I am attending a Cloud security standards industry meeting today evening on how to harmonize the cloud with a lot of standards that are flooding the market. In fact there are no unified cloud security standards today, each vendor be it AWS , Microsoft , IBM g, Google have their own standards. In the back drop of this thought that the role of an architect to look for standards , pick and choose and make the best choices should be part of one of his/her key skill sets.
The below diagram is from the Open Group https://www.opengroup.org/architecture/togaf91 . As you can see it is made up of the a whole lot of standards right from HTTP / CICS ( old world mainframe ) to RPC to ORB to xml over http etc. It has even screen scraping used as an integration touchpoint so as not to disrupt the existing architecture and move ahead with minimal changes.
As can be seen from the figure below the latest and greatest technologies have been used to make up the entire architecture. You may say that this actually looks like my company architecture. In fact in one of the companies they mentioned that their current architecture looks like this to the T and were checking if it was actually cut paste from their architecture documents. In fact that is how architectures evolves in an evolutionary fashion in small increments over a period of time . Once it becomes as large and complex then it is not easy to keep making changes and enhancements to the architecture and still expect it to remain flexible like the way it used to be.
If you carefully look at the architecture below then to maintain its lifecyle we would need people from all the diverse skills sets such as an ORB , RPC which were no doubt the latest and the greatest technologies at one point of time. But if you have not standardized the interfaces over a period of time then we need to worry about getting people with those skills sets in the company when putting ads for those skills sets on indeed.com or dice.com would show very few takers. This obviously creates a challenge for the key people entrusted with the task of owing the product or solution on how to gets folks to maintain these layers / enhance it / modify it etc. If the architects have a standard plan of say all UI layer code to talk to the middletier using the standard set of interfaces all business facing APIs at the business layer need to follow the standard practices. The below diagram would perhaps have around 4-5 different protocols and others would have got consolidated or sunset based on the different releases or solution delivery cycles.
What is the cure for all of these is to have a Reference Architecture which promotes the uses of known standards while building architectures.
Now looking at SECURITY as one part of the list of things that make up our application stack .And if we have to look at the security pieces that make up our application architecture.You can create a stack of Security across the Business , Data , Application and Technology layers additionally.
When we look at setting standards for Security alone these would be the brief list of things that you need to take care of. At an enterprise level security will not be complete unless physical security is accounted as well. This would ensure how IT resources man , material and IT assets are safe guarded in the event of a calamity.
So on the standards journey an architect / senior IT professional needs to take care of how to organize and plan for use of standards in their realm of work.
Leaving you with a standards trivia ” USB 3.1 doubles the speed of USB 3.0 to 10Gbps (now called SuperSpeed+ or SuperSpeed USB 10 Gbps), making it as fast as the original Thunderbolt standard. USB 3.1 is backward-compatible with USB 3.0 and USB 2.0 ”
So much about standards