Do Enterprise Architects Care (Enough) About Security?


I’m sitting in a session at the Gartner EA Summit entitled “Security Architecture Best Practices.” I’ll be the first to admit that I don’t pay enough attention to the Security side of Enterprise Architecture, which is why I am in this session and plan on attending another complementary session tomorrow. I am surprised to see that, though there are 600 people at this portion of the Summit, there are only about 50 people in this room. So is EA really that far behind the curve in getting on board with Security? What are we all doing beyond adding a vertical “Security” bar to our models? Not much, in my case, but I am feeling that that ought to change, especially in light of some things I am starting to work on which I will blog more about in the coming weeks.


I know that James McGovern cares about security. In fact, he has stated before that he sees it as a form of competitive advantage, which, if true, explains why there are only 50 people in this room. I would expect that to grow year by year.


As for the session itself, so far so good. One salient point that I’ve heard Gartner preach before, but am now seeing tied to the Security space is that the “Consumerization of IT” should lead us to drive our Security Architecture and Design to enable choice and distributable trust. Personally, I feel that lock down security, the knee-jerk of most Enterprises, is an over-engineering step that will leave us inflexible and closed off from a younger generation of employees and consumers. Thus, I’m glad to see that backed up with some analysis from Gartner.


I’m glad to see Gartner offering sessions such as this in to an EA audience. My advice to them is to continue to offer sessions like this, even if the attendance from this year’s summit doesn’t suggest that there is an interest. Those numbers will grow.