Realize GDPR Compliance with Enterprise Architecture Management

Data protection becomes more and more important in a world where many aspects of life are supported by IT systems processing personal data and a lot of organizations running these systems.

General Data Protection Regulation (GDPR)

With Regulation (EU) 2016/679 of the European Parliament and of the Council data protection becomes a prominent issue for all organizations operating inside the European Union. That is because both the rights of individual users on information against organizations and the obligations of organizations for reporting and disclosure have been extended. Some examples:

  • Consent: Stronger conditions apply as to how consent about personal data processing is given.
  • Breach notification: Loss, theft or unauthorized access to personal data must be notified.
  • Subject access: Subjects can demand information whether their personal data is processed by an organization or demand porting their data to another provider.
  • Right to be forgotten: Subjects can demand data to be erased or restrict the processing of their data.
  • Data governance: Measures to ensure data governance must be put in place, e.g. privacy impact assessments (PIA), audits, or the appointment of a data protection officer.

Disregard of the new legislation can lead to severe penalties. GDPR Article 83 demands up 20 m Euros or up to 4 % of the total worldwide annual turnover.

In order to reach compliance with GDPR a lot of information about all data handling activities and the data processed needs to be collected, analyzed and made accessible. Action must be taken now as the regulation comes into force on May 25th 2018.

Enterprise Architecture Management supports GDPR Compliance

Enterprise Architecture Management (EAM) is the part of IT management that deals with documenting the existing IT landscape, defining standards and planning the future IT landscape. As this task needs to collect and maintain a lot of meta data about the IT of an organization, EAM is usually tool-based.

EAM tools like Alfabet (Software AG) or LeanIX (LeanIX GmbH) can support organizations in gaining GDPR compliance for various reasons.

First of all, these tools already come with a lot of information about the IT that is relevant for GDPR:

  • Documented applications show where (inside and outside of an organization) data are processed and how.
  • Information Flows describe how data are exchanged between applications.
  • Cataloges for business data define categories of data used by applications and business processes.

Such repositories are easily amended with the information specific for GDPR and thus lead to a much more complete view of an organization’s IT processing activities.

EAM tools also provide strong reporting capabilities. Alfabet, for instance and among others, offers the following reports and views:

  • Applications and their interrelation via information flows can be made visible using information flow diagrams.
  • Data processing activities (create, read, update, delete) are listed in so-called CRUD matrices.
eam-03-crud-matrix

Example of a CRUD matrix in Alfabet

 

Methodical Setup of GDPR compliance

We support your organization in realizing GDPR compliance in a three-step approach:

  1. Inform: Get to know the GDPR regulation and its requirements from the legal and IT point of view in a one-day workshop.
  2. Define: Define the measures that need to be taken based on your individual requirements (e.g. how to configure EAM tools to provide information needed for GDPR, how to change processes to incorporate GDPR steps, etc.).
  3. Realize: We help you to implement the measures defined in step 2. Among other things: We set up and enhance your EAM tool for the GDPR use cases from step 2 and import the necessary data. We offer various tools to automate the retrieval of data about the IT landscape, e.g. with our Landscape Analzer for SAP systems and Amazon Web Service (AWS).

 

Would you like to know more…? For further information, please, visit our web page on GDPR. Feel free to contact us: sales(at)cti-consulting.de.

The Roadmap to Digitalization – Episode 6: How to Integrate the AWS Cloud in Enterprise Architecture Management

Digital transformation or digitalization is widely discussed today. Digitalization offers an abundance of products based on new technologies and technological platforms that possess the capability to reshape business processes, organizational structure and ways of working. It holds the power to reshape complete business models or even overall market situations.

One main element of digitalization is cloud computing, the usage of IT resources (CPU time, storage, etc.) only up to the amount that is necessary at a certain point in time. Enterprise architecture management (EAM) needs to include the resource used in the cloud (be it private, public or a community cloud) to prevent the IT landscape from spontaneous growth. Measures on how to govern the usage of cloud services should (or need to be) implemented. Today, we’d like to show you how.

Get Architecture Information from AWS

Cloud services like Microsoft Azure, OpenStack or Amazon Web Services (AWS) offer APIs by which many different cloud resources can be created and managed.

We had a closer look at AWS. Its API allows control of instances (virtual servers), virtual machine images, volumes, hosts or network infrastructures, etc. For our first implementation, we concentrated on the instances, to be exact, on the AWS Elastic Cloud Compute (EC2) instances. These are the resource most likely used by our customers – i.e. moving applications from an on-premise server to instances in the cloud.

We created a command line tool that runs regularly to request the instance information from the cloud provider and download it in a standardized format.

Integrate with Enterprise Architecture Management

Based on that an automated import job is started to draw the information in Alfabet. Alfabet is a powerful EAM tool that we use frequently in customer EAM projects. Alfabet provides an object type called “device” that represents a server where an application can be deployed on. We used this object type to describe the AWS instances in the realm of Alfabet:

eam-02-instance-description

Imported AWS EC2 instance

The import job also connects the imported instances to the existing IT landscape:

  • Instances are connected to the location where they are running (i.e. “eu-central-1” for the AWS data center in Frankfurt, Germany).
  • Users are assigned to the instances to manage them.
  • A workflow is run to ask responsible users what applications are running on the instances. This is necessary to link instances and applications, and thus make clear how instances are used for.

