In this article, I describe the experience of       functions, data sources, applications, andbuilding the Enterprise Arch...
Figure 2. EA Value PropositionStep 1: Clearly       articulate   the    value       physical example to explain to others ...
The Winchester House became a metaphor forwhat could happen to an organization’sinformation technology without EA: It coul...
perspectives and make them pertinent to theSecret Service environment. The coreprinciples are:• Business-technology       ...
Based on these principles, we developed EA          Secret Service.products, such as the concept of operations(CONOPS) sho...
achieve this objective.                               awareness of the EA’s day-to-day value.                             ...
three-tier   approach   to  displaying        the    Spewak, S. H. (1992). Enterprise Architectureinformation,   and    us...
Upcoming SlideShare
Loading in...5

Implementing EA at the Secret Service - Andy Blumenthal


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Implementing EA at the Secret Service - Andy Blumenthal

  1. 1. Case StudyIMPLEMENTING ENTERPRISE ARCHITECTURE AT THEUNITED STATES SECRET SERVICEAndrew Blumenthal ABSTRACT This article describes a ten-step process used by the United States Secret Service to build its Enterprise Architecture (EA) program. EA is the discipline that synthesizes key business and technical information across the organization to support better decision-making. The Secret Service program improves on the traditional approach to EA by going beyond the collection of voluminous information to synthesize and present it in a useful and useable format for decision-makers. It achieves this by using a clear framework, incorporating a three-tier approach to displaying the information, and drawing on principles of communication and design in a 10-step process. KEYWORDS enterprise architecture, secret service, information technology, strategic planning, investment management, knowledge management, information sharing, information visualization, Clinger-Cohen ActINTRODUCTION known as “Clinger-Cohen.” This Act, among other things, charged federal agency ChiefEnterprise Architecture (EA) is the discipline Information Officers (CIOs) with “developing,that synthesizes key business and technical maintaining, and facilitating the implementationinformation across the organization to support of a sound and integrated informationbetter decision-making, as shown in Figure 1. technology architecture” (110 Stat. 685). ThisThe information in the EA includes, among legislation was significant because itother things, descriptions of business functions recognized the centrality of EA to goodand activities, information requirements, and decision-making in the organization.supporting applications and technologies.In my experience, before EA existed, suchdata was often difficult to get, cumbersome toaccess, and challenging to use. InformationTechnology (IT) was organized functionally,not holistically; the relationship betweenbusiness and IT stakeholders was oftenconfrontational rather than collaborative; anddocumentation on technology and applicationswas often difficult to obtain, if it existed at all.In 1996, the federal government addressedthis issue by passing the InformationTechnology Management Reform Act, also Figure 1. EA Support for Decision-Making © Journal of Enterprise Architecture – November 2005 1
  2. 2. In this article, I describe the experience of functions, data sources, applications, andbuilding the Enterprise Architecture at the technologies.United States Secret Service (Secret Service)— how we launched the EA program, built In addition, the Secret Service experienced ademand around it, and created a structure and convergence of situational factors that furtherinformation ‘products’ to satisfy that demand supported its EA development. Thesesystematically. I also explain how we ensured included:that the EA information we provided would be • Management commitment. We hadaccurate, accessible, intuitive, and meaningful support from the senior management team offor both the technical and the non-technical the Secret Service’s Information Resourcesbusiness user. Management Division (IRMD) and from the EAWG.SITUATION • Funding. The Secret Service allocated funding for contractors to support programThe Secret Service launched its EA program in requirements.1998. The program was based on a strategy of • Human capital. We put together a talentedbuilding grassroots demand rather than EA team with many diverse skills andimplementing it through the more traditional backgrounds, including business management,top-down approach. advanced technology, and graphic design.In accordance with Office of Management and In the second half of 2003, I joined the SecretBudget (OMB) Circular A-130 requirements — Service as the EA program manager. Underthat federal agencies ensure information the leadership of the then-chief enterprisesystems align with federal, agency, and bureau architect and working with our dedicated team,architectures — the Secret Service established we set out to build a more robust Enterprise Architecture Working Group(EAWG) (OMB, 2000). The EAWG wascharged with reviewing IT investments to CHALLENGEensure they were consistent with both IT andbusiness strategies. The EAWG was In taking the EA to the next level, we faced acomposed of management-level difficult challenge: people were hesitant torepresentatives from IT and the major lines of share their information. This resistance wasbusiness. It soon became apparent to the natural. Employees of any organization,members of this group that better information especially in law enforcement, are cautiousabout our IT environment (such as IT product about giving out information, because they fearstandards, applications, security parameters, that it could compromise the security of theand so forth) was needed to meet these review mission. More generally, in any organizationresponsibilities. people feel that knowledge is power, and fear losing power if they share it.By 2003, demand increased to the point wherewe needed to develop a formal framework, To help overcome this, we concentrated ourpolicy, governance, and EA product set. efforts on aligning the EA with the mission ofDemand was coming from a variety of user the Secret Service and presenting it in a usefulgroups, including: and useable format, through what eventually became a 10-step process.