IoT Devices, Sensors, and Actuators Explained

IoT Devices, Sensors, and Actuators Explained

04 January 2018

The Internet of Things is taking the world by storm – but what is it exactly? In this article, we explain the Internet of Things in depth, explore the numerous devices, architectures, and applications in this exciting emerging area.


The Internet of things is defined as a paradigm in which objects equipped with sensors, actuators, and processors communicate with each other to serve a meaningful purpose. IoT could also be looked at as simply an interaction between the physical and digital world. Once stand-alone devices and applications now have the potential to be connected to a network through sensors, actuators, processors, and transceivers.


Actuators and sensors are devices that enable interaction with the physical world. For example, Moti is an actuator. Moti creates smart motors and apps for robots. Attach the smart motor to anything, add power, and Moti gives you the ability to control the item from your desktop browser. Actuators are devices that are used to manipulate the physical environment, such as the temperature control valves used in smart homes. Actuators take electrical input and transform the input into tangible action. These technologies collect a high amount of data, which can be very valuable and useful to an enterprise once it has been stored, organized, and processed.

Simply put, IoT isn’t just one technology – but a combination of various deeply connected technologies.  

IoT Devices, Sensors, and Actuators Explained

Source: Bridgera

Many challenges come with the data collection, handling, communication, and processing of the data. These IoT devices collect a high amount of information, and it is up to the end user to decide which data is relevant for their situation, which places to process or store it, and the desired communication level. Storage, pre-processing, and processing of data can be done on a remote server or on the edge of the network itself.


Sensors, actuators, compute servers, and the communication network forms the core infrastructure of an IoT Framework. At times, other pieces of technology are needed such as middleware. Middleware is software that acts as a bridge between an operating system or database and applications, especially on a network. Middleware can be used to connect and manage all autonomous IoT components.



Layer one consists of wireless sensors and actuators. Layer two includes the addition of sensor data aggregation systems and analog-to-digital data conversion. In layer 3, the data is fed to or used to improve an application.


Layer 1: Physical

Sensors collect data from the environment or object under measurement and turn it into useful data. This stage of the IoT is expanding rapidly, with robotic camera systems, water level detectors, home voice controllers, air quality sensor, smart baby monitoring devices, etc.

All of these devices will collect user data, including sign-on times, level and hours of usage, location statistics, etc. As these devices produce an avalanche of data, it is imperative that your organization chooses which data is useful and which can be ignored. Enterprises can expect a surge in data velocity, and with that surge, organizations will benefit from moving their data into the cloud. Some data should be processed immediately, i.e., time-sensitive data – threat detection, immediate crash statistics, abrupt shutdowns, etc. Otherwise, data that will undergo deep processing and analyzation should be pushed directly to the cloud, to avoid network clutter.


Layer 2: Network

Data collected from the sensors or actuators is very raw. This data has to be aggregated and converted into digital streams for further data processing. To carry out this data processing, it is imperative to use a data acquisition system (DAS or DAQ). Data acquisition is the process of sampling signals that measure real world physical conditions and converting the resulting samples into digital numeric values that can be manipulated by a computer. Data acquisition systems typically convert analog waveforms into digital values for processing.

The DAS connects to the sensor network, aggregates outputs, and performs the analog-to-digital conversion. The Internet gateway receives the aggregated and digitized data and routes it over Wi-Fi, wired LANs, or the Internet, to Stage 3 systems for further processing.

Layer 3: Application

This layer is responsible for delivering application-specific services to the user. Once data has been aggregated, cleaned, and surveyed, the information can be fed to the server to be analyzed and applied to new products and services.

Nine Use Cases Solved With Enterprise Architecture

Nine Use Cases Solved With Enterprise Architecture


What value proposition does enterprise architecture provide? Just three short years ago, the demand for Enterprise Architects was on the decline. Many people thought that the days of Enterprise Architecture were over. Digital transformation has uncovered the true value of Enterprise Architecture. With correct Enterprise Architecture Management, organizations can build a holistic view of their strategy, processes, information, and IT assets to support the most efficient and secure IT environment. The KPMG 2017 CIO survey results show that Enterprise Architecture has become the fastest growing, in-demand skill set in technology - up 26% from previous years. This article will explain the three areas where Enterprise Architects add value, and the nine commonly solved use cases.

Three Ways Enterprise Architects Add Value

Enterprise Architects add value in three specific areas: enabling growth, ensuring compliance, and reducing complexity. Companies need to innovate rapidly to stay competitive. Many organizations struggle to adopt key IT trends that carry the potential to increase their market share, including options like microservices, IoT, and cloud migration. These trends can bring considerable value by speeding up times to market, creating new streams of revenue, cutting hardware costs, and reducing costly complexity. Enterprise Architects are in the best position to help their companies navigate digital transformation – which, if done correctly, could enable their organizations to reduce cost and realize immense profits.

