Zum Inhalt springen


The key to efficiency and agility in the digital age

Guide for building an integrated Enterprise Architecture

Key takeaways

  • An Enterprise Architecture provides the base for strategic and operational business and IT planning in companies and public authorities
  • Enterprise Architectures offer sustainable benefits, when manually captured content is linked with automatically collected data
  • AI analyses only provide individual insights within Enterprise Architecture Management when organizations use their own AI models as base
  • Exclusive cloud solutions are unsuitable due to data security issues and high costs
  • On-premises solutions are to be preferred, as they better protect the organization’s knowledge (at least in the areas that contain sensitive data)
  • Open-source technologies provide cost-effective solutions in Enterprise Architecture Management

In today’s business world, which is characterized by rapid technological developments and permanent changes, the ability of a company to act efficient and flexible is important. Companies must react quickly to new market requirements, manage their internal processes and efficiently integrate the appropriate technologies. This is where Enterprise Architecture Management (EAM) comes in. With a structured approach, EAM not only supports the optimization of business processes, IT systems and infrastructure, but also drives the strategic planning and implementation of innovations. According to Gartner, Enterprise Architecture is „a comprehensive framework that aligns technology, data, processes and organizational structures with strategic goals. Through a unified and integrated view, it enables well-founded decisions, optimizes resources and manages the complexity of the digital age.“ At its core, this 2024 definition differs little from the vision that John Zachman – creator of the Zachman framework and for many the „father“ of EAM – formulated back in 1987: „An Enterprise Architecture makes it possible to master complexity and change. Without an Enterprise Architecture, a company cannot survive in an increasingly complex and changing environment.“ Even though one might think that little has changed in Enterprise Architecture Management over the last 40 years. But modern approaches are by no means static „diagram deserts“ like in the past. Today, they comprehensively promote the alignment of business and IT and make a decisive contribution to ensure companies are fit for the future.

Business-IT Alignment and EAM: connection of strategy, operations and IT

Business-IT Alignment describes the close integration of business strategies, operational activities and IT infrastructure. The aim is to establish IT as an integral part of the organization that matches seamlessly with business goals and processes. Strong business-IT alignment enables companies to react more quickly to market change, increase efficiency and fully exploit the potential of IT innovations. Whether digitization, data mesh, cloud computing, edge computing or artificial intelligence – business-IT alignment plays a central role within every IT topic. Every IT implementation requires knowledge provided by an Enterprise Architecture, even if it is not always explicitly referred to as such.

This information can be divided into four main areas:

  • Strategic content includes the company’s long-term goals and visions. They serve as guidelines for business and IT decisions and specify how business and IT solutions are designed to support the company’s overall goals. Examples include business planning, strategic medium-term planning and vision and mission statements.
  • Business content describes the structure and logic of business operation and contains information that depict the company’s functionality in detail. This content forms the basis for creating requirements for IT systems, for example in the form of process models and organizational guidelines.
  • Technical content describes the IT infrastructure, applications and platforms that are used to support the technical and operational processes. It defines technical architectures and standards that ensure the reliability and efficiency of the IT systems. Examples are IT architectures and IT portfolios.
  • Operational content refers to the day-to-day business processes and procedures required to achieve strategic goals. It includes the concrete implementation of business activities, such as resource management and process optimization (e.g. content gained by process mining or ITSM tickets).

Figure 1 illustrates the structure of these areas – in a strategic, operational, business and technical view. Each box represents a content area incl. possible overlaps, as a clear assignment is often fuzzy. The content shown is exemplary and does not claim to be complete.