• EAWG members. These individualsneeded better information to evaluateproposed IT investments. PROCESS• Project managers. Business and technical In developing the EA for the Secret Service,project managers needed EA information to we did not consciously set out these 10 stepsguide IT development efforts. in advance. We started with OMB’s Federal• Department of Homeland Security (DHS). Enterprise Architecture (FEA) and built on itDHS required extensive EA information from through the team’s collective professionalthe Secret Service after the creation of the experience and education, and simple trial-Department in 2002, including business and-error. The process evolved from there.2 © Journal of Enterprise Architecture – November 2005
  3. 3. Figure 2. EA Value PropositionStep 1: Clearly articulate the value physical example to explain to others why EAproposition is important. We selected the famous Winchester House built in San Jose, CA in theIn order for everyone to understand the benefit late 1800’s as our example of what happensof what we were doing, we needed to clearly when you build without planning first. Shownarticulate the value that the architecture would in Figure 3, this house was also used as anbring to the organization. In the case of the example of what not to do by Dr. StevenSecret Service, the value proposition of EA Spewak in his pivotal book on EA Planningwas creating “order out of chaos.” (Spewak, 1992). This bizarre house had 147Accordingly, we identified the value proposition builders but not a single architect. Therefore,by creating an overview map of the EA $5.5 million and 38 years later, this 160-roomprocess. Victorian mansion had 65 doors that opened to blank walls, 13 abandoned staircases, and 24Figure 2 above shows how a wide range of skylights built into the is transformed into information productsthat are easily used by business and technicalusers to support enhanced decision-makingoutcomes. It resembles an integrateddefinition function (IDEF) activity diagram inthat it depicts how an input is processed by theEA program function (which is moderated bymechanisms and controls) to become anoutput. However, it was not intended, in and ofitself, for business process improvement.Rather, the purpose was to comprehensivelyyet simply portray the EA value proposition.We also realized that we needed a real-world, Figure 3. Winchester House (Used with permission from Winchester Mystery House) © Journal of Enterprise Architecture – November 2005 3
  4. 4. The Winchester House became a metaphor forwhat could happen to an organization’sinformation technology without EA: It couldeasily descend into chaos in a variety of ways.For example:• A mission could fail because information was there, but not shared• A manager might purchase technology that conflicts with the underlying infrastructure or is not fully mature• Multiple departments could independently purchase different software products that perform the very same function and not even know it, or• The organization could be left inadvertently vulnerable to cyber-attackStep 2: Institutionalize through policySomething we say is “you can have agreementand buy-in to do the EA, but if you do not Figure 4. EA Frameworkformalize it in policy, you cannot make it stick.”Therefore, once executive buy-in andmanagement commitment were obtained, we The following is a brief description of each ofturned to establishing an EA policy that clearly our EA perspectives:defined the EA’s purpose, scope, structure, • Business: What are the functions andand governance. In any organization, activities of the organization with respect to theincluding the Secret Service, policy has the mission?effect of legitimizing the program by requiringcompliance by all. Here is an excerpt from • Information: What information is needed toours: support the mission? • Applications: How do applications support “The purpose of the Secret Service information needs or requirements? Enterprise Architecture program is to develop and maintain a baseline and target • Technology: How does the technology enterprise architecture, to develop a support the applications? transition strategy, and to facilitate use of • Performance: How is performance the enterprise architecture in IT investment measured? management decisions, strategic and • Security: How is information protected? operational planning, and IT program management.“ The EA perspectives are presented visually in the shape of the Secret Service star, with eachStep 3: Establish a simple and well- perspective labeled as a point on the star.rounded framework Again, the overall message is that the EA truly represents the organization and is integratedAn EA framework is a basic blueprint for all of into its mission and culture.its products. The framework we chose waslargely derived from the Federal EnterpriseArchitecture (FEA). As is shown in Figure 4, Step 4: Identify the core principlesour EA framework uses six perspectives Once the EA framework was established, wethrough which one can look at business and IT developed a set of core principles that eachinformation. These are used simultaneously to perspective would support. The purpose forobtain a well-rounded view of the organization, doing this was to more fully explain theand are mutually reinforcing.4 © Journal of Enterprise Architecture – November 2005
