Now that is what we’re talking about!
When we first published our report on Compliance Oriented Architecture we did so in the hope that using a creative commons license was a good first step in driving a more “commons” oriented approach to analysis of the IT market and how it meets business problems. No one analyst company can possibly be the font of all authority.
Below please find some feedback from Jon on our COA model. We will likely be formalising this feedback soon but for now, as those of you who follow our blogs know – we’re using them as a feedback repository (until someone comes forward with an entirely intuitive and manageable wiki system).
But think about this – i am basically driving traffic to a competitor. simple as that. Why? Because Jon has some smart ideas. I should point out that from a competitive standpoint – i actually view Quocirca as a team to beat. They are small enough to be in my sights as peer competitors. They are smart, independent, have a good UK presence. But like me they believe some content should be free because there are other ways to make a buck than lock everything down.
We like sharing. We are open source. Hopefully this is the commons in action. and hopefully more industry analyst firms will choose to adopt, extent and help us build the model – or they can just steal our ideas and repackage them (there are risks associated with open).
I will be saying a lot more on these topics (why the industry analyst model is set for some structural changes) – but for now lets see what Jon says about COA. I particularly appreciate his views on ILM – an unhelpful term in our opinion.
– Overall, very good. You should probably say that the companies you mention are examples, otherwise you’ll be annoying the also-rans. Maybe you do somewhere in the text 😉
– I’d like to see more explanation of each of the COA core services. Maybe this is just me. It might help to explain some of them, for example I don’t believe IBM is the only company in the world to have a policy engine, as such.
– Security-specific core services are not clearly brought out. I’d like to see Identity Management (CA, recently); Provisioning (Thor); Execution management (AppSense); Non-repudiation (PGP, RSA) for example
– The ILM piece doesn’t seem to fit – it’s storage-specific (though clearly, storage is an important piece of compliance). I agree however that ILM is pants, hopefully to be superseded by automated storage management of some form.
– I’d like to see a conclusion on “COA futures” – you know the thing – policy driven, centrally managed applications, all working in agile, adaptive, on demand harmony. The point being that if compliance is not taken into account, the rest of these buzzwords aren’t worth diddly.
Hope it helps, take or leave