Session 7 - InfoSecurity-ITArchitecture - Alecia Heng

The use, disclosure, reproduction, modification, transfer, or transmittal of this work without the written permission of IASA is strictly prohibited. © IASA 2010

Alecia Heng

Vice President of Education, IASA Asia Pacific

E: [email protected]

W: http://www.iasahome.org

IT Architecture Resilience in the face of the Storm

mailto:[email protected]

http://www.iasahome.org/


Agenda

The context of IT Architecture

The Top 5 Information security breaches

How ITABOK addresses IT Security?

Conclusion


IT Architecture Landscape based on F-T-S

• Most of IT Architecture based on Frameworks and Technologies are required to re-learn & re-certify for every new releases AND typically Technology, Platform & Vendor specific

• The IASA IT Architecture Training, Certification & Career Path are based on ITABOK - IT Architecture Skills Sets

3

IT Architecture Frameworks e.g.: TOGAF, DODAF, MODAF, FEAF,

Zachman Enterprise Architecture Framework, etc

FExistin

g

IT Architecture Technologies e.g.: IBM Technology, Cisco Technology,

Oracle Technology, Microsoft Technology, Database Technology,

Java & .NET Platforms, etcT

Existing

IT Architecture Skill Sets by IASA and based on ITABOK i.e. IT Architecture

Body of KnowledgeSNewSince 2009


The Analogy of IT Architecture F-T-S with World of Music

4

• By having the right IT Architecture skills, one can create their own IT Architecture Frameworks and adopt the right technologies & platforms

• IT Architecture skills provide life long Learning and journey

IT Architecture Frameworks Analogy:Various Musical Styles e.g. Pop, Jazz, Classical, Rocks, Traditional, Disco, etcFIT Architecture Technologies Analogy:

Various Musical Instruments e.g. Drums, Flute, Guitar, Piano, Violin, etcT

IT Architecture Skill Sets Analogy:Music skills that allow you to

compose songs, play music, adopt musical style and choose musical

instruments S


IT Challenges: Understanding Business Requirements P

hysic

al W

orl

dIT

Wo

rld

5


IT Challenges: Communicating Design

“IF YOU CAN NOT DESCRIBE IT, THEN YOU CANNOT IMPLEMENT IT !!!”

6


The Intractable Challenges in typical IT Project

IT Systems/

Applications

IT

Infrastructure

Architecture

Blueprint

IT

Governance

Business

Strategy

IT

Architecture

Strategy

Business Strategy:

- Not promises

- Not about What to do

- Focus on How to do

- Have execution plan

- Continues validation and

verification

Business, User &

Functional

Requirements

7


IT Systems Challenges: Many Islands of IT Projects

8

Project 1

Project Team 1

Project 2

Project Team 2

Project 3

Project Team 3

Project n…

Project Team n…

EAI Project

EAI Project A

EAI Project B


60%-70%The rate of IT projects failed in some way (Standish & Gartner Report)

IT Project Failures are Norm in our Industry?

9

66%The rate of miscommunication between business and IT that caused IT projects failure, costing U.S. businesses at least $30 billion every year. (Forrester Research)


The IT Architecture Formal Definition by IASA

Refer to definition of other Existing Professions?

IT Architecture (IASA):

The art and science of

designing and

delivering valuable

technology strategy for

the business. i.e. the

IT Architecture

profession.

Medicine:


treating disease with

drugs or curative

substances, as

distinguished from

surgery and obstetrics. i.e.

the medical profession.

Building Architecture:


designing and

erecting buildings. i.e.

the building

architecture

profession.

10


IT Architecture Body Of Knowledge enables IT Architect as Technology Strategist for the Business

Foundation Body of Knowledge

Software Architecture

InfrastructureArchitecture

Enterprise Architecture

Business Technology Strategy

IT Environment

Quality Attributes

Human Dynamics

Design

Information Architecture

BusinessArchitecture

11

Competitive Advantage

Business Network

Valuable Assets

Economy Factor

Unique Posture Capability

RobustnessRelevancy

Alignment


Addressing IT & Business Challenges by IT Architecture

“Agility" is the ability of an organization to sense

environmental change, and respond efficiently and effectively

to that change.”

