The need to extend SIAM for the Digital Enterprise

In the new “as a Service” Enterprise, we talk aggressively about Service Integration becoming a combinator of core enterprise services, contextual services, and utility services (see Simon Wardley’s mapping taxonomy).  Core enterprise services, those that support the core industry: ERP for manufacturing, Core Banking for retail banks, Policy Management for insurance and the like; provide access to core transactional services that operate to the industry regulations and corporate policies.  Contextual services are distinct differentiated services to engage employees, partners and customers that provide the “secret sauce” of value driven differentiation – things that we often discuss around co-creation, innovation and disruption.  Diametrically opposed to these context services are utility services; services that are substantially undifferentiated, supporting multiple businesses and are provided as commodities: email, voice, IaaS, BURA, leveraging the scale of a demand-pool to reduce costs toward the cost of power + long term debt service.

As we begin to think about Service Integration and Management (SIAM) I actually think that today’s paradigm is net-incomplete. Though we need to manage vendors/suppliers in service oriented and quantitative ways, we need to think more extensively about our approach.  Namely, the usage of the Continuous Delivery model from the SDLC to help us operate within the aggressive cycle time needs of business and continuous improvement.  What as a Service enterprises are really looking for is Managed Service Integrations (MSI) with full operational data commonly and consistently captured and analyzed.  Where SIAM provides frameworks and processes for integration, supporting procurement, contracts, risk and governance, the digitization of SIAM really looks more like MSI a more automated, digital and quantitative process driven by full scope operational analytics.
For me, as we begin to discuss “Services” it becomes important to think about the end-state business and IT architecture and the natural move toward being a “Service Provider” to the business, and with this comes a strategy that begins to morph ITSM toward Operational Support Services (OSS) / Business Support Services (BSS) and the desire to automate like crazy via aggressive operational analytics to guide this automation.  This shift of an operating model toward massive automation, via consistency of deployed solutions, on top of substantially less differentiated platforms creates key economic advantages via OpEx and CapEx, but also results in higher predictability and thereby lower business risk.  But this SP model does come at a cost, namely that hands need to come off keyboards as Continuous [Automated] Deployment and Continuous Monitoring emerge to improve ongoing operations via analytics on operational log data.
One of the key challenges, ongoing is the ever increasing complexity of the enterprise, SIAM is designed to address complexity via a governance strategy, but is still largely dependent on people, it’s achilles heel.  My proposal is to create a fully digital, auditable and requirements driven (managed) set of enterprise service integrations.  This approach requires a couple of core elements:
  1. Governance Risk and Compliance (GRC) platform,
  2. a declarative and automated delivery platform that can automate policy conformance and the placement of controls,
  3. the adoption of a programmatic release management paradigm – todays SIAM
  4. the systematic continuous logging of key operational services and controls
  5. analytic reporting can round trip to the GRC platform to expose the real-time risks.
  6. GOTO 1.  The risks then generate the need to amend the delivery platform which then updates/upgrades/replaces current services… and the looping continues.
This virtuous cycle of consistent service improvement against both functional (business driven) integrations as well non-functional use-cases including things like regulation, corporate policy and contract conformance now become digitized, and continuously monitored and improved… in effect governing digital business services, decreasing operational risks, and overtly complying with appropriate policies.

With this in place investments in DevOps/Automated Orchestration, Policy Driven Cloud Management Platforms (like CSC Agility Platform), Release Management and Operational Logging / Analytic platforms (like the CSC BDPaaS,

SEIM: Splunk/ArcSight) and eGRC platforms (RSA Archer) all begin to fit together into a MSI future state.

The result: a continuously improving, fully digital, as a Service enterprise running fully compliant with industry regulations, corporate policies and business contracts.


  1. Dan,

    I think implicit in this idea is the ability to identify and incent opportunities for service integration. My guess is that those who develop a true leadership position for this market will be the providers smart enough to build a set of references around critical points of convergence between core enterprise services, contextual services, and utility services.

    I see your game-changing idea and raise you one (I think critical) innovation: use advanced analytics + architecture to guide the development of a leadership POV to put in front of customers.

    As part of your technology transformation program, you’ve asked your ResearchNetwork data scientists to investigate mechanisms to sense these pressure points. The results are early, but encouraging. Want to see? …and this is where I channel Neil deGrasse Tyson…

    Come with me!

  2. what you’re describing isn’t an automated model, rather the fusion of IT and Business architectures, an interdependent model. far too long the two have been separated, it is to a point now when neither can advance without the other for the survival of the business in today’s ever evolving economy.

  3. Dan,
    I think that the points you addressing are correct and are defensible in today’s status quo of IT.
    The challenge is how to get into that model where Business and IT architectures co-operate (reinforce each other).
    In my view starting with your point 4 is a good start. None of IT’s traditional management application will bring a ‘common operational picture’ (COP) that can be used by SIAM.
    Log-management will enable to build a COP of IT usable for SIAM and allows for advanced analytics and elastic searches (as mentioned).

Leave a Reply