SaaS and the Need for Enterprise Architecture

Coby Royer, Technical Product Manager for Symplified

Does SaaS Diminish the Need for Enterprise Architecture? This is a good question, but we have to understand what is meant by Enterprise Architecture (EA).

It is generally accepted to be a discipline and sometimes that strategically aligns an organization to its technology and business goals.

Activities such as Enterprise Architecture Planning (EAP) serve this need and are essential to IT Governance. Other activities relate to the application of Enterprise Architecture to specific domains, such as Line of Business (LOB) portfolios, Technical Architecture (which may include networking, security, etc.) and Application Architecture.

So, given this definition–YES, EA is essential because even (or perhaps especially) if the applications and business processes leave the enterprise four walls (ala SaaS), planning and governance are needed to ensure alignment to strategic goals.

The role of EA is to periodically adjust those long term goals and the trajectory to attain them in response to changing technologies, business drivers, etc.

So as new paradigms like SaaS and other types of Cloud Computing emerge, EA must evaluate them and establish standards, guidelines, policies, etc.

For example, EA may incorporate SaaS based on cost benefit and an assessment that recognizes SaaS apps as being aligned to enterprise needs for security, privacy, compliance, service level, business function, etc.

And in addressing whether there is a need to architect solutions when adopting SaaS (presumably in support of EA as a discipline), then YES, there is still a critical need to define how SaaS integrates with the enterprise technology landscape.

Questions such as What is the master of my data? How do I manage Identities and Accounts? How do I produce Compliance Reporting? How do I migrate to/from adopted and sunset SaaS Apps? How do I establish Trust Relationships? How do I provide Quality and Service to my constituencies? etc.

These issues require solutions in the domains of Information Architecture, Security Architecture, Network Architecture, Application Architecture, Technical Architecture and so on–presumably envisioned and vetted by architects of various types (including Portfolio Architects, Solutions Architects, etc.)

So while the GAME may have changed, the need for the PLAYERS has not. Architecture–in all senses of the word–remains essential.

In closing I will say that SaaS pushes the emergence of Business Architecture to a new height because of the direct empowerment of LOB owners.

Acquisition and deployment of real solutions is now within grasp of business owners (seemingly) without the need for conventional IT delivery and support.

But many of the above questions may go unanswered without engagement of EA, and latent risks (such as compliance and security) may turn into real issues.

* * *

Stay Informed With ISR News Alerts:

Email:

by FeedBurner

* * *

Coby Royer has over 20 years technology experience in software and security startups, consulting, and large enterprises. He has served roles in software development, enterprise architecture, and management, in lines of business that include Internet security, commercial software, financial services, consumer goods, e-commerce, and expert systems. He holds a number of patents in security and e-commerce. Coby serves as Technical Product Manager at Symplified, Inc.

Symplified, Inc. is a unified access management system purposely built for the cloud architectures of SaaS. Symplified integrates your existing IT infrastructure with the cloud, streamlining management, reducing costs and improving security. Symplified was designed to address your on-premise access management needs as well. Build secure portals with personalized access for your workforce, customers and partners. Symplified offers a complete, enterprise-class Web Access Management (WAM) infrastructure that rivals the capabilities of expensive, 1st generation products but without the frustrations and limitations of heavy monolithic software.

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

Filed under: Breach, Cloud computing, Coby Royer, D&O Liability, FEATURE ARTICLE, Financial, Sarbanes-Oxley, Symplified, Uncategorized, due diligence, hackers, malware, virtualization 

Comments

• ISR Headline Index

  • Hackers Lurking in Hotel Networks
  • 7 Month Vulnerability in Windows Virtual PC
  • How to Secure a Cisco Router
  • On HTML Insecurities…
  • When Social Networking Clashes with Security
  • Spam Block: Public Servants or Vigilantes?
  • Sticky Situations in Social Media
  • Quick Tips for Using Secure Shell
  • Consolidate Compliance With Open Source
  • DoS Attack Reveals Widespread Vulnerabilities
  • Study Shows Employees Put Data at Risk
  • Tracking Google’s Script Kiddie Hackers
  • Newbie Introduction to Digital Forensics Part 2
  • Simple Log Review Checklist Released
  • Press F1 for Help? Microsoft Zero Day Threat!

