The KIT ─ Knowledge & Information Technology
No. 227 - 1 November 2018
Was this forwarded to you?
In This Issue
Cloud Working Group Launches 3 Projects
UK Code or Practice for Secure IoT
US Government "Cloud Smart" Policy
Bertrand Meyer on Concurrent Object Programming
Presentations from OMG Ottawa Meeting
Seen Recently
Claude Baudoin

Consulting Services
  • IT Strategy
  • Enterprise Architecture Roadmap
  • Business Process Modeling & Analysis
  • Enterprise Software Selection
  • IT Innovation Briefings
  • IT Due Diligence
  • Executive IT Seminars
  • Cloud Computing
  • Security Maturity
  • Software Process
  • Knowledge Strategy
  • Technical Communities
  • Knowledge Capture
  • Taxonomy development
  • Enterprise Social Media
Contact Us:
cébé IT and Knowledge Management
+1 415 870 ITKM
Twitter: @cbaudoin
Previous KIT Issues
Forward this issue to colleagues and friends: use the "forward email" link below at left, rather than "Forward" in your email software, to preserve your privacy, give the recipient more options (their own unsubscribe link, etc.) and to give us better click-through data. Thanks!
OMG Cloud Working Group Launches Three Projects
After a few months devoted to launching OMG's new CWG, which replaces the Cloud Standards Customer Council (CSCC), we hit the ground running at our Ottawa meeting in September, resulting in the launch of three projects:
  • a new guide on cloud governance
  • another new guide on cloud delivery technologies
  • Version 3 of our popular Practical Guide to Cloud Service Agreements

These trains are leaving the station, because we have an ambitious schedule to complete at least one of these papers by early December. But you can still join the effort (if only as a reviewer) you respond soon to the co-chairs (Claude Baudoin, David Harris of Boeing, and Karolyn Schalk of IBM) who can be reached simultaneously here

UK Code of Practice for Secure IoT
A pair of UK Government entities, including the strangely scoped Department for Digital, Culture, Media and Sport (oh, and "digital" is an adjective, by the way, not a noun) has published a new 13-point Code of Practice for the development of consumer IoT products. The guidelines are aimed to improve security, in particular by preventing DDoS attacks launched by a botnet of home devices, like the infamous Mirai.

Frankly, few of these recommendations are new. But having them all in one place is a good thing, and we know that even though most of these guidelines are obvious, they are still often violated.
From "Cloud First" to "Cloud Smart"
The "Office of the Federal Chief Information Officer of the United States" (usually, the longer someone's title is, the less actual power they have, but we digress...) published in September a draft strategy called "Cloud Smart," aimed at improving on the Obama administration's "Cloud First." Apart from some needless criticism of the previous directions, this is a fairly good set of recommendations. In particular, there are sections about Security, Sourcing, and Workforce, instead of solely focusing on the actual cloud technology, which is not the hardest problem to solve.

The comment period ended on October 31. It will be interesting to see what comes out of the effort. The other tab on the same web page, "CIO Council Actions," is full of action items with timelines... but those are expressed as durations (e.g., "within 3 months") and there are no start dates. For good measure, the page itself is undated.

There have been relevant efforts about IT and the cloud in other branches of the US Government, such as NIST (National Institute for Standards and Technology) and NTIA (National Telecommunications and Information Administration), but they are not referenced in the policy or in the actions. There seems to be a high risk of duplication as a result. Your tax dollars at work...
Concurrent Object Programming
The next free ACM Webinar, "Concurrent Object-Oriented Programming," will take place on Thursday 15 November, at noon Eastern US time (1700 UTC, 1800 CEST). The speaker is Bertrand Meyer, inventor of the Eiffel language, professor at Politecnico di Milano and Innopolis University. More information and registration at the above link. There will be a moderated Q&A session, and the talk will be recorded if you cannot attend in real time (but you should still register in order to receive the replay link).
Presentations from OMG Ottawa Meeting
It's already been five weeks? Time flies... All the presentations from the special event on the applicability of OMG standards to the governments of Canada, Sept. 26-27, are now available for download. Don't run away: most of the talks by OMG leaders are generic enough to interest you even if you are neither in Canada or in government. Each title in the agenda is hyperlinked to the corresponding PDF file.

Among the topics covered during the two-day event, you will find:
  • a great overview of OMG modeling languages, by Ed Seidewitz;
  • presentations on the UML, the Unified Architecture Framework (UAF), and the languages used to model business processes (BPMN), cases (CMMN), and decisions (DMN);
  • a talk on architecture-driven modernization;
  • a series of presentations on data governance (data residency, data provenance and pedigree, Information Architecture Framework, data tagging & labeling);
  • on the infrastructure side, descriptions of the Data Distribution Service (DDS) and Secure Network Communications (SNC);
  • talks about system assurance and software metrics;
  • presentations of specifications applicable to military and space systems.
Seen Recently...
"Dance like no one is watching. Encrypt like everyone is."
-- Tweeted by Navpreet Jatana, who prefixed it with "Seen recently:"
(there is a line of T-shirts with that slogan). We traced it back to
the title of a 2015 talk by Black Hat's Neil Wyler and Bart Stump.