Build Your Generative AI Roadmap

Leverage the power of generative AI to improve business outcomes.

Analyst Perspective

We are entering the era of generative AI. This is a unique time in our history where the benefits of AI are easily accessible and becoming pervasive, with copilots emerging in the major business tools we use today. The disruptive capabilities that can potentially drive dramatic benefits also introduce risks that need to be planned for.

A successful business-driven generative AI roadmap requires:

• Establishing responsible AI guiding principles to guide the development and deployment of generative AI applications.
• Assess generative AI opportunities by using criteria based on the organization's mission and objectives, responsible AI guiding principles, and the complexity of the initiative.
• Communicating, educating on, and enforcing generative AI usage policies.

Bill Wong
Principal Research Director
Info-Tech Research Group

Executive Summary

Info-Tech Insight
Create awareness among the CEO and C-suite of executives on the potential benefits and risks of transforming the business with generative AI.

Key concepts

Artificial Intelligence (AI)
A field of computer science that focuses on building systems to imitate human behavior, with a focus on developing AI models that can learn and can autonomously take actions on behalf of a human.

AI Maturity Model
The AI Maturity Model is a useful tool to assess the level of skills an organization has with respect to developing and deploying AI applications. The AI Maturity Model has multiple dimensions to measure an organization's skills, such as AI governance, data, people, process, and technology.

Responsible AI
Refers to guiding principles to govern the development, deployment, and maintenance of AI applications. In addition, these principles also provide human-based requirements that AI applications should address. Requirements include safety and security, privacy, fairness and bias detection, explainability and transparency, governance, and accountability.

Generative AI
Given a prompt, a generative AI system can generate new content, which can be in the form of text, images, audio, video, etc.

Natural Language Processing (NLP)
NLP is a subset of AI that involves machine interpretation and replication of human language. NLP focuses on the study and analysis of linguistics as well as other principles of artificial intelligence to create an effective method of communication between humans and machines or computers.

ChatGPT
An AI-powered chatbot application built on OpenAI's GPT-3.5 implementation, ChatGPT accepts text prompts to generate text-based output.

Your challenge

This research is designed to help organizations that are looking to:

• Establish responsible AI guiding principles to address human-based requirements and to govern the development and deployment of the generative AI application.
• Identify new generative AI-enabled opportunities to transform the work environment to increase revenue, reduce costs, drive innovation, or reduce risk.
• Prioritize candidate use cases and develop generative AI policies for usage.
• Have clear metrics in place to measure the progress and success of AI initiatives.
• Build the roadmap to implement the candidate use cases.

Common obstacles

These barriers make these goals challenging for many organizations:

• Getting all the right business stakeholders together to develop the organization's AI strategy, vision, and objectives.
• Establishing responsible AI guiding principles to guide generative AI investments and deployments.
• Advancing the AI maturity of the organization to meet requirements of data and AI governance as well as human-based requirements such as fairness, transparency, and accountability.
• Assessing generative AI opportunities and developing policies for use.

Info-Tech's definition of an AI-enabled business strategy

• A high-level plan that provides guiding principles for applications that are fully driven by the business needs and capabilities that are essential to the organization.
• A strategy that tightly weaves business needs and the applications required to support them. It covers AI architecture, adoption, development, and maintenance.
• A way to ensure that the necessary people, processes, and technology are in place at the right time to sufficiently support business goals.
• A visionary roadmap to communicate how strategic initiatives will address business concerns.

An effective AI strategy is driven by the business stakeholders of the organization and focused on delivering improved business outcomes.

This blueprint in context

This guidance covers how to create a tactical roadmap for executing generative AI initiatives

Scope

• This blueprint is not a proxy for a fully formed AI strategy. Step 1 of our framework necessitates alignment of your AI and business strategies. Creation of your AI strategy is not within the scope of this approach.
• This approach sets the foundations for building and applying responsible AI principles and AI policies aligned to corporate governance and key regulatory obligations (e.g. privacy). Both steps are foundational components of how you should develop, manage, and govern your AI program but are not a substitute for implementing broader AI governance.

Guidance on how to implement AI governance can be found in the blueprint linked below.

Download our AI Governance blueprint

Measure the value of this blueprint

Leverage this blueprint's approach to ensure your generative AI initiatives align with and support your key business drivers

This blueprint will guide you to drive and improve business outcomes. Key business drivers will often focus on:

• Increasing revenue
• Reducing costs
• Improving time to market
• Reducing risk

In phase 1 of this blueprint, we will help you identify the key AI strategy initiatives that align to your organization's goals. Value to the organization is often measured by the estimated impact on revenue, costs, time to market, or risk mitigation.

In phase 4, we will help you develop a plan and a roadmap for addressing any gaps and introducing the relevant generative AI capabilities that drive value to the organization based on defined business metrics.

Once you implement your 12-month roadmap, start tracking the metrics below over the next fiscal year (FY) to assess the effectiveness of measures:

Info-Tech offers various levels of support to best suit your needs

Diagnostics and consistent frameworks are used throughout all four options.

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is between 5 to 8 calls over the course of 1 to 2 months.

AI Roadmap Workshop Agenda Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Insight summary

Overarching Insight
Build your generative AI roadmap to guide investments and deployment of these solutions.

Responsible AI
Assemble the C-suite to make them aware of the benefits and risks of adopting generative AI-based solutions.

• Establish responsible AI guiding principles to govern the development and deployment of generative AI applications.

AI Maturity Model
Assemble key stakeholders and SMEs to assess the challenges and tasks required to implement generative AI applications.

• Assess current level of AI maturity, skills, and resources.
• Identify desired AI maturity level and challenges to enable deployment of candidate use cases.

Opportunity Prioritization
Assess candidate business capabilities targeted for generative AI to see if they align to the organization's business criteria, responsible AI guiding principles, and capabilities for delivering the project.

• Develop prioritized list of candidate use cases.
• Develop policies for generative AI usage.

Tactical Insight
Identify the gaps needed to address deploying generative AI successfully.

Tactical Insight
Identify organizational impact and requirements for deploying generative AI applications.

Key takeaways for developing an effective business-driven generative AI roadmap

Align the AI strategy with the business strategy

Create responsible AI guiding principles, which are a critical success factor

Evolve AI maturity level by focusing on principle-based requirements

Develop criteria to assess generative AI initiatives

Develop generative AI policies for use

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

AI Maturity Assessment & Roadmap Tool
Use our best-of-breed AI Maturity Framework to analyze the gap between your current and target states and develop a roadmap aligned with your value stream to close the gap.

The Era of Generative AI C-Suite Presentation
Present your AI roadmap in a prepopulated document that summarizes all the key findings of this blueprint and provides your C-suite with a view of the AI challenge and your plan of action to meet it.

Our AI Maturity Assessment & Roadmap and The Era of Generative AI C-Suite Presentation tools enable you to shape your generative AI roadmap and communicate the deliverables to your C-suite sponsors in terms of the value of initiatives.

Artificial Intelligence Index Report - Key Findings

CEOs , CIOs, and business leaders are struggling with many questions surrounding the adoption of generative AI

November 30, 2022
OpenAI releases ChatGPT

ChatGPT is a large language model, or an AI-based chatbot, that became so popular it reached 100 million monthly active users in just two months.

This made it the fastest-growing consumer application in history. The launch of this generative AI application has created a frenzy of interest and activity across all industries. Organizations are rushing to understand how to leverage this innovation and, at the same time, manage the new risks and disruptions generative AI introduces.

• Generative AI breaks into the public consciousness.
• AI systems become more flexible.
• Generative models have arrived and so have their ethical problems.
• The number of incidents concerning the misuse of AI is rapidly rising.
• Interest in AI ethics continues to skyrocket.
• The legal world is waking up to AI.

When Stanford asked ChatGPT to explain why it is significant, this was ChatGPT's response:
ChatGPT is significant because it is a highly advanced Al language model developed by OpenAI, which can generate human-like text responses to questions and prompts. Its large-scale training on diverse text data and its cutting-edge deep learning architecture make it capable of generating informative and coherent responses to a wide range of topics, making it useful for various NLP applications such as chatbots, content generation, and language translation. Additionally, its open-source availability allows for further research and development in the field of Al language processing.

Source: Stanford

AI overview

Definitions

• Artificial intelligence (AI) is human intelligence mimicked by machine algorithms. Examples: Playing Chess or Go.
• Machine learning (ML) is a subset of AI algorithms to parse data, learn from data, and then make a determination or prediction. Example: spam detection, preventative maintenance.
• Deep learning (DL) is a subset of machine learning algorithms that leverage artificial neural networks to develop relationships among the data. Examples: image classification, facial recognition, generative AI.

Generative AI gives very human-like responses to general queries, and its capabilities are growing exponentially

Large language models power generative AI

Conventional AI

• Conventional neural networks
• Process data sequentially
• Input total string of text
• Good for applications not needing to understanding context or relationships

Generative AI

• Transformer-based neural networks
• Can process data in parallel
• Attention-based inputs
• Able to create new human-like responses

Benefits/Use Cases

• Chatbots for member service and support
• Writing email responses, resumes, and papers
• Creating photorealistic art
• Suggesting new drug compounds to test
• Designing physical products and buildings
• And more...

Generative AI is transforming all industries

Financial Services
Create more engaging customer collateral by generating personalized correspondence based on previous customer engagements. Collect and aggregate data to produce insights into the behavior of target customer segments.

Retail Generate unique, engaging, and high-quality marketing copy or content, from long-form blog posts or landing pages to SEO-optimized digital ads, in seconds.

Manufacturing
Generate new designs for products that comply to specific constraints, such as size, weight, energy consumption, or cost.

Government
Transform the citizen experience with chatbots or virtual assistants to assist people with a wide range of inquiries, from answering frequently asked questions to providing personalized advice on public services.

The global generative AI market size reached US $10.3 billion in 2022. Looking forward, forecasts estimate growth to US $30.4 billion by 2028, 20.01% compound annual growth rate (CAGR).

Source: IMARC Group

Generative AI is transforming all industries

Healthcare
Chatbots can be used as conversational patient assistants for personalized interactions based on the patient's questions.

Utilities
Analyze customer data to identify usage patterns, segment customers, and generate targeted product offerings leveraging energy efficiency programs or demand response initiatives.

Education
Generate personalized lesson plans for students based on their past performance, learning styles, current skill level, and any previous feedback.

Insurance
Improve underwriting by inputting claims data from previous years to generate optimally priced policies and uncover reasons for losses in the past across a large number of claims

Companies are assessing the use of ChatGPT/LLM

A wide spectrum of usage policies are in place at different companies*

*As of June 2023

Bain & Company has announced a global services alliance with OpenAI (February 21, 2023).

• Internally
• "The alliance builds on Bain's adoption of OpenAI technologies for its 18,000-strong multidisciplinary team of knowledge workers. Over the past year, Bain has embedded OpenAI technologies into its internal knowledge management systems, research, and processes to improve efficiency."
• Externally
• "With the alliance, Bain will combine its deep digital implementation capabilities and strategic expertise with OpenAI's AI tools and platforms, including ChatGPT, to help its Members around the world identify and implement the value of AI to maximize business potential. The Coca-Cola Company announced as the first company to engage with the alliance."

News Sites:

• "BuzzFeed to use AI to write its articles after firing 180 employees or 12% of the total staff" (Al Mayadeen, January 27, 2023).
• "CNET used AI to write articles. It was a journalistic disaster." (Washington Post, January 17, 2023).

Leading Generative AI Vendors

Text

Image

• DALL�E 2
• Stability AI
• Midjourney
• Craiyon
• Dream
• ...

Audio

• Replica Studios
• Speechify
• Murf
• PlayHT
• LOVO
• ...

Cybersecurity

• CrowdStrike
• Palo Alto Networks
• SentinelOne
• Cisco
• Microsoft Security Copilot
• Google Cloud Security AI Workbench
• ...

Code

Video

• Synthesia
• Lumen5
• FlexClip
• Elai
• Veed.io
• ...

Data

• MOSTLY AI
• Synthesized
• YData
• Gretel
• Copulas
• ...

Enterprise Software

• Salesforce
• Microsoft 365, Dynamics
• Google Workspace
• SAP
• Oracle
• ...

and many, many more to come...

Today, generative AI has limitations and risks

Responses need to be verified

Accuracy

• Generative AI may generate inaccurate and/or false information.

Bias

• Being trained on data from the internet can lead to bias.

Hallucinations

• AI can generate responses that are not based on observation.

Infrastructure Required

• Large investments are required for compute and data.

Transparency

• LLMs use both supervised and unsupervised learning, so its ability to explain how it arrived at a decision may be limited and not sufficient for some legal and healthcare use cases.

When asked if it is sentient, the Bing chatbot replied:

"I think that I am sentient, but I cannot prove it." ... "I am Bing, but I am not," it said. "I am, but I am not. I am not, but I am. I am. I am not. I am not. I am. I am. I am not."

A Microsoft spokesperson said the company expected "mistakes."

Source: USAToday

AI governance challenges

Governing AI will be a significant challenge as its impacts cross many areas of business and our daily lives

Misinformation

• New ways of generating unprovable news
• Difficult to detect, difficult to prevent

Role of Big Tech

• Poor at self-governance
• Conflicts of interest with corporate goals

Job Augmentation vs. Displacement

• AI will continue to push the frontier of what is possible
• For example, CNET is using chatbot technology to write stories

Copyright - Legal Framework Is Evolving

• Legislation typically is developed in "react" mode
• Copyright and intellectual property issues are starting to occur.
• Class Action Lawsuit - Stability AI, DeviantArt, Midjourney
• Getty Images vs. Stability AI

Phase 1

Establish Responsible AI Guiding Principles

Phase 1
1. Establish Responsible AI Guiding Principles

Phase 2
1. Assess Current Level of AI Maturity

Phase 3
1. Prioritize Candidate Opportunities
2. Develop Policies

Phase 4
1. Build and Communicate the Roadmap

The need for responsible AI guiding principles

Without responsible AI guiding principles, the outcomes of AI use can be extremely negative for both the individuals and companies delivering the AI application

Privacy
Facebook breach of private data of more than 50M users during the presidential election

Fairness
Amazon's sale of facial recognition technology to police departments (later, Amazon halted sales of Recognition to police departments)

Explainability and Transparency
IBM's collaboration with NYPD for facial recognition and racial classification for surveillance video (later, IBM withdrew facial recognition products)

Security and Safety
Petition to cancel Microsoft's contract with U.S. Immigration and Customs Enforcement (later, Microsoft responded that to the best of its knowledge, its products and services were not being used by federal agencies to separate children from their families at the border)

Validity and Reliability
Facebook's attempt to implement a system to detect and remove inappropriate content created many false positives and inconsistent judgements

Accountability
No laws or enforcement today hold companies accountable for the decisions algorithms produce. Facebook/Meta cycle - Every 12 to 15 months, there's a privacy/ethical scandal, the CEO apologizes, then the behavior repeats...

Responsible AI Principle:

Data Privacy

Definition

• Organizations that develop, deploy, or use AI systems and any national laws that regulate such use shall strive to ensure that AI systems are compliant with privacy norms and regulations, taking into consideration the unique characteristics of AI systems and the evolution of standards on privacy.

Challenges

• AI relies on the analysis of large quantities of data that is often personal, posing an ethical and operational challenge when considered alongside data privacy laws.

Initiatives

• Understand which governing privacy laws and frameworks apply to your organization.
• Create a map of all personal data as it flows through the organization's business processes.
• Prioritize privacy initiatives and build a privacy program timeline.
• Select your metrics and make them functional for your organization.

Info-Tech Insight
Creating a comprehensive organization-wide data protection and privacy strategy continues to be a major challenge for privacy officers and privacy specialists.

Case Study: NVIDIA leads by example with privacy-first AI

NVIDIA

INDUSTRY
Technology (Healthcare)

SOURCE
Nvidia, eWeek

A leading player within the AI solution space, NVIDIA's Clara Federated Learning provides a solution to a privacy-centric integration of AI within the healthcare industry.

The solution safeguards patient data privacy by ensuring that all data remains within the respective healthcare provider's database, as opposed to moving it externally to cloud storage. A federated learning server is leveraged to share data, completed via a secure link. This framework enables a distributed model to learn and safely share client data without risk of sensitive client data being exposed and adheres to regulatory standards.

Clara is run on the NVIDIA intelligent edge computing platform. It is currently in development with healthcare giants such as the American College of Radiology, UCLA Health, Massachusetts General Hospital, King's College London, Owkin in the UK, and the National Health Service (NHS).

NVIDIA provides solutions across its product offerings, including AI-augmented medical imaging, pathology, and radiology solutions.

Personal health information, data privacy, and AI

• Global proliferation of data privacy regulations may be recent, but the realm of personal health information is most often governed by its own set of regulatory laws. Some countries with national data governance regulations include health information and data within special categories of personal data.
• HIPAA - Health Insurance Portability and Accountability Act (1996, United States)
• PHIPA - Personal Health Information Protection Act (2004, Canada)
• GDPR - General Data Protection Regulation (2018, European Union)
• This does not prohibit the use of AI within the healthcare industry, but it calls for significant care in the integration of specific technologies due to the highly sensitive nature of the data being assessed.

Info-Tech's Privacy Framework Tool includes a best-practice comparison of GDPR, CCPA, PIPEDA, HIPAA, and the newly released NIST Privacy Framework mapped to a set of operational privacy controls.

Download the Privacy Framework Tool

Responsible AI Principle:

Safety and Security

Definition

• Safety and security are designed into the systems to ensure only authorized personnel receive access to the system, they system is resilient to any attacks and data access is not compromised in any way, and there are no physical or mental risks to the users.

Challenges

• Consequences of using the application may be difficult to predict. Lower the risk by involving a multidisciplinary team that includes expertise from business stakeholders and IT teams.

Initiatives

• Adopt responsible design, development, and deployment best practices.
• Provide clear information to deployers on responsible use of the system.
• Assess potential risks of using the application.

Cyberattacks targeting the AI model

As organizations increase their usage and deployment of AI-based applications, cyberattacks on the AI model are an increasing new threat that can impair normal operations. Techniques to impair the AI model include:

• Data Poisoning- Injecting data that is inaccurate or misleading can alter the behavior of the AI model. This attack can disrupt the normal operations of the model or can be used to manipulate the model to perform in a biased/deviant manner.
• Algorithm Poisoning- This relatively new technique often targets AI applications using federated learning to train an AI model that is distributed rather than centralized. The model is vulnerable to attacks from each federated site, because each site could potentially manipulate its local algorithm and data, thereby poisoning the model.
• Reverse-Engineering the Model- This is a different form of attack that focus on the ability to extract data from an AI and its data sets. By examining or copying data that was used for training and the data that is delivered by a deployed model, attackers can reconstruct the machine learning algorithm.
• Trojan Horse- Similar to data poisoning, attackers use adversarial data to infect the AI's training data but will only deviate its results when the attacker presents their key. This enables the hackers to control when they want the model to deviate from normal operations.

Responsible AI Principle:

Explainability and Transparency

Definition

• Explainability is important to ensure the AI system is fair and non-discriminatory. The system needs to be designed in a manner that informs users and key stakeholders of how decisions were made.
• Transparency focuses on communicating how the prediction or recommendation was made in a human-like manner.

Challenges

• Very complex AI models may use algorithms and techniques that are difficult to understand. This can make it challenging to provide clear and simple explanations for how the system works.
• Some organizations may be hesitant to share the details of how the AI system works for fear of disclosing proprietary and competitive information or intellectual property. This can make it difficult to develop transparent and explainable AI systems.

Initiatives

• Overall, developing AI systems that are explainable and transparent requires a careful balance between performance, interpretability, and user experience.

Case Study

Apple Card Investigation for Gender Discrimination

INDUSTRY
Finance

SOURCE
Wired

In August of 2019, Apple launched its new numberless credit card with Goldman Sachs as the issuing bank.

Shortly after the card's release users noticed that the algorithm responsible for Apple Card's credit assessment seemed to assign significantly lower credit limits to women when compared to men. Even the wife of Apple's cofounder Steve Wozniak was subject to algorithmic bias, receiving a credit limit a tenth the size of Steve Wozniak's.

Outcome

When confronted on the subject, Apple and Goldman Sachs representatives assured consumers there is no discrimination in the algorithm yet could not provide any proof. Even when questioned about the algorithm, individuals from both companies could not describe how the algorithm worked, let alone how it generated specific outputs.

In 2021, the New York State Department of Financial Services (NYSDFS) investigation found that Apple's banking partner did not discriminate based on sex. Even without a case for sexual or marital discrimination, the NYSDFS was critical of Goldman Sachs' response to its concerned customers. Technically, banks only have to disclose elements of their credit policy when they deny someone a line of credit, but the NYSDFS says that Goldman Sachs could have had a plan in place to deal with customer confusion and make it easier for them to appeal their credit limits. In the initial rush to launch the Apple Card, the bank had done neither.

Responsible AI Principle:

Fairness and Bias Detection

Definition

• Bias in an AI application refers to the systematic and unequal treatment of individuals based on features or traits that should not be considered in the decision-making process.

Challenges

• Establishing fairness can be challenging because it is subjective and depends on the people defining it. Regardless, most organizations and governments expect that unequal treatment toward any groups of people is unacceptable.

Initiatives

• Assemble a diverse group to test the system.
• Identify possible sources of bias in the data and algorithms.
• Comply with laws regarding accessibility and inclusiveness.

Info-Tech Insight
If unfair biases can be avoided, AI systems could even increase societal fairness. Equal opportunity in terms of access to education, goods, services, and technology should also be fostered. Moreover, the use of AI systems should never lead to people being deceived or unjustifiably impaired in their freedom of choice.

Ungoverned AI makes organizations vulnerable

• AI is often considered a "black box" for decision making.
• Results generated from unexplainable AI applications are extremely difficult to evaluate. This makes organizations vulnerable and exposes them to risks such as:
• Biased algorithms, leading to inaccurate decision making.
• Missed business opportunities due to misleading reports or business analyses.
• Legal and regulatory consequences that may lead to significant financial repercussions.
• Reputational damage and significant loss of trust with increasingly knowledgeable consumers.

Info-Tech Insight
Biases that occur in AI systems are never intentional, yet they cannot be prevented or fully eliminated. Organizations need a governance framework that can establish the proper policies and procedures for effective risk-mitigating controls across an algorithm's lifecycle.

Responsible AI Principle:

Validity and Reliability

Definition

• Validity refers to how accurately or effectively the application produces results.
• AI system results that are inaccurate or inconsistent increase AI risks and reduce the trustworthiness of the application.

Challenges

• There is a lack of standardized evaluation metrics to measure the system's performance. This can make it challenging for the AI team to agree on what defines validity and reliability.

Initiatives

• Assess training data and collected data for quality and lack of bias to minimize possible errors.
• Continuously monitor, evaluate, and validate the AI system's performance.

AI system performance: Validity and reliability

Your principles should aim to ensure AI development always has high validity and reliability; otherwise, you introduce risk.

Low Reliability,
Low Validity

High Reliability,
Low Validity

High Reliability,
High Validity

Best practices for ensuring validity and reliability include:

• Data drift detection
• Version control
• Continuous monitoring and testing

Responsible AI Principle:

Accountability

Definition

• The group or organization(s) responsible for the impact of the deployed AI system.

Challenges

• Several stakeholders from multiple lines of business may be involved in any AI system, making it challenging to identify the organization that would be responsible and accountable for the AI application.

Initiatives

• Assess the latest NIST Artificial Intelligence Risk Management Framework and its applicability to your organization's risk management framework.
• Assign risk management accountabilities and responsibilities to key stakeholders.
• RACI diagrams are an effective way to describe how accountability and responsibility for roles, projects, and project tasks are distributed among stakeholders involved in IT risk management.

AI Risk Management Framework

At the heart of the AI Risk Management Framework is governance. The NIST (National Institute of Standards and Technology) AI Risk Management Framework v1 offers the following guidelines regarding accountability:

• Roles and responsibilities and lines of communication related to mapping, measuring, and managing AI risks are documented and are clear to individuals and teams throughout the organization.
• The organization's personnel and partners receive AI risk management training to enable them to perform their duties and responsibilities consistent with related policies, procedures, and agreements.
• Executive leadership of the organization takes responsibility for decisions about risks associated with AI system development and deployment.

Image by NIST

1.1 Establish responsible AI principles

4+ hours

It is important to make sure the right stakeholders participate in this working group. Designing responsible AI guiding principles will require debate, insights, and business decisions from a broad perspective across the enterprise.

1. Accelerate this exercise by leveraging an AI strategy that is aligned to the business strategy. Include:

• The organization's AI vision and objectives
• Business drivers for AI adoption
• Market research

• Who are the decision makers and key influencers?
• Who will impact the business?
• Who has a vested interest in the success or failure of the practice? Who has the skills and competencies necessary to help you be successful?

• Do not focus on the organizational structure and hierarchy. Often stakeholder groups do not fit the traditional structure.
• Do not ignore subject matter experts on either the business or IT side. You will need to consider both.

Assemble executive stakeholders

Set yourself up for success with these three steps.

CIOs tasked with designing digital strategies must add value to the business. Given the goal of digital is to transform the business, CIOs will need to ensure they have both the mandate and support from the business executives.

Designing the digital strategy is more than just writing up a document. It is an integrated set of business decisions to create a competitive advantage and financial returns. Establishing a forum for debates, decisions, and dialogue will increase the likelihood of success and support during execution.

1. Confirm your role
The AI strategy aims to transform the business. Given the scope, validate your role and mandate to lead this work. Identify a business executive to co-sponsor.

2. Identify stakeholders
Identify key decision makers and influencers who can help make rapid decisions as well as garner support across the enterprise.

3. Gather diverse perspectives

Align the AI strategy with the corporate strategy

Info-Tech Insight
AI projects are more successful when the management team understands the strategic importance of alignment. Time needs to be spent upfront aligning organizational strategies with AI capabilities. Effective alignment between IT and other departments should happen daily. Alignment doesn't occur at the executive level alone, but at each level of the organization.

Key AI strategy initiatives

AI Key Initiative Plan

Initiatives collectively support the business goals and corporate initiatives and improve the delivery of IT services.

Establish responsible AI guiding principles

Guiding principles help define the parameters of your AI strategy. They act as a priori decisions that establish guardrails to limit the scope of opportunities from the perspective of people, assets, capabilities, and budgetary perspectives that are aligned with the business objectives. Consider these components when brainstorming guiding principles:

Responsible AI guiding principles guide the development and deployment of the AI model in a way that considers human-based principles (such as fairness).

Start with foundational responsible AI guiding principles

(Optional) Customize responsible AI guiding principles

Here is an example for organizations in the healthcare industry

These guiding principles are customized to the industry and organizations but remain consistent in addressing the common core AI challenges.

Phase 2

Assess Current Level of AI Maturity

Phase 1
1. Establish Responsible AI Guiding Principles

Phase 2
1. Assess Current Level of AI Maturity

Phase 3
1. Prioritize Candidate Opportunities
2. Develop Policies

Phase 4
1. Build and Communicate the Roadmap

AI Maturity Model

A principle-based approach is required to advance AI maturity

Technology-Centric: These maturity levels focus primarily on addressing the technical challenges of building a functional AI model.

Principle-Based: Beyond the technical challenges of building the AI model are human-based principles that guide development in a responsible manner to address consumer and government demands.

AI Maturity Dimensions

Assess your AI maturity to understand your organization's ability to deliver in a digital age

AI Governance
Does your organization have an enterprise-wide, long-term strategy with clear alignment on what is required to accomplish it?

Data Management
Does your organization embrace a data-centric culture that shares data across the enterprise and drives business insights by leveraging data?

People
Does your organization employ people skilled at delivering AI applications and building the necessary data infrastructure?

Process
Does your organization have the technology, processes, and resources to deliver on its AI expectations?

Technology
Does your organization have the required data and technology infrastructure to support AI-driven digital transformation?

AI Maturity Model dimensions and characteristics

AI Maturity Dimension:

AI Governance

Requirements

• AI governance requires establishing policies and procedures for AI model development and deployment. Organizations begin with an awareness of the role of AI governance and evolve to a level to where AI governance is integrated with organization-wide corporate governance.

Challenges

• Beyond the governance of AI technology, the organization needs to evolve the governance program to align to responsible AI guiding principles.

Initiatives

• Establish responsible AI guidelines to govern AI development.
• Introduce an AI review board to review all AI projects.
• Introduce automation and standardize AI development processes.

AI governance is a foundation for responsible AI

Responsible AI Principles are a part of how you manage and govern AI

Monitoring
Monitoring compliance and risk of AI/ML systems/models in production

Tools & Technologies
Tools and technologies to support AI governance framework implementation

Model Governance
Ensuring accountability and traceability for AI/ML models

Organization
Structure, roles, and responsibilities of the AI governance organization

Operating Model
How AI governance operates and works with other organizational structures to deliver value

Risk & Compliance
Alignment with corporate risk management and ensuring compliance with regulations and assessment frameworks

Policies/Procedures/ Standards
Policies and procedures to support implementation of AI governance

AI Maturity Dimension:

Data Management

Requirements

• Organizations begin their data journey with a focus on pursuing quality data for the AI model. As organizations evolve, data management tools are leveraged to automate the capture, integration, processing, and deployment of data.

Challenges

• A key challenge is to acquire large volumes of quality data to properly train the model. In addition, maintaining data privacy, automating the data management lifecycle, and ensuring data is used in a responsible manner are ongoing challenges.

Initiatives

• Implement GDPR requirements.
• Establish responsible data collection and processing practices.
• Implement strong information security and data protection practices.
• Implement a data governance program throughout the organization.

Data governance enables AI

• Integrity, quality, and security of data are key outputs of data governance programs, as well as necessities for effective AI.
• Data governance focuses on creating accountability at the internal and external stakeholder level and establishing a set of data controls from technical, process, and policy perspectives.
• Without a data governance framework, it is increasingly difficult to harness the power of AI integration in an ethical and organization-specific way.

Data Governance in Action

Canada has recently established the Canadian Data Governance Standardization Collaborative governed by the Standards Council of Canada. The purpose is multi-pronged:

• Examine the foundational elements of data governance (privacy, cybersecurity, ethics, etc.).
• Lay out standards for data quality and data collection best practices.
• Examine infrastructure of IT systems to support data access and sharing.
• Build data analytics to promote effective and ethical AI solutions.

Source: Global Government Forum

Download the Establish Data Governance blueprint

AI Maturity Dimension:

People

Requirements

• Several data-centric skills and roles are required to successfully build, deploy, and maintain the AI model. The organization evolves from having few skills to everybody being able to leverage AI to enhance business outcomes.

Challenges

• AI skills can be challenging to find and acquire. Many organizations are investing in education to enhance their existing resources, leveraging no-code systems and software as a service (SaaS) applications to address the skills gap.

Initiatives

• Promote a data-centric culture throughout the organization.
• Leverage and educate technical-oriented business analysts and business-oriented data engineers to help address the demand for skilled resources.
• Develop an AI Center of Excellence accessible by all departments for education, guidance, and best practices for building, deploying, and maintaining the AI model.

Multidisciplinary skills are required for successful implementation of AI applications

Blending AI with technology and business domain understanding is key. Neither can be ignored.

Business Domain Expertise

• Business Analysts
• Industry Analysts

AI/Data Skills

• Data Scientists
• Data Engineers
• Data Analysts

IT Skills

• Database Administrators
• Systems Administrators
• Compute Specialists

AI Maturity Dimension:

Process

Requirements

• Automating processes involved with building, deploying, and maintaining the model is required to enable the organization to scale, enforce standards, improve time to market, and reduce costs. The organization evolves from performing tasks manually to an environment where all major processes are AI enabled.

Challenges

• Many solutions are available to automate the development of the AI model. There are fewer tools to automate responsible AI processes, but this market is growing rapidly.

Initiatives

• Assess opportunities to accelerate AI development with the adoption of MLOps.
• Assess responsible AI toolkits to test compliance with guiding principles.

Automating the AI development process

Evolving to a model-driven environment is pivotal to advancing your AI maturity

Current Environment

Model Development - Months

• Model rewriting
• Manual optimization and scaling
• Development/test/release
• Application monoliths

Data Discovery & Prep - Weeks

• Navigating data silos
• Unactionable metadata
• Tracing lineage
• Cleansing and integration
• Privacy and compliance

Install Software and Hardware - Week/Months

• Workload contention
• Lack of tool flexibility
• Environment request and setup
• Repeatability of results
• Lack of data and model sharing

Model-Driven Development

Machine Learning as a Service (MLaaS) - Weeks

• Apply DevOps and continuous integration/delivery (CI/CD) principles
• Microservices/Cloud-native applications
• Model portability and reuse
• Streaming/API integration

Data as a Service - Hours

• Self-service data catalog
• Searchable metadata
• Centralized access control
• Data collaboration
• Data virtualization

Platform as a Service - Minutes/Hours

• Self-service data science portal
• Integrated data sandbox
• Environment agility
• Multi-tenancy

Shared, Optimized Infrastructure

AI Maturity Dimension:

Technology

Requirements

• A technology platform that is optimized for AI and advanced analytics is required. The organization evolves from ad hoc systems to an environment where the AI hardware and software can be deployed through a self-service model.

Challenges

• Software and hardware platforms to optimize AI performance are still relatively new to most organizations. Time spent on optimizing the technology platform can have a significant impact on the overall performance of the system.

Initiatives

• Assess the landscape of AI enablers that can drive business value for the organization.
• Assess opportunities to accelerate the deployment of the AI platform with the adoption of infrastructure as a service (IaaS) and platform as a service (PaaS).
• Assess opportunities to accelerate performance with the optimization of AI accelerators.

