Saturday, July 12, 2008
It's 2008: Is enterprise architecture still a joke?
My previously posted opinion needs further expansion as others such as Brenda Michelson, Robert McIlree and Richard Veryard have all missed something very key when it comes to understanding the value of enterprise architecture.
As an enterprise architect, I can say that my value proposition varies depending on the day, the problem space and the team I am working with. The key takeway is that it can't be measured purely based on activity as there are days, weeks and even months where I am very busy socializing concepts to others within IT that may or may not result in long-term business value. Likewise, there are times when measured from the perspective of time, I put little effort into it and it has had a profound impact. Enterprise architecture likewise, shouldn't be measured based on artifacts since many enterprise architects are great at creating reference architectures, repositories under the guise of knowledge management, etc but most of this stuff becomes shelfware. Most artifact oriented stuff in large enterprises goes wasted not because of quality but the time required in order to consume.
So, this begs the question of how enterprise architecture should be measured. For me, I think it is actually simple yet in order to keep it simple, you can't use a template approach to measuring it. Consider the fact that my particular agenda is focused on software development and security. I need to ensure that we improve the security of all software developed as protecting customer information is a fiduciary duty that your customers expect. The way I should be measured is not whether some arbitrary perception-oriented executive understands all of the security challenges, but whether I have in a measurable way improved the quality of the IT ecosystem. This can be measured in a variety of ways.
Consider the notion of federated identity. It is not just about single signon but can enable better security for your business partners as well. If thousands of people who are employed within hundreds of other enterprises need to access our systems and I can make this happen without propagating worst practices of identity management provisioning with fugly username/password credentials then not only our security has improved but the entire ecosystem is also made stronger. Likewise, there are tools that can measure the quality of source code within an enterprise. Static analysis tools from vendors such as Ounce Labs, Coverity and so on. Minimally, the trend of code can be measured.
Enterprise architecture at its worst is insular and looks to serve itself vs focusing on the enablement of the strategic intent of the business which is increasing done by collaborating with business partners on the outside. So, if an enterprise architect isn't participating (distinct from just attending) user group meetings that help propel the ecosystem forward, then the enterprise architecture does suffer. For example, if we want to improve the security of our IT systems yet we are also pontificating buy-vs-build, this means that enterprise architects need to work with software vendors, outsourcing firms, etc on building security in. When those two truths are combined, internal insular perception management is a secondary consideration.
Enterprise architects should participate in not just internal standards but outside bodies as well. One of the most wonderful experiences that I had was to work with architects from USAA, AIG, Progressive and others to come up with standards for online insurance coverage verification. The use case is that various state department of motor vehicles needed a consistent way to interface with insurance carriers to valid that insurance is in place. The architects across companies didn't argue their own agendas and in fact worked diligently to ensure that the WSDL was 100% the same for each and every carrier. I remember one carrier having a problem with WSDL handling on a .NET platform while others were already successfully implemented. Did you know we changed the WSDL for this one carrier and reimplemented our own just to stick to the principle of being consistent. Benefiting the ecosystem pays tons of dividends.
Another measure of enterprise architecture should be how well managed is the enterprise spend. Has anyone looked at how much money is being spent on compliance nowadays? Enterprises are spending a lot of money on tactical considerations and few have figured out how to think more strategically in this space. For example, identity management tools are hot and enterprises are spending millions of dollars implementing them as part of SoX controls yet few enterprise architects have figured out how to leverage this strategic investment for other purposes...
Links to this post: