Standing Up an Enterprise Architecture Center of Excellence and a Certification Program at Your University

EXECUTIVE SUMMARY

This article proposes the establishment of a Center for Operations, Research and Education (CORE) at your university. CORE would be a team of people that proactively and holistically help achieve university’s business outcomes. Its mission would be to provide comprehensive educational programs in Enterprise Architecture, conduct research and use this research to help transform the university.

For this article, the strategic direction and cultural factors in relationship to operations, research and education in Enterprise Architecture are considered. We assume status quo in regards to your university’s culture for this assessment, specifically the perception of Information Technology. The following table shows what we considered:

  Operations Research Education
Current State (Observations)
  • No one is responsible for Enterprise Architecture
  • No research is being conducted in this field
  • No comprehensive program in Enterprise Architecture
Future State (Recommendations)
  • CORE would be independent of your university’s President
  • Rotating leadership where every school, department and division has the opportunity to lead CORE
  • Conduct research by partnering with other elite institutions
  • Begin by providing a graduate certification program
  • Aim for providing Bachelor’s, Master’s and executive programs in the future

This assessment reveals that currently where Enterprise Architecture is placed in the organization, it will not be able to provide the organizational transformational value that is aspires to provide. Additionally, your university should start providing comprehensive programs in this field otherwise they would be left behind other educational institutions that are already moving in this direction.

1. ANALYSIS

This section provides an analysis of standing up CORE from an operational, research and educational prospective.

Assumptions

  1. Your university’s executive management would support this effort
  2. All university communities would help transform it to achieve operational excellence
  3. Perception of IT would not change instantly

1.1 What is Center of Excellence?

According to Tarek M. Khalil et al. (2001), within an organization, a Center of Excellence may refer to a group of people, a department or a shared facility. It may also be known as a Competency Center or a Capability Center. The term may also refer to a network of institutions collaborating with each other to pursue excellence in a particular area.

1.2 What is Enterprise Architecture?

Due to the evolving nature of this field, there are many academic and practitioner definitions of what is Enterprise Architecture. For our purposes we will use the one definition from the glossary on Gartner’s website that states Enterprise Architecture as a discipline for proactively and holistically leading enterprise responses to disrupt forces by identifying and analyzing the execution of change toward desired business vision and outcomes. Enterprise Architecture delivers value by presenting business and Information Technology (IT) leaders with signature-ready recommendations for adjusting policies and projects to achieve target business outcomes that capitalize on relevant business disruptions. Enterprise Architecture is used to steer decision-making toward the evolution of the future state architecture.

In a nutshell, “Enterprise Architecture bridges the Business and Information Technology via enterprise integration/standardization resulting in people becoming more efficient and effective in achieving their objectives.” Kevin Smith (2010)

It should be noted that Enterprise Architecture is not an Information Technology endeavor but in fact it sits in between Business and IT and works across organizational silos.

1.3 What is CORE?

If we combine the two definitions above then a definition for center of excellence in enterprise architecture emerges which is a team of people that proactively and holistically helps achieve business outcomes. For your university and breadth of this center’s agenda, it would be called Center for Operations, Research and Education (CORE).

1.4 What is the Operational Perspectives?

1.4.1 Why should Your University Pay Attention to Enterprise Architecture?

One of the biggest proponents and users of Enterprise Architecture is the most powerful office in the world – The White House. The United States Federal Government has been using Enterprise Architecture for more than a decade and continues to see it as a way to look across organizational silos.

What this means for your university is that, huge organizations are trying to improve their operations and they are turning towards Enterprise Architecture to help them do that. Your university can tap into this, apply Enterprise Architecture effectively and perhaps get involved in Enterprise Architecture discussions for organizational improvements. This involvement could also translate into future research grants and job opportunities for students.

1.4.2 Why putting Enterprise Architecture under Information Technology is Not a Good Idea?

All organizations are a composition of many cultures and subcultures. Some of these cultures develop over time and then become part of the routine mentality of an organization. Your university is not immune from this. In order to understand the perception of Information Technology at your university, look at how the university’s strategic plans were developed. Was Information Technology involved/invited to help in the development of your university’s strategic plan?

If not, then this is a cultural issue and often the cause of misalignments within organizations. Whenever Information Technology is not involved in strategic planning, it gives the perception that Information Technology is not important, it is just a commodity and it is just back office activities. This lack of involvement is the reason that according to the 2013 Chief Information Officer ‘State of the CIO’ survey, “63% [of the respondents] say the majority of their time and focus is spent on aligning Information Technology initiatives with business goals.” This shows there are gaps in aligning Business and Information Technology. This alignment can be achieved through Enterprise Architecture. According to a Gartner study (G00146809), Business-Information Technology alignment is the primary driver for Enterprise Architecture as shown below:

Primary Driver for Enterprise Architecture

Taking into consideration the current culture at your university, placing Enterprise Architecture under Information Technology would not make sense. If Enterprise Architecture continues to be placed under Information Technology then at your university Enterprise Architecture would be perceived as an “Information Technology thing”. This perception would defeat the overarching purpose of Enterprise Architecture. Enterprise Architecture needs to have a holistic understanding of your university going beyond Information Technology. A Gartner study (G00245986) supports this thought of Enterprise Architecture going beyond Information Technology as shown below:

Enterprise Architecture beyond IT

From the above figure, we can learn that while technology is a consideration in Enterprise Architecture but it is certainly not the only aspect that needs to be considered. A well-run CORE at your university would consistently produce qualitative and quantitative for both Business and IT. Some of examples of these are:

  • Qualitative Benefits
    • Improved Communications Across Organizational Silos
    • Increased Productivity
    • Efficient Portfolio Management
    • Effective Business Intelligence
  • Quantitative Benefits
    • Reduced Costs
    • Revenue Generation

1.4.3 What are the Maturity Levels for Enterprise Architecture?

According to a Gartner study (G00252206), it outlines the five levels of Enterprise Architecture maturity shown below:

Enterprise Architecture Levels of Maturity.png

What this means is that a lot of work needs to be done in this area and your entire university has to be involved in it so that it can be used effectively across organizational boundaries.

1.4.4 How will CORE Measure its Success?

From an operational prospective, a Gartner study (G00247593) indicates the following ways to align Enterprise Architecture to strategic business initiatives:

Align Enterprise Architecture to Strategic Business Objectives

At your university, success of Enterprise Architecture would depend upon how it can help your university transform itself to achieve its strategic visions.

1.5 What are the Educational and Research Perspectives?

1.5.1 Is Enterprise Architecture Taught at Your University?

Are Enterprise Architecture courses taught at your university in various schools (e.g., business school, engineering school, professional studies school etc.)? If yes, do you know if these schools at your university are talking to each other about Enterprise Architecture? If not, then there is no comprehensive Enterprise Architecture program at your university. From this observation, we can decipher that although Enterprise Architecture might be part of certain programs but overall it is fragmented at your university.

1.5.2 Why Should Your University Teach or Do Research in Enterprise Architecture?

In order to be an elite institution, your university needs to look at what other elite institutions are doing, assess what programs they offer and what kinds of research they are pursuing. Your university should then look at how these programs can be stood up.

For the purpose of this article, we will only focus on the institutions that teach, conduct research and/or have comprehensive programs in Enterprise Architecture. These include:

  Institutions Name Country
1 Harvard University USA
2 Massachusetts Institute of Technology USA
3 Dartmouth College USA
4 Carnegie Mellon USA
5 Pennsylvania State University USA

2. Recommendations

Due to the importance of Enterprise Architecture as a catalyst in organizational transformation, in the current culture at your university, CORE should not be under IT. CORE’s mission is to help your university continuously evolve, conduct/use research and provide comprehensive educational programs. It should be an interdisciplinary entity whose members include all schools, divisions and departments of your university. Thus, it should be placed where it has the most influence as shown below:

CORE at your university.png

CORE should start as a chartered center initially led by School of Business and in collaboration with Engineering School, Professional Studies School and IT. Within the first year this would develop relationships across all the university.

CORE’s leadership should be on a rotating basis where each school, department and division of your university has the opportunity to lead CORE for at least 1 year. This will create an atmosphere of collaboration and help break down organizational silos. This governance structure would also encourage participants to be actively involved in CORE’s advancement and they can use it to also enhance their own schools, divisions and departments.

In regards to education and research, CORE should develop a graduate certificate program with the goal of creating Bachelor’s, Master’s and executive programs in the future.

References:

  1. Tarek M. Khalil; L.A. Lefebvre; Robert McSpadden Mason (2001). Management of Technology: The Key to Prosperity in the Third millennium: Selected Papers from Ninth International Conference on Management of Technology, Emerald Group Publishing, pp.164
  2. IT Glossary, Enterprise Architecture, http://www.gartner.com/it-glossary/enterprise-architecture-ea/
  3. Kevin Smith (2010), Pragmatic EA: The 160 Character Challenge, Version 1.3, pp.12
  4. White House (2012), http://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/common_approach_to_federal_ea.pdf
  5. CIO Magazine (2013), ‘State of the CIO’ Survey, pp.4
  6. Robert A. Handler (2007). Key Issues for Enterprise Architecture. Retrieved from Gartner database.
  7. Julie Short (2013). Agenda Overview for Enterprise Architecture. Retrieved from Gartner database.
  8. Chris Wilson (2013). ITScore Overview for Enterprise Architecture. Retrieved from Gartner database.
  9. Betsy Burton (2013). EA Business Value Metrics You Must Have Today . Retrieved from Gartner database.
  10. Harvard University, IT for Management, http://hbsp.harvard.edu/list/it-for-management-toc
  11. Massachusetts Institute of Technology, Center for Information Systems Research, http://cisr.mit.edu/research/research-overview/classic-topics/enterprise-architecture/
  12. Dartmouth College, Auburn Cyber Research Center, http://www.ists.dartmouth.edu/events/abstract-hamilton.html
  13. Carnegie Mellon, Institute for Software Research, http://execed.isri.cmu.edu/elearning/enterprise-architecture/index.html
  14. Pennsylvania State University, Center for Enterprise Architecture, http://ea.ist.psu.edu

5 Questions to Ask About Prescriptive Analytics

Prescriptive Analytics is used for performance optimization. This optimization is accomplished by using a variety of statistical and analytical techniques to identify the decisions that need to be taken in order to achieve the desired outcomes. The data sources used for the determination of outcomes can range from structured data (e.g., numbers, price points etc.), semi-structured data (e.g., email, XML etc.) and unstructured data (e.g., images, videos, texts etc.).

If done correctly, Prescriptive Analytics is the Holy Grail of analytics. However, if done incorrectly, it can result in misinformed decisions that can be outright dangerous. Individuals and organizations have to understand that even if the data is correlated that does not mean that there is some sort of causation. A general example of this is when in a news report, the host(s) says that survey has shown that x is correlated with y but then they go on how y was caused due to x. This is simply what I call “jumping the data gun” and organizations that are not aware of this can fall into this trap.

Another thing to be aware of is that after the Prescriptive Analytics gives you certain courses of action and you apply those actions, keep track of how well your Prescriptive Analytics is performing as well. In other words, you have to measure the performance of your performance optimization ways. The reason to do this is because over time you can see if the models presented by your Prescriptive Analytics engine is worth following, re-doing or dumping.

To get you started, here are a few questions to ask:

Currently

In the Future

Who uses prescriptive analytics within, across and outside your organization? Who should be using prescriptive analytics within, across and outside your organization?
What outcomes do prescriptive analytics tells you? What outcomes prescriptive analytics should tell you?
Where is the data coming from for prescriptive analytics? Where should the data be coming from for prescriptive analytics?
When prescriptive analytics is used? When prescriptive analytics should be used?
Why prescriptive analytics matters? Why prescriptive analytics should matter?

