Solutions in Context - Home End to End Integration

End to End Integration

Application Management, Security and Privacy By Design - Threats, Vulnerabilities and Risk Management

Hi

 

Recent events have heightened public awareness of threats, vulnerabilities and risks.

 

"Apps" have become the users' front door to business, information and IT services using mobile, wireless and wired devices. User confidence and trust are increasingly critical to service success.

 

While the App is perceived to be the functionality on the access device, we need to manage the  "application" as the end to end set of business transactions, system transactions and component interactions between the user and the target service.  For example, mobile banking, web banking, ATMs and payment card devices are access devices that provide apps to connect me to my bank services. While they are separate access channels (using different devices, Apps and connections) they will share some enterprise application infrastructure (connections, workflow, application components and data) and update my bank accounts. They are all part of the set of banking applications I use to debit and credit my bank account. Multi-channel access presents new risks to enterprise applications and data by potentially exposing cross channel vulnerabilities.

 

Application management, security and privacy need to be designed and built into the App. Design needs to consider the end to end context, behaviour and security of both the application and the underlying infrastructure (Application Service Platform, Application Infrastructure Services, Infrastructure Services, and Network Services).

 

Security requirements overlap with application management requirements. For example,

  • Timely alerts that an application component service has failed or been compromised is essential to managing incidents and meeting service level targets,  but also could be instrumental in early detection of Denial of Service Attacks.
  • Transaction performance and integrity are key application management components, but are now critical to maintaining customer trust and satisfaction.
  • The ability to start and stop a service based on alert triggers is critical to both application management and security

Application design needs to integrate services (apps, devices, connections, transactions, component interactions, workflow and data), and layer protection and management mechanisms (controls, audit, reporting, monitoring, alerts and incident management) into an effective end to end security and management solution for the application and the Apps which access it.

 

For this reason, we continue to recommend assessing security threats, vulnerabilities and risks from a defense in depth perspective for information management and flow based on user context and authenticaton across all services used to provide the target application.

 

 

…fred

416 580 7857

 

Fred Nagy, CMC, PMP, ITIL

Solutions in Context – “Strategic Design and Risk Management

 

 

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on Google+ Share on LinkedIn

Public Sector Services - Hybrid Clouds

Hi

 

Each Public Sector Program is accountable for the information it uses, discloses, retains
from collection through to destruction:

  • Public Sector Services collect, use, disclose, retain, and destroy information
  • Typically involve the public, other jurisdictions, partners, other program areas within the jurisdiction and shared support services
  • Could involve multiple Private, Community and Public Clouds

Managed Cloud Services for Public Sector need to deliver integrated solutions for Relationship Management, Information Management, Privacy and Security requirements.

 

Most public sector program service activities are generic and common across government programs. Only a small portion is specific to the Program’s service outcomes. To increase Program agility and reduce costs, cloud based Program Infrastructure Services (E.g. shared services, processes, resources) should be used to create and operate a Public Sector program. Most of these Program Infrastructure Services should be generic & shared.

 

A Hybrid cloud strategy is needed to manage Program services and information.  It should leverage:

  • Community Clouds (e.g. Cross Jurisdiction, eHealth, Shared Service(OSS, OPS ITS)) to share IT software, platforms and infrastructure
  • Public Sector partner clouds
  • Vendor clouds

In my presentation on Cloud Information MAPs, I proposed a different view of Public Sector Clouds based on a managed service view:

 

 

1. “The Cloud” is made up of clouds with different Trust levels:

  • Public - Open;
  • Semi-Private – Controlled community;
  • Private Clouds – Controlled roles and permissions

2. Hybrid clouds can contain:

  • Connections (Information Exchanges, Interactions, Interfaces)
  • Control Zones (Service Access, Connection Channels, Permissons, Workflow, Data/Applications)
  • Management Domains (Accountability, Management and Support)

3. We need to be able to manage information across and within Clouds

 

4. Public Sector solutions are Hybrid Clouds

 

Cloud Service Management, Information Management, Access, Privacy and Security all need to be integrated "By Design".

 

The following provides a link to my full presentation, on the verney website, which discusses information risk management for Public Sector Information across cloud based services:

 

 

Managing Information in the Public Sector Conference 2010 – Shaping the New Information Space.

 

 

....fred

 

Fred Nagy, CMC, PMP, ITIL

416 580 7857

 

Solutions in Context - "Cloud integration for Public Sector solutions"


 

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on Google+ Share on LinkedIn

Managed Service Program

Hi

 

Maximizing the value of using and providing managed services requires systematic investment and decision making by Business and I&IT working together.   

