Showing posts with label Dana Gardner. Show all posts
Showing posts with label Dana Gardner. Show all posts

Wednesday, December 01, 2021

How Houwzer Speeds Growth and Innovation for Online Real Estate by Gaining Insights into API Use and Behavior


Transcript of a discussion on how a cloud-based home-brokerage-enabler, Houwzer, constructed a resilient API-based platform as the heart of its services integration engine.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Traceable AI.

Dana Gardner: Hi, this is Dana Gardner, Principal Analyst at Interarbor Solutions, and you’re listening to BriefingsDirect.

Complexity and security challenges can hobble the growth of financial transactions for private-data-laden, consumer-facing software-as-a-service (SaaS) applications. Add to that the need to deliver user experiences that are simple, intuitive, and personalized -- and you have a thorny thicket of software development challenges.

Stay with us now as we explore how streamlined and cost-efficient home-brokerage-enabler Houwzer constructed a resilient application programming interface (API)-based platform as the heart of its services integration engine for buying and selling real estate online.

To learn how Houwzer makes the most of APIs and protects its user data while preventing vulnerabilities, please welcome Greg Phillips, Chief Technology Officer (CTO) at Houwzer. Welcome, Greg.

Greg Phillips: Thanks, Dana. It’s nice to be here.

Gardner: Greg, what does Houwzer do, and why is an API-intensive architecture core to your platform?

Phillips: We are more than just a real estate brokerage. We’re also a mortgage brokerage and a title agency. The secret sauce for that is our technology platform, which binds those services together and creates a seamless, end-to-end experience for our consumers, whether they are buying or selling a home.

Phillips
Those services are typically fragmented among different companies, which can lead to an often-chaotic transaction. We streamline all of that into a much smoother experience with our salaried agents and a consistent technology platform across the whole transaction. We are rethinking how real estate transactions are done by making it a better experience across the board, inclusive of all those services.

Early on, we decided to build, essentially, a protocol for conducting real estate transactions. There are laws and regulations for how to conduct such transactions in different jurisdictions. Instead of having an unmanageable variety of local rules and regulations -- in one area they’re doing it one way, and in another area doing it another way – we looked for the common elements for doing real estate transactions, mortgages, and for titles.

We’ve built into our system these common elements around real estate transactions. From there, we can localize to the local jurisdictions to provide the end services. But we still have a consistent experience across the country in terms of offering services.

That’s why we began with an API-first architecture. We focused on the protocols and building-blocks of the platform that we offered to our agents, coordinators, and mortgage advisers for their services. Then we layered on the front end, which has a lot more localization and other services. So, we very intentionally thought about it as a protocol for conducting real estate transactions, rather than building an app to manage just specific types of real estate transactions in specific jurisdictions.

Gardner: When say API-first, what do you mean? Was that how you constructed your internal platform? How you deliver the services? Was it also for the third-party and internal integration points? All of the above?

Real estate transactions gain flexibility

Phillips: All of the above, yes. We wanted to build an API core that was flexible enough to support lots of variants within different types of real estate transactions. We’re already in seven states. And we’re still pretty early in our journey. We’re going to be adding more states and jurisdictions.

We wanted to build an API core that was flexible enough to support lots of variants within different types of real estate transactions. ... We put a lot of thought into our data model and our API platform.

So, we knew from the get-go that was our direction. We put a lot of thought into our data model and our API platform, such that we wouldn’t have to rewrite or break up the APIs every time we entered a new jurisdiction. We wanted a flexible underlying API that we could use to offer a finished product, even though it might look a bit different in Maryland than it does in Pennsylvania, for example.

Gardner: It’s evident that such flexibility, speed of development, and reuse of services are some of the good things about APIs. But are there any downsides? What can detract from that versatility when going API-first?

Phillips: One of the downsides of APIs is once you put it out there into the world, you are supporting that API, for better or worse. Things get built against it. And if you want to change or rethink what you do with that API, you have downstream dependencies reliant on that API.

It’s not like you’re a single code base, where if you want to refactor, you can use your idea to go discover all the things that might break if you change things. With the API model, it’s harder to know exactly who’s out there using it, or what might break if you change the API.

Learn More 

About Traceable.ai

That means there’s a semi-permanence to an API. That’s somewhat unique in the software development realm where things typically move with a lot of flux. We have libraries that are updating all the time, especially in the JavaScript ecosystem. Things are going a mile a minute.

When you deliver an open API, you have to be more thoughtful about what you put out there ahead of time, because it is harder to change, harder to version, and harder to migrate. It’s by definition something you’ve chosen to set in stone, at least for some period of time, so people can build against it.

Our API interacts with third parties. The vast majority of the usage of our API is for our internal front-end application. It’s not like we have tons of different stakeholders on the API. But we need to factor for those third parties and partners. 

Obviously, then, security is another huge undertaking when you put an API out there. This is not an API that is just sitting behind a firewall. This is an API on the Internet for conducting real estate transactions, which are highly sensitive transactions. So, obviously, security is a huge concern when building an API.

Gardner: With so many different parties involved in real estate transactions, to get people to rely on Houwzer as a hub, there needs to be an element of trust. Not just trust about performance, but trust that the activity is going to be safe, and privacy is assured.

What did you do to bring that level of resiliency to your API? How did you troubleshoot your own API to make sure that others would view it favorably?

