Governance
Policy of Policy and Compliance
Governance Basic Definitions
Governance today is understood and defined as specific roles and responsibilities. The roles and responsibilities are based on an agreed upon standard or definition for example:
Corporate governance refers to the system of rules, practices, and processes by which a company is directed and controlled. It includes balancing the interests of various stakeholders, such as management, customers, suppliers, financiers, government, and the community.
IT governance is critical to the implementation and management of governance. It is a subset of corporate governance focused on the management and control of information technology resources and processes based on the governance requirements set by corporate policy. It ensures that IT supports and extends the organization’s strategies and objectives.
Data governance is a subset of IT. It is focused on data availability, usability, integrity, and security in an organization. It ensures that data is managed effectively and used responsibly.
Risk management is a security assessment process that involves the identification, assessment, and management of risks to ensure that they are within acceptable limits and aligned with the organization’s risk appetite and strategy.
Regulatory compliance involves adhering to laws, regulations, guidelines, and specifications relevant to the organization’s operations.
Each of these components of governance are internally focused. What am I doing right? Am I at risk? Are my systems safe? Are we using the right tools?
Changing Governance Perspective
In the era of cloud computing, digital communications, and information sharing, the role of governance is evolving to address issues related to the connections between information, devices, and services.
In the digital realm, geographical distance becomes irrelevant. Companies operate across continents and countries, each with different rules, policies, and risks. Managing diverse requirements and objectives presents a significant challenge.
The successful implementation of any IT system, including governance, hinges on an organization's ability to uphold security, privacy, control, and accountability.
Security is essential for protecting against the loss of health, wealth, and privacy, as everything relies on it.
Privacy is necessary to maintain confidentiality and secure operations, demanding control over data and services.
Control is crucial for defining all levels of operations to perform tasks, requiring accountability.
Accountability acts as a mediator or equalizer of security, privacy, and control, preserving structural stability. However, these four principles are often poorly implemented or nonexistent in current practices, with limited accountability leading to loss and conflict.
Disagreements regarding governance policies trigger conflict internally and externally. Conflicting interests among individuals, businesses, and governments are common, leading to disagreements and conflicts.
In the digital world, managing these competing interests can often seem impossible.
Relationships and Governance
It is all about people. People run companies. People run government. People build countries. The relationship between people, businesses, government and countries is the heart of governance.
Control impacts relationships. Who has control, what type of control and how control is used are all important factors that define a relationship. In situations where there is equal control, competing interests can find equilibrium with accountability.
Traditional Systems - My System, My Data, My Rules
Control is expressed in the design and implementation of systems. Those who pay for a service or system control the design. These systems tend to have a narrow scope of operations. It is much more difficult to build a system based on abstraction that supports the dynamic needs of relationships.
In a mutually defined relationship, each party agrees to terms defined in an agreement. The agreement defines needs and the rules of a relationship. Rules are policies that define the sharing of information and services.
Agreements are negotiated between parties. Most agreements have greater intent than the written terms.
If a policy is mutually agreed upon, parties have control related to their adherence to the terms of the agreement, and each can break the agreement with consequences. Governance in a relationship-based environment includes the monitoring of compliance.
Breaches or failures trigger accountability. Accountability is executed by a party when an agreement is breached. Consequences are part of accountability. Accountability maintains relationship equilibrium.
To maintain equitable relationships, governance includes 2-way accountability. Compliance is a measurement of accountability. Compliance answers the question: Is the agreement between parties being honored? Compliance applies to all levels or types of governance.
Redefining Relationships
Relationships are between 2 or more people or businesses. The terms of the agreement define the relationships between enterprise resources. An enterprise resource can be:
Owners
Users
Data and information
Services
Devices
Relationships between organizations can be tightly controlled and monitored to ensure compliance. Or they can be flexible and versatile. Relationships define the implementation.
If the architecture is built for the abstraction of operations between ERs, the architecture will be extremely flexible. If the environment is safe, secure, and defined by relationships (between ERs) policy can define system operations. Governance helps ensure compliance of operation is maintained.
Safe and Secure Computing with Relationship Governance
Universal digital participation requires security, privacy, control and accountability.
Practically, this means businesses, organizations and enterprise resources need a safe and secure infrastructure with privacy, control and accountability. Compliance must be present and measurable.
Everyone, including devices and services, must have control of their environment. They must be independent, responsible and accountable for all transactions.
With safety and security, comes confidence to share and transact. Mutually beneficial relationships are dependent on privacy and control of ones resources. Agreements to share services or goods are easy to establish and maintain in such an environment.
Safety and security is required to have effective governance which is mutual agreement of conduct. Relationship governance is mutual agreed for all parties. Agreements between organizations (entities) define the relationship. Policy and governance set the rules.
In a relationship driven environment (architecture), relationships between resources (services, processes, devices and entities) are defined in policy (technical and business). This is a flexible and easy solution for establishing relationships with mutual benefit. For more related to policy development see Policy Driven
Automotive Industry Business Case
Multi-Tier Business Need and Technical Challenge
Technology is impacting all aspects of society and the automobile industry is a good example. Autonomous vehicles are computers on wheels but the existing communication, computing architecture and governance models do not meet the needs of a 4th Digital Revolution.