AwarenessRight Information

Knowing what

is going on

ProductivityRight Processes

And Operations

Executing Well

Day-to-day

FlexibilityRight Options

Confronting

Expected

Change

AdaptabilityRight Reactions

Confronting

Unexpected

Change

IT

&

Business

Agility

12

Information

Architecture

Software

Architecture

Infrastructure

ArchitectureBusiness

Architecture


Who Can Become an IT Architect? (yesterday)

• Anyone who has more than 10 years of IT project implementation experience

• Has performed various IT roles such as developer, system analyst, project manager, network/server engineer, PMO, CTO, etc

• Failed in couple of large IT projects and burned millions of dollars without being put to jail

13


Who Can Become an IT Architect? (today)

• Anyone who has some interest to become an IT Architect and having to understand the Values of business and technology relationship

• With ITABOK, you DO NOT have to be 10 years IT experiences NOR

o be a programmer

o be in IT expert

o be gifted

o be old14


Agenda




Conclusion


No. 1… Information Security Breach



Using Personal Email to send Work’s Related files



Files/data SHUFFLING to personal email/hard disk



Stolen or Lost of Devices/Notebook



Information Leakages via Web Sites Outbound Post


Agenda




Conclusion


Medical Profession/ Doctor

Body of Knowledge in other Established Professions

Legal / Lawyers


Foundation Body of Knowledge

Software Architecture

InfrastructureArchitecture

Enterprise Architecture

Business Technology Strategy

IT Environment

Quality Attributes

Human Dynamics

Design

Information Architecture

BusinessArchitecture

Quality Attributes Described

They represent

horizontal concerns across

all aspects of technology

strategy and IT

Architecture.

They are the key in

architecting and designing

a robust system & affected

by:

Times

Cost

Requirements

Skilled Resources


EssentialVery

importantSomewhat important

Not very important

Not applicable

at all

Priority for Career Focus

General Quality Attribute skills (category rating)

22.0% (87) 50.8% (201) 23.7% (94) 2.8% (11) 0.8% (3) 73%

Monitoring and Management 21.3% (85) 50.9% (203) 23.3% (93) 4.5% (18) 0.0% (0) 72%

IT Security 54.5% (217) 37.7% (150) 7.8% (31) 0.0% (0) 0.0% (0) 92%

Balancing and Optimizing Quality Attributes 29.6% (118) 54.6% (218) 14.8% (59) 1.0% (4) 0.0% (0) 84%

Performance 40.9% (164) 48.4% (194) 10.0% (40) 0.7% (3) 0.0% (0) 89%

Reliability, Availability, Scalability 59.1% (237) 37.2% (149) 3.7% (15) 0.0% (0) 0.0% (0) 96%

Manageability, Maintainability 44.2% (176) 45.2% (180) 9.3% (37) 1.3% (5) 0.0% (0) 89%

Extensibility, and Flexibility 44.1% (177) 50.1% (201) 5.0% (20) 0.7% (3) 0.0% (0) 94%Usability, Localization, Accessibility, Personalization

31.3% (123) 44.0% (173) 20.4% (80) 4.1% (16) 0.3% (1) 75%Other (please list and describe) 6

answered question 402skipped question 132

Quality Attributes – Survey Says


IT Security

• IT Security covers a broad field cutting across all aspect of IT projects:

– Regularly review compliance issues

– Guide technical teams in security implementation

– Develop security strategy to secure baseline

• Tools and resources:

– Various securities tools from products to frameworks

– Http://www.itsecurity.com

IT Architect Skills Analysis (0-10)

1. I am aware of basic security principles and concepts- 2 pts

2. I have studied security as a field – 3 pts

3. I have used industry standard security components on projects (NOT HTTPS) - 4 pts

4. I regularly review security infrastructure for the enterprise – 5 pts

5. I lead the field in an aspect of security – 6 pts

Cost of not knowing

1. Monetary loss from hackers

2. Poor customer relations

3. Regulatory compliance matters

Http://www.itsecurity.com


Performance

• Facts about performance:

– Performance is expensive

– Everyone wants more than they need

– No one gives accurate requirements

– It has a direct customer impact

• Always get a concurrency and performance count before you create an IT Architecture solution

• Tools and resources:

– Code analysis

– Performance testing suites

IT Architect Skills Analysis (0-10)

1. I am aware of the elements of enterprise performance- 2 pts

2. I have used numerous performance tools – 4 pts

3. I have led the adoptions of performance standards - 5 pts

4. I regularly mentor teams on performance analysis and delivery– 6 pts

5. I impact the industry understanding of performance capabilities – 6 pts

Cost of not knowing

1. Huge customer impact

2. IT become stopper to business operations


Example of Quality Attributes Trade Off’

Given a specific Time, Cost, Requirement and Resources, below are some of the Quality Attributes metrics:


Agenda




Conclusion


The Industry needs IT Architects – 2010 The Best Job in the US is Software Architect among Top 100 Jobs

29


IT Architect Seniority in par with the Senior Level of IT Management

30

http://www.computerworld.com/spring/salary-survey/2011/job_level/5





IT Architect Career Map Defined by IASA


IT Architecture & Standard Practices

Conclusion

The IT Architecture excellent must be accompanied by the “Right” IT Security Strategy started right from Business Requirements


Thank You and Q&A

33

Documents

Session 7 - InfoSecurity-ITArchitecture - Alecia Heng