Keep data safe from start to finish

Phillips: From the very beginning, we’ve been really concerned with security. Even before we had any transactions running through the system -- and we were just in the design phases of the API -- we knew we’re in an industry that’s constantly under attack.

The most common and dangerous thing that happens in the real estate brokerage industry is when some non-public information about a transaction is somehow leaked. There are a lot of criminals out there who can use that information to attempt to exploit our customers. For example, if they find out information about when a closing is supposed to be in the name of the title company, they could pose as an agent of that title company and say, “Hey, for your upcoming closing, the wiring instructions have changed. You actually need to wire ‘here’ instead of ‘there’.”

There are a lot of criminals out there who can use that information to attempt to exploit our customers. It's been a huge problem in the industry. We need to make sure that the information stays private.

We’ve seen brokerages across the country fall victim to that consistently over the past five to 10 years, if not longer. It’s been a huge problem in the industry. So, while an API enables a great user experience by having very streamlined transactions, we need to make sure that the information stays private to only our clients, agents, and coordinators -- and not leak any of that data to the public through the API. That’s been paramount for us.

As far as performance goes, we’ve been fortunate that our business has relatively few high-value transactions. We haven’t had to achieve super-scale yet with our APIs. Our security concerns are a 10, but our scalability concerns, fortunately, are at a two. So far, it’s not open to the masses. It’s more of a premium service for a smaller audience than a free service on the Internet.

Gardner: Given the need for that high level of security, you can’t depend on just the perimeter security tools. You need to look at different ways of anticipating vulnerabilities to head them off.

Phillips: Yes. You must be aware of what you’re putting out into the world. You must assume the worst about who is going to interact with your API, and make sure there is no way for an unauthorized person to gain access to information they’re not privy to.

Since the beginning of building this platform, that kept me up at night. One of the things that ultimately led me to Traceable AI was that I wanted to effectively gain more confidence about how my APIs were being used out in the world. You try to anticipate as much as you can when you’re building it.

You reason: “Okay, who’s going to be calling on this? We don’t want to expose any additional information here. We want to have just the information needed, with no additional information that might leak out. We want really strong access controls on each API request, such as what parameters will be accepted, what will be updated, and what will show in each scenario based on all the different users’ rules.”

Obviously, that’s a lot to keep track of. And you always worry there is some misalignment or misconfiguration that you’re missing somewhere. You want to be able to monitor how the API is getting used -- and, essentially, have an artificial intelligence (AI) capability look for that type of thing in addition to your ability to query for it.

That has been very attractive for us. It’s given us a lot of confidence that, in practice, we are not leaking data. It’s an additional level of validation. Instead of enforcing a perimeter and not letting anybody in, we’re very careful about what we put out there beyond the perimeter. And not only are we careful about what we put out there beyond the perimeter, we’re also monitoring it very closely, which I think is key.

Monitor who’s doing what, where, and when

Gardner: Such monitoring gives you the opportunity to create a baseline of behaviors, so that even for unintended consequences of how people use your API, you have a data record. And you’re doing it at scale because there’s a lot of data involved that humans couldn’t keep up with. Instead, you have machine learning (ML) and AI technologies to bring to bear on that.

What have you learned from that capability to observe and trace to such a high degree?

Phillips: We have discovered a few vulnerabilities that we weren’t aware of. So, there were areas where we were exposing, or potentially exposing, more information than we meant to through a given API endpoint. That was identified and fixed.

Learn More 

About Traceable.ai

We’ve also seen some areas where people have tried to attack us. Even though we don’t have the vulnerability, we’ve seen malicious actors hitting our API, attempting to do a sequel injection, for example, or attempting to read a file on the file system, or to run a command down the system. You can actually see that stuff and observe how they’re doing it without having to parse through raw API requests, which aren’t humanly readable. Those are the first order of insights we’ve gained.

The second order of things we’ve seen are also very interesting. We can look at the API requests segmented by our users and our user roles. That means learning what API requests our clients, agents, and coordinators tend to make. We can now examine how these different stakeholders interact with the API. It has been really interesting to see from a planning perspective.

We can look at the API requests segmented by our users and our user roles. We can now examine how these different stakeholders interact with the API. The API is a living, breathing thing that you can look at and observe.

Even outside of security, it’s been fascinating to see how the system gets used, and the kinds of natural rhythms that occur, such as when is it used during the day. What are these types of things happening versus these other types of things happening?

It’s interesting to see that which would be very hard in the non-human-readable API requests. When you aggregate it and display it in an information display, you can see that stuff. The API is a living, breathing thing that you can look at and observe as it’s out there in the world.

Gardner: Not only as it breathes and lives, but it’s easily updated. So how do you create a feedback loop from what you learn in your observability phase and bring that into the development iteration process?

As the CTO, are you the one that has to cross the chasm between what you can observe in operations and what you can subsequently ameliorate in development?

Security now part of every job

Phillips: Generally, yes. I view that as a key part of my role. Our software engineers are in there looking at it as well, but I hold myself accountable for that function. Also, I try to recruit generalist software engineers who can take security into account, just like with user experience, when they’re building things. 

I find it very hard to build a cohesive and secure product if you are just throwing requirements over the fence to the software engineers from different departments, saying, “Build this.” I think you lose something.