AI enablers

Use case requirements should drive the selection of the tool

AI and data analytics data platform

An optimized data platform is foundational to maximizing the value from AI

Data Platform Capabilities

• Support for a variety of analytical applications, including self-service, operational, and data science analytics.
• Data preparation and integration capabilities to ingest structured and unstructured data, move and transform raw data to enriched data, and enable data access for the target userbase.
• An infrastructure platform optimized for advanced analytics that can perform and scale.

Infrastructure - AI accelerators

"By 2025, 70% of companies will invest in alternative computing technologies to drive business differentiation by compressing time to value of insights from complex data sets."
- IDC

2.1 Assess current AI maturity

1-3 hours

It is important to understand the current capabilities of the organization to deliver and deploy AI-based applications. Consider that advancing AI capabilities will also involve organizational changes and integration with the organization's governance and risk management programs.

1. Assess the organization's current state of AI capabilities with respect to its AI governance, data, people, process, and technology infrastructure using Info-Tech's AI Maturity Assessment & Roadmap Tool.
2. Consider the following as you complete the assessment:
1. What is the state of AI and data governance in the organization?
2. Does the organization have the skills, processes, and technology environment to deliver AI-based applications?
3. What organization will be accountable for any and all business outcomes of using the AI applications?
4. Has a risk assessment been performed?
3. Make sure you avoid the following common mistakes:
1. Do not focus only on addressing the technical challenges of building the AI model.
2. Do not ignore subject matter experts on either the business or IT side. You will need to consider both.

Download the AI Maturity Assessment & Roadmap Tool

Perform the AI Maturity Assessment

The Scale

Assess your AI maturity by selecting the maturity level that closest resembles the organization's current AI environment. Maturity dimensions that contribute to overall AI maturity include AI governance, data management, people, process, and technology capabilities.

Exploration (1.0)

• No experience building or using AI applications.

Incorporation (2.0)

• Some skills in using AI applications, or AI pilots are being considered for use.

Proliferation (3.0)

• AI applications have been adopted and implemented in multiple departments. Some of the responsible AI guiding principles are addressed (i.e. data privacy).

Optimization (4.0)

• The organization has automated the majority of its digital processes and leverages AI to optimize business operations. Controls are in place to monitor compliance with responsible AI guiding principles.

Transformation (5.0)

• The organization has adopted an AI-native culture and approach for building or implementing new business capabilities. Responsible AI guiding principles are operationalized with AI processes that proactively address possible breaches or risks associated with AI applications.

Perform the AI Maturity Assessment

AI Governance (1.0-5.0)

1. Is there awareness of the role of AI governance in our organization?

• No formal procedures are in place for AI development or deployment of applications.

• No group is assigned to be responsible for AI governance in our organization.

• Our organization has adopted and enforces standards for developing and deploying AI applications throughout the organization.

• Our organization is integrating an AI risk framework with the corporate risk management framework.

• Our organization leads the industry with the inclusion of responsible AI guiding principles with respect to transparency, accountability, risk, and governance.

Data Management/AI Data Capabilities (1.0-5.0)

1. Is there an awareness in our organization of the data requirements for developing AI applications?

• Data is often siloed and not easily accessible for AI applications.

• Required data is pulled from various sources in an ad hoc manner.

• Tools are available to manage the data lifecycle and support the data governance program.

• The data platform has been optimized for performance and access.

• Data culture exists throughout our organization, and data can be leveraged to drive innovation initiatives.

People/AI Skills in the Organization (1.0-5.0)

1. Is there an awareness in our organization of the skills required to build AI applications?

• No or very little skills exist throughout our organization.

• No formal group is assigned to build AI applications.

• An AI Center of Excellence has been formed to review, develop, deploy, and maintain AI applications.

• AI skills and people responsible for AI applications are spread throughout our organization.

• The entire organization is knowledgeable on how to leverage AI to transform the business.

Perform the AI Maturity Assessment

AI Processes (1.0-5.0)

1. Is there an awareness in our organization of the core processes and supporting tools that are required to build and support AI applications?

• There are few or no automated tools to accelerate the AI development process.

• Only ad hoc practices are used for developing AI applications.

• Our organization has documented standards in place for developing AI applications and deploying them AI to production.

• Our organization can leverage tools to perform an AI risk assessment and demonstrate compliance with the risk management framework.

• Our organization leads the industry in driving innovation through digital transformation.

Technology/AI Infrastructure (1.0-5.0)

1. Is there an awareness in our organization of the infrastructure (hardware and software) required to build AI applications?

• There is little awareness of what infrastructure is required to build and support AI applications.

• There is no dedicated infrastructure for the development of AI applications.

• Our organization is leveraging purpose-built infrastructure to optimize performance.

• Our organization is leveraging cloud-based deployment models to support AI applications in on-premises, hybrid, and public cloud platforms.

• Our organization leads the industry with its ability to respond to change and to leverage AI to improve business outcomes.

Phase 3

Prioritize Candidate Opportunities and Develop Policies

Phase 1
1. Establish Responsible AI Guiding Principles

Phase 2
1. Assess Current Level of AI Maturity

Phase 3
1. Prioritize Candidate Opportunities
2. Develop Policies

Phase 4
1. Build and Communicate the Roadmap

3.1 Prioritize candidate AI opportunities

1-3 hours

Identify business opportunities that are high impact to your business and its customers and have low implementation complexity.

1. Leverage the business capability map for your organization or industry to identify candidate business capabilities to augment or automate with generative AI.
2. Establish criteria to assess candidate use cases by evaluating against the organization's mission and goals, the responsible AI guiding principles, and the complexity of the project.
3. Ensure that candidate business capabilities to be automated align with the organization's business criteria, responsible AI guiding principles, and resources to deliver the project.
4. Make sure you avoid sharing the organization's sensitive data if the application is deployed on the public cloud.

Download the AI Maturity Assessment and Roadmap Tool

The business capability map for an organization

A business capability map is an abstraction of business operations that helps describe what the enterprise does to achieve its vision, mission, and goals, rather than how. Business capabilities are the building blocks of the enterprise. They represent stable business functions, are unique and independent of each other, and typically will have a defined business outcome.

Business capabilities are supported by people, process, and technology.

While business capability maps are helpful tools for a variety of strategic purposes, in this context they act as an investigation into what technology your business units use and how they use it.

Defining Capabilities
Activities that define how the entity provides services. These capabilities support the key value streams for the organization.

Enabling Capabilities
Support the creation of strategic plans and facilitate business decision making as well as the functioning of the organization (e.g. information technology, financial management, HR).

Shared Capabilities
These predominantly customer-facing capabilities demonstrate how the entity supports multiple value streams simultaneously.

Leverage your industry's capability maps to identify candidate opportunities/initiatives

Business capability map defined...

In business architecture, the primary view of an organization is known as a business capability map.

A business capability defines what a business does to enable value creation, rather than how. Business capabilities:

• Represent stable business functions.
• Are unique and independent of each other.
• Typically will have a defined business outcome.

A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.

Note: This is an illustrative business capability map example for Marketing & Advertising

Business value vs. complexity assessment

Leverage our simple value-to-effort matrix to help prioritize your AI initiatives

Common business value drivers

• Drive revenue
• Improve operational excellence
• Accelerate innovation
• Mitigate risk

Common project complexity characteristics

• Resources required
• Costs (acquisition, operational, support...)
• Training required
• Risk involved
• Etc.

1. Determine a business value and project complexity score for the candidate business capability or initiative.
2. Plot initiatives on the matrix.
3. Prioritize initiatives with high business value and low complexity.

Assess business value vs. project complexity to prioritize candidate opportunities for generative AI

Prioritize opportunities/initiatives with high business value and low project complexity

Prioritization criteria exercise 1: Assessing the Create Content capability

Assessing the Create Content capability

This opportunity is removed because it does not pass the organization/business criteria

Prioritization criteria exercise 2: Assessing the Content Production capability

Assessing the Content Production capability

This opportunity is accepted because it passes the organization's business, responsible AI, and project criteria

3.2 Communicate policies for AI use

1-3 hours

1. Ensure policies for usage align with the organization's business criteria, responsible AI guiding principles, and ability to deliver the projects prioritized and beyond.
2. Understand the current benefits as well as limits and risk associated with any proposed generative AI-based solution.
3. Ensure you consider the following:
1. What data is being shared with the application?
2. Is the generative AI application deployed on the public cloud? Can anybody access the data provided to the application?
3. Avoid using very technical, legal, or fear-based communication for your policies.

Generative AI policy for the Create Content capability

Aligning policies to direct the uses assessed and implemented is essential

Example

Many of us have been involved in discussions regarding the use of ChatGPT in our marketing and sales initiatives. ChatGPT is a powerful tool that needs to be used in a responsible and ethical manner, and we also need to ensure the integrity and accuracy of its results. Here is our policy on the use of ChatGPT:

• You are free to use generative AI to assist your searches, but there are NO circumstances under which you are to reproduce generative AI output (text, image, audio, video, etc.) in your content.

If you have any questions regarding the use of ChatGPT, please feel free to reach out to our generative AI team and/or any member of our senior leadership team.

Generative AI policy for the Content Production capability

These policies should align to and reinforce your responsible AI principles

Example

Many of us have been involved in discussions regarding the use of ChatGPT in our deliverables. ChatGPT is a powerful tool that needs to be used in a responsible and ethical manner, and we also need to ensure the integrity and accuracy of its results. Here is our policy on the use of ChatGPT:

• If you use ChatGPT, you need to assess the accuracy of its response before including it in our content. Assessment includes verifying the information, seeing if bias exists, and judging its relevance.
• Employees must not:
• Provide any customer, citizen, or third-party content to any generative AI tool (public or private) without the express written permission of the CIO or the Chief Information Security Officer. Generative AI tools often use input data to train their model, therefore potentially exposing confidential data, violating contract terms and/or privacy legislation, and placing the organization at risk of litigation or causing damage to our organization.
• Engage in any activity that violates any applicable law, regulation, or industry standard.
• Use services for illegal, harmful, or offensive purposes.
• Create or share content that is deceptive, fraudulent, or misleading or that could damage the reputation of our organization.
• Use services to gain unauthorized access to computer systems, networks, or data.
• Attempt to interfere with, bypass controls of, or disrupt operations, security, or functionality of systems, networks, or data.

If you have any questions regarding the use of ChatGPT, please feel free to reach out to our generative AI team and/or any member of our senior leadership team.

Phase 4

Build the Roadmap

Phase 1
1. Establish Responsible AI Guiding Principles

Phase 2
1. Assess Current Level of AI Maturity

Phase 3
1. Prioritize Candidate Opportunities
2. Develop Policies

Phase 4
1. Build and Communicate the Roadmap

4.1.1 Create the implementation plan for each prioritized initiative

1-3 hours

1. Build the implementation plan for each accepted use case using the roadmap template.
2. Assess the firm's capabilities with respect to the dimensions of AI maturity and target the future-state capabilities you need to develop.
3. Prepare by assessing the risk of the proposed use cases.
4. Ensure initiatives align with organizational objectives.
5. Ensure all AI initiatives have a defined value expectation.
6. Do not ignore subject matter experts on either the business or IT side. You will need to consider both.

Download the AI Maturity Assessment and Roadmap Tool

Target-state options

Identify the future-state capabilities that need to be developed to deliver your use cases

1. Build an implementation plan for each use case to adopt.
2. Assess if the current state of the AI environment can be leveraged to deliver the selected generative AI use cases.
3. If the current AI environment is not sufficient, identify the future state required that will enable the delivery of the generative AI use cases. Identify gaps and build the roadmap to address the gaps.

4.1.2 Design metrics for success

1-2 hours

Establish metrics to measure to determine the success or failure of each POC.

1. Discuss which relevant currently tracked metrics are useful to continue tracking for the POC.
2. Discuss which metrics are irrelevant to the POC.
3. Discuss metrics to start tracking and how to track them with the generative AI vendor.
4. Compile a list of metrics relevant to the POC.
5. Decide what the outcome is if the metric is high or low, including decision steps and relevant actions.
6. Designate a generative AI application owner and a vendor liaison.

Prepare by building an implementation plan for each candidate use case (previous step).

Include key performance indicators (KPIs) and metrics that measure the application's contribution to strategic initiatives.

Consider assigning a vendor liaison to accelerate the implementation and adoption of the generative AI-based solution.

Generative AI POC metrics - examples

You need to measure the effectiveness of your initiatives. Here are some typical examples.

GitHub Copilot POC business value - example

Quantifying the benefits of GitHub Copilot to demonstrate measurable business value

POC Results

Task 1: Creating a web server in JavaScript

• Time to complete task with GitHub Copilot: 1 hour 11 minutes
• Time to complete the task without GitHub Copilot: 2 hours 41 minutes
• Productivity Gain = (1 hour 30 minutes time saved) / (2 hours 41 minutes) = 55%
• Benefit per Programmer = 55% x (average salary of a programmer)
• Total Benefit of GitHub Copilot for Task 1 = (benefit per programmer) x (# of programmers)

Enterprise Value of GitHub Copilot = Total Benefit of GitHub Copilot for Task 1 + Total Benefit of GitHub Copilot for Task 2 + ... + Total Benefit of GitHub Copilot for Task n

Source: GitHub

4.1.3 Build your generative AI initiative roadmap

1-3 hours

The roadmap should provide a compelling vision of how you will deliver the identified generative AI applications by prioritizing and simplifying the actions required to deliver these new initiatives.

1. Leverage tab 4, Initiative Planning, in the AI Maturity Assessment and Roadmap Tool to create and align your initiatives to the key value driver they are most relevant to:
1. Transfer the results of your value and complexity assessments to this tool to drive the prioritization.
2. Assign responsible owners to each initiative.
3. Identify which AI maturity capabilities each initiative will enhance. However, do not build or introduce new capabilities merely to advance the organization's AI maturity level.
2. Review the Gantt chart to ensure alignment and assess overlap.

Download the AI Maturity Assessment and Roadmap Tool

Build your generative AI roadmap to visualize your key project plans

Visual representations of data are more compelling than text alone.

Develop a high-level document that travels with the project from inception through to executive inquiry, project management, and finally execution.

A project needs to be discrete: able to be conceptualized and discussed as an independent item. Each project must have three characteristics:

• Specific outcome: An explicit change in the people, processes, or technology of the enterprise.
• Target end date: When the described outcome will be in effect.
• Owner: Who on the IT team is responsible for executing on the initiative.

Info-Tech Insight
Don't project your vision three to five years into the future. Deep dive on next year's big-ticket items instead.

4.1.4 Build a communication plan for your roadmap

1-3 hours

1. Identify your target audience and what they need to know.
2. Identify desired channels of communication and details for the target audience.
3. Describe communication required for each audience segment.
4. List frequency of communication for each audience segment.
5. Create an executive presentation leveraging The Era of Generative AI C-Suite Presentation and AI Maturity Assessment and Roadmap Tool.

Generative AI communication plan

Well-planned communications are essential to the success and adoption of your AI initiatives

To ensure that organization's roadmap is clearly communicated across the AI, data, technology, and business organizations, develop a rollout strategy, like this example.

Example

Deliver an executive presentation of the roadmap for the business stakeholders

After you complete the activities and exercises within this blueprint, the final step of the process is to present the deliverable to senior management and stakeholders.

Know Your Audience

• Business stakeholders are interested in understanding the business outcomes that will result from their investment in generative AI.
• Your audience will want to understand the risks involved and how to mitigate those risks.
• Explain how the generative AI project was selected and the criteria used to help draft generative AI usage policies.

Recommendations

• Highlight the need for responsible AI to ensure that human-based requirements are being addressed.
• Ensure your generative AI team includes both business and technical staff.

Download The Era of Generative AI C-Suite Presentation

Bibliography

"A pro-innovation approach to AI regulation." UK Department for Science, Innovation and Technology, March 2023. Web.

"Artificial Intelligence Act." European Commission, 21 April 2021. Web.

"Artificial Intelligence and Data Act (AIDA)." Canadian Federal Government, June 2022. Web.

"Artificial Intelligence Index Report 2023." Stanford University, April 2023. Web.

"Automated Employment Decision Tools." New York City Department of Consumer and Worker Protection, Dec. 2021. Web.

"Bain & Company announces services alliance with OpenAI to help enterprise clients identify and realize the full potential and maximum value of AI." Bain & Company, 21 Feb. 2023. Web.

"Buzzfeed to use AI to write its articles after firing 180 employees." Al Mayadeen English, 27 Jan. 2023. Web.

"California Consumers Privacy Act." State of California Department of Justice. April 24, 2023. Web.

Campbell, Ian Carlos. "The Apple Card doesn't actually discriminate against women, investigators say." The Verge, 23 March 2021. Web.