  5. 5. perspectives and make them pertinent to theSecret Service environment. The coreprinciples are:• Business-technology alignment: ITinvestments must be aligned with the mission.• Information accessibility and sharing:Information should be accessible and sharedappropriately across the enterprise.• Interoperable applications: Ourapplications should work together.• Technology standardization andsimplification: IT should be standardized andsimplified to the greatest extent possible.• Measurable results: The results of Figure 5. Three-Tier EA Meta-Modelinvestment activity should be measured. While the models and inventories are• Integrity, confidentiality, and availability: important, we found that the high-level profilesWe must assure the integrity, confidentiality, were the most valuable products of all. Afterand availability of our information assets. collecting the information and inventorying it, we spent significant time analyzing theTo promote agency-wide awareness of and information in order to develop one-pagesupport for the EA program, we hung posters profiles of the key information that providesof the EA framework and core principles (as decision-makers with large amounts ofseen in Figure 4) throughout the headquarters information in quick, easy-to-use formats. Webuilding of the Secret Service. developed multiple profiles for every perspective of the architecture. An example of a profile is our business profile, whichStep 5: Create a meta-model succinctly identifies all the Secret Service’s core functions and sub-functions.A meta-model is a ”model of models” thatexplains how information will be cataloguedand presented. It ensures consistency in how Step 6: Incorporate principles ofinformation is demonstrated for each communication and designperspective of the framework. As far as weknow, the meta-model that we developed for Before we actually developed any EAthe Secret Service is unique. It is based on a products, we decided on a core set of designthree-tier architecture, as follows: principles that would guide us in developing• High-level profile: Provides a ”20,000 mile- the full set of EA work products. This was ahigh view” or executive summary unique step that we initiated in developing EA for the Secret Service. These principles• Mid-level model: Shows relationships, and included the following:is typically a diagram that demonstrates howitems relate to each other 1. Focus on the mission.• Inventory: The detailed information 2. Develop work products that are useful and usable.As is shown in Figure 5, the three information 3. Simplify complex information.levels help us to distinguish the details fromthe bigger picture. 4. Organize and classify information based on a structured taxonomy. 5. Create a common look and feel. 6. Provide easy access to work products through our intranet. 7. Maximize use of information visualization. 8. Be creative. © Journal of Enterprise Architecture – November 2005 5
  6. 6. Based on these principles, we developed EA Secret Service.products, such as the concept of operations(CONOPS) shown in Figure 6. It illustrates • A mid-level business process model thatfocus on mission and use of information would break down the functions of the Secretvisualization. Service into specific activities. • A business inventory that would detail all the functions, sub-functions, and services that the Secret Service performs, and align these to the DHS parent functions. However, in order to develop these products, we needed subject matter expertise. More than that, we needed ongoing commitment from the subject matter experts to collaborate with us on developing, and ultimately maintaining, the EA products. Accordingly, we worked through a senior management team and designated subject matter experts from the operational areas as the ”product owners” for each EA product, who were to be responsible for content. The actual design and development of the product was assigned to individuals on the EA team, and we designated these individuals as the ”product managers” Together, the product owners and the product managers develop and maintain our EA. In this collaborative relationship, we asked product owners to provide information that they Figure 6. Secret Service CONOPS already had. The product managers brought it into the architecture, organized it, identifiedThe CONOPS not only helped us to better relationships, and developed effectiveunderstand the mission and functions of the visualizations. The product owners made sureagency, but also helped to integrate this certain the data stewarded by the productinformation into a unifying representation that managers was accurate.everyone could understand and relate to. Anadded benefit is that, like the six-perspective Finally, in developing our products, we alignedEA framework poster, it provides a useful our architecture with the DHS’s architecture bycommunication vehicle for the EA program. using their taxonomies as a starting point and then modifying, nesting, and extending the Secret Service architecture taxonomies asStep 7: Define, develop, and maintain appropriate.information productsAt this point, we were ready to develop EAproducts: to find existing information, bring it Step 8: Set up a single informationinto the EA, organize it, and present it repositoryeffectively. In amassing information, it was tempting to store it in different databases, or ”buckets,“ forWe started by defining a consistent set of the sake of convenience. However, weinformation products for each perspective that realized early on that we would reap the realwould align with each level of the meta-model. benefits of this information only by capturing allFor example, under the business perspective, of it in a single repository. We selected andwe committed to developing such things as: implemented Telelogic’s (formerly Popkin• A high-level business profile that would Software) System Architect™ software productidentify the major functions performed by the as our EA repository and modeling tool to6 © Journal of Enterprise Architecture – November 2005