Rather, there has to be a complete understanding in one accountable individual’s mind to deliver the complete product. And that’s not to say those areas of the company shouldn’t have input on what gets built. But the engineers in my mind have to have a deeper understanding. I like to give them as much data as possible to understand what they’re putting out. Then they have that all in their minds when they’re writing the code.

Gardner: Have your developers been receptive to this observability of API behavior data, or do they say, “Well, that’s the security person’s job, not mine”?

Phillips: All of us on the team feel a responsibility for the security of our systems. I think everyone takes that really seriously. I don’t think anyone thinks that it’s “someone else’s” problem. We all know that we all have to watch out for it.

That being said, not everyone is a security expert. Some people may know more or less than others about information security. None of us are dedicated information security professionals. We rely on the inputs from the Traceable AI platform and from what we’re seeing happen to learn about the things that we should be worried about. What are the things that we don’t even know about yet?

It’s about having a culture of learning and having generalists who want to get better at building secure systems and to convey secure APIs. That is increasingly part of the job description for software engineers, to take that into account. That’s especially critical as we see higher value services, like our own, being offered directly on the Internet.

Things are so different now. Years ago, real estate and other financial transactions had some kind of application front end. Then some person would put it all into a mainframe that night and do the financial transactions. Then, the next morning, after it ran on the mainframe, the humans would look at it again. And then they would update your bank account.

Learn More 

About Traceable.ai

Now there’s far more automation. Things happen live via APIs on the Internet. And that’s created much more reason for developers to truly understand the security implications of what they’re building. You simply can’t insert a failsafe as easily, as you start to eliminate process friction, which is what consumers want. There are less natural insertion points for a true dedicated security or dedicated fraud prevention review. You have to do these processes live and in an automated way. Security therefore has to be built into the thing itself.

Gardner: Of course, these transactions come with high urgency for people. This is their home, one of the biggest transactions of their lives. They’re not interested in a wishy-washy API.

How easy was using Traceable AI to bring automation for better security into your organization?

Data delivers better development

Phillips: What I like about the Traceable AI user experience is that you can engage with it at multiple levels. On the most basic level, you log in and it’s pushing out immediate alerts of threats. You can view what has happened since you last logged in, and you can review your bots. It surfaces the most important things right away, which is great.

But then you can also pursue questions about the APIs in production. For example, you can plot how the APIs are being used. They give you great tools to drill down so you can navigate to different ways of aggregating the API usage data and then visualize, as I mentioned before, those usage patterns.

What I like about the Traceable AI user experience is that you can engage with it at multiple levels. It surfaces the most important things right away, which is great. They also give you the tools to drill down so you can navigate to aggregating the API usage data.

You can look at performance as well as security. So even if you’re feeling good about the security, you can determine if latency doesn’t look great, for example. There are a lot of things in there to show where you can go really deep. I don’t think I’ve gotten to the bottom. There’s more to discover, and there’s tons of ways to slice, dice, and look at things. I tend to do that a lot because I’m a power user and like to figure things out. But at the same time, Traceable AI does a great job of using their intelligence to surface the most important things and the most critical security concerns and get those in front of you in the first place.

Gardner: It sounds like these data deliverables provide you an on-ramp to a more analytics-driven approach to not only development -- but for improving the processes around development, too.

Phillips: Yes. I would even extend that into the processes around our business operations, our real estate operations. We’re offering a product through our technology that is ultimately a real estate transaction engine. And we can actually see in the API things that we need to do to make the real-world solution better.

We have three critical stakeholders: the buyer client, the real estate agent, and the transaction coordinator, who makes sure everything goes smoothly. And, using these tools, we can see if the user or coordinator are trying to do something, meaning they’re getting errors. We can see if there is a point in the real estate transaction where we might not have everything included. Maybe the information that was expected to be there is incomplete, and so they are not able to get to the next step of the transaction.

So, you can actually uncover things that are not explicitly in the technology, like a process problem. We need this information ahead of that point in the process, and we don’t always have it. We want to then know what next to build into our protocols for the future.

Gardner: Greg, what are your suggestions for other folks grappling with the API Economy, as some people call it? Any words of wisdom now that you’ve been through an API development and refinement journey?

Take one real estate step at a time

Phillips: Start small and expand. Don’t try to put everything and the kitchen sink out there all at once. We currently represent people selling their home, buying a home, and getting a mortgage, people who need title insurance -- people doing all of those things together all at once.

However, the first transaction through our system was just people listing their homes. We said, “Let’s take on this specific process.” And even at the time that we launched, it was a much less detailed version of the process we have today. It’s really important to release something early that is complete but limited in scope. Scope creep -- of trying to pack in a lot at once -- is what causes security issues. It’s what causes performance issues. It causes usability issues. So, start simple and expand. It’s probably the best piece of advice I have.

Gardner: Assuming you are going to continue to crawl, walk, and run, what comes next for Houwzer? What does the future portend? What other transactions might this protocol approach lend itself to?

Phillips: We thought about all the things needed to consummate a real estate transaction. We have covered three of those. But we are missing one, which is homeowners’ insurance. We consider the core services to purchasing a home as brokerage, mortgage, title, and homeowners’ insurance. So that piece is in the works for us.

Learn More 

About Traceable.ai

Outside of those core pieces, however, there are lots of things people need when they’re buying and selling homes. It could be resources to fix up their current home, resources to move in, guidance around where in the country they should move to as a remote worker. There’s lots of different services to build out to from the core.