The 4th Digital Revolution being described as a "safe and secure computing architect and communication infrastructure that supports the mutual sharing of information and services without the fear of loss of health, wealth or privacy."
Automotive Industry and the 4th Digital Revolution
Automotive industry (transportation) has many components including:
Hardware - onboard and infrastructure
Communications - between onboard devices and between infrastructure components
Security - access control, protection and information sharing
Ownership - vehicle ownership and information ownership
Governance - regulatory compliance
A digital representation of the automotive industry must consider how the core components relate to one another. The communications infrastructure must be secure with the ability to support different manufacturers, suppliers, owners and governing bodies.
Owner rights need to be respected. Vehicle owners and manufacturers must be in agreement related to information access, sharing and use. Industry and government access to data must be agreed upon and managed.
Governance exists on multiple levels and in different information domains for example city, county, state, and national governance each influence governance.
Data Sharing and Communications
The vehicles generate important information that must be shared. Vested parties need to communication to the vehicle.
Vehicle is the information device.
Our existing communication infrastructure is not secured. A lack of reliability, interoperability, data attestation, and access control are all hindrances to effective communication.
Vehicle Business Case for Information Sharing and Governance
Communications, infrastructure providers (cities, municipalities), automobile manufacturers and governance providers all interact with vehicles. A summary of communication and interactions include:
Vehicle to vehicle communication where information is passed between vehicles. Sensor information related to speed, direction, road conditions, braking, and distance between vehicles might be exchanged to minimize risk. This requires:
Secure communication between vehicles.
Onboard devices security.
Secure data sharing.
Vehicle to interested parties related to governance:
Governance where driving regulations can be communicated to the vehicle and driver.
Weather conditions warnings can be securely transmitted.
Emergency vehicles and right of way issues are transmitted.
Road conditions, restrictions and road repairs transmitted.
Vehicle communications to manufacturer such as:
Software upgrades.
Real-time diagnostic information.
Owner communications includes:
Remote start.
Remote management.
Maintenance information.
Entertainment interfaces.
Security of devices, operations, communication and access are all key issues. Architecture integration is necessary related to all devices, communication nodes, data, user access. Third party governance is important for access to maps, road conditions, regulatory compliance and much more.
The primary issues for each party is security, privacy, control and accountability. These are shared by all parties.
Vehicle Onboard Components Monitoring & Management
Securing Components
Safety and security must exist for the smallest component to the largest assembly. Devices or enterprise resources must be smart, independent, self aware, and capable of self diagnosis.
Safe and secure connectivity between enterprise resources (ERs) is an extension of safe and secure computing. There must be accountability for all data sent and received to ensure QoS.
Health requires a monitoring process that includes the gathering of operational information to set baselines. From a base line abnormalities can be analyzed and a diagnosis determined.
Automated processes must identify bad behavior and potential malicious activity to ensure the infrastructure is protected.
Communications, Vehicles, Infrastructure, & Communications need to integrate to share information and services.
The drawing above and below both address the need to have secure communication, a reliable infrastructure, relationship management (DCS), and governance with compliance.
Secure data transport, storage and use within one architecture.
Enterprise Resource Management and Operation
Secure vehicle communications communicate between internal and external resources is important important for the next generation of computing to support the 4th Digital Revolution.
A key point of ER to ER communication and operations is the need for security, data custody, and access control on a granular level.
ERs talk directly to ERs (ERs are devices, information or services).
Detailed above are key components and relationships necessary to move data securely from one device (ER) to another.
1 Protocol for any Medium
One Protocol across all Mediums
Today, communication security varies by medium type thereby creating insecurity, complexity and instability. The new communication architecture and protocol must support all the communication medium types.
Support for key technologies such as time sensitive networking (TSN) and distributed data services (DDS) is required as part of the architecture.
Governance applies to all parts of an infrastructure.
Governance - Simplifying Complexity
A new communication and computing infrastructure requires cooperation is part of governance. Governance in the new infrastructure is mutual agreement. Negotiated agreement ensures cooperation between all parties supported by compliance and accountability.
Governance applies to relationships. Relationships in a complex environment are broad and complex. Agreements related to governance for vehicles, communication, and infrastructure is required.
Detailed polices (technical and business) are built and implemented on a per sector, industry, company and unit basis. see Policy Page
Governance is Policy of Policy
Governance is policy of policy designed to ensure broad industry requirements are complied with based on industry standards.
The infrastructure supports policy and governance, it does not define governance.
Secure Relationship Protocol Network Operation System (SRPNetOS)
1 Easy to implement common architecture
SRPNetOS
Secure Relationship Network Operating System (SRPNetOS) is defined above as having Link (connectivity), Security, Operations, Relationships (DCS Based), and Resources. Each category is broken down into related components associated with tasks.
This is a simplified overview illustrating how the tasks associated with creating a Safe and Secure Automotive infrastructure starting from the simple device to the end consumer is supported by the infrastructures.
An alternative view of the infrastructure supports the automotive supply chain. Supplies on device components to vehicle assembly are definable within the SRPNetOS architecture.
SRPNetOS is one method supporting the growth of a 4th Digital Revolution. see SRPNetOS page