Fig. 1: EA content areas including examples

Anyone who seriously deals with Business-IT Alignment quickly realizes that this approach goes far beyond the mere coordination of business and IT. Bastian Seebacher sums it up in the CIO article “ The hard truth about Business-IT Alignment„: „Business applications are integrated into the company’s business processes. Conversely, this means that the organization’s business processes are built around its business applications. Information technology […] is integrated into the business, whether anyone likes it or not. Why should anyone think that things could go well if the IT organization is simply aligned ?“

Business-IT Alignment and EAM: More than coordination of business and IT

Currently, frequently mentioned areas of application of Enterprise Architecture Management within companies and public authorities are:

Synchronization of business and IT strategy: By specifically coordinating IT resources, projects and decisions with the company’s strategic goals, Enterprise Architecture Management ensures that IT does not act in isolation. Instead, it actively supports value creation, business development, efficiency improvements and innovations. This close integration enables an agile response to market changes and uses IT as a strategic lever for business success.

Introduction of new (information) technologies: With a structured overview of the entire IT landscape, Enterprise Architecture facilitates the introduction of new technologies and the optimization of existing systems. In this way, it promotes a coherent design of all innovation initiatives and strengthens the agility of the company.

Implementation of AI and ML solutions: Enterprise Architecture provides the necessary foundation for seamlessly integrating Artificial Intelligence (AI) and Machine Learning (ML) into the existing IT landscape and business processes. It identifies affected business areas and relevant data sources for the development and continuous improvement of AI and ML models. It also supports the scaling and adaptation of these solutions in order to respond flexibly to changing business requirements.

Creation of Data Meshes and Data Governance: Data is becoming increasingly important in everyday business. Modern data management requires clear structures and uniform standards. With an Enterprise Architecture, data responsibility is distributed across domains and data governance guidelines are applied consistently. This ensures high data quality, security and compliance even under a decentralized structure. The integration of Data Meshes into the business and technical architecture creates a flexible, scalable data infrastructure that meets the requirements of data-driven companies.

Integration of the Internet of Things (IoT) into business processes: Enterprise Architecture supports the smooth integration of IoT technologies into existing business processes by providing structured information about the underlying IT infrastructures and its processes. It facilitates the design and implementation of interfaces for secure and efficient data exchange between IoT devices and other systems. IoT data can thus be used in a targeted manner to optimize processes, gain real-time insights and implement innovative business models.

Creation and use of Digital Twins: The Enterprise Architecture provides the professional and technical basis for the creation of Digital Twins. Based on EA content and operational requirements, the IT infrastructure and required data sources are conceptually linked. This makes it easier to keep the real-time data flow from physical systems to virtual models synchronized. This supports the use of Digital Twins for process optimization and the improvement of products and services.

Development of Business Impact and IT Risk Management Systems: With a holistic view of the business and IT landscape, the Enterprise Architecture supports the rapid identification of critical systems and processes for Business Impact Analysis (BIA) and Risk Management. A transparent representation of functional and technical dependencies support the identification of risks at an early stage. With the integration of operational data, business impact and IT risk management can proactively promote risk reduction and significantly increase the company’s resilience to disruptions.

A sound information base is essential for all use cases mentioned above. To create this base, a strategic framework, the operational environment (e.g. business processes) and the technical implementations (e.g. infrastructure) must be documented holistically and in a connected manner. However, a manually created Enterprise Architecture can no longer achieve this. Instead, a hybrid approach is required that uses intelligent combinations of manual and automatic methods to gain the benefits of an Enterprise Architecture in a cost-efficient way. It is important to decide individually which information needs to be recorded manually and what can be obtained automatically.

Table 1 shows example content of the business, application, data and infrastructure levels and assigns it to information types that are primarily recorded manually or automatically. Information types may be listed multiple times in the corresponding fields, when they could be collected manually as well as automatically.