We began at the core transactions, and now we can build our way out. That was a very intentional strategy. When you look at Zillow, Redfin, or some of the other real estate technology companies, they began with the portal and then tried to bolt on the services.

We’re trying to build the best technology-enabled real estate services, and then build from that core outward into more of those needed services. Some of the next things in our product road map, for example, are pre-transaction, helping our consumers make more educated decisions about the transactions they’re going to enter into. And we can do that because we have this bullet-proof, secure, battle-tested system for doing it all and great real estate agents that will help guide you through the process.

Gardner: I’m afraid we’ll have to leave it there. You’ve been listening to a sponsored BriefingsDirect discussion on how a streamlined and cost-efficient home brokerage enabler, Houwzer, constructed a resilient core API platform.

And we’ve learned how protecting user data and preventing vulnerabilities across an end-to-end API services approach has allowed Houwzer to deliver user experiences that are simple, intuitive, personalized, and trusted. So, a big thank you to our guest, Greg Phillips, Chief Technology Officer at Houwzer. Thanks so much, Greg.

Phillips: Yes, thank you as well. It’s been a pleasure.

Gardner: And a big thank you as well for our audience for joining this BriefingsDirect API resiliency discussion. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host throughout this series of Traceable AI-sponsored BriefingsDirect interviews.

Thanks again for listening. Please pass this along to your business community and do come back for our next chapter.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Traceable AI.

Transcript of a discussion on how streamlined and cost-efficient home-brokerage-enabler, Houwzer, constructed a resilient API-based platform as the heart of its services integration engine. Copyright Interarbor Solutions, LLC, 2005-2021. All rights reserved.

You may also be interested in:

at 12:21 PM 0 comments
Labels: , , , , , , , , , , , , , , , ,

Wednesday, October 27, 2021

The Open Group Marks 25 Years of Working Together to Make Successful Standards

Transcript of a discussion on the 25th anniversary of remarkable achievements in the global technology standards arena by The Open Group.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: The Open Group.

Dana Gardner: Hi, this is Dana Gardner, Principal Analyst at Interarbor Solutions, and you’re listening to BriefingsDirect.

Way back in 1996, when web browsing was novel and central processing still ruled the roost of enterprise IT, The Open Group was formed from the merger of the Open Software Foundation and X/Open.

This October marks the 25th anniversary of remarkable achievements in the technology standards arena by The Open Group. Beginning with a focus as the publisher of the single UNIX specification technical standard and steward of the UNIX trademark, the organization has grown to more than 850 members in over 50 countries -- and it leads the field and technology standard services, certifications, research, and training.

Stay with us now as we explore how standards like UNIX and TOGAF evolved to transform business and society by impacting the world as a digital adoption wave swept over human affairs during the past quarter century.

Here to commemorate The Open Group’s achievements and reminisce about the game-changing, earth-shattering, and culture-evolving advances of standards-enabled IT, please welcome our guests. We’re here with Steve Nunn, Chief Executive Officer (CEO) at The Open Group. Welcome, Steve.

Steve Nunn: Thank you, Dana. I’m glad to be here.

Gardner: We’re also here with David Lounsbury, Chief Digital Officer (CDO) at The Open Group. Welcome, David.


David Lounsbury: Thank you, Dana. I’m happy to be here, too.

Gardner: And we’re also here with Jim Hietala, Vice President Business Development and Security at The Open Group. Welcome, Jim.

Jim Hietala: Hi, Dana. I’m glad to be here.

Gardner: Great to have you all. Steve, even after 25 years of clearly breathtaking changes across the IT landscape, why is The Open Group’s original mission as salient as ever?

Nunn: In a nutshell, it’s because the world needs open standards. That has been our heritage -- open systems, open standards. We added conformance to open standards, importantly, along the way. And it’s never been more needed than it is now.

Nunn

When we began, there was a crying need for more choice among customers and more interoperability among different software applications. The main proprietary vendors just weren’t necessarily delivering that choice. So, it’s really because customers need standards.

You know, they help suppliers, too. They help all of us in our day-to-day lives. That’s why we’re still needed at 25 years on -- and we’re looking forward to a bright next 25 years.

Gardner: David, sometimes you have to pull people kicking and screaming into standards. It’s like what your mom told you about eating spinach. It’s for your own good, right?

Lounsbury: Right.

Gardner: But we couldn’t get to the current levels and breadth of technology use without them.

Meeting the need for standards

Lounsbury: That’s right. And, you know, Steve mentioned the need for standards -- and the technology does drive the standards. At the time when we were founded, there were relatively few CPU manufacturers, and now there has been an explosion in compute power and a radical fall in the cost of networking, and that’s led to lots of new ways of doing business. People are looking for guidance on how to do that, how to restructure their organizations, and on which technology platforms they need to use. That need is fueling a swing back to seeking new standards.

Gardner: Jim Hietala, with your focus on security, 25 years ago we couldn’t have imagined the things we’re facing around security today. But without people pulling together, we wouldn’t be able to buttress our supply chains. How has security in particular been enabled by standards?

Hietala: It’s interesting to look back at the past because in the world of security today you hear about two predominant themes. One is zero trust, and if you look back at some of the work the Jericho Forum was doing inside of The Open Group 10 to 12 years ago, those were the origins of what we’re calling zero trust in the security industry today.

