Information Technology Reference
In-Depth Information
Even if an organization does not currently employ credit card handling
practices, the same standards can be applied in a proactive manner when
planning for future-state architectural defense. If the organization later
falls under the PCI requirements, the protections will already be in place;
if not, these standards remain good practices for data defense. If a public
data exposure occurs, it is far better to be able to prove due diligence in
attempting to defending sensitive or protected information than to be
found negligent in this area. Doing nothing to prevent an exposure is
certainly going to draw fire.
Look Beyond the Project
As we discussed previously, strong project management skills are vital for
the CIO and any other lead architectural roles. This dictum can be mis-
leading, however, if it is applied too thoroughly without an eye toward the
big picture. Projects are discrete, with a clear beginning, identified term,
and identifiable closure. Enterprise architecture may include many pro-
jects in the architectural management program, but while projects have
a defined end, operational practices are ongoing and often cyclical in
nature. Security, for example, is never a goal that will someday be attained
once-and-for-all-time. Security is a relative state, subject to continued
changes as new attack techniques are developed or personnel are moved
between assignments. Tens of thousands of new viruses are released each
year, along with hundreds of other potential sources of malware and net-
work exploitation. Adding in social engineering and ever-increasing com-
puting power, the potential threats to an organization's network become
almost infinite.
Enterprise architects must plan for reactive immediate-term solutions,
address current trends and evolving requirements, while moving always
toward the supportable future-state enterprise that is yet to exist. Sell-
ing IT projects as quick-return “low-hanging fruit” projects can create
impossible expectations or unrealizable goals. The enterprise architect
must also maintain awareness of the ongoing value provided to an enter-
prise through incremental changes and cyclic technology modernization
efforts. Formal project management skills should be employed, but with
an understanding that the big picture is always evolving, always moving
to reveal more of the road ahead. Strategy and vision must be the ultimate
drivers for all of the more finely focused implementation projects.
