by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : January 2015
Dismissed as little more than “shelfware” over the years, enterprise architecture is now getting a fresh look as an approach for addressing specific IT problems, in- cluding enhancing agency cybersecurity defenses. Enterprise architecture, or EA, emerged in the government sector in the 1990s after the Clinger-Cohen Act tasked agency chief information officers with establishing IT architectures in order to improve the alignment between an agency’s IT plans and business practices. Since then, EA has to compete for management attention with other trends for instituting enterprise ef- ficiency, most recently DevOps and agile development practices that stress collaboration between soft- ware and IT development. EA has also had to accommodate an increas- ingly dynamic IT environment in which cloud-based computing resources can be summoned on the fly. Against this backdrop, however, some agencies are taking EA in novel direc- tions. The Department of Energy’s CIO of- fice, for example, has built a tool that enlists EA in the agency’s cybersecu- rity cause. The Enterprise Architecture Roadmap Solution (EARS) aims to help identify IT assets nearing end-of-life so aging servers and unsupported software don’t become vulnerabilities. An IT secu- rity incident in 2013 helped solidify that particular use case. “We had a cybersecurity breach last year and one of the weak points was ... out-of-date software,” noted Rick Lau- derdale, chief enterprise architect of the Department of Energy. An old copy of ColdFusion had be- come the point-of-entry for an attack, a discovery that inspired Energy to develop a better record of information it was collecting on its IT assets, he added. Tools like EARS represent a shift in thinking among agencies, according to government IT watchers. Brian Fogg, chief technology officer at NCI Inc., an IT services provider, said agencies are cleansing and enriching asset data so they can make better en- terprise IT decisions, part of an effort to frame EA within a broader agency asset data discussion. “Our clients in DOD tend to use it that way and are driving decisions around security and vulnerability management and threat identification,” Fogg said. EARS IN THE MAKING To create the EARS tool, Energy inte- grated software it already had in place with additional off-the-shelf technology. The department had been using BigFix, which scours Energy’s network to collect data on hardware and software assets, as an asset discovery tool. Energy was also using Troux Technologies’ EA man- agement tool. The agency began using the applica- tions to explore data on its IT assets. Lauderdale said 30 percent of that data was analyzed to get an estimate of how much of Energy’s hardware and software inventory was hitting end-of-life status. In doing so, the department discov- ered problems with its inventory informa- tion. For example, merger and acquisi- tion activity among IT companies meant that the same hardware and software products would sometimes appear un- der different names. To enhance its asset identification, En- ergy added products from BDNA to the mix, including BDNA’s Technopedia and Normalize products. Technopedia offers a categorized repository of hardware and software, which gave Energy an enterprisewide standard for IT asset ter- minology. BDNA Normalize then takes the data from BigFix and normalizes it against the Technopedia standards. BDNA works with IT vendors to pre- vent data describing EA from becom- ing stale. That approach improves the reliability of information on end-of-life assets. “They keep up with the life cycle information ... every day, and they update the data structure,” Lauder- dale said. In the next step, the Troux Plat- form pulls the fully normalized asset information from BDNA, combines it with other contextual business/IT information and provides analytics and visualizations that help identify areas of excessive risk and cost, according to Ted Reynolds, Troux’s vice president of public sector. Troux generates reports that highlight IT assets with a color-coded lifecycle status – red for assets that are in trouble and ripe for removal, and yellow for as- sets that are heading for end-of-life, he said. Agencies looking to apply EA to prob- lems such as IT security need to focus first on preventing their IT asset data from becoming stale. “It begins there,” Fogg said, noting the necessity for a strong commitment to keep the data around the EA up to date. “The less it is current, the less it is ap- plicable to the enterprise,” he said. Agencies also need tools to make EA more responsive to IT management challenges. Lauderdale said BDNA and Troux provide a foundation for an EA solution, noting that an agency could include BigFix or another IT asset infor- mation products as part of the overall package. • [BrieFing] Energy Dept. recasts enterprise architecture for cybyersecurity 12 GCN SEPTEMBER 2014 • GCN.COM 12 GCN JANUARY 2015 • GCN.COM BY JOHN MOORE “We had a cybersecurity breach last year and one of the weak points was out-of-date software.” – R ICK LAUDERDALE, DOE 0115gcn_006-016.indd 12 1/12/15 3:00 PM
November and December 2014