Hietala

The whole notion of perimeter security was failing. We needed to move security controls closer to the data and to secure people’s access within what were previously considered secure networks. The Jericho Forum seeded that discussion a number of years ago.

The other big issue out there today is supply chain security, with some of the supply chain security attacks in the last 18 months. And here again an initiative inside of The Open Group that was formed some 10 years ago, the Open Trusted Technology Forum (OTTF), that was brought to us by the US government, was focused on addressing the security of the hardware and software for the components that go into the IT systems being procured.

And again, we’ve had some groundbreaking work inside of The Open Group on the topic of security that’s highly relevant today, even though the environment has changed tremendously in the last 25 years.

Gardner: Yes, as Steve mentioned, this is a long game. Sometimes it takes decades for the value of these efforts to become fully evident to all the players.

I’m old enough to remember there used to be quite a few UNIX® standards or variants. The process behind pulling them together for the benefit of everyone -- both the users and ultimately the vendors as well -- became a cookie cutter model for creating standards generally.

Steve, how did the evolution of UNIX standards in particular become opportunity to do much more?

Nunn: We converted what it meant to be a UNIX system, from being derived from a certain code base, to being based on a standard. The key is it wasn’t just one standard. It was a lot of standards. There were 1170 different specs that changed what it meant to be a UNIX system. It was then all about conformance with the standard and how the system operates in connection with the standard -- rather than derived from a particular code base.

It was gathering a set of standards together. Our history since then -- this idea of a standard of standards -- has evolved and developed to make standards approachable and useful for solving business problems.

Fundamentally, at The Open Group, all our work on standards starts with trying to solve a business problem. A set of standards makes solutions more applicable, more approachable, for implementation. And increasingly nowadays we add things like developing some code alongside it. That’s the essence of it. We were transforming the first kind of UNIX standard, the Spec-1170, set of standards.

Gardner: David, what a success UNIX has become since back when we thought this was going to be just a way for workstations to interoperate better on a network. It became the foundation for Linux, BSD, and for the MacOS. It went from workstations to servers and then dominated servers. It seems that there’s no better validation for the success and power of standards and what we’ve seen with UNIX over the past 25 years.

Lounsbury

Lounsbury: Yes, no question about it. I come from the minicomputer revolution, where I started in my career, and basically that whole industry got run out of business by UNIX systems. And now we have it, as you said, on our laptops. I’m running it on my laptop right now. It’s on all our smaller systems. Embedded processes all tend to run a variant of things that look like the UNIX standard.

If you have to create something quickly, and you want to create something that’s robust and will run predictably, you pick something that follows the UNIX standard.

Gardner: And how did you get people to rally to such standards? There’s more to this than technology. This is also about a culture of cooperation. There is a human behavioral aspect to it.

How has The Open Group been able to pull so many different threads together and repeat this? You’ve been doing this as well for TOGAF, with enterprise architecture, with Open Agile, ArchiMate, FACE, and reference architectures like IT4IT, among many others.

What is behind this ability to govern so many factions into a common goal?

Staying power of neutrality

Lounsbury: There are a couple of dimensions to it, and Steve’s already mentioned one of them. He talked about the end-customers. We recognized the value of neutrality -- not only neutrality of technology, but also the other dimension of neutrality, which is the balance between the buy-side and the supply-side.

There are many things called standards activities that are really altered to one side or the other. We found the balanced viewpoint: balanced across the technologies, balanced across the demand, which is the essential key to having stable buy-in. Now, of course, that must be built on rock-solid processes that respect all the parties, all the way through. And that’s how our formal governance comes in.

Nunn: That’s right, you’ve hit the nail on the head. The magic happens when the customers drive this. They have things that need to be achieved through standards.

The process has been essentially stable -- evolved slightly over the years -- but it's a tried-and-tested process; a consensus process of one company, one vote. It's allowed us to create trust.

The second point David made is key, too. The process has been essentially stable -- evolved slightly over the years -- but it’s a tried-and-tested process; a consensus process of one company, one vote. It’s allowed us to create trust.

That’s the word I want to want to bring out here: trust in the process, trust in the equity of the process; that all parties get to have their say. That has essentially stood us in good stead. We’ve been able to apply that process, and that same approach in governance, across many different industries and business programs.

Gardner: I suppose another key word here, Jim, is cooperation. Because while The Open Group is a steward and has been involved with governance, there’s a tremendous army of people who contribute the things that they have learned and know and then bring to all this.

How important has it been to encourage that level of cooperation? It’s astonishing how many people are involved with these standards.

Hietala: It’s critical to have that cooperation, and the work, frankly, from the members. The Open Group brings the staff who help initiate standards initiatives and run them per our processes and our governance in a fair, open, and transparent way.

But it’s the members who bring the subject matter expertise in whatever area we’re talking about. In the case of The Open Group FACE Consortium, it’s the defense contractors and government folks administering some of the programs who bring subject matter expertise that helps us produce business guides, procurement guides, and the standards themselves, as well as the reference software.

We have a saying that joining a standards effort such as The Open Group is like joining a gym. You have to not just get the membership -- you have to show up and do the work, too.

Lounsbury: Both of Steve and Jim mentioned confidence. I think that the confidence we project in the process, both the formal governance and the ability to bring people together, is the real differentiator of why The Open Group has stood the test of time.


