Strategies and Architecture for ETransformation

1
Strategies and Architecture for E-Transformation
May 7th to 9th, 2001 Crystal City, Virginia

• Summary Conclusions
• Lessons Learned

John Weiler, Executive Director john_at_ICHnet.org ww
w.ICHnet.org www.SecurE-Biz.net 703-768-0400
2

• Secure E-Business
• Executive Summit
• May 7-9, 2001
• Hilton Crystal City, Arlington, VA

• Three Tracks
• Management Strategies for E-Transformation
• Architectures for Secure Internet Infrastructure
• Technologies and Secure E-Solutions

3
2001 SecurE-Biz Exec. Summit

• The Interoperability Clearinghouse annual meeting
• Co-hosted by
• OSD DCIO, Federal CIO Council, Treasury CIO,
  NIMA, NIAP and VA
• Supported by
• AOL/iPlanet, ATT, Center for Internet Security,
  CCIA, CIO Magazine, Eruces, IONA, KPMG
  Consulting, Lockheed Martin, Logicon, OBJECTive
  Technology Group, Oracle, OMG, PostNewsweek, RSA
  Security, TIBCO, and Unisys.
• Presentations from worlds top IT leaders and ICH
  members

4
SecurE-Biz Stats

• 67 Speakers from government, industry and
  standards community
• 574 Sr. IT executives (35 govt) representing
• every major agency,
• top 50 integrators,
• global 100 companies
• Abbie Lundberg, CIO Magazines Editor-in-Chief,
  states I was very impressed with the caliber of
  people you drew to your event, and the quality of
  the content they provided.
• Ed Black, President of the Computers and
  Communications Industry Association states "The
  ICH Secure E-Biz summit was a major catalyst for
  bringing together shared interests in the
  development of open and securable internet
  infrastructure."

5
What we learned

• The Challenge Mapping business needs to proven
  and interoperable e-solutions (secure internet
  infrastructure)
• Internet explosion brings much promise.
• Common infrastructure for COTS plug and play
• Improved modularity and faster time to market
  (17 reduction in failure)
• Increased opportunity to achieve interoperability
  goals
• ...and creates new challenges.
• Technology churn undermines engineering process
• Complexity undermines architectures and creates
  thrashing (25)
• Excessive hype (of some) creates widespread loss
  of trust
• Rate of change requires new approaches for
  decision making

6
What we learned

• Security
• Must design in security requirements at the
  onset. Must balance information access with
  information assurance.
• PKI is expensive and hard to implement at the
  application layer. Wireless make it impossible
• NIAP confirms adherence to Common Criteria, but
  does not address interoperability or usability.
• Architectures
• New engineering methods are being developed in
  commercial world to address new paradigm.
• COTS and Open are not mutually exclusive
• Standards out of sync with rate of change and
  COTS

7
What we learned.

• Early adopters of ICH method
• Time to market greatly increased for Litton/PRC,
  PTO, Discovery and Boeing
• CCIA able to separate hype from reality
• GM holds vendors accountable for their claims
• Standards group find means of mapping theory of
  standards to reality of COTS market
• Integrators are able to assure success
• Note ICH is a non-profit COTS validation
  collaboratory that brings new methods, tools and
  in-context research to enterprise architects.

8
Secure Internet InfrastructureKey Components

• Internet Technologies
• Development Tools, Application Servers, B2B, B2C,
  
• Information Infrastructure
• Middleware Web Servers, COM, CORBA, EJB,
  Messaging, JINI, .
• Enterprise Directory x500, LDAP, Active
  Directory, NDS..
• DBMS, XML/XMI, Portals, Data Warehousing, UDDI.
• Information Assurance
• PKI/X509, PGP, VPN, Firewalls, Digital Signature,
  Intrusion Detection, Encryption...
• Network Technologies
• Switches, Routers, Wireless (802.11, Bluetooth),
  VOIP..

9
Survey Results

• 1. Is your organization actively developing a
  secure information infrastructure?
• Yes 96
• No 4
• 2. Are your architecture efforts for e-business
  and information assurance tightly coupled?
• Yes 75
• No 25
• 3. Are architecture efforts an important part of
  your IT planning process?
• Yes 94
• No 6
• 4. Do your architecture efforts apply methods
  that enable direct linkage of business
  requirements to COTS products?
• Yes 78
• No 22
• 5. Do you feel your current architecture and
  technology research efforts are appropriately
  tied to your pre-acquisition activities?
• Yes 68
• No 32

10
Survey Results

• 6. Do you find it difficult to cope with market
  dynamics presented by the internet and e-business
  paradigms?
• Yes 63
• No 37
• 7. Do you feel that you are successfully keeping
  up with technology change rates?
• Yes 51
• No 49
• 8. Do you feel frustrated with the ration of
  marketing hype to accurate product information?
• Yes 82
• No 18

11
Survey Results

• 9. Is your current technology research contractor
  conflicted or constrained by any of the
  following YES 56. How so
• 19 Contractors of analysts have marketing or
  reseller agreements with the technology
  manufacturers that they recommend
• 24 Analysts are also involved in the
  implementation
• 24 Contractors or analysts are tied to or
  overly biased toward specific standards or
  technology markets
• 13 Contractors or analysts' research is
  partially funded by vendors
• 17 Contractor or analyst does not use a
  formalized research and validation method
• 18 Contractor or analyst seems to be falling
  behind current technology churn rates and/or
  market hype

12
Consensus on DevelopingSecure Internet
Infrastructure

• Change engineering process to accommodate shift
  from application development to component
  integration
• Model Business needs in simple terms (XML)
• Map business models to available standards and
  technologies, and publish
• Validates vendor assertions past on past
  performance
• Collaborate with industry partners in a high
  trust environment.
• Engage trusted agents who are non-conflicted, and
  capable of sharing industry best practices