 

To share service, you must share some business infrastructure - Strategies, Systems, Processes, Rules, Infrastructure, Support, Relationships, Applications, Information.

 

Critical success factors are business leadership, joint service planning, an agreed service business plan, and effective governance (e.g. to decide what to share, what to control, when to roll out change...).

 

The evolution of your Managed Services needs to be managed as a strategic business program leveraging continuous improvement with periodic injections of strategic disruptive change.

 

Here is a link to a presentation I made to the OPS Architecture Open house in 2008 about strategy, architecture and program management for Business and I&IT services.

 

"Maximizing Program Investment Value and Decision Making Through Enterprise Architecture"

https://www.verney.ca/ea2008/presentations/610.pdf

 

 

....fred

 

Fred Nagy, CMC, PMP, ITIL

416 580 7857

Solutions in Context - "Managed Service Program - Strategy, Planning, Architecture, & Execution - getting the right things done"

 

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on Google+ Share on LinkedIn

I&IT Service Puzzle - Effective Delivery and Management

Hi

 

The real puzzle continues to be how to effectively deliver and manage I&IT services of value to users.

 

I&IT organizations in North America are focusing on delivery of services as a utility over a hybrid network (partners, suppliers, people, processes, technology).  Consultants can assist Organizational I&IT with:


1. “Keeping the Lights On” - I&IT needs to ensure productions services are available and work properly all the time. Most I&IT organizations are working their way up the infrastructure, platform, application, ITSM and business process levels. Non-functional requirements and new business service solutions are needed to balance service stability, resilience, agility, and economic value.
 

2. “Simple, Anywhere, Anytime, Any Device” - Consumer devices have raised the bar and are challenging the approaches for IT- User service.  Service Solutions need to be more elegant.
 

3. “Integrated but Protected” - Service integration is increasingly complex, while tolerance for customer information breaches continues to drop.  I&IT organizations need security architecture and solutions for end-to-end information protection.
 

4. “I&IT Business Value” - I&IT organizations regularly need to justify their business existence and their Department’s future. They need to effectively integrate the user application, personal device, managed service, shared service, cloud computing, partner and outsourced models of service delivery to provide measurable business value.
 

5. “Effective Program and Project Management” - All projects are “business” projects, not just “IT” projects, and must be able implement tangible business change – either directly to the organization’s business or to the business of I&IT in the organization.  Planning and managing business change is still a critical challenge for most I&IT organizations

 

 

...fred

 

Fred Nagy, CMC, PMP, ITIL

416 850 7857

 

Solutions in Context - "Business/I&IT Service Strategy & Integrated Execution - getting the right process, information and IT things done"
 

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on Google+ Share on LinkedIn

Public Sector Service Strategy - The Hybrid Enterprise Journey

Hi

 

The Ontario Public Sector has been adopting hybrid enterprise service solutions - combinations of alternate service delivery models, virtual organizations with partners, Enterprise solutions (COTS, Cloud, Managed Services),  third party services, and shared services (business and I&IT) as part of an innovation agenda to get better value for the people of Ontario.

 

The result is a greater need to regularly and easily release sets of integrated change (business, information, IT and security services) into Ontario. 

 

Business and I&IT Service transformation needs to be managed as a continuous, responsive, controlled and natural process within business operations.

 

Business and I&IT Services need to adopt both continuous step-wise improvement, and periodic disruptive change (e.g. due to strategic shifts) in discrete steps that add value to the People of Ontario.

 

The Business and I&IT Service transformation processes should:

  • Define and enable step-wise improvement through regular releases of static and dynamic combinations of business, information, IT and security products, processes, services, and relationships.
  • Improve end to end service management across organization, relationship, geographic, jurisdiction, technology, vendor, and role boundaries.

 

Successful execution of integrated Business and I&IT Service Strategy requires a business model that embraces:

  • Continuous Business Innovation Program - Supports strategy execution as a multi-year journey which is undertaken in discrete steps that release change into the business
  • Hybrid Enterprise Business Service Model and Relationships - Supports public, community and private combinations of clients, customers, partners, other stakeholders and staff to deliver and manage service
  • Business Service Release Management - Stages evolution through semi-annual release of changes to client/customer services through dynamic, loose-coupling of end to end managed services provided by business partners and suppliers (includes business and IT, internal and external)
  • Business Service Platform - Integrated business, information, technology and Security capability which enable service release over time through combinations of partner and supplier services
  • Supplier Service Platform - Integrated combinations of  process, information, application, application platform, and infrastructure to enable partners and suppliers to participate in service releases

Enabling the first or next release of an enterprise business and I&IT service is really about establishing the go-forward service management organization and providing it the business model and tools to enable the journey required to execute the enterprise service strategy.