We see many examples of groups that get together and say, “Well, why don’t we just get together and solve this problem?” And what we often find is that they don’t because they lack stability. They can’t project stability. They don’t have the endurance. The government is a good example of where they then come back to The Open Group and say, “Hey, can you help us make this a sustainable activity that will have the impact over time that we need?”

Gardner: Another key word here then is journey, because you never get to the destination, which is actually a good thing. You must be self-sustaining. It has to be ongoing, the peeling back of the onion, the solving of one problem that perhaps creates others: and then again and again.

Is that never-ending part of the standards process also a strength, Steve?

Nunn: Yes, because around the world the various industries we work with don’t stand still. There’s a new problem coming up every day, as you alluded to, Dana, that needs solving.

When a group gets together to solve an initial problem through a standard, there's much more. ...The problems don't stand still, and technology evolves the world. Disruptive events happen, and we need to adjust and update the standards accordingly.

When a group gets together to solve an initial problem through a standard, they realize there’s much more there. I can think some recent examples, such as the Open Subsurface Data Universe (OSDU) Forum, which is in the oil and gas industry. They originally got together to focus on subsurface issues. And now they’re realizing that that a standards approach can help them in many other areas of their business as well.

The problems don’t stand still, and technology evolves the world. Disruptive events happen, and we need to adjust and update the standards accordingly.

Gardner: Is there a pattern to the standards you’ve chosen to foster? You obviously have been very successful with enterprise architecture and TOGAF. You’ve gone to modeling, security, and reference architectures for how IT organizations operate.

What’s the common denominator? Why these particular standards? Is there an order to it? Is there a logic to it?

One success leads to another

Nunn: The common denominator is something mentioned earlier, which is a business need. Is there a business problem to be solved, whatever industry that might be?

Over the years, The Open Group can trace one activity where a group of companies got together to solve a business problem and then it led to several other forums. The example we usually use is The Open Group Future Airborne Capability Environment (FACE) Consortium in federal avionics. They recently celebrated their 10th anniversary.

That effort led directly to work in the sensor architecture space, and strangely led to our Open Process Automation Forum. Members saw the great work that was being done in the FACE Consortium, in terms of a modular method that creates an architected approach. The past saw a situation where one aircraft, for example, is funded completely separately, with no reuse of technology or parts, and where everything was done from scratch with one prime contractor and subs.

And we had some other members fortunately who saw from the oil industry how a set of industry standards had emerged. They said, “We have the same issues in our industries. We want a standardized approach, too.”

As a result, the Open Process Automation Forum is doing great work, transforming the way that systems are procured.

These successes form a traceable connection between an industry that has a problem to solve and the established best ways of doing it. They come together and work on it as an industry, and through tried-and-trusted processes, rather than trying to beat each other in the marketplace to the first magic solution.

Gardner: Jim, it sounds like the need for a standard almost presents itself to you. Is that fair?

Hietala: As an outsider, you might say, “What in the world do control systems users have in common with the military avionics industry?” But the takeaway is with each iteration of this new standards initiative our staff learned better how to support the formation and operation of a set of best practices around an operating standards initiative. The members learn as well. So, you had folks from Exxon Mobil at a conference speaking about how they transformed their industry, and the light bulb went off. Others brought the idea back from the oil and gas industry.

Then we at The Open Group helped them identify similar uses in some other industries: metals and mining, pulp and paper, utilities, water utilities, and pharmaceuticals – they all use the same set of control system equipment. They all had similar problems until we were able to bring it into a standards initiative. And once you have that sort of support behind an initiative, the suppliers don’t have a choice but to pay attention, get involved, and help drive the initiative themselves.

Gardner: David, it’s clear that just presenting a standard isn’t the only factor for success. You must support it with certifications, additional research, events, and forums that continuously bring people together in an atmosphere for collaboration and ongoing training. You’ve not only broadened the scope of what The Open Group does in terms of the standards, but also a wider set of functions that augment and support those standards.

Lounsbury: That’s right. Both Jim and Steve mentioned the process of discovery by the members, or by potential members, and the value of standards. That’s a critical component because the natural instinct is for people to go off and try to solve things on their own, or to get a magic bullet competitively.

The art of what we do is help members understand that only through collective action, only through wide agreement, is there going to be a sufficient response to solve the business problem.

But part of the art of what we do is help members understand that only through collective action, only through a wide agreement, is there going to be a sufficient response to solve the business problem and provide a center of gravity for the vendors to invest in building the systems that embrace and employ the standards.

And so, a part of building that continuing confidence is knowing that there will be trained people who know how to use the standard effectively. There will be systems that conform to the standard, and you can get together with peers in your industry to find out about what’s going on at the cutting edge of technology.

And, frankly, even the social networking, just meeting people face to face builds confidence that everybody is working toward the common objective. All of these things are critical supporting pieces that give people confidence to invest in solutions and the confidence to specify that when they purchase.

Gardner: It seems like a big part of the secret sauce here is mutual assured success for as many of the people in the ecosystem -- on all sides of the equation -- as possible. It sounds simple, but it’s really hard to do.

Nunn: It is, Dana. And you need champions, the people who are passionate about it in their own organizations.  

For me, the single biggest differentiator and reason for The Open Group’s success so far is that we have a very respected set of certification programs and processes. The importance of certification is that it gives standards some teeth. It gives them meaning. We’re not just publishing standards for the sake of it, and nobody uses them. They’re being used by trained people. There might also be certified products out there, too.