EA levelusually manually captures contentcontent that can be easily captured automatically
Businessdigitalization roadmaporganizational descriptionsbusiness continuity requirementsprocess monitoring contenthuman-machine interactions
Datarisk catalogstechnical data structuresITSM ticket contentsimplemented data structures
applicationsarchitecture analysisBusiness facing IT infrastructures
infrastructurearchitecture analysisservice modeldigitalization architecture (technical)Technical IT infrastructures
Tab. 1: Exemplary assigned EA content according to its capture type (manual or automated)

An effective Enterprise Architecture is based on a combination of manually and automatically captured information. Not all relevant data is directly available in IT systems or can be extracted automatically. A good example of this is the digitalization roadmap . Although computers are used to create it, strategic planning itself requires creative human work – even in times of AI. On the other hand, there is a lot of content that is available in digital form and can be automatically integrated into an Enterprise Architecture.

Integrated Enterprise Architecture: Combining manual and automatically captured content

In common parlance, „integrate“ means combining different things. Applied to an Enterprise Architecture, it is about linking different content – from manually created information to data automatically extracted from digital systems. The classic Enterprise Architecture approach of exclusively manual modeling is no longer sufficient. The amount of information that has to be taken into account is too extensive. Without computer support, set-up and long-term maintenance is hardly possible. At the same time, manual interventions are still necessary to create a structural framework that cannot be fully automatically derived. This particularly applies to content such as planned future architecture strategies or textual descriptions of business processes. However, manually entered content does not usually react dynamically to changes. In order to reduce maintenance effort, it should therefore be limited to a minimum. Instead, it makes sense to automatically integrate information sources with EA relevance into the architecture whenever possible.

An integrated Enterprise Architecture follows this approach and addresses two central issues:

  1. The decomposition of the entire EA model into small, manageable “individual parts” that are well mastered by different teams such as business staff, architects and developers.
  2. The automatic integration of (partly external) content from various information sources wherever possible – in short, „generating instead of manual modeling.“

The result is an Enterprise Architecture that combines descriptive content (mostly manually captured) with operational content (mostly automatically captured). The approach is methodically supported by the application of the Bounded Context idea from Domain Driven Design (DDD) within the field of EA.

Domain Driven Design and Enterprise Architecture: Creating Structure with a clear context

Domain Driven Design (DDD) is an approach to software development that focuses on understanding and modeling the core business domains of an organization. DDD promotes the division of complex systems into clearly defined domains and subdomains, each of which is designed and developed independently, increasing flexibility and scalability. Good DDD ensures that a software solution is precisely tailored to business requirements and maintainable over the long term. A „Bounded Context” represents a clearly defined area in which terms and concepts are used uniquely and consistently (e.g. all IT functions for account management within a bank). This increases modularity and simplifies the development and maintenance of software.

Applied to an integrated Enterprise Architecture, the DDD approach means that the EA model is structured in clearly defined contexts. Similar to the DDD, areas are defined that fully describe a specific usage scenario (e.g., a context for all BIA topics). It is initially irrelevant whether a context is captured manually, automatically, or through a combination of both methods. The key is to keep the contexts as disjoint as possible. The overall architecture is then created by „gluing“ these contexts together. Like automatically combining puzzle pieces to form an overall picture. An integrated Enterprise Architecture makes it possible to generate a complete view of the architecture and to identify any inconsistencies mathematically. This not only simplifies creation, but also makes it possible to gain comprehensive insights.

The following steps are proven in practice for the development of an integrated Enterprise Architecture. It is important to mention, that this is not a „greenfield approach“. Existing „classic“ architectures can also be transformed following this approach.

  1. Building a solid EA foundation: Creating a stable base structure for the architecture.
  2. Connection of (external) data sources: Integration of relevant (often external) information sources.
  3. Creation of (automated) EA analyses: Building analyses that automatically generate insights from the architecture.
  4. Communicating EA content: Presenting architecture information, e.g. via dashboards and generated visualizations, to promote transparency and decision making.
Building a Solid EA Foundation

Creating a stable EA foundation is crucial because it provides a consistent basis for all subsequent work. This foundation establishes key principles, standards and structures that guide the architecture and ensure that the content fits together. This reduces complexity, breaks down communication barriers and minimizes the risk of development errors or redundancies. It is important to distinguish between defining the structure (i.e. specifying methods and notations) and capturing basic content.