When you are asking the above questions, keep in mind that Prescriptive Analytics uses data to create a model (aka a data version of the world) that is used by individuals and organizations to make real-world decisions. But if the model itself is flawed then you are bound to get answers that although might look visually appealing are completely wrong. It is not all doom and gloom though. In fact, Prescriptive Analytics is used in determining price points, expediting drug development and even finding the best locations for your physical stores. Companies like Starbucks have been using Prescriptive Analytics in the last few years to determine the best locations for their next coffee stores. Interestingly, some have claimed that wherever Starbucks goes, the real-estate prices also increase. While there is some correlation between a Starbucks coffee store opening with increased real-estate prices but this does not mean that because of Starbucks coffee stores the real-estate prices increase.

Analytics Trophies

 

References:

  1. 5 Questions to Ask About Business Transformation
  2. 5 Questions to Ask About Your Information
  3. Starbucks Tries New Location Analytics Brew

5 Questions to Ask About Your Information Security

The term information security is used to describe the practices, methodologies and technologies that are used to protect information physically (e.g., locked doors, security guards etc.) and in cyberspace (e.g., firewalls, anti-viruses etc.). In order to accomplish this, we determine information confidentiality (e.g., who can access the information), information integrity (e.g., is the information from a reliable source) and information availability (e.g., would the information be available in time to people who are authorized to use/see it).

 

According to Gartner, by 2015 the spending on information security around the globe would reach $76.9 billion. To put this number into perspective, this amount of money is close to what the US Federal government spends on technology in one year. By looking at this, in the near future more money would be spent on securing personal and organizational information than actually creating information systems. But despite the importance of information security and its effects on individuals and organizations, very few people understand the kinds of threats that are out there. Security threats are always evolving and in the digital century geography is not a limitation. Individual and organizational information can be potentially compromised from a local intruder to someone sitting on the other side of the globe. Thus, before you can mitigate information security risks, understand what is out there. Here is a non-exhaustive list of how information security can be compromised:

  • Adware – Pay to remove advertisements.
  • Bacteria – Overwhelms the computer resources by making copies.
  • Botnets – A network of compromised systems.
  • Bots – Derived from robots and refers to automated processes.
  • Buffer Overflow – A program goes beyond the boundary of the buffer.
  • Clone Phishing – Legitimate email resent with malicious link/attachment.
  • DDoS – Multiple systems attack a single target.
  • DNS Attacks – Determine types of devices in the network.
  • Easter Eggs – Hidden code in the software to show control.
  • Emerging Technologies –Security is not considered in new technologies.
  • Evil-Twin Wi-Fi – Impersonates an access point (e.g., router).
  • Exploits – Vulnerabilities in scripts, servers, browsers, routers, computer networks, devices, software and hardware.
  • Hardware Attacks – Exploits system bus, peripheral bus, chips, power/timing, interrupts and RAM.
  • Human Error – Unintentional legitimate errors caused by people.
  • ICMP Scanning – Identify open ports (e.g., port 81).
  • Keylogger – Track keystrokes when logging on to legitimate sites.
  • Link Manipulation – Destination link is different than what is displayed.
  • Logic Bombs – Performs some action when certain conditions are met.
  • Malware – Malicious code.
  • Masquerading – Pretends to be an authorized access.
  • Metamorphic – Code that modifies itself.
  • Network QoS – Service interruptions and performance issues.
  • Old technology – Outdated technology that is too costly to replace.
  • Pharming – Redirecting web traffic to a fake site and more sophisticated.
  • Phishing – Emails/instant messages ask to click a link/attachment, sign up for some kind of service and/or take you to a site that looks legitimate.
  • Phone Phishing – Call to ask for information.
  • Polymorphic – The same underlying code used for multiple purposes.
  • Rogue Wi-Fi – Compromised wireless access points (e.g., routers).
  • Script Kiddies – Amateur use of scripts developed by professionals.
  • Social Engineering – Psychologically manipulating people.
  • Spear Phishing – Directed towards specific individuals or organizations.
  • Spyware – Typically free software that collects information about you.
  • SQL Injection – SQL code is entered into the input fields of a database.
  • Trapdoors – Secrets in the code that allow access to the system.
  • Trojan Horses – Impersonates another software, prompts to install software and prompts to go to a certain site.
  • Viruses – Adds code to uninfected copy of the host program in the network and then replicates itself.
  • VoIP Attacks – Software and hardware exploits in Internet telephony.
  • VPN – Only as secure as the most unsecure system in both ends of the network.
  • Weather – Mother Nature and lack of disaster recovery.
  • Whaling – Attacks directed at high profile individuals and organizations.
  • Worms – Copies itself across the network, runs by itself and does not need a host.
  • Zero-Day Exploits – Vulnerabilities in software unknown to anyone.