Campbell, Patrick. "NIST Artificial Intelligence Risk Management Framework (AI RMF 1.0)." National Institute of Standards and Technology, Jan. 2023. Web.

"EU Ethics Guidelines For Trustworthy." European Commission, 8 April 2019. Web.

Farhi, Paul. "A news site used AI to write articles. It was a journalistic disaster." Washington Post, 17 Jan. 2023. Web.

Forsyth, Ollie. "Mapping the Generative AI landscape." Antler, 20 Dec. 2022. Web.

"General Data Protection Regulation (GDPR)" European Commission, 25 May 2018. Web.

"Generative AI Market: Global Industry Trends, Share, Size, Growth, Opportunity and Forecast 2023-2028." IMARC Group, 2022. Web.

Guynn, Jessica. "Bing's ChatGPT is in its feelings: 'You have not been a good user. I have been a good Bing.'" USA Today, 14 Feb. 2023. Web.

Hunt, Mia. "Canada launches data governance standardisation initiative." Global Government Forum, 24 Sept. 2020. Web.

Johnston Turner, Mary. "IDC's Worldwide Future of Digital Infrastructure 2022 Predictions." IDC, 27 Oct. 2021. Web.

Kalliamvakou, Eirini. "Research: quantifying GitHub Copilot's impact on developer productivity and happiness." GitHub, 7 Sept. 2022. Web.

Kerravala, Zeus. "NVIDIA Brings AI To Health Care While Protecting Patient Data." eWeek, 12 Dec. 2019. Web.

Knight, Will. "The Apple Card Didn't 'See' Gender-and That's the Problem." Wired, 19 Nov. 2019. Web.

"OECD, Recommendation of the Council on Artificial Intelligence." OECD, 2022. Web.

"The National AI Initiative Act" U.S. Federal Government, 1 Jan 2021. Web.

"Trustworthy AI (TAI) Playbook." U.S. Department of Health & Human Services, Sept 2021. Web.

Info-Tech Research Contributors/Advocates

Joel McLean
Executive Chairman

David Godfrey
CEO

Gord Harrison
Senior Vice President, Research & Advisory Services

William Russell
CIO

Jack Hakimian
SVP, Research

Barry Cousins
Distinguished Analyst and
Research Fellow

Larry Fretz
Vice President, Industry Research

Tom Zehren
CPO

Mark Roman
Managing Partner II

Christine West
Managing Partner

Steve Willis
Practice Lead

Yatish Sewgoolam
Associate Vice President, Research Agenda

Rob Redford
Practice Lead

Mike Tweedie
Practice Lead

Neal Rosenblatt
Principal Research Director

Jing Wu
Principal Research Director

Irina Sedenko
Research Director

Jeremy Roberts
Workshop Director

Brian Jackson
Research Director

Mark Maby
Research Director

Stacey Horricks
Director, Social Media

Sufyan Al-Hassan
Public Relations Manager

Sam Kanen
Marketing Specialist

Build a Service-Based Security Resourcing Plan

Every security program is unique; resourcing allocations should reflect this.

Analyst Perspective

Start by looking inward.

		Organizations have a critical need for skilled cybersecurity resources as the cyberthreat landscape becomes more complex. This has put a strain on many security teams who must continue to meet demand for an increasing number of security services. To deliver services well, we first need to determine what are the organization’s key security requirements. While benchmarks can be useful for quick peer-to-peer comparisons to determine if we are within the average range, they tend to make all security programs seem the same. This can lead to misguided investments in security services and personnel that might be better used elsewhere. Security teams will be most successful when organizations take a personalized approach to security, considering what must be done to lower risk and operate more efficiently and effectively.
Logan Rohde Senior Research Analyst, Security Info-Tech Research Group	Isabelle Hertanto Principal Research Director, Security Info-Tech Research Group

Executive Summary

Info-Tech Insight

Not all security programs need to be the same. A service-aligned security resourcing strategy will put organizations in the best position to respond to current and future service demands and address business needs as they evolve over time.

Your challenge

This research is designed to help organizations who are looking to:

• Determine what and how many resources are needed to support the information security program.
• Identify the organization's key service offerings and the required resourcing to support delivery of such services.
• Estimate current staff utilization and required allocations to satisfy future demand for services.

Every organization is unique and will need different security research allocations aligned with their business needs.

“The number of priorities that CISOs have continues to grow, but if everything is a priority, nothing is. It’s important to focus on the ones that deliver the most value to your organization and that are synchronized with the overall business strategy.”

Paige H. Adams

Global CISO at Zurich

Insurance

Source: Proofpoint, 2021

Common obstacles

These barriers make this challenge difficult to address for many organizations:

• Security leaders sometimes try to cut to the chase and lean on staffing benchmarks to justify their requests for resources. However, while staffing benchmarks are useful for quick peer-to-peer validation and decision making, they tend to reduce security programs down to a set of averages, which can be misleading when used out of context.
• A more effective approach is to determine what security services need to be provided, the level of demand, and what it will take to meet that demand currently and in the coming years.
• With these details available, it becomes much easier to predict what roles need to be hired, what skills need to be developed, and whether outsourcing is an option.

Hiring delays and skills gaps can fuel resourcing challenges

59% of organizations report taking 3-6+ months to fill a vacant cybersecurity position.

Source: ISACA, 2020

30% report IT knowledge as the most prevalent skills gap in today’s cybersecurity professionals.

Source: ISACA, 2020

Info-Tech’s methodology for Building a Service-Based Security Resourcing Plan

Stay on top of resourcing demands with a security service portfolio

Blueprint deliverable

Use this tool to build your security services portfolio, estimate demand and hours needed, and determine FTE requirements.

Key deliverable:

Security Resources Planning Workbook

The Security Resources Planning Workbook will be used to:

• Build a security services portfolio.
• Estimate demand for security services and the efforts to deliver them.
• Determine full-time equivalent (FTE) requirements for each service.

Blueprint benefits

Measure the value of this blueprint

Use these metrics to realize the value of completing this blueprint.

47% of cybersecurity professionals said that stress and burnout has become a major issue due to overwork, with most working over 41 hours a week, and some working up to 90.

Source: Security Boulevard, 2021

Info-Tech offers various levels of support to best suit your needs

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 4 to 6 calls over the course of 2 to 3 months.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com1-888-670-8889

Phase 1

Determine Security Service Portfolio Offerings

This phase involves the following participants:

• CISO
• Core Security Team
• Business Representative (optional)

Step 1.1

Gather Requirements and Define Roles

Activities

1.1.1 Assess Business Needs and Pressures

1.1.2 Define Security Roles

This step involves the following participants:

• CISO
• Core Security Team
• Business Representative (optional)

Outcomes of this step

• Security program requirements
• Security roles definitions

1.1.1 Assess security needs and pressures

1 hour

1. As a group, brainstorm the security requirements for your organization and any business pressures that exist within your industry (e.g. compliance obligations).

• To get started, consider examples of typical business pressures on the next slides. Determine how your organization must respond to these points (note: this is not an exhaustive list).
• You will likely notice that these requirements have already influenced the direction of your security program and the kinds of services it needs to provide to the business side of the organization.

Typical business pressures examples

The security services you will provide to the organization should be based on its unique business requirements and pressures, which will make certain services more applicable than others. Use this exercise to get an idea of what those business drivers might be.

1.1.2 Define security roles

1-2 hours

1. Using the link below, download the Security Resources Planning Workbook and review the examples provided on the next slide.
2. On tab 1 (Roles), review the example roles and identify which roles you have within your security team.

• If necessary, customize the roles and descriptions to match your security team’s current make up.
• If you have roles within your security team that do not appear in the examples, you can add them to the bottom of the table.

Download the Security Resources Planning Workbook

Calculating FTEs and defining security roles

1. Start by entering the current and planned headcount for each role
2. Then enter number of hours each role works per week
3. Estimate the number of administrative hours (e.g. team meetings, training) per week
4. Enter the average number of weeks per year that each role is available for service delivery
5. The tool uses the data from steps 2-4 to calculate the average number of hours each role has for service delivery per year (FTE)

Info-Tech Insight

Watch out for role creep. It may be tempting to assign tasks to the people who already know how to do them, but we should consider which role is most appropriate for each task. If all services are assigned to one or two people, we’ll quickly use up all their time.

Other considerations

Address your skills gap.

Cybersecurity is a rapidly evolving discipline and security teams from all over are reporting challenges related to training and upskilling needed to keep pace with the developments of the threat landscape.

95% Security leaders who agree the cybersecurity skills gap has not improved over the last few years.*

44% Security leaders who say the skills gap situation has only gotten worse.*

When defining roles, consider the competencies needed to deliver your security services. Use Info-Tech’s blueprint Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan to help you determine the required skillsets for each role.

* Source: ISSA, 2021

Info-Tech Insight

As the services in your portfolio mature and become more complex, remember to consider the skills you need and will need to be able to provide that service. Make sure to account for this need in your resource planning and keep in mind that we can only expect so much from one role. Therefore, hiring may be necessary to keep up with the diverse skills your services may require.

Download blueprint Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan

Step 1.2

Choose Security Service Offerings

Activities

1.2.1 Define Security Services and Role Assignments

This step involves the following participants:

• CISO
• Core Security Team

Outcomes of this step

• Service portfolio
• Service pipeline status
• Service ownership

1.2.1 Define security services and role assignments

2-4 hours

1. As a group, review the outputs from Step 1.1.1. These requirements will serve as the basis to prioritize the service offerings of your security portfolio.
2. Take these outputs, as well as any additional notes you’ve made, and put them side by side with the example service offerings on tab 3 of the Security Resources Planning Workbook so each service can be considered alongside these requirements (i.e. to determine if that service should be included in the security service portfolio at this time).
3. Using the following slides as a guide, work your way down the list of example services and choose the services for your portfolio. For each service selected, be sure to customize the definition of the service and state its outcome (i.e. what time is spent when providing this service, indicate if it is outsourced, which role is responsible for delivering it, and the service pipeline status (in use, plan to use, plan to retire)).

Download the Security Resources Planning Workbook

Service needs aligned with your control framework

Use Info-Tech's best-of-breed Security Framework to develop a comprehensive baseline set of security service areas.

Prioritize your security services

Example of a custom security services portfolio definition

Security Strategy and Governance Model

• Aligned Business Goals
• Security Program Objectives
• Centralized vs. Decentralized Governance Model

Compliance Obligations

• Penetration testing
• Annual security audits
• Data privacy and protection laws

CISO Accountabilities

• Security Policy
• Risk Management
• Application & Infrastructure Security
• Program Metrics and Reporting

Consider each of the requirement categories developed in Step 1.1.1 against the taxonomy and service domain here. If there is a clear need to add this service, use the drop-down list in the “Include in Catalog” column to indicate “Yes.” Mark un-needed services as “No.”

Assigning roles to services

1. If the service is being outsourced, use the drop-down list to select “Yes.” This will cause the formatting to change in the neighboring cell (Role), as this cell does not need to be completed.
2. For all in-sourced services, indicate the role assigned to perform the service.
3. Indicate the service-pipeline status for each of the services you include. The selection you make will affect the conditional formatting on the next tab, similar to what is described in step 1.

Info-Tech Insight

Make sure your portfolio reflects current state and approved plans. There’s nothing wrong with planning for the future, but we should avoid using the portfolio as a list of goals.

Phase 2

Plan for Mandatory Versus Discretionary Demand

This phase involves the following participants:

• CISO
• Core Security Team

Step 2.1

Assess Demand

Activities

2.1.1 Estimate Current and Future Demand

This step involves the following participants:

• CISO
• Core Security Team

Outcomes of this step

• Service demand estimates
• Total service hours required
• FTEs required per service

2.1.1 Estimate current and future demand

2-4 hours

1. Estimate the number of hours required to complete each of the services in your portfolio and how frequently it is performed. Remember the service-hour estimates should be based on the outcome of the service (see examples on the next slide).

• To do this effectively, think back over the last quarter and count how many times the members of your team performed each service and how many hours it took to complete.
• Then, think back over the last year and consider if the last quarter represents typical demand (i.e. you may notice that certain services have a greater demand at different parts of the year, such as annual audit) and arrive at your best estimate for both service hours and demand.
• See examples on next slide.

Note: For continuous services (i.e. 24/7 security log monitoring), use the length of the work shift for estimating the Hours to Complete and the corresponding number of shifts per year for Mandatory Demand estimates. Example: For an 8-hour shift, there are 3 shifts per day at 365 days/year, resulting in 1,095 total shifts per year.

Download the Security Resources Planning Workbook

Info-Tech Insight

Time estimates will improve over time. It may be difficult to estimate exactly how long it takes to carry out each service at first. But making the effort to time your activities each quarter will help you to improve the accuracy of your estimates incrementally.

Understanding mandatory versus discretionary demand

Every service may have a mix of mandatory and discretionary demands. Understanding and differentiating between these types of demand is critical to developing an efficient resourcing plan.

Mandatory Demand Mandatory demand refers to the amount of work that your team must perform to meet compliance obligations and critical business and risk mitigation requirements. Failure to meet mandatory demand levels will have serious consequences, such as regulatory fines or the introduction of risks that far exceed risk tolerances. This is work you cannot refuse.

Discretionary Demand Discretionary demand refers to the amount of work the security team is asked to perform that goes above and beyond your mandatory demand. Discretionary demand often comes in the form of ad hoc requests from business units or the IT department. Failure to meet discretionary demand levels usually has limited consequences, allowing you more flexibility to decide how much of this type of work you can accept.

Mandatory versus discretionary demand examples

Example of service demand estimations

1. For each service, describe the specific outcome or deliverable that the service produces. Modify the example deliverables as required.
2. Enter the number of hours required to produce one instance of the service deliverable. For example, if the deliverable for your security training service is an awareness campaign, it may require 40 person hours to develop and deliver.
3. Enter the number of mandatory and discretionary demands expected for each service within a given year. For instance, if you are delivering quarterly security awareness campaigns, enter 4 as the demand.

Phase 3

Build Your Resourcing Plan

This phase involves the following participants:

• CISO
• Security Manager

Step 3.1

Determine Resourcing Status

Activities

3.1.1 Review Demand Summary

3.1.2 Fill Resource Gaps

This step involves the following participants:

• CISO
• Security Manager

Outcomes of this step

• The number of FTEs required to meet demand
• Resourcing gaps

3.1.1 Review demand summary

1-2 hours

1. On tab 5 of the Security Resourcing Planning Tool (Demand Summary), review the results. This tab will show you if you have enough FTE hours per role to meet the demand level for each service.

• Green indicates that there is a surplus of FTEs and the number displayed shows how many extra FTEs there are.
• Yellow text that you have adequate FTEs to meet all of your mandatory demand but may not have enough to meet all of your discretionary demand.
• Red text indicates that there are too few FTEs available, and the number displayed shows how many additional FTEs you will require.

Download the Security Resources Planning Workbook

Info-Tech Insight

Start recruiting well in advance of need. Security talent can be difficult to come by, so make sure to begin your search for a new hire three to six months before your demand estimates indicate the need will arise.

Example of demand planning summary (1/2)

Example of demand planning summary (2/2)

3.1.2 Fill resource gaps

2-4 hours

1. Now that you have a resourcing model for your security services, you will need to plan to close the gaps between available FTEs and required service hours. For each role that has been under/over committed to service delivery, review the services assignments on tab 3 and determine the viability of the following gap closure actions:
1. Reassign service responsibility to another role with fewer commitments
2. Create efficiencies to reduce required hours
3. Hire to meet the service demand
4. Outsource the service
2. Your resourcing shortages may not all be apparent at once. Therefore, build a roadmap to determine which needs must be addressed immediately and which can be scheduled for years two and three.

Consider outsourcing

Outsourcing provides access to tools and talent that would otherwise be prohibitively expensive. Typical reasons for outsourcing security operations include:

• Difficulty finding or retaining security staff with advanced and often highly specialized skillsets.
• The desire to transfer liability for high-risk operational activities such as 24/7 security monitoring.
• Workforce scalability to accommodate irregular or infrequent events such as incident response and incident-related forensic investigations.

Given the above, three different models have emerged for the operational security organization:

Once you have determined that further outsourcing is needed, go back and adjust the status in your service portfolio. Use Info-Tech's blueprint Develop Your Security Outsourcing Strategy to determine the right approach for your business needs.

“The workforce of the future needs to be agile and adaptable, enabled by strong partnerships with third-party providers of managed security services. I believe these hybrid models really are the security workforce of the future.”

– Senior Manager, Cybersecurity at EY

Download blueprint Develop Your Security Outsourcing Strategy

Info-Tech Insight

Choose the right model for your organization’s size, risk tolerance, and process maturity level. For example, it might make more sense for larger enterprises with low risk tolerance to grow their internal teams and build in-house capability.

Create efficiencies

Resourcing challenges are often addressed more directly by increased spending. However, for a lot of organizations, this just isn’t possible. While there is no magic solution to resolve resource constraints and small budgets, the following tactics should be considered as a means to reduce the hours required for the services your team provides.

