTTPS) -‐ 4 pts

4.  I regularly review security infrastructure for the enterprise – 5 pts

5.  I lead the field in an aspect of security – 6 pts

Cost of not knowing 1.  Monetary loss from hackers 2.  Poor customer rela=ons

3.  Regulatory compliance maVers

Performance

•  Facts about performance: –  Performance is expensive –  Everyone wants more than they

need –  No one gives accurate

requirements –  It has a direct customer impact

•  Always get a concurrency and performance count before you create an IT Architecture solution

•  Tools and resources: –  Code analysis –  Performance testing suites

IT Architect Skills Analysis (0-‐10) 1.  I am aware of the elements of

enterprise performance-‐ 2 pts 2.  I have used numerous

performance tools – 4 pts 3.  I have led the adop=ons of

performance standards -‐ 5 pts 4.  I regularly mentor teams on

performance analysis and delivery– 6 pts

5.  I impact the industry understanding of performance capabili=es – 6 pts

Cost of not knowing 1.  Huge customer impact 2.  IT become stopper to business

opera=ons

Example of Quality Acributes Trade Off

Given a specific Time, Cost, Requirement and Resources, below are some of the Quality AVributes metrics:

Agenda



Ø  Conclusion

The Industry needs more IT Architects – 2010 The Best Job in US is Sonware Architect among other 100 Jobs

32

IT Architect Seniority in par with the Highest Level in IT Management

33

hVp://www.computerworld.com/spring/salary-‐survey/2011/job_level/5

THREE out of Six Hocest New Jobs in IT are Architects

34

hVp://www.infoworld.com/t/informa=on-‐technology-‐careers/the-‐6-‐hoVest-‐new-‐jobs-‐in-‐it-‐052?page=0,0

IT Architecture – the Highest Industry Growth

35

In July 2011, Robert Half highlighted that IT Architecture sectors are at the highest industry growth by Mr. Steven McGowan, Director of Robert Half Technology Robert Half is the Global leader in Professional

Staffing Services since 1948 with the 2010 revenue of US$3.1billion and 13,000 employees hVp://www.eventsta=on.sg/ipdf2011/slides/Talent%20Mangement%20and%20AVrac=on%20-‐%20Next%20Genera=on%20Infocomm%20Professionals.pdf

IT Architect Career Map Defined

IT Architecture Career Path

BUSINESS Architect

INFORMATION Architect

INFRASTRUCTURE Architect

SOFTWARE Architect

IT Architecture Bootcamp

IT Architecture Core

IASA CERTIFIED PROFESSIONAL IT ARCHITECT (CITA-‐P)

BPI

Business Requirement Architecture (BRA)

Business Process Architecture Redesign & Strategy (BPARS) NC -‐ EXAM

Business Technology Strategy (Core) IT Environment (Core) Quality AVributes (Core) Human Dynamics (Core) Design (Core)

Business Architecture (Specializa/on)

ADVA

NCE

Bo

ard Pane

l Interview

AS

SOCIAT

E FO

UNDA

TION

BPI

IASA CERTIFIED MASTER IT ARCHITECT (CITA-‐M)

