Friday, April 17, 2009
Enterprise Architecture: Are hybrid approaches always useful?
Two guys are in a room discussing enterprise architecture. One is extremely overweight yet desires to be a horse jockey while the other is short and skinny and desires to play basketball in the NBA. The answer emerges where they eschew common sense for a hybrid solution...
The notion of conceptual integrity is a lost concept in most minds of enterprise architecture where consensus rules the day. We so often compromise on core principles and then wonder why things go awry down the road.
Can the enterprise be truly competitive if decisions are made on facts and logic where perception management is more important? Lately I have been brainstorming PCI compliance and believe that the best way to comply may be to create a company policy that states all servers in the datacenter will be immediately turned off upon the arrival of auditors.
I bet you didn't know that PCI/DSS requires code review as part of its process but doesn't require its auditors to even know how to code? Even if this requirement were put there, PCI only spends an entire fifteen minutes teaching its auditors how to look for worst practices.
This reminds me that I need to bullshit a few process weenies I know and convince them I did a proper code review. Maybe I can ask my seven and four year old sons to bless my code just before heading out the door to Chuck E. Cheeses. I bet they will be real thorough...
| | View blog reactionsThe notion of conceptual integrity is a lost concept in most minds of enterprise architecture where consensus rules the day. We so often compromise on core principles and then wonder why things go awry down the road.
Can the enterprise be truly competitive if decisions are made on facts and logic where perception management is more important? Lately I have been brainstorming PCI compliance and believe that the best way to comply may be to create a company policy that states all servers in the datacenter will be immediately turned off upon the arrival of auditors.
I bet you didn't know that PCI/DSS requires code review as part of its process but doesn't require its auditors to even know how to code? Even if this requirement were put there, PCI only spends an entire fifteen minutes teaching its auditors how to look for worst practices.
This reminds me that I need to bullshit a few process weenies I know and convince them I did a proper code review. Maybe I can ask my seven and four year old sons to bless my code just before heading out the door to Chuck E. Cheeses. I bet they will be real thorough...