Certification helps turn it into an ecosystem, and that in turn gets people more engaged and seeking to evolve it and be part of the movement. Certification is key because of the teeth that it gives the standards.

Gardner: Well, the custom is when we have an anniversary to do toasts. Usually, toasts are anecdotal or remembrances. Are there any such moments in hindsight that ended up being formative and important over the past 25 years?

Cheers to 25 years of highlights

Nunn: For years, we had heard that UNIX was going away, that it’s not relevant anymore. I think the work we’ve done has proven that’s not the case.

Another highlight or breakthrough moment was when we got our TOGAF practitioner certification program up and running. That spread around the world to a large number of individuals who are certified and who are promoting the value of the standard itself.

We’ve created a community over the years, even though that community is harder to bring together right now in the pandemic days. But certainly, for the vast majority of our history, we have brought people together; these people are familiar with each other, and new people come in.

The face-to-face element is special. Somebody recently made a great point about the effect of the pandemic. And the point was that you need the personal interactions in developing standards. Standards are about contributing intellectual property, but also about compromise. It’s about discussing what’s best for the relevant industry. And that’s hard to achieve in a virtual world.

You need the dinners, the beers, whatever it might be to build the social networking and up the trust for the individuals in these situations who are often from competing companies. The way that we have encouraged the community and built up what we’ve often called “The Open Group family” over the years is a key factor for us.

Gardner: David, what are some anecdotes that come to mind that highlight the first 25 years?

Lounsbury: I’m going to pick up on Steve’s theme of face-to-face meetings. One that stands out in my mind was the first face-to-face FACE Consortium meeting, which was at a vendor building on the National Mall in Washington, DC.

And, I’ll be honest, there was a ton of skepticism, both from the government agencies and from some of the larger vendors, that this could ever possibly come together. And because we got the people together and we had a few enthusiastic champions -- not necessarily the people who started things out -- but the people who saw the value of cooperative industry engagement -- we got it together. And 60 companies walked out of that room saying, “Yeah, this might actually work.” And from then on -- that was over 10 years ago -- it changed the way avionics are produced. And now it has inspired changes in other industry verticals as well.

Because we got people together and we had a few enthusiastic champions we got it together. What we sometimes call The Open Group Way differentiates how we create standards. It has inspired changes in other industries as well.

So, what we sometimes call The Open Group Way differentiates how we create standards from what had gone on in other standards activities that they had been engaged in.

Gardner: Jim, what’s your toast to the past quarter-century?

Hietala: At little bit higher level, I point to the fact that The Open Group has grown to more than 850 member organizations from dozens of countries. The specific things that resonate with me and made an impact over the years are engaging with all those members from the many different countries and nationalities at events we’ve held.

That and to getting to over 120,000 TOGAF-certified people, which is a huge milestone and was definitely not an overnight success. TOGAF was tens of years in the making, so those to me are indicative of where we’ve come in 25 years.

Gardner: It seems that the Tower of Babel isn’t particularly high when it comes to information technology (IT). The technology is a common denominator that cuts across cultures and boundaries. There really is a common world stage for IT.

IT – The universal language

Hietala: I think that’s true. There’s probably work that goes on inside of standards organizations like The Open Group, that isn’t necessarily seen, that enables that. There’s a fair amount of work translating the products of The Open Group into various native languages, such as Brazilian Portuguese, French, or Spanish, or Chinese. Those often happen at the ground level by volunteers, typically from the countries that want to enable adoption of what they see as a highly valuable standard.

Lounsbury: The profusion of technology you mentioned has driven a fundamental change in the way people run their businesses. And The Open Group is very much at the forefront of thinking about how that’s best going to happen.

What does it mean to architect your business going forward when you have all of these new management techniques, all of this new technology that’s available at very low cost causing these fundamental shifts in how you interact with your customers and in your ecosystem? That’s currently on the forefront of the minds of many of the groups working inside The Open Group.

We all know there’s a new management book a day nowadays. That’s why there’s a growing demand for stability of guidance in this world. How to do these new digital ways of working? We look to standards bodies to come out with that guidance. Our members are working on it.

Gardner: I suppose the past is prologue. And back when I first got involved with enterprise IT in the late 1980s, this type of technology transformation was still fringe in business. But it’s become more than mainstream, it’s become dominant.

We talk about digital transformation. We could probably just drop digital, now it’s transformation, period. Given the depth, breadth, and importance of IT to business and society -- where do we go from here?

How do you take the success you’ve had for the past 25 years and extend that to an even grander stage?

Standards provide frame for future transformation

Nunn: As Dave said, organizations have to transform. They’re looking for structure. They’re looking for tools that help go through this transformation. It can’t happen soon enough. The pandemic has been an accelerator.

But they need a framework, and standards provide that framework. That doesn’t mean exactly the same approach for all standards. But I don’t think we need to fundamentally change the way standards are built.

We’ve talked about our legacy of trust and the tried-and-tested. We need to evolve how things are done as we go forward, to fit with the speed with which transformation needs to occur and the demands that individual organizations in their industries have.

But we definitely now have a very solid bedrock for evolving, and the transformation aspect of it is key because people see standards as helping them transform. Standards give them something to work with when so much all around is changing.

Gardner: Jim, how do you take the success you’ve had with digital standards and expand the use of the methodologies?

