Does Your Architecture Pass the “So What” Test?

Does your architecture pass the “So What” test? Can you demonstrate the specific value that a particular architectural deliverable or activity will add? If not, why are you even bothering? In this case, as with justice, your activity must not just add value, it must be seen to add value. read more »

Take A Better Look At Cloud Risks

If you have ever had a debate about whether your organisation should use cloud computing  then a discussion of the risks of cloud computing will have been a significant part of it. In doing so, we often fall into a simple logical trap. read more »

What Are You Doing To Get Off XP?

In case you haven’t heard Microsoft is ending support for Windows XP and Office 2003 in April of 2014. What this means is that Microsoft will no longer patch security vulnerabilities discovered in XP or Office 2003, and therefore there will be security holes discovered that can be exploited by hackers which will never be fixed.  My personal opinion is that in practical terms within a few months users of XP will be wide open to exploits by hackers. Potentially, they will be able to steal your data or take control of your PC and there will be nothing you will be able to do about it! For most organisations this represents an unacceptable level of risk. If you haven’t already started your move off Windows XP, you should – immediately! read more »

An Overview of Mobility and BYOD Technology

This is the fifteenth post in my series on BYOD. I have mostly avoided talking about technology, as in many ways that is the least important, and the most straightforward aspect of dealing with BYOD. Most people automatically think of Mobile Device Management (MDM) when they think of mobile or BYOD technology, but that is far from the only viable solution. Here I’ll outline the key technology solutions that are available to help you deliver usable and effective BYOD to your organisation. read more »

Privacy Matters for BYOD

This is my fourteenth post in my series on BYOD. This recent article on Infoworld about how the US Department of Veterans’ Affairs has put its BYOD plans on hold illustrates the point that you need to consider and cover off employee privacy when implementing BYOD. read more »

Your Options Analysis Does Not Impress Me

This is another post based on a conversation – this time about options analyses. My colleagues were suggesting that it was OK to present options, highlight the pros and cons, and leave the business to make their own decision. Now, I’ve written a few in my time, and my opinion is clear: if, as an architect, you just present an options analysis to your business that spells out options without making a recommendation, then I think you aren’t earning your salary. read more »

Some Thoughts on Outsourcing

I was discussing outsourcing with a friend the other day. I work in government IT, and outsourcing is used widely in government. He was discussing the tricky nature of being brought in as an independent vendor to the outsourcing vendor. What this brought up was something that is often overlooked in outsourcing deals, especially major ones. That is: any organisation that outsources a function (such as its IT) usually does so in the hope of saving money by shedding large amounts of staff. But, they usually don’t factor in that they will need additional staff with different skills to manage that outsourcer. read more »

Cloud and Continuity of Supply Risk

This rather amusing article in Slate appeared in my LinkedIn feed – Google Reader Joins the Graveyard of Dead Google Products. The article invites you to leave a flower on the grave of your favourite dead Google product. The startling thing is how many there are: 39 by their count! The lesson that I draw from this is not that Google kill off a lot of products, it is that with cloud computing we must account for the risks around continuity of supply, and specifically that continuity of supply risks are not solely due to companies failing. read more »

Identity Standards: ISO 24760-1

I’m currently looking at international identity standards and thought that I might post some thoughts about them as I look at them. The first that I have looked at is ISO/IEC FDIS 24760-1:2011(E) “A framework for identity management – Part 1: Terminology and concepts”. This standard is supposed to define key terms for identity management and specify core concepts in identity and identity management. My view is that it should be avoided. The reasons for this are many: it is confused, it is unclear, and doesn’t use terms in the way that they are standardly used in the identity industry. read more »

Poor Information Security Can Lead to Tragedy

What do Kate Middleton and, Apple and the Ministry of Social Development have in common? Poor information security leading to tragedies. They also show that information security has as much to do with culture as it does with technology. read more »