The Vigilant Business Architect: Lessons from the Field

Articles
Registration is free. Login or register to view/download this content.

Author(s)

Dean Heltemes
Senior Director, Ameriprise Financial
Dean Heltemes is a business and technology executive with diverse, global leadership experience across multiple industries. He is a business architecture evangelist with a focus on IT and Business Strategy Development, Strategy to Execution Planning, Enterprise and Business Architecture, and Business Process Management. Dean has a Bachelor of Science degree in Computer Science from St. Cloud State University and a Master of Business Administration from the University of Minnesota. He is also the co-founder and owner of MindStart, a company that designs and sells activity products for persons with dementia. He lives in Minneapolis, Minnesota with his wife and three daughters.

2017 may go down as the year of ransomware, rogue software that infects a computer, scrambles the data, demands you pay money to get access back, and eventually destroys your files. In May the WannaCry ransomware cyberattack affected more than 200,000 users in over 150 countries and disrupted operations for numerous corporations. This was followed in June by a new variant of the Petya ransomware, with this cyberattack impacting over 12,000 devices in around 65 countries, along with some high profile corporations. While most ransomware still targets consumers, what is notable for business architects is that according to Kaspersky Lab, ransomware attacks on businesses increased 11x in 2016. So what is the role of a business architect regarding cybersecurity, disaster recovery, and business continuity planning? I honestly have no idea. In the spirit of never letting a serious crisis go to waste, let’s see how we can help.

Cybersecurity Framework

Let’s start with a good framework (as all good architects love frameworks). The National Institute of Standards and Technology (NIST) publishes a well-respected cybersecurity framework. At its core are five key functions that they recommend be performed concurrently and continuously to address the dynamic cybersecurity risk. These five functions are:

Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs.

Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event.

Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events.

Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. The Respond Function supports the ability to contain the impact of a potential cybersecurity event.

Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event.

The Protect, Detect, Respond, and Recover Functions appear to fit squarely within the purview of the information security team. The business architect may at times get consulted for guidance and information, but it would likely be limited to that. The Identify Function, however, reads a bit like a paragraph from the BIZBOK, so let’s take a closer look at this one.

A Role for Business Architecture in Cybersecurity

Understanding the business context is what business architecture is all about, so clearly we can play a role. Business strategy maps, value streams, capability roadmaps and other business architecture blueprints can provide a foundation to the information security team to build upon for the other Functions. Identifying potential business impacts, determining risk, and prioritizing what is most critical to the business is also a key part of the Identify Function. The business capability model can be a key asset to assist with this and help to tie disparate information together. For example, imagine starting with your standard business capability model, having applications linked to the capabilities they support, with those applications linked to the CMDB which describes the underlying infrastructure (including backup and recovery systems). Now imagine having criticality and performance rankings along with a rating for the impact of a disruption for these same capabilities. You can see a powerful model emerging that can drive better decision-making across many areas.

Of course this is not easy, and building and maintaining such a model can be nearly impossible for some organizations. In that case, focus on the key capabilities and applications, the ones with the most impact. Manually maintaining this connectivity is feasible in small numbers and provides information to drive investment decisions for disaster recovery and business continuity plans. All of this goes well beyond ransomware too. As all of us and are companies become increasingly dependent on technology, we need to ensure we are protected from always-evolving cyber threats.

My fellow business architects, I ask you to be vigilant and be assertive. Engage your IT organization, information security department, and business, and find out what they are doing in the area of business continuity planning. Offer your help and share your knowledge. More broadly, pay attention to what is going on around you, not just within the company, but in your industry, country, region, and the world. Look at every crisis as an opportunity to help. If you are like me and truly believe in the value of business architecture, find new ways and places to apply it. And that can even be in places you wouldn’t expect, such as helping to prepare for and battle cybersecurity threats.

This article was prepared by Dean Heltemes in his personal capacity. The views expressed in this article are the author’s own and do not represent the view of his employer.

Similar Resources

Featured Certificate: BPM Specialist

Everyone starts here.

You're looking for a way to improve your process improvement skills, but you're not sure where to start.

Earning your Business Process Management Specialist (BPMS) Certificate will give you the competitive advantage you need in today's world. Our courses help you deliver faster and makes projects easier.

Your skills will include building hierarchical process models, using tools to analyze and assess process performance, defining critical process metrics, using best practice principles to redesign processes, developing process improvement project plans, building a center of excellence, and establishing process governance.

The BPMS Certificate is the perfect way to show employers that you are serious about business process management. With in-depth knowledge of process improvement and management, you'll be able to take your business career to the next level.

Learn more about the BPM Specialist Certificate

Courses

  •  

 
Certificates

  • Business Process Management Specialist
  • Earning your Business Process Management Specialist (BPMS) Certificate will provide you with a distinct competitive advantage in today’s rapidly evolving business landscape. With in-depth knowledge of process improvement and management, you’ll be able to take your business career to the next level.
  • BPM Professional Certificate
    Business Process Management Professional
  • Earning your Business Process Management Professional (BPMP) Certificate will elevate your expertise and professional standing in the field of business process management. Our BPMP Certificate is a tangible symbol of your achievement, demonstrating your in-depth knowledge of process improvement and management.

Certification

BPM Certification

  • Make the most of your hard-earned skills. Earn the respect of your peers and superiors with Business Process Management Certification from the industry's top BPM educational organization.

Courses

 
Certificates

  • Operational Excellence Specialist
  • Earning your Operational Excellence Specialist Certificate will provide you with a distinct advantage in driving organizational excellence and achieving sustainable improvements in performance.
 

 

OpEx Professional Certificate

  • Operational Excellence Professional
  • Earn your Operational Excellence Professional Certificate and gain a competitive edge in driving organizational excellence and achieving sustainable improvements in performance.

Courses
Certificate
  •  

  • Agile BPM Specialist
  • Earn your Agile BPM Specialist Certificate and gain a competitive edge in driving business process management (BPM) with agile methodologies. You’ll gain a strong understanding of how to apply agile principles and concepts to business process management initiatives.  
 

Business Architecture

 
Certificates

  • Business Architecture Specialist
  • The Business Architecture Specialist (BAIS) Certificate is proof that you’ve begun your business architecture journey by committing to the industry’s most meaningful and credible business architecture training program.

  • Business Architecture Professional
  • When you earn your Business Architecture Professional (BAIP) Certificate, you will be able to design and implement a governance structure for your organization, develop and optimize business processes, and manage business information effectively.

BA CertificationCertification

  • Make the most of your hard-earned skills. Earn the respect of your peers and superiors with Business Architecture Certification from the industry's top BPM educational organization.

Courses

 
Certificates

  • Digital Transformation Specialist
  • Earning your Digital Transformation Specialist Certificate will provide you with a distinct advantage in today’s rapidly evolving business landscape. 
 

 

  • Digital Transformation Professional
  • The Digital Transformation Professional Certificate is the first program in the industry to cover all the key pillars of Digital Transformation holistically with practical recommendations and exercises.

Courses
Certificate

  • Agile Business Analysis Specialist
  • Earning your Agile Business Analysis Specialist Certificate will provide you with a distinct advantage in the world of agile software development.

Courses
Certificate
  • DAS Certificate
  • Decision Automation Specialist
  • Earning your Decision Automation Certificate will empower you to excel in the dynamic field of automated decision-making, where data-driven insights are pivotal to driving business innovation and efficiency.