Telework breathes new life into old idea
Enterprise architecture can provide real value to cloud, security and other efforts
Enterprise architecture may be an old warhorse in infomation technology terms, but it can provide real value for shiny new initiatives in such things as cloud computing, cybersecurity and telework. That was one of the messages from EA practitioners speaking at this week's Enterprise Architecture Conference and Exhibition 2010 in Washington, D.C.
The conference was sponsored by 1105 Government Information Group and its education partners the FEAC Institute and The Department of Agriculture’s Graduate School.
Enterprise architectures are blueprints for systematically defining an organization’s current or desired environment. The goal of EA is to provide a roadmap for agencies to achieve their missions through optimal performance of business processes within an efficiently operated IT environment. Often that end result has not been realized in many agencies.
A challenge to enterprise architects: Think innovation
“If you are an EA practitioner and you have to justify EA or communicate EA [to senior management] then you have a structural organizational problem within your agency,” said Avi Bender, chief technology officer with the Census Bureau.
EA is fundamental, he said. Just as a house starts with an architect's design, agencies need a sound architecture in place that builds on their existing infrastructure and aligns it where the industry is going, he said.
EA practitioners are usually seen as the staid managers reponsible for ensuring their agencies adhere to Congressional mandates and Office of Management and Budget directives, he said. But now with initiatives such as cloud computing, they are being asked to think in new ways. Cloud computing provides on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Bender advised enterprise architects to not get caught up in definitions regarding cloud computing, but to focus on what they want to accomplish.
The business intent of initiatives such as service-oriented architecture and utility or on-demand computing is to achieve secure environments, drive operation efficiencies, save costs and to have a more agile infrastructure able to adapt to changing requirements. The underlying business intent hasn’t changed. So enterprise architects should be a bridge between the business intent and the computing delivery models of cloud computing– infrastructure-as-a-service, platform-as-a-service and software-as-a- service, Bender said.
To aid in the prevention of cyber attacks enterprise architects can help ensure that security is built into the architecture and system design rather than bolted on afterwards, said Lee Rock, director of the U.S. Computer Emergency Response Team with the Homeland Security Department. U.S. CERT leads and coordinates efforts to improve the nation’s cyber security posture and promotes cyber information sharing.
“As enterprise architects, we need you to design system state monitoring as a core function of systems,” Rock said. “We need to have an ability, as part of enterprise architecture, to know when the state of [system] changes” from what is normal to abnormal."
Think about the environment as a whole, not as a set of components, Rock advised EA practitioners, noting that security operators need to see how various things inter-play within each other within an enterprise
EA is starting to play a vital role in the planning and governing of strategic IT decisions such as implementing telework solutions for agencies, said Andrew Blumenthal, chief technology officer with the Bureau of Alcohol, Tobacco, and Firearms, who moderated a panel discussion on the topic
“Five years ago, no one would have thought that enterprise architecture would inform the discussion on telework,” he said. EA was still a compliance-only mechanism and didn’t have a real seat at the decision table. However, its strategic benefit is more recognized today, he said.
Project management, which includes disciplines such as enterprise architecture, is critical to a successful implementation of telework programs, said Rod Turk, director of organizational policy and governance and chief information security officer with the U.S. Patent and Trademark Office. It is also important to consider the risks involved with letting federal employees work from home.
Currently, 5,654 USPTO employees telework, communicating with peers and managers via a secure, multimedia virtual private network that allows for encryption of data and two-factor authentication.
“Architecture is going to dictate how you are going to solve telework problems –what type of technology you use,” Turk said.
From a security perspective he is concerned about the architecture because “you can’t secure what you don’t know you have,” Turk said. An enterprise architecture can help in establishing secure baselines and understanding where people are going within your network, he said.
Telework among agencies received a boost from Congress after a record-breaking snow storm forced the federal government to close for six days in February. The House passed the Telework Improvement Act of 2010 in July and the Senate passed similar legislation in May. The legislation awaits President Obama’s signature.
Turk predicted that there will be "telejobs" in the future, rather than telework. The subtle difference is that telework is viewed as “an exotic thing that is periodically done from home.” A telejob is a position designed from the start to be done from a remote location, he said.