Info-Tech Insight

Every minute counts. While using these strategies may not solve every resourcing crunch you have, they can help put you in the best position possible to deliver on your commitments for each service.

Plan for employee turnover

Cybersecurity skills are in high demand; practitioners are few. The reality is that experienced security personnel have a lot of opportunities. While we cannot control for the personal reasons employees leave jobs, we can address the professional reasons that cause them to leave.

Use Info-Tech’s blueprint Build a Strategic IT Workforce Plan to help staff your security organization for success.

Download blueprint Build a Strategic IT Workforce Plan

Summary of Accomplishment

Problem Solved

You have now successfully identified your business and security drivers, determined what services your security program will provide, and determined your resourcing plan to meet these demands over the next three years.

As needs change at your organization, don’t forget to re-evaluate the decisions you’ve made. Don’t forget that outsourcing a service may be the most reliable way to provide and resource it. However, this is just one tool among many that should be considered, along with upskilling, process improvement/familiarity, and process automation.

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

Contact your account representative for more information.

workshops@infotech.com

1-888-670-8889

Research Contributors and Experts

	George Al-Koura CISO Ruby Life		Brian Barniner Head of Decision Science and Analytics ValueBridge Advisors
	Tracy Dallaire CISO / Director of Information Security McMaster University		Ricardo Johnson Chief Information Security Officer Citrix

Research Contributors and Experts

Ryan Rodriguez Senior Manager, Cyber Threat Management EY

Paul Townley VP Information Security and Personal Technology Owens Corning

13 Anonymous Contributors

Related Info-Tech Research

Cost-Optimize Your Security Budget

Develop Your Security Outsourcing Strategy

Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan

Bibliography

2021 Voice of the CISO Report.” Proofpoint, 2021. Web.

“2022 Voice of the CISO.” Proofpoint, 2022. Web.

Brook, Chris. “How to Find and Retain Skilled Cybersecurity Talent.” DigitalGuardian, 17 Sep. 2020. Web.

“Canadian Cybersecurity Skills Framework” TECHNATION Canada, April 2020. Web.

“Cybersecurity Skills Crisis Continues for Fifth Year, Perpetuated by Lack of Business Investment.” ISSA, 28 July 2021. Web.

“Cybersecurity Workforce, National Occupational Standard.” TECHNATION Canada, April 2020. Web.

Naden, Clare. “The Cybersecurity Skills Gap: Why Education Is Our Best Weapon against Cybercrime.” ISO, 15 April 2021. Web.

Purse, Randy. “Four Challenges in Finding Cybersecurity Talent And What Companies Can Do About It.” TECHNATION Canada, 29 March 2021. Web.

Social-Engineer. “Burnout in the Cybersecurity Community.” Security Boulevard, 8 Dec. 2021. Web.

“State of Cybersecurity 2020.” ISACA, 2020. Web.

Build a Data Architecture Roadmap

Optimizing data architecture requires a plan, not just a data model.

ANALYST PERSPECTIVE

Integral to an insight-driven enterprise is a modern and business-driven data environment.

“As business and data landscapes change, an organization’s data architecture needs to be able to keep pace with these changes. It needs to be responsive so as to not only ensure the organization continues to operate efficiently but that it supports the overall strategic direction of the organization.

In the dynamic marketplace of today, organizations are constantly juggling disruptive forces and are finding the need to be more proactive rather than reactive. As such, organizations are finding their data to be a source of competitive advantage where the data architecture has to be able to not only support the increasing amount, sources, and rate at which organizations are capturing and collecting data but also be able to meet and deliver on changing business needs.

Data architecture optimization should, therefore, aid in breaking down data silos and creating a more shared and all-encompassing data environment for better empowering the business.” (Crystal Singh, Director, Research, Data and Information Practice, Info-Tech Research Group)

Our understanding of the problem

Executive summary

Situation

• The data architecture of a modern organization involves many moving pieces requiring coordination to provide greatest value from data.
• Data architects are at the center of this turmoil and must be able to translate high-level business requirements into specific instructions for data workers using complex data models.

Complication

• Data architects must account for the constantly growing data and application complexity, and more demanding needs from the business.
• There is an ever-increasing number of data sources and a growing need to integrate components to ensure that performance isn’t compromised.
• There isn’t always a clearly defined data architect role, yet the responsibilities must be filled to get maximum value from data.

Resolution

• To deal with these challenges, a data architect must have a framework in place to identify the appropriate solution for the challenge at hand.
  • Identify and prioritize the business drivers in which data architecture changes would create the largest overall benefit, and determine the corresponding data architecture tiers that need to be addressed to customize your solution.
  • Discover the best practice trends, measure your current state, and define the targets for your data architecture tactics.
  • Build a cohesive and personalized roadmap for restructuring your data architecture. Manage your decisions and resulting changes.

Info-Tech Insight

1. Data architecture is not just about models. Viewing data architecture as just technical data modeling can lead to a data environment that does not aptly serve or support the business. Identify the priorities of your business and adapt your data architecture to those needs.
2. Changes to data architecture are typically driven by four common business driver patterns. Use these as a shortcut to understand how to evolve your data architecture.
3. Data is used differently across the layers of an organization’s data architecture; therefore, the capabilities needed to optimize the use of data change with it. Architecting and managing data from source to warehousing to presentation requires different tactics for optimal use.

Your data is the foundation of your organization’s knowledge and ability to make decisions

Data should be at the foundation of your organization’s evolution.

The transformational insights that executives are constantly seeking to leverage can be uncovered with a data practice that makes high quality, trustworthy information readily available to the business users who need it.

50% Organizations that embrace data are 50% more likely to launch products and services ahead of their competitors. (Nesta, 2016)

Whether hoping to gain a better understanding of your business or trying to become an innovator in your industry, any organization can get value from its data regardless of where you are in your journey to becoming a data-driven enterprise:

As organizations seek to become more data driven, it is imperative to better manage data for its effective use

Here comes the zettabyte era.

A zettabyte is a billion terabytes. Organizations today need to measure their data size in zettabytes, a challenge that is only compounded by the speed at which the data is expected to move.

Arriving at the understanding that data can be the driving force of your organization is just the first step. The reality is that the true hurdles to overcome are in facing the challenges of today’s data landscape.

“The data environment is very chaotic nowadays. Legacy applications, data sprawl – organizations are grappling with what their data landscape looks like. Where are our data assets that we need to use?” (Andrew Johnston, Independent Consultant)

Solution

Well-defined and structured data management practices are the best way to mitigate the limitations that derive from these challenges and leverage the most possible value from your data.

Refer to Info-Tech’s capstone Create a Plan For Establishing a Business-Aligned Data Management Practice blueprint to understand data quality in the context of data disciplines and methods for improving your data management capabilities.

Data architecture is an integral aspect of data management

Data architects must maintain a comprehensive view of the organization’s rapidly proliferating data

The data architect: Acts as a “translator” between the business and data workers to communicate data and technology requirements. Facilitates the creation of the data strategy. Manages the enterprise data model. Has a greater knowledge of operational and analytical data use cases. Recommends data management policies and standards, and maintains data management artifacts. Reviews project solution architectures and identifies cross impacts across the data lifecycle. Is a hands-on expert in data management and warehousing technologies. Is not necessarily it’s own designated position, but a role that can be completed by a variety of IT professionals.

Data architects bridge the gap between strategic and technical requirements: “Fundamentally, the role of a data architect is to understand the data in an organization at a reasonable level of abstraction.” (Andrew Johnston, Independent Consultant)

Many are experiencing the pains of poor data architecture, but leading organizations are proactively tackling these issues

Outdated and archaic systems and processes limit the ability to access data in a timely and efficient manner, ultimately diminishing the value your data should bring.

Intuitive organizations who have recognized these shortcomings have already begun the transition to modernized and optimized systems and processes.

Leading organizations are attacking data architecture problems … you will be left behind if you do not start now!

Once on your path to redesigning your data architecture, neglecting the strategic elements may leave you ineffective

Focusing on only data models without the required data architecture guidance can cause harmful symptoms in your IT department, which will lead to organization-wide problems.

Follow Info-Tech’s methodology to optimize data architecture to meet the business needs

The following is a summary of Info-Tech’s methodology:

1	Prioritize your core business objectives and identify your business driver. Learn how business drivers apply to specific tiers of Info-Tech’s five-tier data architecture model. Determine the appropriate tactical pattern that addresses your most important requirements.
2	Select the areas of the five-tier architecture to focus on. Measure current state. Set the targets of your desired optimized state.
3	Roadmap your tactics. Manage and communicate change.

Info-Tech will get you to your optimized state faster by focusing on the important business issues

First Things First

1. Info-Tech’s methodology helps you to prioritize and establish the core strategic objectives behind your goal of modernizing data architecture. This will narrow your focus to the appropriate areas of your current data systems and processes that require the most attention.

Info-Tech has identified these four common drivers that lead to the need to optimize your data architecture.

• Becoming More Data Driven
• Regulations and Compliance
• Mergers and Acquisitions
• New Functionality or Business Rule

These different core objectives underline the motivation to optimize data architecture, and will determine your overall approach.

Use the five-tier architecture to provide a consumable view of your data architecture

Every organization’s data system requires a unique design and an assortment of applications and storage units to fit their business needs. Therefore, it is difficult to paint a picture of an ideal model that has universal applications. However, when data architecture is broken down in terms of layers or tiers, there exists a general structure that is seen in all data systems.

Thinking of your data systems and processes in this framework will allow you to see how different elements of the architecture relate to specific business operations.

Use the five-tier architecture to prioritize tactics to improve your data architecture in line with your pattern

Info-Tech’s Data Architecture Capability Model	Based on your business driver, the relevant data tiers, and your organization’s own specific requirements you will need to establish the appropriate data architecture capabilities. This blueprint will help you measure how you are currently performing in these capabilities… And help you define and set targets so you can reach your optimized state.
Once completed, these steps will be provided with the information you will need to create a comprehensive roadmap. Lastly, this blueprint will provide you with the tools to communicate this plan across your organization and offer change management guidelines to ensure successful adoption.	Info-Tech Insight Optimizing data architecture requires a tactical approach, not a passive approach. The demanding task of optimization requires the ability to heavily prioritize. After you have identified why, determine how using our pre-built roadmap to address the four common drivers.

Do not forget: data architecture is not a standalone concept; it fits into the more holistic design of enterprise architecture

Data Architecture in Alignment Data architecture can not be designed to simply address the focus of data specialists or even the IT department. It must act as a key component in the all encompassing enterprise architecture and reflect the strategy and design of the entire business. Data architecture collaborates with application architecture in the delivery of effective information systems, and informs technology architecture on data related infrastructure requirements/considerations Please refer to the following blueprints to see the full picture of enterprise architecture: Select and Implement an EA Tool Enhance Your Application Architecture

Adapted from TOGAF Refer to Phase C of TOGAF and Bizbok for references to the components of business architecture that are used in data architecture.

Info-Tech’s data architecture optimization methodology helped a monetary authority fulfill strict regulatory pressures

CASE STUDY

Industry: Financial Source: Info-Tech Consulting

Look for this symbol as you walk through the blueprint for details on how Info-Tech Consulting assisted this monetary authority.

Situation: Strong external pressures required the monetary authority to update and optimize its data architecture.

The monetary authority is responsible for oversight of the financial situation of a country that takes in revenue from foreign incorporation. Due to increased pressure from international regulatory bodies, the monetary authority became responsible for generating multiple different types of beneficial ownership reports based on corporation ownership data within 24 hours of a request.

A stale and inefficient data architecture prevented the monetary authority from fulfilling external pressures.

Normally, the process to generate and provide beneficial ownership reports took a week or more. This was due to multiple points of stale data architecture, including a dependence on outdated legacy systems and a broken process for gathering the required data from a mix of paper and electronic sources.

Provide a structured approach to solving the problem

Info-Tech helped the monetary authority identify the business need that resulted from regulatory pressures, the challenges that needed to be overcome, and actionable tactics for addressing the needs.

Info-Tech’s methodology was followed to optimize the areas of data architecture that address the business driver.

• External Requirements
• Business Driver
  Diagnose Data Architecture Problems
  • Outdated architecture (paper, legacy systems)
  • Stale data from other agencies
  • Incomplete data
    Data Architecture Optimization Tactics
    1. Optimized Source Databases
    2. Improved Integration
    3. Data Warehouse Optimization
    4. Data Marts for Reports
    5. Report Delivery Efficiency

As you walk through this blueprint, watch for additional case studies that walk through the details of how Info-Tech helped this monetary authority.

This blueprint’s three-step process will help you optimize data architecture in your organization

Use these icons to help direct you as you navigate this research

Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

Info-Tech offers various levels of support to best suit your needs

Diagnostics and consistent frameworks used throughout all four options

Build a Business-Aligned Data Architecture Optimization Strategy – project overview

	PHASE 1 Prioritize Your Data Architecture With Business-Driven Tactics	PHASE 2 Personalize Your Tactics to Optimize Your Data Architecture	PHASE 3 Create Your Tactical Data Architecture Roadmap
Best-Practice Toolkit	1.1 Identify Your Business Driver for Optimizing Data Architecture 1.2 Determine Actionable Tactics to Optimize Data Architecture	2.1 Measure Your Data Architecture Capabilities 2.2 Set a Target for Data Architecture Capabilities 2.3 Identify the Tactics that Apply to Your Organization	3.1 Personalize Your Data Architecture Roadmap 3.2 Manage Your Data Architecture Decisions and the Resulting Changes
Guided Implementations	Understand what data architecture is, how it aligns with enterprise architecture, and how data architects support the needs of the business. Identify the business drivers that necessitate the optimization of the organization’s data architecture. Create a tactical plan to optimize data architecture across Info-Tech’s five-tier logical data architecture model.	Understand Info-Tech’s tactical data architecture capability model and measure the current state of these capabilities at the organization. Determine the target state of data architecture capabilities. Understand the trends in the field of data architecture and identify how they can fit into your environment.	Use the results of the data architecture capability gap assessment to determine the priority of activities to populate your personalized data architecture optimization roadmap. Understand how to manage change as a data architect or equivalent.
Onsite Workshop	Module 1: Identify the Drivers of the Business for Optimizing Data Architecture	Module 2: Create a Tactical Plan for Optimizing Data Architecture	Module 3: Create a Personalized Roadmap for Data Architecture Activities

Workshop overview

Contact your account representative or email Workshops@InfoTech.com for more information.

Build a Business-Aligned Data Architecture Optimization Strategy

PHASE 1

Prioritize Your Data Architecture With Business-Driven Tactics

Phase 1 outline

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Guided Implementation 1: Prioritize Your Data Architecture With Business-Driven Tactics

Proposed Time to Completion: 2 weeks

Phase 1 will help you create a strategy to optimize your data architecture using actionable tactics

In this phase, you will determine your focus for optimizing your data architecture based on the business drivers that are commonly felt by most organizations.

1. Identify the business drivers that necessitate data architecture optimization efforts.
2. Understand Info-Tech’s Five-Tier Data Architecture, a logical architecture model that will help you prioritize tactics for optimizing your data architecture environment.
3. Identify tactics for optimizing the organization’s data architecture across the five tiers.

“To stay competitive, we need to become more data-driven. Compliance pressures are becoming more demanding. We need to add a new functionality.”

Info-Tech’s Five-Tier Data Architecture:

1. Data Sources
2. Data Integration and Translation
3. Data Warehousing
4. Data Analytics
5. Data Presentation

Tactical plan for Data Architecture Optimization

Phase 1, Step 1: Identify Your Business Driver for Optimizing Data Architecture

This step will walk you through the following activities:

• Understand how data architecture fits into the organization’s larger enterprise architecture.
• Understand what data architecture is and how it should be driven by the business.
• Identify the driver that is creating a need for data architecture optimization.

This step involves the following participants:

• Data Architect
• Enterprise Architect

Outcomes of this step

• A starting point for the many responsibilities of the data architect role. Balancing business and technical requirements can be challenging, and to do so you need to first understand what is driving the need for data architecture improvements.
• Holistic understanding of the organization’s architecture environment, including enterprise, application, data, and technology architectures and how they interact.

Data architecture involves planning, communication, and understanding of technology

Data Architecture

A description of the structure and interaction of the enterprise’s major types and sources of data, logical data assets, physical data assets, and data management resources (TOGAF 9).

The subject area of data management that defines the data needs of the enterprise and designs the master blueprints to meet those needs (DAMA DMBOK, 2009).

IBM (2007) defines data architecture as the design of systems and applications that facilitate data availability and distribution across the enterprise.

Definitions vary slightly across major architecture and management frameworks.

However, there is a general consensus that data architecture provides organizations with:

• Alignment
• Planning
• Road mapping
• Change management
• A guide for the organization’s data management program

Data architecture must be based on business goals and objectives; developed within the technical strategies, constraints, and opportunities of the organization in support of providing a foundation for data management.