The steps above provide transparency about the cloud IT landscape. They are the preliminary work for the “actual” use cases:

  • One could review all running applications whether they can be deployed on a cloud instance or not. This would enhance IT standardization as cloud services are built on standardized hardware and software platforms.
  • One could import and collect cost information per instance and use this for reporting and budgeting purposes.

Presentation at EAMKON 2017

We will talk about the integration of the Alfabet EAM tool with AWS at the EAMKON 2017 conference in Stuttgart, 30th May 2017. Looking forward to seeing you there!

Would you like to know more…? If you’re interested in the big picture, refer to the first episode of our digitalization blogs, for enterprise architecture management see this list of posts.

Interested? Please, contact us: sales(at)cti-consulting.de. For further information, please, visit our website.

Custom EAM Reporting with LeanIX

Enterprise Architecture Management (EAM) belongs to the most important organizational capabilities these days. As we showed earlier, EAM comprises the necessary methodologies and means for a prudent IT landscape planning based on an organization’s strategic (and digital) objectives.

EAM tools offer functionality to collect and correlate information about many aspects of your IT landscape (i.e. applications, components, information flows, business supports, business services, service products) and come with several reports and views to make this abundance of information visible and “digestible”.

An architecture management is most effective when the information collected in the EAM tool can be queried and displayed individually for all intended target groups. Each user (be it CIO, enterprise architect, application owner or else) gets exactly the information about the architecture that is most relevant for his/her tasks.

LeanIX is a relatively young member of the EAM tool group (compared to tools like Alfabet or ADOit). It is developed by the Germany-based LeanIX GmbH, is based on a very compact meta-model and is completely web-based.

It offers several reporting capabilities out of the box, e.g. application and project portfolios, cost reports, application and component landscapes, matrices and roadmaps and even a free-drawing capability.

Beyond that, LeanIX can be customized for the individual questions of an organization. It comes with an open interface (API) based on common web technologies (JavaScript, JSON etc.) which is used to integrate custom developed reports or also dashboards.

EAM 01 Leanix Reporting

For example: An IT transition project might need a specific view of only a section of the IT landscape, or one would like to analyze specific information about some applications (is the application business critical, which data protection requirements should the application fulfil etc.) in preparation for an IT project (as shown in the picture above).

We support you designing your EAM reporting: As certified LeanIX partner we help you identify the information needs of the various user groups, design the report, realize it and integrate it into your LeanIX workspace. Feel free to contact us: sales(at)cti-consulting.de. For further information, please, also visit our website.

CTI Landscape Analyzer for SAP® Solutions is certified as powered by SAP NetWeaver®

CTI Consulting today announced that its CTI Landscape Analyzer for SAP® Solutions has achieved SAP certification as powered by the SAP NetWeaver® technology platform. The solution integrates with SAP NetWeaver and provides insight into the SAP software landscape using a unique interface and analyzes all connected systems.

The SAP Integration and Certification Center (SAP ICC) has certified that CTI Landscape Analyzer 3.0 for SAP Solutions is powered by SAP NetWeaver. Solutions that are powered by SAP NetWeaver can be more quickly and easily integrated into SAP solution environments. Customers can benefit from improved interoperability with SAP applications and with the large ecosystem of solutions that run on SAP NetWeaver. Choosing an SAP-certified solution can also help reduce overall IT investment costs and risks.

“We are delighted to announce the successful achievement our CTI Landscape Analyzer for SAP Solutions, now certified as powered by SAP NetWeaver,” said Prof. Dr. Oliver Koch, CEO. “The ability of CTI Landscape Analyzer to run on SAP NetWeaver and interoperate with other SAP NetWeaver-based solutions will prove highly beneficial to our current and future customers.”

The CTI Landscape Analyzer for SAP Solutions provides a structured overview even of multifaceted SAP software landscapes, including current systems, clients, modules, components, information about operating systems and databases, release-versions and all interfaces as well as analyses of modules, components and interfaces. It is fully compatible with SAP technology and uses standard functions in SAP Solutions to transform data into information. Information about the SAP software landscape is up to date at all times and available at the push of a button with every needed technical detail.

The extracted data is converted, complemented and reprocessed into an optimal format using a best-practice model to visualize SAP software landscapes. If needed, the model can be adapted to any existing or favored metamodel, and the integrated analyzation and reporting modules can be used to examine and evaluate the extracted information. CTI Landscape Analyzer features export modules to the leading EAM tools Alfabet© of Software AG, ADOit© of the BOC Group or LeanIX©. Therefore, the extracted information can be used for extended enterprise architecture management.

Interested? Please, contact us: sales(at)cti-consulting.de. For further information, please, visit our website.

Continue reading

SUCCESS STORY – Service Portfolio Management with alfabet: First Implementation successfully completed!

First implementation of alfabet’s service portfolio management module at one of our customers is now completed.

The customer manages e.g. the following information in alfabet:
– services and interdependencies between services
– service descriptions
– roles and responsibilities
– service lifecycle
– service costs and cost centers
– service prices for different countries

Interested? Please contact us: info(at)cti-consulting.de

itsm_guidepage

CTI is leanIX certified Partner!

certified

CTI has successfully completed the official certification program for leanIX certified Partners.

The bigger part of the IT Management Consulting Team is now certified.

CTI continues it’s strategy to integrate Enterprise Architecture Management knowledge with in-deepth tool know how.

Information about the standard interface between CTI’s Landscape Analyzer for SAP and leanIX is to be found here.

The photo shows several CTI Consultants with the leanIX Partner Manager Dominik Rose at CTI’s office in Kassel, Germany.

certification

 

For further information please visit our homepage.