What are the core elements of Enterprise Architecture?
So we know what enterprise architecture is, but how does it work, and how can it benefit you [as a business or as an architect working with businesses]?
Enterprise architecture centers upon six basic elements. Each is unique and distinct, but [like the inner workings of a building], interconnected and interdependent.
Enterprise Architecture Governance
Like all plans, enterprise architecture calls for oversight–someone to keep things on track, to maintain standards, to provide decision-making, to delegate working groups, and to manage the project. Ring Central’s Andy Cheng explains that “each enterprise will need an oversight team for the architecture. They make sure everyone else stays on track. The team is there to ensure alignment of business goals with IT infrastructure.”
Enterprise Architecture Framework
The next core element in an enterprise architecture is the framework. Enterprise architects use enterprise architecture frameworks to simplify the complexity of their organization. They use that simplification to understand where the organization cannot meet expectations, and where it must be changed to meet expectations. There are many frameworks. Whether it is a comprehensive architecture framework, an industry architecture framework, or a domain architecture framework one will be a better fit than others for any one organization.
While any enterprise architecture has a range of frameworks to choose from, the most popular is The Open Group's TOGAF Standard. Amongst other useful enterprise architecture elements, the TOGAF Framework describes enterprises as layers of interrelated architectural domains.
TOGAF Architecture Domains
- Business architecture which defines the business strategy, governance, organization, and key business processes of the organization.
- Applications architecture which provides a blueprint for the individual systems to be deployed, the interactions between the application systems, and their relationships to the core business processes of the organization with the frameworks for services to be exposed as business functions for integration.
- Information architecture which describes the structure of an organization's logical and physical data assets and the associated data management resources
- Technology architecture which describes the hardware, software, and network infrastructure needed to support the deployment of core, mission-critical applications
Other Enterprise Architecture Domains
- Security architecture, which is also called information systems security architecture. This domain is always very focused on IT. it contains the controls that effectively manage risk associated with information and information technology. The goal of the security architect is to protect the enterprise, not the technology.
- Cloud architecture comes from the rise of cloud services. Cloud services change how we changing how we address infrastructure architecture and application architecture. Software-as-a-Service clearly defines functionality and access through API, the two classic topics of application architecture.
- Service Oriented Architecture [SOA] and micro-service architecture are enterprise architecture domains that arose and folded into classic architecture domains.
Methodology
Another basic element of enterprise architecture is the methodology for implementation of the strategy articulated by the framework.
Artifacts
As the framework gets implemented, there will be a series of documents, strategic analyses, business plans, controls, databases, and other elements of the enterprise architecture created. These are “artifacts,” and these will need to be stored, accessed, and used.
Standards
This element of enterprise architecture includes all rules, regulations, laws, and segment-specific standards that govern the implementation or maintenance of the new plans being developed.
Enterprise Architecture Best Practices
And the final core element of enterprise architecture pertains to the operating procedures that come from the plan itself. Andy Cheng explains that:
Best practices are where the organization creates standardization of their operating procedures. This enforces consistency of processes and compliance. But it also promotes transparency, so teams understand the deliverables [documentation artifacts].
Now that we have introduced you to a few of the core elements of enterprise architecture, it’s time to get to work.
Join our practical hands-on enterprise architecture training!
Most organizations base their cybersecurity approach on an established model like the National Institute of Standards and Technology [NIST] Cybersecurity Framework. The five key functions in the framework are:
- Identify
- Protect
- Detect
- Respond
- Recover
The framework has to encompass your entire environment, including applications, users and data, and extend where necessary to your supply chains and value chains. A comprehensive, end-to-end framework will encapsulate:
- Endpoints
- Networking
- Multiple clouds [private, public and hybrid]
- Servers/hyper-converged infrastructures
- Storage
- Data protection and recovery
To achieve best practices in all these areas, it is necessary to build your cybersecurity framework on an intrinsic foundation that provides automation, agility, resiliency, intelligence and maximum protection against attacks.
This article discusses the five elements of a modern cybersecurity framework and aligns specific services from the Dell Technologies Security solution portfolio for each function within the NIST framework.
Function No. 1: Identify. This function includes identifying physical and software assets; conducting a supply chain assessment and developing a supply chain risk management strategy; identifying security policies and asset vulnerabilities; and establishing a risk management strategy, including risk tolerances.
Dell Security solution portfolio: Asset discovery and access management; cloud security and compliance risk management; secure supply chain management; security assessment and business resiliency services.
Function No. 2: Protect. This function includes ensuring protection for identity management and access control; empowering staff through awareness and training; establishing data security protection consistent with risk strategy; implementing protection processes and procedures; protecting organizational resources through maintenance; and managing protective technology to ensure the security and resilience of systems and assets.
Dell Security solution portfolio: Hardware/firmware security; endpoint data protection; cloud protection for SaaS applications and hybrid workloads; cloud security and compliance risk management; network security and virtualization; data protection and security services.
Function No. 3: Detect. This function defines the appropriate activities to identify a cybersecurity event and enable timely discovery, including ensuring anomalies and events are detected; implementing continuous security monitoring capabilities and verifying the effectiveness of protective measures, including network and physical activities; and maintaining detection processes to provide awareness of anomalous events.
Dell Security solution portfolio: Threat and vulnerability detection and response; services for cybersecurity and managed detection and response.
Function No. 4: Respond. This function supports the ability to contain the impact of a potential cybersecurity incident, including ensuring response planning processes are executed; managing communications; conducting analysis to ensure effective response and support recovery activities, including forensic analysis; conducting mitigation activities; and implementing improvements by incorporating lessons from current and previous detection and response activities.
Dell Security solution portfolio: Threat and vulnerability detection and response; services for managed cybersecurity and managed detection and response; cyber-incident response and recovery services.
Function No. 5: Recover. This function identifies activities to maintain plans for resilience and restore any capabilities or services, including ensuring the organization implements recovery planning processes and procedures to restore systems or assets affected by cybersecurity incidents; implementing improvements; and managing internal and external communications during and after recovery from a cybersecurity incident.
Dell Security solution portfolio: Cyber-recovery consulting and managed services; cyber-incident response and recovery services.
Taking the Next Step
The portfolio capabilities discussed in this article comprise a wide range of solutions from Dell Technologies and VMware, including:
- Dell Business Resiliency Services
- VMware Carbon Black Cloud
- VMware Workspace ONE
- VMware NSX-T Data Center
- Dell BIOS
- Dell SafeID
- Dell PowerProtect Cyber Recovery
- Dell SecureWorks Managed Detection and Response
To find out more about how Dell and VMware can help your organization build and manage a modern cybersecurity framework that incorporates best practices for the five key functions—identify, protect, detect, respond and recover—please review the articles and resources on this site and visit Dell Technologies at www.delltechnologies.com/en-us/solutions/security/index.htm.