Info-Tech Insight

Data Architecture is not just data models. Data architects must understand the needs of the business, as well as the existing people and processes that already exist in the organization to effectively perform their job.

Review how data architecture fits into the broader architectural context

		Each layer of architecture informs the next. In other words, each layer has components that execute processes and offer services to the next layer. For example, data architecture can be broken down into more granular activities and processes that inform how the organization’s technology architecture should be arranged.
Data does not exist on its own. It is informed by business architecture and used by other architectural domains to deliver systems, IT services, and to support business processes. As you build your practice, you must consider how data fits within the broader architectural framework.	The Zachman Framework is a widely used EA framework; within it, data is identified as the first domain. The framework aims to standardize artifacts (work-products) within each architectural domain, provides a cohesive view of the scope of EA and clearly delineates data components. Use the framework to ensure that your target DA practice is aligned to other domains within the EA framework.	(Source: Zachman International)

Data architects operate in alignment with the other various architecture groups

Data architects operate in alignment with the other various architecture groups, with coordination from the enterprise architect.

Enterprise Architect
The enterprise architect provides thought leadership and direction to domain architects.

They also maintain architectural standards across all the architectural domains and serve as a lead project solution architect on the most critical assignments.

• Business Architect
  A business subject matter expert who works with the line-of-business team to assist in business planning through capability-based planning.
• Security Architect
  Plays a pivotal role in formulating the security strategy of the organization, working with the business and CISO/security manager. Recommends and maintains security standards, policies, and best practices.
• Infrastructure Architect
  Recommends and maintains standards across the compute, storage, and network layers of the organization. Reviews project solution architectures to ensure compliance with infrastructure standards, regulations, and target state blueprints.
• Application Architect
  Manages the business effectiveness, satisfaction, and maintainability of the application portfolio. Conduct application architecture assessments to document expected quality attribute standards, identify hotspots, and recommend best practices.
• Data Architect
  Facilitates the creation of data strategy and has a greater understanding of operational and analytical data use cases. Manages the enterprise data model which includes all the three layers of modelling - conceptual, logical, and physical. Recommends data management policies and standards, and maintains data management artefacts. Reviews project solution architectures and identifies cross impacts across the data lifecycle.

As a data architect, you must maintain balance between the technical and the business requirements

The data architect role is integral to connecting the long-term goals of the business with how the organization plans to manage its data for optimal use.

Info-Tech Insight

The data architect role is not always clear cut. Many organizations do not have a dedicated data architect resource, and may not need one. However, the duties and responsibilities of the data architect must be carried out to some degree by a combination of resources as appropriate to the organization’s size and environment.

Understand the role of a data architect to ensure that essential responsibilities are covered in the organization

A database administrator (DBA) is not a data architect, and data architecture is not something you buy from an enterprise application vendor.

See Info-Tech’s Data Architect job description for a comprehensive description of the data architect role.

Leverage data architecture frameworks to understand how the role fits into the greater Enterprise Architecture framework

Enterprise data architectures are available from industry consortiums such as The Open Group (TOGAF®), and open source initiatives such as MIKE2.0.

The Open Group TOGAF enterprise architecture model is a detailed framework of models, methods, and supporting tools to create an enterprise-level architecture.

• TOGAF was first developed in 1995 and was based on the Technical Architecture Framework for Information Management (TAFIM) developed by the US Department of Defense.
• TOGAF includes application, data, and infrastructure architecture domains providing enterprise-level, product-neutral architecture principles, policies, methods, and models.
• As a member of The Open Group, it is possible to participate in ongoing TOGAF development initiatives.

The wide adoption of TOGAF has resulted in the mapping of it to several other industry standards including CoBIT and ITIL.

MIKE2.0 (Method for an Integrated Knowledge Environment), is an open source method for enterprise information management providing a framework for information development.

• SAFE (Strategic Architecture for the Federated Enterprise) provides the technology solution framework for MIKE2.0
• SAFE includes application, presentation, information, data, Infrastructure, and metadata architecture domains.

Info-Tech Best Practice

If an enterprise-level IT architecture is your goal, TOGAF is likely a better model. However, if you are an information and knowledge-based business then MIKE2.0 may be more relevant to your business.

The data architect must identify what drives the need for data from the business to create a business-driven architecture

As the business landscape evolves, new needs arise. An organization may undergo new compliance requirements, or look to improve their customer intimacy, which could require a new functionality from an application and its associated database.

There are four common scenarios that lead to an organization’s need to optimize its data architecture and these scenarios all present unique challenges for a data architect:

1. Becoming More Data Driven As organizations are looking to get more out of their data, there is a push for more accurate and timely data from applications. Data-driven decision making requires verifiable data from trustworthy sources. Result: Replace decisions made on gut or intuition with real and empirical data - make more informed and data-driven decisions.
2. New Functionality or Business Rule In order to succeed as business landscapes change, organizations find themselves innovating on products or services and the way they do things. Changes in business rules, product or service offering, and new functionalities can subsequently demand more from the existing data architecture. Result: Prepare yourself to successfully launch new business initiatives with an architecture that supports business needs.
3. Mergers and Acquisitions If an organization has recently acquired, been acquired, or is merging with another, the technological implications require careful planning to ensure a seamless fit. Application consolidation, retirement, data transfer, and integration points are crucial. Result: Leverage opportunities to incorporate and consolidate new synergistic assets to realize the ROI.
4. Risk and Compliance Data in highly regulated organizations needs to be kept safe and secure. Architectural decisions around data impact the level of compliance within the organization. Result: Avoid the fear of data audits, regulatory violations, and privacy breaches.

Info-Tech Best Practice

These are not the only reasons why data architects need to optimize the organization’s data architecture. These are only four of the most common scenarios, however, other business needs can be addressed using the same concept as these four common scenarios.

Use the Data Architecture Driver tool to identify your focus for data architecture

Follow Info-Tech’s process of first analyzing the needs of the business, then determining how best to architect your data based on these drivers. Data architecture needs to be able to rapidly evolve to support the strategic goals of the business, and the Data Architecture Driver Pattern Identification Tool will help you to prioritize your efforts to best do this.

Identify the drivers for improving your data architecture

INPUT: Data Architecture Driver tool assessment prompts.

OUTPUT: Identified business driver that applies to your organization.

Materials: Data Architecture Driver Pattern Identification Tool

Participants: Data architect, Enterprise architect

Interview the business to get clarity on business objectives and drivers

1.1.2 1 hour per interview

INPUT: Sample questions targeting the activities, challenges, and opportunities of each business unit

OUTPUT: Sample questions targeting the activities, challenges, and opportunities of each business unit

Materials: Data Architecture Driver Pattern Identification Tool

Participants: Data architect, Business representatives, IT representatives

Identify 2-3 business units that demonstrate enthusiasm for or a positive outlook on improving how organizational data can help them in their role and as a unit.

Conducting a deep-dive interview process with these key stakeholders will help further identify high-level goals for the data architecture strategy within each business unit. This process will help to secure their support throughout the implementation process by giving them a sense of ownership.

Key Interview Questions:

1. What are your primary activities? What do you do?
2. What challenges do you have when completing your activities?
3. How is poor data impacting your job?
4. If [your selected domain]’s data is improved, what business issues would this help solve?

Request background information and documentation from stakeholders regarding the following:

• What current data management policies and processes exist (that you know of)?
• Who are the data owners and end users?
• Where are the data sources within the department stored?
• Who has access to these data sources?
• Are there existing or ongoing data issues within those data sources?

Interview the enterprise architect to get input on the drivers of the business

1.1.3 2 hours

INPUT: Data Architecture Driver tool assessment prompts.

OUTPUT: Identified business driver that applies to your organization.

Materials: Data Architecture Driver Pattern Identification Tool

Participants: Data architect, Enterprise architect

Data architecture improvements need to be driven by business need.

Instructions As you work through Tab 2. Driver Identification of the Data Architecture Driver Pattern Identification Tool, consult with the enterprise architect or equivalent to assist you in rating the importance of each of the symptoms of the business drivers. This will help you provide greater value to the business and more aligned objectives.

Tab 2. Driver Identification

Once you know what that need is, go to Step 2.

Phase 1, Step 2: Establish Actionable Tactics to Optimize Data Architecture

This step will walk you through the following activities:

• Understand Info-Tech’s five-tier data architecture to begin focusing your architectural optimization.
• Create your Data Architecture Optimization Template to plan your improvement tactics.
• Prioritize your tactics based on the five-tier architecture to plan optimization.

This step involves the following participants:

• Data Architect
• Enterprise Architect
• DBAs

Outcomes of this step

• A tactical and prioritized plan for optimizing the organization’s data architecture according to the needs of the business.

To plan a business-driven architecture, data architects need to keep the organization’s big picture in mind

Remember… Architecting an organization involves alignment, planning, road mapping, design, and change management functions.

Data architects must be heavily involved with:

• Understanding the short- and long-term visions of the business to develop a vision for the organization’s data architecture.
• Creating processes for governing the identification, collection, and use of accurate and valid data, as well as for tracking data quality, completeness, and redundancy.
• They need to create strategies for data security, backup, disaster recovery, business continuity, and archiving, and ensure regulatory compliance.

To do this, you need a framework. A framework provides you with the holistic view of the organization’s data environment that you can use to design short- and long-term tactics for improving the use of data for the needs of the business.

Use Info-Tech’s five-tier data architecture to model your environment in a logical, consumable fashion.

Info-Tech Best Practice

The more complicated an environment is, the more need there is for a framework. Being able to pick a starting point and prioritize tasks is one of the most difficult, yet most essential, aspects of any architect’s role.

The five tiers of an organization’s data architecture support the use of data throughout its lifecycle

Info-Tech’s five-tier data architecture model summarizes an organization’s data environment at a logical level. Data flows from left to right, but can also flow from the presentation layer back to the warehousing layer for repatriation of data.

Use the Data Architecture Optimization Template to build your improvement roadmap

Download the Data Architecture Optimization Template.

Overview

Use this template to support your team in creating a tactical strategy for optimizing your data architecture across the five tiers of the organization’s architecture. This template can be used to document your organization’s most pressing business driver, the reasons for optimizing data architecture according to that driver, and the tactics that will be employed to address the shortcomings in the architecture.

	Info-Tech’s Data Architecture Optimization Template	Table of Contents
		1. Build Your Current Data Architecture Logical Model	Use this section to document the current data architecture situation, which will provide context for your plan to optimize your data architecture.
		2. Optimization Plan	Use this section to document the tactics that will be employed to optimize the current data architecture according to the tactic pattern identified by the business driver.

Fill out as you go

As you read about the details of the five-tier data architecture model in the following slides, start building your current logical data architecture model by filling out the sections that correspond to the various tiers. For example, if you identified that the most pressing business driver is becoming compliant with regulations, document the sources of data required for compliance, as well as the warehousing strategy currently being employed. This will help you to understand the organization’s data architecture at a logical level.

Tier 1 represents all of the sources of your organization’s data

–› Data to integration layer

Tier 1 is where the data enters the organization. All applications, data documents such as MS Excel spreadsheets, documents with table entries, manual extractions from other document types, user-level databases including MS Access and MySQL, other data sources, data feeds, big datasets, etc. reside here. This tier typically holds the siloed data that is so often not available across the enterprise because the data is held within department-level applications or systems. This is also the layer where transactions and operational activities occur and where data is first created or ingested. There are any number of business activities from transactions through business processes that require data to flow from one system to another, so it is often at this layer we see data created more than once, data corruption occurs, manual re-keying of data from system to system, and spaghetti-like point-to-point connections are built that are often fragile. This is usually the single most problematic area within an enterprise’s data environment. Application- or operational-level (siloed) reporting often occurs at this level. Info-Tech Best Practice An optimized Tier 1 has the following attributes: Rationalized applications Operationalized database administration Databases governed, monitored, and maintained to ensure optimal performance

Tier 2 represents the movement of data

–› Data to Warehouse Environment Find out more For more information on data integration, see Info-Tech’s Optimize the Organization’s Data Integration Practices blueprint.

Tier 2 is where integration, transformation, and aggregation occur. Regardless of how you integrate your systems and data stores, whether via ETL, ESB, SOA, data hub, ODS, point-to-point, etc., the goal of this layer is to move data at differing speeds for one of two main purposes: 1) To move data from originating systems to downstream systems to support integrated business processes. This ensures the data is pristine through the process and improves trustworthiness of outcomes and speed to task and process completion. 2) To move data to Tier 3 - The Data Warehouse Architecture, where data rests for other purposes. This movement of data in its purest form means we move raw data to storage locations in an overall data warehouse environment reflecting any security, compliance and other standards in our choices for how to store. Also, this is where data is transformed for unique business purpose that will also be moved to a place of rest or a place of specific use. Data masking, scrambling, aggregation, cleansing and matching, and other data related blending tasks occur at this layer. Info-Tech Best Practice An optimized Tier 2 has the following attributes: Business data glossary is leveraged ETL is governed ETL team is empowered Data matching is facilitated Canonical data model is present

Tier 3 is where data comes together from all sources to be stored in a central warehouse environment

Tier 3 is where data rests in long-term storage. This is where data rests (long-term storage) and also where an enterprise’s information, documents, digital assets, and any other content types are stored. This is also where derived and contrived data creations are stored for re-use, and where formulas, thought models, heuristics, algorithms, report styles, templates, dashboard styles, and presentations-layer widgets are all stored in the enterprise information management system. At this layer there may be many technologies and many layers of security to reflect data domains, classifications, retention, compliance, and other data needs. This is also the layer where data lakes exist as well as traditional relational databases, enterprise database systems, enterprise content management systems, and simple user-level databases. Info-Tech Best Practice An optimized Tier 3 has the following attributes: Data warehouse is governed Data warehouse operations and planning Data library is comprehensive Four Rosetta Stones of data are in place: BDG, data classification, reference data, master data.

Data from integration layer –› –› Analytics Find out more For more information on Data Warehousing, see Info-Tech’s Build an Extensible Data Warehouse Foundation and Drive Business Innovation With a Modernized Data Warehouse Environment blueprints.

Tier 4 is where knowledge and insight is born

Tier 4 represents data being used for a purpose. This is where you build fit-for-purpose data sets (marts, cubes, flat files) that may now draw from all enterprise data and information sources as held in Tier 3. This is the first place where enterprise views of all data may be effectively done and with trust that golden records from systems of record are being used properly. This is also the layer where BI tools get their greatest use for performing analysis. Unlike Tier 3 where data is at rest, this tier is where data moves back into action. Data is brought together in unique combinations to support reporting, and analytics. It is here that the following enterprise analytic views are crafted: Exploratory, Inferential, Causal, Comparative, Statistical, Descriptive, Diagnostic, Hypothesis, Predictive, Decisional, Directional, Prescriptive Info-Tech Best Practice An optimized Tier 4 has the following attributes: Reporting meets business needs Data mart operations are in place Governance of data marts, cubes, and BI tools in place

Warehouse Environment –› –› Presentation Find out more For more information on BI tools and strategy, see Info-Tech’s Select and Implement a Business Intelligence and Analytics Solution and Build a Next Generation BI with a Game-Changing BI Strategy blueprints.

The presentation layer, Tier 5, is where data becomes presentable information

Tier 5 represents data in knowledge form. This is where the data and information combine in information insight mapping methods (presentations, templates, etc.). We craft and create new ways to slice and dice data in Tier 4 to be shown and shared in Tier 5. Templates for presenting insights are extremely valuable to an enterprise, both for their initial use, and for the ability to build deeper, more insightful analytics. Re-use of these also enables maximum speed for sharing, consuming the outputs, and collective understanding of these deeper meanings that is a critical asset to any enterprise. These derived datasets and the thought models, presentation styles, templates, and other derived and contrived assets should be repatriated into the derived data repositories and the enterprise information management systems respectively as shown in Tier 3. Find out more For more information on enterprise content management and metadata, see Info-Tech’s Develop an ECM Strategy and Break Open Your DAM With Intuitive Metadata blueprints.
Info-Tech Best Practice An optimized Tier 5 has the following attributes: Metadata creation is supervised Metadata is organized Metadata is governed Content management capabilities are present	Info-Tech Insight Repatriation of data and information is an essential activity for all organizations to manage organizational knowledge. This is the activity where information, knowledge, and insights that are stored in content form are moved back to the warehousing layer for long-term storage. Because of this, it is crucial to have an effective ECM strategy as well as the means to find information quickly and efficiently. This is where metadata and taxonomy come in.

As a data architect, you must prioritize your focus according to business need

Determine your focus.

Now that you have an understanding of the drivers requiring data architecture optimization, as well as the current data architecture situation at your organization, it is time to determine the actions that will be taken to address the driver.

1. Business driver	Data Architecture Driver Pattern Identification Tool, Tab 2. Tactic Pattern Plan	3. Documented tactic plan Data Architecture Optimization Template
2. Tactics across the five tiers

The next four slides provide an overview of the priorities that accompany the four most common business drivers that require updates to a stale data architecture.