It is advisable to start with a simple but flexibly expandable meta-model. This lowers the entry barriers and delivers initial results in a short time. A meta-model must fundamentally cover all relevant content of the business, data, application and infrastructure levels. The associated content of the foundation is usually recorded using a modeling tool. However, a foundation created manually in this way is not complete. Software companies often claim that a valuable Enterprise Architecture already exists with the descriptive model within a modeling tool (e.g. in LeanIX , Orbus , BIC or PlaningIT ). However, this is not the case. Manual modeling usually represents only a point in time and is often out of date within a few days. In order to obtain a more accurate overview, the „real world“ must be continuously taken into account and the model must be continuously updated. This cannot be achieved with classic, purely manual modeling. But an Enterprise Architecture can only deliver lasting added value, if dynamic changes are anytime reflected in the model. This challenge can be solved by automatically capturing content from operational data sources.

Connection of (external) data sources

The integration of external data sources is essential for the automatic capturing and continuous updating of an Enterprise Architecture. Strategic, operational and technical changes are thus directly taken into account in the architecture. This allows decisions to be made on the basis of current information and reduces the risk of missing valuable insights right at an early stage. In the long term, the integration of external data sources helps to ensure that the Enterprise Architecture always meets the dynamic requirements of the corporate environment. Since operational applications like SAP, Salesforce or Service Now usually provide REST-based interfaces and digitally processable data, integration is easy. However, it is crucial to flexibly link the automatically captured data with the manually documented content in an overall model. As central storage for this integration we recommend a graph database. The schema-free NoSQL functionalities of graph databases enable future-proof flexibility, since almost all possible EA content – even content that is not yet known today – can be added directly to the graph model. No proprietary EA tool on the market currently offers such a flexibility, functionality and openness to integrate data sources in a comparably cost-effective manner. Figure 2 shows the interaction of operational data sources with a graph database as EA data hub.

Fig. 2: Graph DB as EA data hub consolidating different content types
Creation of (automated) EA analyses

An easy creation of individual analyses is a central capability of a modern Enterprise Architecture. Only then valuable insights can be gained based on your own data. This includes, for example, the identification of IT redundancies, the evaluation of the alignment of IT systems with business processes, risk analyses with regard to possible system failures or security gaps, as well as business impact considerations and their effects on the organization.

A brief digression on the use of artificial intelligence (AI) in the context of EA analysis is useful at this point. Manufacturers of EA tools use the term „Artificial Intelligence“ for a variety of different offerings – from simple assistants that execute standardized tasks to automatic content creation based on publicly available AI models such as ChatGPT . Such functions can certainly support recurring tasks, but do not offer solutions for the specific requirements of evaluating your own data. Unless the AI is trained with your own data. But the decision to transmit your own sensitive data to external – mostly US – companies to improve AI assistants is questionable. However, anyone who uses ChatGPT or other cloud-based assistants must be aware that their data is being transferred to these external providers. According to a recent study by the market research company IDC, the use of Microsoft services such as 365, Fabrics or Power BI is therefore increasingly viewed critically (IDC). Never the less, to make use of AI in EA, it is essential to use solutions that provide analysis based on your own data – without losing control of information that needs to be protected. Only if the underlying AI model is managed by the organization itself it can be assured, that sensitive data is protected and valuable internal knowledge is not leaked.

There is another reason why a local approach makes sense in the area of integrated Enterprise Architectures: Costs. Many companies find out, that cost savings promised by cloud providers are not materializing. In recent months, a clear trend has emerged in which more and more companies are moving services back to an on-premises environment. Public cloud solutions have been proven to be a cost factor. Outsourcing AI functions to external service providers seems increasingly questionable, when they could also be operated internally more securely and cost-efficiently. Microsoft’s announcement that it will increase the prices of the analysis tool PowerBI by up to 40% underscores this development (ERP Today).