Now that we understand the potential risks that are out there, lets looks at what motivates people to do this. While there are many theories in what drives human motivation, for our purposes we look at the following two frameworks used by the top clandestine organization in the world. These frameworks are:

  • MICE looks at human motivation in terms of Money (e.g., cash, stocks, insider information etc.), Ideology (e.g., religion, patriotism), Coercion or Compromise (e.g., blackmail) and Ego or Excitement.
  • RASCLS looks at human motivation in terms of Reciprocation (e.g., feel obligation to repay), Authority (e.g., prestige), Scarcity (e.g., supply vs. demand), Commitment and Consistency (e.g., trustworthy flip-flopper vs. untrustworthy but consistent), Liking (e.g., share same attributes) and Social Proof (e.g., correct behavior).

In order to understand the complexities of information security and motivations behind it, lets ask the following questions:

 

Currently

In the Future

Who is responsible for information security? Who should be responsible for information security?
What happens when information is compromised? What should happen when information is compromised?
Where is information security a priority? Where should the information security be a priority?
When is information security thoroughly reviewed? When should information security be thoroughly reviewed?
Why information security was compromised in the first place? Why information security would continue to be compromised in the future?

When you are asking the above questions across all levels of the organization, keep in mind that information security is not something that you just “bolt on” at the end but in fact it should be a top priority at every juncture of your organizations. Thus, information security spans across people, processes and technologies and simply paying lip service does not help anyone in the long run.

While there are many laws, regulations and guidelines to safeguard information but they do not mean much if you cannot apply them across and within your ecosystem of vendors, partners, suppliers and any external entities. In short, information security is a collective effort that requires organizations to be self-aware from the lowest ranks to the highest executives.

 

Information Security Views

Information Security Views

References:

  1. http://www.gartner.com/newsroom/id/2828722
  2. https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/csi-studies/studies/vol.-57-no.-1-a/vol.-57-no.-1-a-pdfs/Burkett-MICE%20to%20RASCALS.pdf

5 Questions to Ask About Predictive Analytics

Predictive Analytics is a branch of data mining that uses a variety of statistical and analytical techniques to develop models that help predict future events and/or behaviors. It helps find patterns in recruitment, hiring, sales, customer attrition, optimization, business models, crime prevention and supply chain management to name a few. As we move to self-learning organizations, it is imperative that we understand the value of Business Analytics in general and Predictive Analytics in particular.

It turns out that Predictive Analytics is about Business Transformation.  But in order for this Business Transformation to take place, you have to take into account the organizational contexts in the following ways:

  1. Strategic Perspectives: Not all organizations are the same and thus what works in one organization might not work in yours. Based on the knowledge of your organization’s maturity, you have to decide if Predictive Analytics is going to be a top down, bottom up, cross functional or a hybrid approach. Additionally, take into account what should be measured and for how long but be flexible in understanding that insights might be gained from data that might initially seem unrelated.
  2. Tactical Perspectives: One of the key factors in Business Transformation is change management. You need to understand how change would affect your organization in terms of people, processes and technologies. You have to take into account the practical implications of this change and what kind of training is needed within your organization.
  3. Operational Perspectives: It is all about how execution of Predictive Analytics is done within your organization. To fully integrate Predictive Analytics into your organization, you have to learn from best practices, learn the pros and cons of your technology infrastructure and determine if the necessary tools are intuitive enough for people to make use of them.