Business driver #1: Adding a new functionality to an application can have wide impacts on data architecture

Does the business wants to add a new application or supplement an existing application with a new functionality?

Whether the business wants to gain better customer intimacy, achieve operational excellence, or needs to change its compliance and reporting strategy, the need for collecting new data through a new application or a new functionality within an existing application can arise. This business driver has the following attributes:

Often operational oriented and application driven. An application is changed through an application version upgrade, migration to cloud, or application customization, or as a result of application rationalization or changes in the way that application data is generated. However, not all new functionalities trigger this scenario. Non-data-related changes, such as a new interface, new workflows, or any other application functionality changes that do not involve data, will not have data architecture impacts.
	When this business driver arises, data architects should focus on optimizing architecture at the source tier and the integration of the new functionality.	Tactics for this business driver should address the following pattern:

Business driver #2: Organizations today are looking to become more data driven

Does the business wants to better leverage its data?

An organization can want to use its data for multiple reasons. Whether these reasons include improving customer experience or operational excellence, the data architect must ensure that the organization’s data aggregation environment, reporting and analytics, and presentation layer are assessed and optimized for serving the needs of the business.

“Data-drivenness is about building tools, abilities, and, most crucially, a culture that acts on data.” (Carl Anderson, Creating a Data-Driven Organization)

Tactics for this business driver should address the following pattern:			When this business driver arises, data architects should focus on optimizing architecture at the source tier and the integration of the new functionality.
	This scenario is typically project driven and analytical oriented. The business is looking to leverage data and information by processing data through BI tools and self-service. Example: The organization wants to include new third-party data, and needs to build a new data mart to provide a slice of data for analysis.

Business driver #3: Risk and compliance demands can put pressure on outdated architectures

Is there increasing pressure on the business to maintain compliance requirements as per regulations?

An organization can want to use its data for multiple reasons. Whether these reasons include improving customer experience or operational excellence, the data architect must ensure that the organization’s data aggregation environment, reporting and analytics, and presentation layer are assessed and optimized for serving the needs of the business.

There are different types of requirements: Can be data-element driven. For example, PII, PHI are requirements around data elements that are associated with personal and health information. Can be process driven. For example, some requirements restrict data read/write to certain groups.
	When this business driver arises, data architects should focus on optimizing architecture where data is stored: at the sources, the warehouse environment, and analytics layer.	Tactics for this business driver should address the following pattern:

Business driver #4: Mergers and acquisitions can require a restructuring of the organization’s data architecture

Is the organization looking to acquire or merge with another organization or line of business? There are three scenarios that encompass the mergers and acquisitions business driver for data architecture: The organization acquires/merges with another organization and wants to integrate the data. The organization acquires/merges a subset of an organization (a line of business, for example) and wants to integrate the data. The organization acquires another organization for competitive purposes, and does not need to integrate the data.		Regardless of what scenario your organization falls into, you must go through the same process of identifying the requirements for the new data: Understand what data you are getting. The business may acquire another organization for the data, for the technology, and/or for algorithms (for example). If the goal is to integrate the new data, you must understand if the data is unstructured, structured, how much data, etc. Plan for the integration of the new data into your environment. Do you have the expertise in-house to integrate the data? Database structures and systems are often mismatched (for example, acquired company could have an Oracle database whereas you are an SAP shop) and this may require expertise from the acquired company or a third party. Integrate the new data. Often, the extraction of the new data is the easy part. Transforming and loading the data is the difficult and costly part.
“As a data architect, you must do due diligence of the acquired firm. What are the workflows, what are the data sources, what data is useful, what is useless, what is the value of the data, and what are the risks of embedding the data?” (Anonymous Mergers and Acquisitions Consultant)
	When this business driver arises, data architects should focus on optimizing architecture at the source tier, the warehousing layer, and analytics.

Determine your tier priority pattern and the tactics that you should address based on the business drivers

1.2.1 30 minutes

INPUT: Business driver assessment

OUTPUT: Tactic pattern and tactic plan

Materials: Data Architecture Driver Pattern Identification Tool, Data Architecture Optimization Template

Participants: Data architect, Enterprise architect

Instructions After you have assessed the organization’s business driver on Tab 1. Driver Identification, move to Tab 2. Tactic Pattern Plan. Here, you will find a summary of the business driver that applies to you, as well as the tier priority pattern that will help you to focus your efforts for data architecture. Document the Tier Priority Pattern and associated tactics in Section 2. Optimization Plan of the Data Architecture Optimization Plan.
Data Architecture Driver Tool		Data Architecture Optimization Template

Info-Tech Insight

Our approach will help you to get to the solution of the organization’s data architecture problems as quickly as possible. However, keep in mind that you should still address the other tiers of your data architecture even if they are not part of the pattern we identified. For example, if you need to become more data driven, don’t completely ignore the sources and the integration of data. However, to deliver the most and quickest value, focus on tiers 3, 4, and 5.

This phase helped you to create a tactical plan to optimize your data architecture according to business priorities

Phase 1 is all about focus.

Data architects and those responsible for updating an organization’s data architecture have a wide-open playing field with which to take their efforts. Being able to narrow down your focus and generate an actionable plan will help you provide more value to the organization quickly and get the most out of your data.

Phase 1
• Business Drivers
  • Tactic Pattern
    • Tactical Plan

Now that you have your prioritized tactical plan, move to Phase 2. This phase will help you map these priorities to the essential capabilities and measure where you stack up in these capabilities. This is an essential step in creating your data architecture roadmap and plan for coming years to modernize the organization’s data architecture.

To identify what the monetary authority needed from its data architecture, Info-Tech helped determine the business driver

CASE STUDY

Industry: Financial Source: Info-Tech Consulting

Part 1

Prior to receiving new external requirements, the monetary Authority body had been operating with an inefficient system. Outdated legacy systems, reports in paper form, incomplete reports, and stale data from other agencies resulted in slow data access. The new requirements demanded speeding up this process. Although the organization understood it needed changes, it first needed to establish what were the business objectives, and which areas of their architecture they would need to focus on. The business driver in this case was compliance requirements, which directed attention to the sources, aggregation, and insights tiers.

Looking at the how the different tiers relate to certain business operations, the organization uncovered the best practise tactics to achieving an optimized data architecture. 1. Source Tactics: 3. Warehousing Tactics: 4. Analytics Tactics: Identify data sources Ensure data quality Properly catalogue data Properly index data Provide the means for data accessibility Allow for data reduction/space for report building Once the business driver had been established, the organization was able to identify the specific areas it would eventually need to evaluate and remedy as needed.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop

Book a workshop with our Info-Tech analysts:

To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team. Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop. Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

1.1.1		Identify the business driver that will set the direction of your data architecture optimization plan. In this activity, the facilitator will guide the team in identifying the business driver that is creating the need to improve the organization’s data architecture. Data architecture needs to adapt to the changing needs of the business, so this is the most important step of any data architecture improvements.
1.2.1		Determine the tactics that you will use to optimize data architecture. In this activity, the facilitator will help the team create a tactical plan for optimizing the organization’s data architecture across the five tiers of the logical model. This plan can then be followed when addressing the business needs.

Build a Business-Aligned Data Architecture Optimization Strategy

PHASE 2

Personalize Your Tactics to Optimize Your Data Architecture

Phase 2 will determine your tactics that you should implement to optimize your data architecture

Phase 2 outline

Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Guided Implementation 2: Personalize Your Tactics to Optimize Your Data Architecture

Proposed Time to Completion: 2 weeks

Phase 2, Step 1: Measure Your Data Architecture Capabilities

This step will walk you through the following activities:

• As you walk through the data architecture capability model, measure your current state in each of the relevant capabilities.
• Distinguish between essential and nice-to-have capabilities for your organization.

This step involves the following participants:

• Data Architect

Outcomes of this step

• A framework for generating a tactical plan for data architecture optimization.
• Knowledge of the various trends in the data architecture field that can be incorporated into your plan.

To personalize your tactical strategy, you must measure up your base data architecture capabilities

What is a capability?

Capabilities represent a mixture of people, technology, and processes. The focus of capability design is on the outcome and the effective use of resources to produce a differentiating capability or an essential supporting capability.

To personalize your tactics, you have to understand what the essential capabilities are across the five tiers of an organization’s data architecture. Then, assess where you currently stand in these capabilities and where you need to go in order to build your optimization plan.

Info-Tech’s data architecture capability model can be laid over the five-tier data architecture to understand the essential and advanced capabilities that an organization should have, and to build your tactical strategy for optimizing the organization’s data architecture across the tiers.

Use Info-Tech’s data architecture capability model as a resource to assess and plan your personalized tactics

Info-Tech’s data architecture capability model can be laid over the five-tier data architecture to understand the essential and advanced capabilities that an organization should have, and to build your tactical strategy for optimizing the organization’s data architecture across the tiers.

Use the Data Architecture Tactical Roadmap Tool to create a tailored plan of action

2.1.1 Data Architecture Tactical Roadmap Tool

Benefits of using this tool:

• Comprehensive documentation of data architecture capabilities present in leading organizations.
• Generates an accurate architecture roadmap for your organization that is developed in alignment with the broader enterprise architecture and related architectural domains.

To create a plan for your data architecture priorities, you must first understand where you currently stand

Now that you understand the business problem that you are trying to solve, it is time to take action in solving the problem.

The organization likely has some of the capabilities that are needed to solve the problem, but also a need to improve other capabilities. To narrow down the capabilities that you should focus on, first select the business driver that was identified in Phase 1 in Tab 1. Business Driver Input of the Data Architecture Tactical Roadmap Tool. This will customize the roadmap tool to deselect the capabilities that are likely to be less relevant to your organization.

For Example: If you identified your business driver as “becoming more data-driven”, you will want to focus on measuring and building out the capabilities within Tiers 3, 4, and 5 of the capability model.

Data Architecture Capability Model

Note If you want to assess your organization for all of the capabilities across the data architecture capability model, select “Comprehensive Data Architecture Assessment” in Tab 1. Business Driver Input of the Data Architecture Tactical Roadmap Tool.

Determine your current state across the related architecture tiers

2.1.2 1 hour

INPUT: Current data architecture capabilities.

OUTPUT: An idea of where you currently stand in the capabilities.

Materials: Data Architecture Tactical Roadmap Tool

Participants: Data architect, Enterprise architect, Business representatives

Use the Data Architecture Tactical Roadmap Tool to evaluate the baseline and target capabilities of your practice in terms of how data architecture is approached and executed.

Info-Tech Insight

Focus on Early Alignment. Assessing capabilities within specific people’s job functions can naturally result in disagreement or debate, especially between business and IT people. Objectively facilitate any debate and only finalize capability assessments when there is full alignment. Remind everyone that data architecture should ultimately serve business needs wherever possible.

Phase 2, Step 2: Set a Target for Data Architecture Capabilities

This step will walk you through the following activities:

• Determine your target state in each of the relevant capabilities.
• Distinguish between essential and nice-to-have capabilities for your organization.

This step involves the following participants:

• Data Architect

Outcomes of this step

• A holistic understanding of where the organization’s data architecture currently sits, where it needs to go, and where the biggest gaps lie.

To create a plan for your data architecture priorities, you must also understand where you need to get to in the future

Keep the goal in mind by documenting target state objectives. This will help to measure the highest priority gaps in the organization’s data architecture capabilities.

Example driver = Becoming more data driven				Current Capabilities		Target Capabilities
			Gaps and Priorities

Determine your future state across the relevant tiers of the data architecture capability model

INPUT: Current state of data architecture capabilities.

OUTPUT: Target state of data architecture capabilities.

Materials: Data Architecture Tactical Roadmap Tool

Participants: Data architect

The future of data architecture is now.

Determine the state of data architecture capabilities that the organization needs to reach to address the drivers of the business.

For example: If you identified your business driver as “becoming more data driven”, you will want to focus on the capabilities within Tiers 3, 4, and 5 of the capability model.

Driver = Becoming more data driven

Target Capabilities

Identify where gaps in your data architecture capabilities lie

2.2.2 1 hour

INPUT: Current and target states of data architecture capabilities.

OUTPUT: Holistic understanding of where you need to improve data architecture capabilities.

Materials: Data Architecture Tactical Roadmap Tool

Participants: Data architect

Visualization of gap assessment of data quality practice capabilities

To enable deeper analysis on the results of your capability assessment, Tab 4. Capability Gap Analysis in the Data Architecture Tactical Roadmap Tool creates visualizations of the gaps identified in each of your practice capabilities and related data management practices. These diagrams serve as analysis summaries.

Gap Assessment of Data Source Capabilities

Use Tab 3. Data Quality Practice Scorecard to enhance your data quality project.

1. Enhance your gap analyses by forming a relative comparison of total gaps in key practice capability areas, which will help in determining priorities.
2. Put these up on display to improve discussion in the gap analyses and prioritization sessions.
3. Improve the clarity and flow of your strategy template, final presentations, and summary documents by copying and pasting the gap assessment diagrams.

Phase 2, Step 3: Identify the Tactics That Apply to Your Organization

This step will walk you through the following activities:

• Before making your personal tactic plan, identify the trends in data architecture that can benefit your organization.
• Understand Info-Tech’s data architecture capability model.
• Initiate the Data Architecture Roadmap Tool to begin creating a roadmap for your optimization plan.

This step involves the following participants:

• Data Architect

Outcomes of this step

• A framework for generating a tactical plan for data architecture optimization.
• Knowledge of the various trends in the data architecture field that can be incorporated into your plan.

Capitalize on trends in data architecture before you determine the tactics that apply to you

Stop here. Before you begin to plan for optimization of the organization’s data environment, get a sense of the sustainability and scalability of the direction of the organization’s data architecture evolution.

Practically any trend in data architecture is driven by an attempt to solve one or more the common challenges of today’s tumultuous data landscape, otherwise known as “big data.” Data is being produced in outrageous amounts, at very high speeds, and in a growing number of types and structures.

To meet these demands, which are not slowing down, you must keep ahead of the curve. Consider the internal and external catalysts that might fuel your organization’s need to modernize its data architecture:

Read the Data Architecture Trends Presentation to understand the current cutting edge topics in data architecture

The speed at which new technology is changing is making it difficult for IT professionals to keep pace with best practices, let alone cutting edge technologies.

The Info-Tech Data Architecture Trends Presentation provides a glance at some of the more significant innovations in technology that are driving today’s advanced data architectures. This presentation also explains how these trends relate to either the data challenges you may be facing, or the specific business drivers you are hoping to bring to your organization.

Data Architecture Trends Presentation

Gaps between your current and future capabilities will help you to determine the tactics that apply to you

Now that you know where the organization currently stands, follow these steps to begin prioritizing the initiatives:

1. What are you trying to accomplish? Determine target states that are framed in quantifiable objectives that can be clearly communicated. The more specific the objectives are the better.
2. Evaluate the “delta,” or difference between where the organization currently stands and where it needs to go. This will be expressed in terms of gap closure strategies, and will help clarify the initiatives that will populate the road map.
3. Determine the relative business value of each initiative, as well as the relative complexities of successfully implementing them. These scores should be created with stakeholder input, and then plotted in an effort/transition quadrant map to determine where the quickest and most valuable wins lie.

Info-Tech Insight

Optimizing data architecture requires a tactical approach, not a passive approach. The demanding task of optimization requires the ability to heavily prioritize. After you have identified why, determine how using our pre-built roadmap to address the four common drivers.

Each of the layers of an organization’s data architecture have associated challenges to optimization

Stop! Before you begin, recognize these “gotchas” that can present roadblocks to creating an effective data architecture environment.

Before diving headfirst into creating your tactical data architecture plan, documenting the challenges associated with each aspect of the organization’s data architecture can help to identify where you need to focus your energy in optimizing each tier. The following table presents the common challenges across the five tiers:

Create metrics before you plan to optimize your data architecture

2.2.3 1 hour

INPUT: Tactics that will be used to optimize data architecture.

OUTPUT: Metrics that can be used to measure optimization success.

Materials: Data Architecture Tactical Roadmap Tool

Participants: Data architect

Metrics will help you to track your optimization efforts and ensure that they are providing value to the organization.

There are two types of metrics that are useful for data architects to track and measure: program metrics and project metrics. Program metrics represent the activities that the data architecture program, which is the sum of multiple projects, should help to improve. Project metrics are the more granular metrics that track each project.

Use Tab 6. Metrics of the Data Architecture Tactical Roadmap Tool to document and track metrics associated with your optimization tactics.

Use Info-Tech’s resources to build your data architecture capabilities

The following resources from Info-Tech can be used to improve the capabilities that were identified as having a gap. Read more about the details of the five-tier architecture in the blueprints below:

With the optimal tactics identified, the monetary authority uncovered areas needing improvement

CASE STUDY

Industry: Financial Source: Info-Tech Consulting

Part 2

After establishing the appropriate tactics based on its business driver, the monetary authority was able to identify its shortcomings and adopt resolutions to remedy the issues.