Communication of EA content

Enterprise Architectures achieve full added value when gained insights are communicated on a large scale with minimal effort. Dynamic dashboards play a central role to achieve this, as they visually prepare complex data and relationships in real time and create the basis for well-founded decisions. Such dashboards enable users to react immediately to changes in the business environment and the connected IT landscape. Real-time visualizations not only use the architecture as a strategic tool, but also provide valuable support in day-to-day business. Decision-makers always have insight into the current status and possible optimization potential of the entire business and IT landscape. However, dynamic dashboards cannot be created with a purely static EA model. Rather, it is necessary to actively integrate operational systems in order to derive added value.

Example: BIA and IT Risk Management based on an integrated Enterprise Architecture

The following example describes a fictitious bank that wants to establish a dynamic Business Impact Analysis (BIA) and IT Risk Management solution, based on an integrated Enterprise Architecture. For better comprehensibility, the example focuses on content that is necessary for setting up the BIA and the associated IT risk analysis only. The steps described are universal and can be applied to all of the previously mentioned use cases.

Within the example the commercial modeling tool BIC from GBTEC Software AG, the open-source graph database Neo4j from Neo4j Inc., two publicly accessible Web APIs and a Typescript dashboard are used to create the whole solution. The selection of tools is exemplary – the solution can also be implemented with alternative tool combinations, for example with BOC Adonis , SAP Signavio , SAP LeanIX , Sparx Enterprise Architect , ArangoDB or OrientDB.

Basic structure for BIA and IT Risk Management

In the first step, the EA foundation for the BIA and IT Risk Management is established for the business, data, application and technology architecture. The aim is to capture the fundamental connections between the bank’s operational business and the associated IT structures. The resulting network of relationships forms the basis of the integrated Enterprise Architecture and serves as a starting point for further analyses. Figure 3 shows the structure of the recorded content and relationships (focused on BIA and IT Risk Management).

Fig. 3: Content types for automatically creating a BIA and IT risk assessment

As part of the business architecture, Business Capability Maps build the starting point of the model. These maps describe the capabilities the bank needs to achieve strategic goals and successfully execute business processes. Business capabilities are divided into categories and, in addition to strategic planning, are used to determine which services will no longer be provided in the event of IT failures. Figure 4 shows the multi-level visualization of the business capabilities of the fictitious bank, documented using BIC. Since business capabilities do not change constantly, manual capturing using a modeling tool is acceptable.

Fig. 4: Example Business Capability Map in the banking sector

In the next step, core and detailed business processes are assigned to the business capabilities – where appropriate. It is recommended to use value chains and the Business Process Model and Notation (BPMN) to express detailed process flows. Figure 5 shows an example BPMN diagram in the area of Customer Management (“Create new Customer”), including a detailed BPMN diagram section. The connections between information (business objects) processed in the BPMN flow and the IT systems required for its execution create a first connection of the business and application levels.

Fig. 5: BPMN example “Create new Customer”

Within the data architecture, business objects are detailed as required. Depending on the decomposition necessary (e.g., bank statement), an object is either represented as a single entity or as a composite data product (e.g., BIA Dashboard). The EA foundation thus provides a library of business objects as well as the „blueprints“ how data products are “assembled” from these objects. Figure 6 shows an example description of the data object „Loan Application” and the data product “BIA Dashboard” in the BIC modeling tool. Of course, the use and dynamic integration of alternative data modeling tools is also possible.

Fig. 6: Details of the business object “Loan-Application” and a BIA Dashboard data product

The documentation of application systems within the application architecture is done in a similar way as setting up the business object library. If an application portfolio database already exists (e.g., within LeanIX), such a tool can also be connected. Figure 7 shows an excerpt from the application library: manually modeled in BIC (on the left) and automatically generated from a CMDB (on the right).