• Recent Comments

  • Ryan Aslett on Data Loss Prevention Has Jumped the Shark
  • Tom on (Lack Of) Encryption and The HITECH Act
  • ADMIN on Patriot Hacker Hits Jihad With DDoS Attacks
  • Robert Siciliano on Data Loss Prevention Has Jumped the Shark
  • Karen J. Cox on Data Loss Prevention Has Jumped the Shark
  • Scot McLeod on Outsourcing Breach Response Lowers Costs
  • John Marke on Gartner Tells CIOs to Embrace Social Media
  • Social Engineering and Enterprise Security | CIO – Blogs and … | Enterprise Engineering Addict on Gartner Tells CIOs to Embrace Social Media
  • From Russia, With Smartphones on Top 8 Social Media Security Threats
  • Judith Hoffman on Scam Alert: Rogue Gmail Account Phishing
• 
  

  Information Security Resources

  Top network security blogs

• Categories

  • Anthony M. Freed (26)
  • Bill Brenner (2)
  • Bob Violino (1)
  • Bozidar Spirovski (23)
  • Breach (540)
  • Britt Womelsdorf (5)
  • By Dr. InfoSec (2)
  • Cara Garretson (7)
  • CCCNews (1)
  • Chorey Taylor & Feil (8)
  • Christophe Veltsos (2)
  • Christopher Burgess (7)
  • CIOZone (26)
  • Class Action Lawsuit (111)
  • Cloud computing (113)
  • Coby Royer (5)
  • CTO Forum (9)
  • D&O Liability (601)
  • Daniel Wallace (5)
  • Danny Lieberman (11)
  • DataLine (10)
  • David Alexander (2)
  • Derek Crawford (1)
  • Doug Pollack (7)
  • due diligence (310)
  • Fame Foundry (1)
  • FEATURE ARTICLE (428)
  • Financial (587)
  • Fred Leland (7)
  • Gene Kim (3)
  • Government (373)
  • Greg George (5)
  • H1N1 (15)
  • hackers (539)
  • healthcare (134)
  • Heather Bourgoin (1)
  • HomeATM (8)
  • identity-theft (535)
  • IDExperts (17)
  • Ike Z. Devji (1)
  • Infosec Island Network (38)
  • Insider Threat (490)
  • Internet Crime Complaint Center (1)
  • Internet Security Alliance (71)
  • ISR News (321)
  • Jacqueline Herships (2)
  • Jenni Hesterman (3)
  • John M. Salomon (2)
  • John Watkins (7)
  • John-Patrick Skaar (2)
  • Kaliber Data Security and Compliance Consultants (3)
  • Kat Sanders (2)
  • Ken Leeser (3)
  • Kevin L. Jackson (10)
  • Kevin M. Nixon (21)
  • Larry Ketchersid (1)
  • Laton McCartney (7)
  • Lauren Taylor (1)
  • Linda McGlasson (1)
  • malware (501)
  • Mark Smail (1)
  • Mark Wright (1)
  • Mel Duvall (3)
  • Michael Eggebrecht (3)
  • Michael Lohr (1)
  • Michael O'Conner (4)
  • MicroSolved (1)
  • Mike Duncan (3)
  • Mike Meikle (4)
  • Mike Spinney (1)
  • Military (211)
  • national security (453)
  • PCI (308)
  • PCI Security Standards Council (32)
  • Physical Security (11)
  • privacy (552)
  • Rachel James (10)
  • reach (11)
  • Rebecca Herold (16)
  • Richard Stiennon (44)
  • Robert Siciliano (34)
  • Sarbanes-Oxley (502)
  • ScamStop (2)
  • Sean Wilkins (2)
  • Semyon Dukach (1)
  • Simon Heron (14)
  • Software Associates (11)
  • Steven Fox (19)
  • SUPERAntiSpyware (3)
  • Sybase (6)
  • Symplified (5)
  • The Jester (8)
  • The Privacy Professor (16)
  • Thomas R. Fox (8)
  • Tom Groenfeldt (2)
  • Tom McLain (2)
  • Trefis (14)
  • Tripwire (18)
  • Uncategorized (621)
  • virtualization (101)
  • Webcast (49)