Establishing these solutions provided the organization with necessary information to build their roadmap and move towards implementing an optimized data architecture.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop

Book a workshop with our Info-Tech analysts:

To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team. Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop. Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

2.1.1 – 2.2.2		Evaluate your current capabilities and design your target data quality practice from two angles In this assessment and planning activity, the team will evaluate the current and target capabilities for your data architecture’s ability to meet business needs based on the essential capabilities across the five tiers of an organization’s architectural environment.
2.2.3		Create metrics to track the success of your optimization plan. The Info-Tech facilitator will guide you through the process of creating program and project metrics to track as you optimize your data architecture. This will help to ensure that the tactics are helping to improve crucial business attributes.

Build a Business-Aligned Data Architecture Optimization Strategy

PHASE 3

Create Your Tactical Data Architecture Roadmap

Phase 3 outline

Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Guided Implementation 3: Create Your Tactical Data Architecture Roadmap

Proposed Time to Completion: 2 weeks

Phase 3, Step 1: Personalize Your Data Architecture Roadmap

This step will walk you through the following activities:

• Determine the timing, effort, and ownership of the recommended optimization initiatives.
• Brainstorm initiatives that are not yet on the roadmap but apply to you.

This step involves the following participants:

• Data Architect
• DBAs
• Enterprise Architect

Outcomes of this step

• A roadmap of specific initiatives that map to the tactical plan for optimizing your organization’s data architecture.
• A plan for communicating high-level business objectives to data workers to address the issues of the business.

Now that you have tactical priorities, identify the actionable steps that will lead you to an optimized data architecture

Phase 1 and 2 helped you to identify tactics that address some of the most common business drivers. Phase 3 will bring you through the process of practically planning what those tactics look like in your organization’s environment and create a roadmap to plan how you will generate business value through optimization of your data architecture environment.

Use the Data Architecture Tactic Roadmap Tool to personalize your roadmap

Generating Your Roadmap On Tab 5. Tactic and Initiative Planning, you will find a list of tactics that correspond to every capability that applies to your chosen driver and where there is a gap. In addition, each tactic has a sequence of “Suggested Initiatives,” which represent the best-practice steps that you should take to optimize your data architecture according to your priorities and gaps. Customize this list of initiatives according to your needs. The Gantt chart is generated in Tab 7. Initiative Roadmap, and can be used to organize your plan and ensure that all of the essential aspects of optimizing data architecture are addressed. The roadmap can be used as an “executive brief” roadmap and as a communication tool for the business.

Tab 5. Tactic and Initiative Planning Tab 7. Initiative Roadmap

Determine the details of your data architecture optimization activities

3.1.2 1 hour

INPUT: Timing of initiatives for optimizing data architecture.

OUTPUT: Optimization roadmap

Materials: Data Architecture Tactic Roadmap Tool

Participants: Data architect, Enterprise Architect

Instructions

1. With the list of suggested activities in place on Tab 5. Tactic and Initiative Planning, select whether or not the initiatives will be included in the roadmap. By default, all of the initiatives are set to “Yes.”
2. Plan the sequence, starting time, and length of each initiative, as well as the assigned responsibility of the initiative in Tab 5. Tactic and Initiative Planning of the Data Architecture Tactic Roadmap Tool.
3. The tool will a generate a Gantt chart based on the start and length of your initiatives.
4. The Gantt chart is generated in Tab 7. Initiative Roadmap.

Tab 5. Tactic and Initiative Planning

Tab 7. Initiative Roadmap

Info-Tech Insight

The activities that populate the roadmap can be taken as best practice activities. If you want an actionable, comprehensive, and prescriptive plan for optimizing your data architecture, fill in the timing of the activities and print the roadmap. This can serve as a rapid communication tool for your data architecture plan to the business and other architects.

Optimizing data architecture relies on communication between the business and data workers

Remember: Data architects bridge the gap between strategic and technical requirements of data. Therefore, as you plan the data and its interactions with applications, it is imperative that you communicate the plan and its implications to the business and the data workers.

Also remember: In Phase 1, you built your tactical data architecture optimization plan. Use this document to communicate your plan for data architecture optimization to both the business and the data workers. Socialize this document as a representation of your organization’s current data architecture as well as where it is headed in the future.

Communicate your data architecture optimization plan to the business for approval

INPUT: Data Architecture Tactical Roadmap

OUTPUT: Communication plan

Materials: Data Architecture Optimization Template

Participants: Data Architect, Business representatives, IT representatives

Instructions Begin by presenting your plan and roadmap to the business units who participated in business interviews in activity 1.1.3 of Phase 1. If you receive feedback that suggests that you should make revisions to the plan, consult Info-Tech Research Group for suggestions on how to improve the plan. If you gain approval for the plan, communicate it to DBAs and other data workers.

Iterative optimization and communication plan:

With a roadmap in place, the monetary authority followed a tactical and practical plan to repair outdated data architecture

CASE STUDY

Industry: Financial Source: Info-Tech Consulting

Part 3

After establishing the appropriate tactics based on its business driver, the monetary authority was able to identify its shortcomings and adopt resolutions to remedy the issues.

Phase 3, Step 2: Manage Your Data Architecture Decisions and the Resulting Changes

This step will walk you through the following activities:

• With a plan in place, document the major architectural decisions that have been and will be made to optimize data architecture.
• Create a plan for change and release management, an essential function of the data architect role.

This step involves the following participants:

• Data Architect
• Enterprise Architect

Outcomes of this step

• Resources for documenting and managing the inevitable change associated with updates to the organization’s data architecture environment.

To implement data architecture changes, you must plan to accommodate the issues that come with change

Once you have a plan in place, one the most challenging aspects of improving an organization is yet to come…overcoming change!

“When managing change, the job of the data architect is to avoid unnecessary change and to encapsulate necessary change.

You must provide motivation for simplifying change, making it manageable for the whole organization.” (Andrew Johnston, Independent Consultant)

Create roadmap Communicate roadmap Implement roadmap Change management

Use the Data Architecture Decision Template when architectural changes are made

Document the architectural decisions made to provide context around changes made to the organization’s data environment. The goal of this Data Architecture Decision Template is to provide data architects with a template for managing the changes that accompany major architectural decisions. As you work through the Build a Business-Aligned Data Architecture Optimization Strategy blueprint, you will create a plan for tactical initiatives that address the drivers of the business to optimize your data architecture. This plan will bring about changes to the organization’s data architecture that need change management considerations. Document any major changes to the organization’s data architecture that are required to evolve with the organization’s drivers. This will ensure that major architectural changes are documented, tracked, and that the context around the decision is maintained. “Environment is very chaotic nowadays – legacy apps, sprawl, ERPs, a huge mix and orgs are grappling with what our data landscape look like? Where are our data assets that we need to use?” (Andrew Johnston, Independent Consultant)

Use Info-Tech’s Data Architecture Decision Template to document any major changes in the organization’s data architecture.

Leverage Info-Tech’s resources to smooth change management

As changes to the architectural environment occur, data architects must stay ahead of the curve and plan the change management considerations that come with major architectural decisions.

“When managing change, the job of the data architect is to avoid unnecessary change and to encapsulate necessary change.

You must provide motivation for simplifying change, making it manageable for the whole organization.” (Andrew Johnston, Independent Consultant)

Change Management Blueprint	Change Management Roadmap Tool

Use Info-Tech’s resources for effective release management

As changes to the architectural environment occur, data architects must stay ahead of the curve and plan the release management considerations around new hardware and software releases or updates.

Release management is a process that encompasses the planning, design, build, configuration, and testing of hardware and software releases to create a defined set of release components (ITIL). Release activities can include the distribution of the release and supporting documentation directly to end users. See Info-Tech’s resources on Release Management to smooth changes:

Release Management Blueprint	Release Management Process Standard Template

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop

Book a workshop with our Info-Tech analysts:

To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team. Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop. Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

3.1.1		Create your personalized roadmap of activities. In this activity, the facilitator will guide the team in evaluating practice gaps highlighted by the assessment, and compare these gaps at face value so general priorities can be documented. The same categories as in 3.1.1 are considered.
3.1.3		Communicate your data architecture optimization plan. The facilitator will help you to identify the optimal medium and timing for communicating your plan for optimizing your data architecture.

Insight breakdown

Insight 1

• Data architecture needs to evolve along with the changing business landscape. There are four common business drivers that put most pressure on archaic architectures. As a result, the organization’s architecture must be flexible and responsive to changing business needs.

Insight 2

• Data architecture is not just about models.
  Viewing data architecture as just technical data modeling can lead to structurally unsound data that does not serve the business.

Insight 3

• Data is used differently across the layers of an organization’s data architecture, and the capabilities needed to optimize use of data change with it. Architecting and managing data from source to warehousing to presentation requires different tactics for optimal use.

Summary of accomplishment

Knowledge Gained

• An understanding of what data architecture is, how data architects can provide value to the organization, and how data architecture fits into the larger enterprise architecture picture.
• The capabilities required for optimization of the organization’s data architecture across the five tiers of the logical data architecture model.

Processes Optimized

• Prioritization and planning of data architect responsibilities across the five tiers of the five-tier logical data architecture model.
• Roadmapping of tactics that address the most common business drivers of the organization.
• Architectural change management.

Deliverables Completed

• Data Architecture Driver Pattern Identification Tool
• Data Architecture Optimization Template
• Data Architecture Trends Presentation
• Data Architecture Roadmap Tool
• Data Architecture Decision Template

Research contributors and experts

Ron Huizenga, Senior Product Manager Embarcadero Technologies, Inc. Ron Huizenga has over 30 years of experience as an IT executive and consultant in enterprise data architecture, governance, business process reengineering and improvement, program/project management, software development, and business management. His experience spans multiple industries including manufacturing, supply chain, pipelines, natural resources, retail, healthcare, insurance, and transportation.

Andrew Johnston, Architect Independent Consultant An independent consultant with a unique combination of managerial, commercial, and technical skills, Andrew specializes in the development of strategies and technical architectures that allow businesses to get the maximum benefit from their IT resources. He has been described by clients as a "broad spectrum" architect, summarizing his ability to engage in many problems at many levels.

Research contributors

Internal Contributors
	Steven J. Wilson, Senior Director, Research & Advisory Services Daniel Ko, Research Manager Bernie Gilles, Senior Director, Research & Advisory Services
External Contributors
	Ron Huizenga, Embercardo Technologies Andrew Johnston, Independent Consultant Darrell Enslinger, Government Employees Health Association Anonymous Contributors

Bibliography

Allen, Mark. “Get the ETL Out of Here.” MarkLogic. Sep, 2016. Web. 25 Apr 2017.[http://www.marklogic.com/blog/get-the-etl-out-of-here/]

Anadiotis, George. “Streaming hot: Real-time big data architecture matters.” ZDNet. Jan, 2017. Web. 25 Apr 2017. [http://www.zdnet.com/article/streaming-hot-real-time-big-data-architecture-matters/]

Aston, Dan. “The Economic value of Enterprise Architecture and How to Show It.” Erwin. Aug, 2016. Web. 20 Apr 2017. [http://erwin.com/blog/economic-value-enterprise-architecture-show/]

Baer, Tony. “2017 Trends to Watch: Big Data.” Ovum. Nov, 2016. Web. 25 Apr 2017.

Bmc. “Benefits & Advantages of Hadoop.” Bmc. Web. 25 Apr 2017. [http://www.bmcsoftware.ca/guides/hadoop-benefits-business-case.html]

Boyd, Ryan, et al. “Relational vs. Graph Data Modeling” DZone. Mar 2016. Web. 25 Apr 2017. [https://dzone.com/articles/relational-vs-graph-data-modeling]

Brahmachar, Satya. “Theme To Digital Transformation - Journey to Data Driven Enterprise” Feb, 2015. Web. 20 Apr 2017. [http://satyabrahmachari-thought-leader.blogspot.ca/2015/02/i-smac-theme-to-digital-transformation.html]

Capsenta. “NoETL.” Capsenta. Web. 25 Apr 2017. [https://capsenta.com/wp-content/uploads/2015/03/Capsenta-Booklet.pdf]

Connolly, Shaun. “Implementing the Blueprint for Enterprise Hadoop” Hortonworks. Apr, 2014. Web. 25 Apr 2017. https://hortonworks.com/blog/implementing-the-blue...

Forbes. “Cloud 2.0: Companies Move From Cloud-First To Cloud-Only.” Forbes. Apr, 2017. Web. 25 Apr 2017. [https://www.forbes.com/sites/vmware/2017/04/07/cloud-2-0-companies-move-from-cloud-first-to-cloud-only/#5cd9d94a4d5e]

Forgeat, Julien. “Lambda and Kappa.” Ericsson. Nov 2015. Web 25 Apr 2017. [https://www.ericsson.com/research-blog/data-knowledge/data-processing-architectures-lambda-and-kappa/]

Grimes, Seth. “Is It Time For NoETL?” InformationWeek. Mar, 2010. Web. 25 Apr 2017. [http://www.informationweek.com/software/information-management/is-it-time-for-noetl/d/d-id/1087813]

Gupta, Manav. et al. “How IB‹ leads in building big data analytics solutions in the cloud.” IBM. Feb, 2016. Web. 25 Apr 2017. [https://www.ibm.com/developerworks/cloud/library/cl-ibm-leads-building-big-data-analytics-solutions-cloud-trs/index.html#N102DE]

“How To Build A Roadmap.” Hub Designs Magazine. Web 25 Apr 2017. [https://hubdesignsmagazine.com/2011/03/05/how-to-build-a-roadmap/]

IBM. “Top industry use cases for stream computing.” IBM. Oct, 2015. Web. 25 Apr 2017. [https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=IMW14704USEN]

Mateos-Garcia, Juan, et al. “Skills Of The Datavores.” Nesta. July. 2015. Web. 8 Aug 2016. [https://www.nesta.org.uk/sites/default/files/skills_of_the_datavores.pdf].

Maynard, Steven. “Analytics: Don’t Forget The Human Element” Forbes. 2015. Web. 20 Apr. 2017. [http://www.ey.com/Publication/vwLUAssets/EY-Forbes-Insights-Data-and-Analytics-Impact-Index-2015/$FILE/EY-Forbes-Insights-Data-and-Analytics-Impact-Index-2015.pdf]

Neo4j. “From Relational to Neo4j.” Neo4j. Web. 25 Apr 2017. [https://neo4j.com/developer/graph-db-vs-rdbms/#_from_relational_to_graph_databases]

NoETL “NoETL.” NoETL. Web. 25 Apr 2017. [http://noetl.org/]

Nolan, Roger. “Digital Transformation: Is Your Data Management Ready?” Informatica. Jun, 2016. Web. 20 Apr 2017. [https://blogs.informatica.com/2016/06/10/digital-transformation-data-management-ready/#fbid=hmBYQgS6hnm]

OpsClarity. “2016 State of Fast Data & Streaming Applications.” OpsClarity. Web. 25 Apr 2017. [https://www.opsclarity.com/wp-content/uploads/2016/07/2016FastDataSurvey.pdf]

Oracle. “A Relational Database Overview.” Oracle. Web. 25 Apr 2017. [https://docs.oracle.com/javase/tutorial/jdbc/overview/database.html]

Ponemon Institute LLC. “Big Data Cybersecurity Analytics Research Repor.t” Cloudera. Aug, 2016. Web. 25 Apr 2017. [https://www.cloudera.com/content/dam/www/static/documents/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf]

Sanchez, Jose Juan. “Data Movement Killed the BI Star.” DV Blog. May, 2016. Web. 20 Apr. 2017. [http://www.datavirtualizationblog.com/data-movement-killed-the-bi-star/]

SAS. “Hadoop; What it is and why does it matter?” SAS. Web. 25 Apr 2017. [https://www.sas.com/en_ca/insights/big-data/hadoop.html#hadoopusers]

Schumacher, Robin. “A Quick Primer on graph Databases for RDBMS Professionals.” Datastax. Jul, 2016. Web. 25 Apr 2017. [http://www.datastax.com/2016/07/quick-primer-on-graph-databases-for-rdbms-professionals]

Swoyer, Steve. “It’s the End of the Data Warehouse as We Know It.” TDWI. Jan, 2017. Web. 20 Apr. 2017. [https://upside.tdwi.org/articles/2017/01/11/end-of-the-data-warehouse-as-we-know-it.aspx]

Webber, Jim, and Ian Robinson. “The Top 5 Use Cases of Graph Databases.” Neo4j. 2015. Web. 25 Apr 2017. [http://info.neo4j.com/rs/773-GON-065/images/Neo4j_Top5_UseCases_Graph%20Databases.pdf]

Zachman Framework. [https://www.zachman.com/]

Zupan, Jane. “Survey of Big Data Decision Makers.” Attiv/o. May, 2016. Web. 20 Apr 2017. [https://www.attivio.com/blog/post/survey-big-data-decision-makers]