Impact

Organizational Resilience – Enterprise Architects in the Modern Organization Part 2

By

The Enterprise is more complex than ever.

Whether large or small, public or private, commercial or government, the organization is complex and, in some cases, overly complex.  Decades ago, complexity was admired—it was purchased.  Complexity was synonymous with sophistication; it was the result of big thinking.  Complexity and compatibility were synergistic and they went hand in hand.  Working around vendor “lock-in” required complex solutions (or wholesale replacement).  In the last decade, however, complexity has been driven by enjoinment and not by need.  At times, complexity was layered on the enterprise haphazardly by crisis, not through planning.  Complexity is intrinsically fragile, it requires work (lots of it), and drains resources and revenue (lots of it).

In the article Here’s why enterprise IT is so complex,” Gregor Hohpe offers several ideas to assist in managing complexity.  One of his suggestions is architecture.  In the article, he says “Architecture done right develops models and abstractions that hide irrelevant complexity and allows us to make better decisions.  After all, you can’t manage what you can’t understand.”  Understanding comes from opening up the layers of complexity and revealing the underlying simplicity that still exists.  Like a surgeon cutting through skin and muscle to examine the anatomical elements within, enterprise architects have the skill sets to identify and expose the important constituents of simplicity that have been sequestered from standard management practices.

While we cannot ignore or eliminate complexity (and we shouldn’t), we can put a renewed emphasis and focus on the simplicity that still exists within the enterprise’s day to day operations.  Simplicity was the seed at the conception of the enterprise, and it is still there.  We need to refocus on the simplicity that was instinctual at the beginning.  Ockham’s razor is the problem-solving principle that essentially states that “simpler solutions are more likely to be correct than complex ones.”  The idea is attributed to English Franciscan friar William of Ockham (c. 1287-1347), a scholastic philosopher and theologian.  Ockham’s razor should not be taken as an indisputable canon of logic; rather it reminds us to be attentive to the fundamental preference to seek simplicity that facilitates understanding.  On one level Ockham’s razor is trivial; of course, the solution with the fewest moving parts will have the highest utility value. But on another level, it is deceptively profound because the characteristics of simplicity and complexity are integrally related to resilience and fragility.

Complexity is fragile and the enterprise has become brittle.  It is not brittle because it is frail, unstable or poorly designed, but rather because of its inability to bounce back quickly.  Resilience is the ability to return/keep core processes (not necessarily systems) running throughout a disaster, rather than a comprehensive restoration after the fact.  Unfortunately, resiliency has not been a significant factor in enterprise planning.  The past year gave rise to dramatic headlines about commercial enterprises and municipal organizations being hijacked by ransomware.  Corporate and government services were rendered unusable while management determined a course of action for their enterprise.  In some cases, it took months and millions of dollars to return essential service to operations.  In previous decades, commercial and government organizations had a continuity of operations plan (COOP) in place to “respond, recover and restore.”  Typically, COOPs were based on redundant hardware/software resources or, in some cases, duplication of the entire server room in a distant (off-site) location.  COOP sites were either hot – up and running in parallel, but offline – or cold -database back-ups were made on a recurring basis and shipped to site, but the hardware was turned off until needed.  COOP plans were holistic, and restoration was an all or nothing event with no delineation of what was business critical within the plan.  COOP sites were rarely put into action, proving to be very costly to maintain and manage.  Over the years, they fell out of favor to the point where, in the current IT world, they are extremely rare.  Today’s enterprise maintains a tenuous sense of continuity by running their IT operations in a decentralized environment, perhaps a mix of on-premise and cloud-based hardware or entirely cloud-based.  The fundamental flaw of the COOP strategy remains, however, that restoration is an all-in event.  Restoration focuses on servers spinning up and databases being reloaded.  There may be a rank order that designates the order of the servers as they are brought back online, but the plan has little to no understanding of the processes that make the enterprise unique and realize value.  Hardware and software are important, but they are tools.  Commerce and ingenuity are the lifeblood of the enterprise.  They are achieved through the smooth execution of core business processes, which should not be equated to the tools that the processes may use.  Organizational resilience identifies these processes and prioritizes their restoration, which may or may not be IT based, to ensure persistence.  Enterprise architects with the organizational resilience specialty will have the skills and tools to be able to identify foundational elements and distinguish them from contextual components.  Additionally, they will be able to pinpoint and assist strategic planners in addressing the existence of clusters of urgency as well as pivot points and seams within the operational environment.  With this information readily at hand, stakeholders will be prepared to authorize and establish plans to keep critical enterprise processes available and in place.

Previously I expressed the concern that the conventional practice of Enterprise Architecture had become an enabler of complexity.  Because of the exhaustive nature of their tasks, enterprise architects struggle with the reality that business objectives shift rapidly and critical processes entwine across organizational boundaries.  EA has become synonymous with the aggregation of details, and complexity is the mother lode of details.  As enterprise architects, we need to reorient ourselves and inaugurate an enhanced practice.  One built upon more nimble approaches to architecture than traditional EA has offered in the past—quickly focusing more on identifying and helping to solve emergent business problems.  Resilience is the most urgent area that enterprise architects can help to address today.

Every enterprise is at risk—from the sophisticated threats that exist today to the AI-enhanced threats that will come tomorrow.  How the enterprise responds will be the differentiator.  A comprehensive understanding of what the enterprise must do to “keep the doors open” and how it does that is critical.  Resiliency takes that understanding and puts it front and center in every facet of the planning processes.  Resiliency is all about keeping revenue streams or critical constituent services available.

In the next article, we will talk about the other side of this coin—Risk Analytics.

Click Here to contact UNCOMN about Enterprise Architecture Solutions!