Fig. 7: Example of an Application library entry (manually created or imported)

In the technology architecture, the associated IT components are added. An IT component is an independent element of the IT infrastructure that provides specific functions or services and can interact with other components. This includes hardware, software, network elements or combinations thereof. By representing it generically as an „IT component“, even complex structures and relationships can be easily visualized (see Figure 8 as SAP FS-CML S/4 HANA example). In the example, the IT component landscape is derived directly from the data of a CMDB, including all hardware and network segments required to operate the associated infrastructure. The connections between the CMDB and BIC data are created at runtime, so that the view is always up to date and visualized without manual intervention.

Fig. 8: IT components of the SAP FS-CML S/4 HANA application

To conclude the EA foundation business capabilities, business processes, business objects, data products, applications and IT components are automatically combined to form a comprehensive EA graph. Figure 9 shows the created context representation „Credit Application and Evaluation“ for the SAP FS-CML S/4 HANA application in the „Credit check“ business area. The associated business capabilities, IT risks, organizational units, interfaces (APIs), exchanged data objects (including source and target systems) and the necessary IT components are visualized. It is important that only content with a high degree of temporal stability is recorded manually – content that changes frequently should be automatically integrated and visualized (generated).

Fig. 9: Context of the “Credit check” section

This completes the EA foundation required to set up a Business Impact Analysis and IT Risk Management solution.

Connection of ITSM and IT security systems

The EA foundation captures stable, time-persistent content and relations of the business, data, application and technology architecture. This structure is further developed into an integrated Enterprise Architecture by linking dynamic information sources. This integrates up-to-date business-critical information. In the bank example, incident reports from an ITSM system and IT threat reports from a vulnerability database are retrieved in real time and dynamically linked with the EA foundation data.

Incidents form the backbone of every BIA. Public vulnerability databases provide information about vulnerabilities in common software and hardware components. This means, that the dashboard can always inform employees about current incident impacts on the operational business and continuously check the application landscape for IT risks. Since corporate and government IT landscapes are complex and multi-layered, manually updating these relationships is not feasible at comparable costs.

To create an example that is as realistic as possible, messages from the DigitalOcean’s incident management system and vulnerability data from the National Institute of Standards and Technology (NIST) Vulnerability Database are integrated. Both data sources can be accessed via REST APIs and provide JSON data that is integrated in the EA foundation without manual post-processing. It should be noted, that the data linking with the EA foundation of the fictitious bank is merely an example and has no real background with DigitalOcean or the NIST.

The latest content on DigitalOcean Incidents and NIST CVE data for “Microsoft Dynamics 365” can be found as JSON streams at the following URIs:

DigitalOcean Incidents : https://status.digitalocean.com/api/v2/incidents.json

NIST CVE Database: https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=Microsoft+Dynamics+365&search_type=all&isCpeNameSearch=false

Hint: querying may take a few seconds as there is a lot of data to be fetched

Basically, all data sources that are available via REST APIs can be integrated without additional programming or software – be it SAP ERP, Salesforce, ServiceNow, JIRA, Confluence and many more. You don’t need to program or buy expensive interfaces.

For this purpose, standard functions of the open source graph database Neo4j are used, relevant artifacts are extracted directly from the JSON stream and integrated into the EA model. Figure 10 illustrates the connection of the data sources with the Neo4j database.

Fig. 10: Data sources of the EAM example

In just a few steps the EA foundation, together with dynamically integrated content, becomes a comprehensive, integrated Enterprise Architecture. Neo4j takes care of preparing the JSON stream. Figure 11 shows an example of the structured output of the NIST CVE query for „Microsoft Dynamics“, which is seamlessly integrated into the EA model.

Fig. 11: Streamed data of the NIST CVE database

Since Neo4j offers a lot of functions for processing external data, third-party systems can be integrated in no time. Proprietary interfaces between individual tools become superfluous, which reduces the costs of technical integration. At the same time, the flexibility of the integrated Enterprise Architecture increases. Any REST-based application can be integrated directly into the overall model. In the future, additional data sources can be easily added as long as they are accessible via REST interfaces. The schema-free approach of the NoSQL database allows a direct, dynamic linking of previously unconsidered data structures at any time.

