Adapting IT Governance Frameworks to Ensure Control and Visibility of Open Source Dave Lounsbury, CTO & Vice President, The Open Group Peter Vescuso, EVP of Marketing & Business Development, Black Duck Black Duck 2013
Speakers Peter Vescuso EVP of Marketing & Business Development Black Duck Dave Lounsbury CTO & Vice President The Open Group 2 Black Duck 2013
Agenda Trends Open Source - Benefits and Challenges The TOGAF Standard Integrating open source processes with the TOGAF Standard Summary 3 Black Duck 2013
Open Source Technologies and Methods : Driving Major Business Trends Software is Eating the World Marc Andreessen New way to build software: Community & Co-opetition 4 Black Duck 2013
Abundance of Open Source 5000000 Open Source Projects 4500000 4000000 3500000 3000000 Projected 2500000 2000000 1500000 1000000 500000 0 2006 2008 2010 2012 2014 2016 5 Black Duck 2013
New Way to Build Software Tony McCarthy, Head of IT for Investment Banking Deutsche Bank Is our role to build software? Is our role to provide solutions? Or is our role to build frameworks that enable us to reach out to where talented people are? Source: Lodestone Foundation //lodestonefoundation.wordpress.com/ 6 Black Duck 2013
Open Source is Approaching a Tipping Point Faster release cycles Open source (Android): 3-4 months Closed source (Windows): 3 years Rate of Innovation Mobile Cloud Big Data Increasing Co-opetition Mobile - Android Automotive GENIVI Financial Lodestone 7 Black Duck 2013
How to Maintain Visibility and Control of Code? 8 Black Duck 2013
Benefits and Challenges of Open Source Key Benefits Flexibility Innovation Cost Optimization Challenges Technical Failure Security Risks IP Risks Open source is ubiquitous, it s unavoidable.having a policy against open source is impractical and places you at a competitive disadvantage Mark Driver, Gartner 9 Black Duck 2013 9
Augmenting Development Processes for Open Source Application development processes Plan Code Build Test Release Open source governance processes Acquire Approve Catalog Audit Monitor Description Version Vulnerabilities Cryptography License Maturity Black Duck KnowledgeBase 10 Black Duck 2013
Automating Compliance Manual Automated VS Cost Risk Compliance Cost Risk Compliance 11 Black Duck 2013
Architecture Methodologies and Frameworks The TOGAF Standard 12 Black Duck 2013
Why enterprise architecture? The value of having an architecture is: The primary reason to have an enterprise architecture is to provide an overall, high-level design of the enterprise Since enterprises are not designed in one step, the enterprise architecture provides the structure for all enterprise projects to conform to It expresses architectural principles of a long-term vision It communicates the system design vision and enterprise strategy to all stakeholders It helps management to plan, manage, and effectively utilize the enterprise s resources It can help ensure legal and regulatory compliance (for example, with the Clinger-Cohen Act) 13 Black Duck 2013
Background: What it is TOGAF, an Open Group Standard A proven enterprise architecture methodology and framework Used by the world's leading organizations to improve business efficiency The most prominent and reliable enterprise architecture standard Ensuring consistent standards, methods, and communication among enterprise architecture professionals 14 Black Duck 2013
The Origins of the TOGAF Framework A customer initiative A framework, not an architecture A generic framework for developing architectures to meet different business needs Not a one-size-fits-all architecture Originally based on TAFIM (U.S. DoD) 15 Black Duck 2013
Why the TOGAF Standard is Used A comprehensive general method Complementary to, not competing with, other frameworks Vendor, tool and technology neutral open standard Avoids re-inventing the wheel Widely adopted in the market Tailorable to meet an organization and industry needs Available under a free perpetual license Business IT alignment Based in best practices Possible to participate in the evolution of the framework 16 Black Duck 2013
TOGAF Capability Framework Modular Structure Content Framework Extended Guidance Architectural Styles Additional ADM detail Informs the capability Ensures Realization of Business Vision Architecture Capability Framework (Part VII) Sets targets, KPIs, budgets for architecture roles Drives need for Architecture Capability maturity Business needs feed into method Architecture Development Method (Part II) Delivers new business solutions Business Vision and Drivers Refines Understanding ADM Guidelines & Techniques (Part III) Architecture Content Framework (Part IV) TOGAF ADM & Content Framework Business Capabilities Informs the Business of the current state Enterprise Continuum & Tools (Part V) TOGAF Reference Models (Part VI) Operational changes cause updates Copyright 1999-2013 The Open Group TOGAF Enterprise Continuum & Tools 17 Black Duck 2013
TOGAF: How/Where Open Source Fits In Business architecture Application architecture Data architecture Technical architecture Defining Requirements Assessing Readiness for Change Selection Guidance Audit and Inventory Governance and Project Metadata Technology Opportunities 18 Black Duck 2013
Architecture Repository Copyright 1999-2013 The Open Group 19 Black Duck 2013
Readiness Assessment Do a Business Transformation Readiness Assessment to evaluate your organization's readiness to change Vision Desire/Willingness/ Resolve Need Business Case Funding Sponsorship and Leadership Governance Accountability Workable approach and execution model IT Capacity to execute Enterprise capacity to execute Enterprise Ability to implement and operate 20 Black Duck 2013
Prepare the organization for a ADM successful Phases architecture project Provide continual monitoring and a change management process to ensure that the architecture responds to the needs of the enterprise Provide architectural oversight for the implementation; ensure that the implementation project conforms to the architecture Analyze costs, benefits and risks; develop detailed Implementation and Migration Plan Set the scope, constraints and expectations for a TOGAF project; create the Architecture Vision; validate the business context; create the Statement of Architecture Work Develop Business Architecture Develop baseline and target architectures and analyze the gaps Develop Information Systems Architectures Develop baseline and target architectures and analyze the gaps Develop Technology Architecture Ensure that every stage of a TOGAF project is based on and validates business requirements 21 Black Duck 2013 Develop baseline and target architectures and analyze the gaps Perform initial implementation planning; identify major implementation projects
Best Practices/Recommendations Start with your vision for change and success Requirements are critical Led by business need Rigorous management watch for false requirements Assess your readiness for change Define your principles and use them Follow a strong governance process to make sure real requirements are really met 22 Black Duck 2013
Requirements for Optimal Use of Open Source Strategy Articulate the business objectives for use of OSS Policy & Process OSS policy & management processes Technology Automate governance and management of OSS Design-in compliance 23 Black Duck 2013
IT Management Maturity 24 Black Duck 2013
Open Source Adoption Open Source Management Maturity Framework Explicit Policy, Tracking & Audting Built-in Compliance Process Automation, Community Participation Strategic OSS Use, Community Leadership Informal Guidelines Ad Hoc Use Engineering driven Business strategy driven 25 Black Duck 2013
Summary Open source software and methods are changing how software gets built Architecture frameworks ensure compliance with standards, improve manageability and effectiveness The TOGAF Standard is a useful framework for defining and governing processes required for effective use of open source in the enterprise Increase visibility, control and buy-in Ensure compliance Reduce risk and exposure 26 Black Duck 2013
For More Information... Introduction to Open Source Governance and Compliance //advance.blackducksoftware.com/content/wpintroosgov The Enterprise IT Guide to Open Source Management //advance.blackducksoftware.com/content/guideeit The TOGAF Web Site //www.opengroup.org/togaf/ The Architecture Forum //www.opengroup.org/architecture/ TOGAF Version 9.1 on-line //www.opengroup.org/architecture/togaf9-doc/arch/ TOGAF Version 9.1 licensing and downloads //www.opengroup.org/togaf/ 27 Black Duck 2013