  7. 7. achieve this objective. awareness of the EA’s day-to-day value. These include briefings, demonstrations,Although it is still in a relatively early stage of posters, business cards, and booths at variousimplementation, we can already see a number internal IT fairs. Further, we make the EAof benefits including ease of use through information available to all employees on ourcentralization, enhanced data integrity, and the intranet.ability to show relationships between elementsof the architecture. LESSONS LEARNEDStep 9: Apply strict configuration In the process of creating an EA process andmanagement set of associated products for the SecretConfiguration Management (CM) is the Service, we have learned a number of lessons:process of identifying, controlling, and • Focus on the mission. Use EA to capturereporting on changes. It was important to and organize voluminous organizationalintegrate CM into our EA because of the need information to support better decision-making,to capture and manage a mass of critical rather than as an end in itself.information across the enterprise. Specifically,we needed to track changes to the original EA • Keep it simple. Don’t develop esotericproducts, so that we could ensure the models and frameworks. Instead, concentrateaccuracy and integrity of the information on creating a few useful and useable products.contained in them. Therefore, we developed a • Be flexible. Develop products as the needCM plan that provides for the maintenance of for them becomes apparent, rather than pre-logs that track changes to EA products; define what you will offer.created a quarterly release schedule for newor changed products; and instituted review and • Capitalize on information visualization. Asapproval by product owners of new or modified the saying goes, “a picture is worth a thousandproducts (and their change logs) before each words.” By summarizing EA information intoquarterly release of the EA. high-level visual profiles, we have distilled massive amounts of information in a concise and useful manner.Step 10: Use EA for everyday decision-making • Communicate early and often. Take the time to tell your story. No program canEA enhances decision-making by providing succeed without awareness, acceptance, andservices and information in support of strategic support among key stakeholders.planning, IT investment management, andknowledge management. The EA program atthe Secret Service guides strategic and tactical CONCLUSIONplanning, helps conduct IT investment reviews,and enables us to respond to business and We can never go back to the days of “build ittechnical questions from our stakeholders. and they will come.” Rather, everyone in the organization, particularly those in supportWe measure the use of EA for these functions functions like IT, must make it his/her job toas a benchmark of our performance against understand and respond to the needs of thethe goal of providing an EA that furthers the business. In my view, this is the real strengthagency’s business mission. For example, we and importance of EA. EA integrates thetrack the number of investment reviews business and technical information of theconducted, as well as responses to internal organization to enhance decision-making.and external requests for EA information.While not conclusive, these metrics provide Our own program improves on the traditionalhelpful indices for determining how useful our approach to EA by going beyond the collectionEA is to the Secret Service. of voluminous information to synthesize and present it in a useful and useable format forIn addition, we engage in various formal and decision makers. We achieved this goal byinformal activities to enhance our users’ using a strong framework, incorporating a © Journal of Enterprise Architecture – November 2005 7
  8. 8. three-tier approach to displaying the Spewak, S. H. (1992). Enterprise Architectureinformation, and using principles of Planning: Developing a Blueprint for Data,communication and design. Applications, and Technology. NY: Wiley & Sons.EA is a vital tool for supporting the mission ofthe Secret Service. Its benefits are maximizedwhen EA program leaders deliver a clear andrelevant business value proposition, workopenly and collaboratively with businesscustomers, and provide meaningful and easilyaccessible information.AUTHOR BIOGRAPHYAndrew Blumenthal is chief enterprise architectat the United States Secret Service. He is acertified enterprise architect (CEA) and projectmanagement professional (PMP) specializingin the implementation of best-practiceinformation technology solutions. In addition tohis work with the Secret Service, his twodecades of professional experience includeservice at a range of leading public and privatesector organizations, including the NationalOceanic and Atmospheric Administration(NOAA); the United States Department of theTreasury; the Dreyfus Corporation; andInternational Business Machines (IBM). Withan MBA in organizational behavior and a BBAin accounting, as well as numerous advancedcertifications in IT, including CIO certification,Blumenthal has unique insight into theimportance of IT to business success, andfocuses on synthesizing IT practices withbusiness needs, so as to providedemonstrated results in supporting the broadermission of the organization.REFERENCESClinger-Cohen Act of 1996. (Public Law 104-106). Section 5125, 110 Stat. 684.Integrated Definition Function ModelingMethod (IDEFØ) Overview. of Management and Budget (2000).OMB Circular A-130: Management of FederalInformation Resources, November 30, 2000.8 © Journal of Enterprise Architecture – November 2005