Definition of BiA and IT Risk Analysis

For the Business Impact and IT Risk Analysis, the bank requires customized evaluations to assess the potential damage of IT failures and security incidents on critical business processes. This includes identifying dependencies between IT systems and business functions as well as constantly analyzing threats and vulnerabilities in the IT infrastructure. To avoid data protection risks during proactive vulnerability analysis, the bank carries out all analyses within its own IT environment. Since the integrated EA model is fully under the bank’s control, algorithms can easily be used to develop and train forecast models based on its own data. In this way, the bank receives precise risk assessments and can derive targeted measures for risk reduction and emergency planning, while all critical data remains in its secure environment. The highlight: Neo4j provides the required algorithms free of charge.

Figure 12 shows the knowledge graph made up of descriptive and operational data that is used to train the underlying analysis algorithms. The network of interconnected content that is used to train the AI models is clearly visible.

Fig. 12: Visualization of the EA model as Knowledge Graph

In the example, the operational processes are proactively scanned for improvement potential based on incidents from the ITSM system and the descriptive content from BIC. Figure 13 highlights identified optimization points derived from the integrated model using AI algorithms. Fields marked in red show areas identified by the algorithm that should be specifically checked.

Fig. 13: Algorithmically optimized business processes based on data from ITSM and vulnerability sources
BIA and IT Risk Analysis Dashboards

To ensure that operational stakeholders also benefit from the integrated Enterprise Architecture, they need access to information that could be easily used in day to day business. The fictitious bank uses a Typescript open-source dashboard that dynamically combines content from BIC, Neo4j and the connected external sources and automatically displays it in an always up-to-date manner. It is particularly noteworthy that all analyses from the previous steps can be executed directly in the dashboard – no transfer to another tool necessary. Figure 14 shows an example of the dynamic visualization of the business impact data for individually selectable incidents.

Fig. 14: Dynamic visualization of the Business Impact Analysis

For example, the connected EA content allows to visually communicate that a failure of the service “App Platform and Container Registry in NYC” would lead to restrictions in the IT component “Container Registry – NYC3” and – as a result – a failure of the component “PS Linux App Kubernetes Platform 02”. This means that the internal application “ABC Online (internal)” is no longer available, which results in the failure of the business processes “New Customer Creation ”, “Customer Auditing” and “Customer Startup”. This integrated analysis is created fully automatically.

In addition to such dynamic ad hoc analyses, continuous monitoring with automatic event triggering can be implemented using the on-board tools of the Neo4j database as well. Figure 15 shows the initial data that is derived from the NIST risk database and projected onto the bank’s IT infrastructure. In the example, all of the bank’s IT systems are continuously checked for IT risks and countermeasures are displayed for each application (if necessary).

Fig. 15: Continuous comparison of the internal application landscape with externally identified IT security risks

All analyses are based on the integrated EA model including the data from operational systems. Wherever possible, visual representations are generated instead of manually created. This simplifies the management of the Enterprise Architecture and improves data quality as sources of error are minimised. This reduces the costs of Enterprise Architecture Management permanently. The motto is once again: „generating instead of manual modeling“.

Conclusion

A modern Enterprise Architecture requires an integrated approach that flexibly links descriptive and operational content. This means that manual content capturing must be reduced to a minimum, while dynamic content should be integrated automatically wherever possible. To implement this in a cost-effectively way, proprietary interfaces should be avoided and open-source tools should be used wherever possible.

By combining „classic“ Enterprise Architectures with operational data, a flexible and open EA solution is easy to implement.

The article “How a Knowledge Graph supports LEONI’s transformation” describes how this approach is used in production.

Original CIO Magazine article (German)
English translation of the article