Now that you understand the different organizational perspectives, it is time to ask the following:

 

Today

Tomorrow

Who uses Predictive Analytics to make decisions? Who should use Predictive Analytics to make decisions?
What happens to decisions when Predictive Analytics is used? What would happen to decisions if Predictive Analytics will be used?
Where does the data for Predictive Analytics come from? Where should the data for Predictive Analytics come from?
When is Predictive Analytics relevant? When should Predictive Analytics be relevant?
Why Predictive Analytics is being used? Why Predictive Analytics should be used?

When you ask the above questions, keep in mind that reliability of the information and how it is used within the organization is paramount. A pretty picture does not guarantee that the insights you get are correct but you can reduce decision-making errors by having people who understand what the data actually means and what it does not.

Measurement

Measurement

 

5 Questions to Ask About Your Information

Information collection, understanding and sharing has been a worthwhile pursuit since the dawn of humanity. At the beginning, now and in the foreseeable future this pursuit will continue, even if the “tools” change. We will continue to use information to make short-term and long-term decisions for our groups and ourselves. But depending upon the sources of the information, we might make good decisions or we might not. It is only until the results of the decisions are evident that we will know if where we ended is where we wanted to be. Sometimes we will make quick decisions and sometimes we will take our own time to make a decision. But in all of these circumstances, we will always hope that the information sources that we used to make our decisions are credible.

In order to understand information, we need to understand the various “flavors” of information that we receive. Lets explore them below:

  1. Redundant Information: Think about how many times you have received the same information from two different secondary sources. In your mind, you might be thinking that since two different secondary sources are providing the same information then it must be true. But what if the primary source of the information is the same? What if nothing new has been added to the information that you received? This is the concept of Redundant Information where the primary source of the information is the same and nothing new has been added to it.
  2. Corroborated Information: Think about how many times you have received the same information from two different secondary sources and are sure that the primary sources of the information are different. In your mind, you might be thinking that since the two primary sources are different then it must be true. This is the concept of Corroborated Information where the primary sources of the information are not dependent on each other.
  3. Contradicting Information: Think about how many times you have received the same information from two different secondary sources and found out that they were saying opposite things. This is the concept of Contradicting Information where the information that we receive does not agree with each other.
  4. Perspective-Dependent Information: Think about how many times you have received the same information from two different secondary sources and determine that there are various versions of the truth. One version might be at a high level while another version might be at a lower level. This is the concept of Perspective-Dependent Information where information that you receive has been looked at from top-down, bottom-up and horizontal perspectives.
  5. Biased Information: Lets face it, everyone has biases at some level based on their history, culture, societal norms, politics, religion, age, experiences, interactions with others and various other factors. These biases can creep into the information that we receive from others but also influence us when we make our own decisions. This is the concept of Biased Information where even in front of mounting evidence that challenges your views, you are still holding on to your conscious and unconscious thought processes to make decisions.

Now that you understand the various flavors of the information that you receive, it is time to ask the following:

 

Currently

In the Future

  Who receives information? Who should receive information?
  What happens to information? What would happen to information?
  Where does information come from? Where would information come from?
  When is information being shared? When would information be shared?
  Why information is collected? Why should information be collected?

When you ask the above questions, keep in mind that the information flavors and contexts are closely related. Even if you understand the information flavors being used but do not understand the context around them then your decisions will be skewed. On the other hand, be mindful of only looking at information that confirms your views (aka cherry picking) since you will miss something that might have helped you better understand the world around you.

Information Flavors

Information Flavors