Hietala: We’ve seen that the practices, business model, and the approach to taking a big industry problem and solving it through the development of standards has been proven to work. Companies in need of those standards efforts are comfortable looking at The Open Group and saying, “You’re an honest broker to be in the middle of this and make something happen.”

For example, a member from our OSDU Forum looked at what was happening there and saw a similar need inside of his company. It happened to be in the energy industry, but he saw a problem around how to measure and manage their carbon footprint. They examined the approach used in the OSDU and said, “That’s what we need over here to determine what our carbon footprint is.”

Taking a big industry problem and solving it through the development of standards has been proven to work. Companies in need of those standards efforts are comfortable looking to The Open Group.

And what they found quickly in looking at that customer need was that that’s a universal need. It’s certainly not just an energy industry issue. Cement companies, large auto manufacturers, and many others all have that same need. They would all be well served by having a standard effort that produces not just standards but a reference software platform that they could build from that helps them measure and manage any carbon footprint. The approach has evolved a bit. We’re able to support now open-source initiatives alongside of standards initiatives. But fundamentally our consensus-oriented standard process has not changed.

And that’s the way we build these initiatives, rally industry support, and take them from looking at the customer business problem to producing standards and business guides. The way we address the issues hasn’t changed.

Gardner: David, if you can apply the lessons learned at The Open Group to even more challenging and impactful problems, that sounds worth doing. Is that part of your next 25 years?

Lounsbury: Yes, it certainly is. There’s a couple of dimensions to it. There’s the scale in number of people who are engaged. And we’ve given plenty of examples of how we went from a core standard like UNIX or IT4IT or TOGAF and applied those same proven techniques to things such as how you do avionics, which led to how to do process control systems, which led to how to do subsurface data. That has all led to a tremendous expansion in the number of organizations and people who are engaged with The Open Group.

The other dimension of scale is speed. And that is something where we need to keep our standards up to date, and that has evolved. For example, we’ve restructured our architecture portfolio to have more modular content. That’s something we’re going to be looking at across all of our core standards, including how we link them together and how we make them more cohesive.

We’re looking at reducing the friction in keeping standards up to date and improving the pace so they’re competitive with those one-off, two-people-writing-a-book kinds of guidance that characterizes our industry right now.

Gardner: For those who have been listening and are now interested in taking an active role in open standards, where can they go? Also, what’s coming next, Steve?

Nunn: Yes, we’ll have some anniversary celebrations. We have a great event in October. We’re doing a moving global event over a 24-hour period. So, a few hours hosted in each of several locations around the world where we have offices and staff and significant membership.

We also have an ever-growing number of active meetings in our groups. Most of them, because of the pandemic, have been virtual recently. But we’re starting to see, as I mentioned earlier, the eagerness for people to get together face-to-face again when, of course, it’s safe to do so and people feel comfortable to do so.

And we’ll be looking at not just what we’ve achieved but also looking at how we make the next steps. A big part of that relates to the work we’ve done with governments around the world. A good example is the government of India, which recently published a standard called IndEA, based on our TOGAF Enterprise Architecture standard.

It’s being used to fundamentally transform government services, not just in the national government of India, but in various states there. And then other countries are looking at that work. We also have work going on with the International Telecommunication Union (ITU) in healthcare and digital services for citizens.

We’re doing a lot of work with governments to make a real difference to people’s lives as citizens, in countries that may need to catch up with some of the more developed countries. They’re using our standards and the work groups we’ve put together to get up to speed.

For me, that’s an exciting part of our future: The difference we can make in people’s daily lives.

Gardner: And, of course, a lot of this information is on your website, www.opengroup.org. Any other resources that people should be aware of?

Lounsbury: Yes, all our standards are free to download from our library on our website. You can obviously find how to register for events on the website, too. At the Forum level, there’s good information about each Forum that we’ve been working on. There’s always a contact form associated with each of the Forum webpages so you can leave your details and someone from our team will get in touch and tell you how to get involved.


Gardner: I’m afraid we’ll have to leave it there. You’ve been listening to a sponsored BriefingsDirect discussion on 25 years of remarkable achievements in the technology standards arena by The Open Group.

And we’ve learned how standards like UNIX and TOGAF evolved to transform business and society, impacting us all over the world as a digital adoption wave swept across human affairs. So, a big thank you to our panel. We’ve been here with Steve Nunn, Chief Executive officer at The Open Group. Thank you so much, Steve.

Nunn: Thank you very much, Dana. It’s been a great discussion.

Gardner:  And we’ve been joined by David Lounsbury, Chief Digital Officer at the Open Group. Thank you, sir.

Lounsbury: You’re welcome, Dana.

Gardner: And lastly, Jim Hietala has been with us. He’s vice President Business Development and Security at The Open Group. Thank you, Jim.

Hietala: Thank you, Dana.

Gardner: And a big thank you as well to our audience for joining this BriefingsDirect commemoration of technology standards successes discussion.

I’m Dana Gardner, Principal Analyst at Interarbor Solutions. Your host throughout the series of BriefingsDirect discussions sponsored by The Open Group.

Thanks again for listening, please pass this along with your business community, and do come back next time.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: The Open Group.

Transcript of a discussion on the 25th anniversary of remarkable achievements in the global technology standards arena by The Open Group. Copyright Interarbor Solutions, LLC and The Open Group, 2005-2021. All rights reserved.

You may also be interested in:

at 2:08 PM 0 comments
Labels: , , , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)