 

...fred

 

Fred Nagy, CMC, PMP, ITIL

416 580 7857

 

Solutions in Context - "Service Strategy and Execution - Getting the right things done"

 

 

 

 

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on Google+ Share on LinkedIn

Service Innovation through Story Board Evolution - Technology Enabled, Not Driven

Hi

 

Successful innovation for business and the business of I&IT needs the right work in the right relationships enabled by technology, not dictated by technology or technologists.

 

Some organizations seem to have equated innovation, disruption and the killer app with technology driven change.

 

We need to avoid becoming the "fool with a tool", busy doing the wrong work and not achieving the desired outcomes.

 

Real value results from enabling the right user experience overtime.

 

Innovation initiatives should improve the Service User experience.

 

We need to improve the end to end Service Story Board  - User Strategy, Value, Relationships, Mandate, Use Cases (Services, Transactions, Interactions, Security, Privacy, Data),  User Stories).

 

 

Technology enables new possibilities.

 

The business still needs to decide how to use those possibilities (Why, Who, What, When, Where, How) in staged releases to provide user value.

 

...fred

 

Fred Nagy, CMC, PMP, ITIL

Solutions in Context - "Getting the right work done"

416 580 7857

 

 

 

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on Google+ Share on LinkedIn

Current Trends + Priorities in IT For Today and 2015

Hi.

 

CMC Today posed the following questions to several CMCs:

 

Q1 - What do you see as the Top 3-5 issues or trends in organizational IT for 2014-15 forward?
Please explain the real issue for each that challenges you as the CMC/IT consultant professional.

 

Q2 - How are clients today changing their view and utilization of IT consultants today?

 

Q3 - What 2 or 3 recommendations would you give to one of your CEO/CTO clients regarding the priorities they should have for 2015?

 

Please see CMC Today for our answers.

 

....fred

 

Fred Nagy, BMath Co-op, CMC, PMP, ITIL

Solutions in Context - "Strategic Design, Implementation and Risk Management"

416 580 7857

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on Google+ Share on LinkedIn

Solution Strategy Should Drive Solution Architecture

Hi

 

Form Follows Function.

 

Service and Enterprise Architecture follow Business Mandate and Strategy.

 

Solution Strategy should drive Solution Architecture.

 

"WHY" is the most important question at all levels of architecture.

 

....fred

 

Fred Nagy, BMath Co-op, CMC, PMP, ITIL

Solutions in Context - "Strategic Design, Implementation and Risk Management"

416 580 7857

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on Google+ Share on LinkedIn

Architecture and Project Risk

Hi

 

We continue to find architecture to be a critical tool in managing project risk -- both minimizing negative risk and maximizing the outcomes of positive risk.

 

The following link will take you to a 2009 presentation kept on the Varney.ca website, we did for the Ontario Government Enterprise Architecture Open house

 

Managing Project Risk with Architecture - the Good, the Bad and the Ugly

 

Please use the comments feature on this blog to provide feedback on the topic and/or presentation and/or ask questions. We would appreciate your thoughts on the usefulness of architecture in ensuring project success.

 

....fred

 

Fred Nagy, BMath Co-op, CMC, PMP, ITIL

Solutions in Context - "Strategic Design, Implementation and Risk Management"

416 580 7857

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on Google+ Share on LinkedIn

New Website

 

Hi

 

We have changed the look and feel plus the underlying application infrastructure, including support for this blog and future news updates.

 

Some initial content has been included.  We will be adding material from current and past research work as we proceed.

 

....fred

 

Fred Nagy, BMath Co-op, CMC, PMP, ITIL

Solutions in Context - "Strategic Design, Implementation and Risk Management"

416 580 7857

 

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on Google+ Share on LinkedIn

Contributors

Fred Nagy
10
March 31, 2015
show Fred's posts

Archive

Current

Show Latest Posts

2015

March
Application Management ...
Public Sector Services ...
Managed Service Progra ...
February
I&IT Service Puzzle - ...
Public Sector Service ...
January
Service Innovation thr ...

2014

October
Current Trends + Prior ...
Solution Strategy Shou ...
Architecture and Proje ...
New Website

Tags

Everything Managed Service
 
 
© Copyright 2017 Solutions in Context. All Rights Reserved. Web Design and Content Management by REM Web Solutions.