Iasa Cer6fica6on Path

ASSOCIATE BUSINESS ARCHITECT/ JUNIOR BUSINESS ARCHITECT

Role

Business Analysts System Analysts Project Managers Team Leaders Developers

Sonware Engineers Solu6on Specialists

Database Administrators System Engineers Network Engineers Security Specialists

IT Managers SQA Engineers

Business Consultants

CITA PROFESSIONAL -‐ BUSINESS ARCHITECT/ CHIEF BUSINESS ARCHITECT/

PRINCIPAL BUSINESS ARCHITECT/ SENIOR BUSINESS ARCHITECT

CITA MASTER -‐ BUSINESS ARCHITECT/

GURU

Business Architect Specializa6on Career Path

EXAM EXAM EXAM EXAM

EXAM

EXAM

EXAM

EXAM

NC -‐ EXAM


BUSINESS Architect



SOFTWARE Architect

ASSO

CIAT

E FO

UNDA

TION

ASSOCIATE INFORMATION ARCHITECT/ JUNIOR INFORMATION ARCHITECT

Database Analysts Informa6on Analysts

Data Analysts User Experience Analysts User Interface Designers

Project Leaders Technical Consultants

Data Warehouse Specialist Integra6on Specialists

Database Administrators Database Designers Datacenter Engineers

System Analyst Informa6on Consultant

CITA PROFESSIONAL INFORMATION ARCHITECT/ CHIEF INFORMATION ARCHITECT/

PRINCIPAL INFORMATION ARCHITECT/ SENIOR INFORMATION ARCHITECT

CITA MASTER INFORMATION ARCHITECT/

GURU

Informa6on Architect Specializa6on Career Path






Informa=on Architecture (Specializa/on)


Iasa Cer6fica6on Path Role

BPI

BPI

ADVA

NCE

Bo

ard Pane

l Interview

EXAM

EXAM EXAM EXAM EXAM EXAM

EXAM

EXAM

NC -‐ EXAM


BUSINESS Architect



SOFTWARE Architect

ASSO

CIAT

E FO

UNDA

TION

ASSOCIATE INFRASTRUCTURE ARCHITECT/ JUNIOR INFRASTRUCTURE ARCHITECT

System Engineers Network Engineers Datacenter Engineers

BCP Specialists DR Specialists

Server Engineers Security Engineers

Team Leaders Infrastructure Engineers System Configura6on

Managers System Administrators

System Managers System Consultants

CITA PROFESSIONAL INFRASTRUCTURE ARCHITECT/ CHIEF INFRASTRUCTURE ARCHITECT/

PRINCIPAL INFRASTRUCTURE ARCHITECT/ SENIOR INFRASTRUCTURE ARCHITECT

CITA MASTER INFRASTRUCTURE ARCHITECT/

GURU

Infrastructure Architect Specializa6on Career Path





Infrastructure Architecture (Specializa/on)



BPI

BPI

EXAM


EXAM

EXAM

ADVA

NCE

Bo

ard Pane

l Interview


BUSINESS Architect



SOFTWARE Architect





Architec=ng SoOware with Object Oriented Analysis & Design (ASOOAD)


SoOware Architecture (Specializa/on)


ASSO

CIAT

E FO

UNDA

TION

ASSOCIATE SOFTWARE ARCHITECT/ JUNIOR SOFTWARE ARCHITECT

System Analysts Programmer Analysts Sonware Engineers Project Leaders Project Managers SQA Managers

Testers

IT Analysts Sonware Designers Technical Advisors

Sonware Consultants Sonware Configura6on

Managers Web Analysts

CITA PROFESSIONAL SOFTWARE ARCHITECT/ CHIEF SOFTWARE ARCHITECT/

PRINCIPAL SOFTWARE ARCHITECT/ SENIOR SOFTWARE ARCHITECT

CITA MASTER SOFTWARE ARCHITECT/

GURU

Sonware Architect Specializa6on Career Path


NC -‐ EXAM

NC -‐ EXAM

EXAM


EXAM

EXAM

BPI

BPI

ADVA

NCE

Bo

ard Pane

l Interview

TOGAF Origins

•  A customer initiative •  A framework, not an architecture

–  A generic framework for developing architectures to meet different business needs

–  Not a “one-size-fits-all” architecture

•  Originally based on TAFIM (U.S. DoD)

ATDLearning IT Architects’ Career path

CITA-‐M

CITA-‐P

IASA Associate Cer6fied Level 1 & 2

TOGAF 9 Level 1 & 2


IT Architecture Bootcamp For all IT & Business Professionals

For Aspiring IT Architects

For Associate IT Architects

For Professional IT Architects

For Master IT Architects

For Aspiring IT Architects

Agenda



Ø  Conclusion

Architecture & Standard

Conclusion

The IT Architecture excellent must be accompanied by the “Right” IT Security Strategy started right from Business Requirements

Thank You Q&A

Documents

AaronTan Security Final