Enterprise Architects can place their companies on track to ensure compliance. Take, for example, the EuropeanUnion General Data Protection Regulation (EU GDPR). This regulation imposes unprecedented rules on themanagement of the personal data of the end user. TheEU GDPR proposes severe penalties for noncompliance – up to €20 million or 4% of the global annual turnover for the preceding financial year. Enterprise Architects can set the basis for clearly demonstrating GDPR compliance by ensuring all pertinent data is gathered and presented in a well-organized manner.

Finally, IT landscapes often grow uncontrolled. This uninhibited growth results in duplicated systems, generating inconsistent data, over complexity, and relying on makeshift integrations. Enterprise Architects can tackle these issues head-on by providing aroadmap for managing and reducing complexity, whichcontributes directly to reducing cost.

 The nine key use cases for Enterprise Architects.

The nine key use cases for Enterprise Architects.


1. Post Merger Harmonization

Overview of use case

Corporate and private equity executives foresee an acceleration of merger and acquisition (M&A) activity in 2018, both in the number of deals and the size of the transactions. If Mergers & Acquisitions remain on trend, close to $5 trillion will be invested worldwide. Research by Deloitte shows that almost 30% of post-merger integrations did not have the expected success. M&As often fail because the organizations involved are incapable of successfully integrating with each other, or are unable to realize the anticipated synergies. IT integrations fail for a wide range of reasons. The challenges for a successful IT integration following a merger are vast: two companies have to unify and transform their IT while keeping the business running. Varying technology objects, technology standards, and processes must be unified.

How EA and LeanIX can help

Mergers have different initial situations. Sometimes, a large company swallows a smaller one; sometimes the merger takes place between equals. The aim can be to conquer new geographic markets or gain technical capabilities. In each of the aforementioned scenarios, Enterprise Architecture can play a acrucial role in making the IT integration successful. Enterprise Architecture helps consolidate locations, helps rationalize applications, and provides the basis to select the best applications for a shared target IT landscape. This allows organizations to utilize synergies, realize savings, and strategically align their business going forward. Creating synergy between two IT departments contributes to the long-term success of a merger.

Business capabilities and user groups

One of the core views of Enterprise Architecture is a business capability matrix. Business capabilities are core elements that structure a company according to its activities.

During a merger, capability maps can help define activities that need to be fulfilled independently of processes and organizations. Capability maps assign applications to user groups and business capabilities even if the organizational structures and procedures of the two companies are very different from each other, which is very beneficial in organizing M&As. This overarching view of applications and their contributing business value makes it possible to assess redundancies and gaps in IT support in both dimensions - functional and usage.

Record initial state of IT Landscapes

During an M&A, recording the initial state of both IT landscapes is critical. LeanIX helps you to answer essential structural questions, including the following:

• What systems of record does each company have?
• Where are which master data stored?
• What are the locations of each supporting data center?

Use LeanIX workflows, such as the Survey Add-on, to gather all of this information and save it in the LeanIX repository. LeanIX’ software serves as a strong, referenceable, accessible single repository of truth.

Assess different target application landscapes

Enterprise Architects help to plan the optimum target landscape. Should one IT landscape be absorbed? Should we cherry-pick the top-performing applications of both companies’ IT landscapes? To support this decision, Enterprise Architects may use LeanIX’ software to run an elaborate analysis of the functional and technical fit of each application and to propose a solution from concrete data.

LeanIX customer Helvetia was able to reduce redundancies and realize substantial savings in the merger with Nationale Swiss. In its half-year report, Helvetia reported IT as a major contributor to these savings. The establishment of transparency was a crucial first step toward doing so. Today, the established LeanIX inventory serves as the single source of truth that strategic IT management decisions are based upon. The report on the next page shows an exemplary overview of a target portfolio.

 LeanIX Application Portfolio Report

LeanIX Application Portfolio Report

2. Application Rationalization

Overview of use case

As the business side primarily focuses on driving economic growth, it often overlooks the need to align the supporting IT landscape. Consequently, various applications are often introduced at different points in time when requested by different teams. What the business side fails to notice is that having an IT landscape full of applications with overlapping functionality, different lifecycles, and redundant technologies often result in significant integration issues and business-wide inefficiencies. Running a complex, rigid IT ecosystem increases IT spend by hundreds of millions of dollars, while directly decreasing the quality of service and satisfaction of those who rely on it.

LeanIX internal research indicates that large enterprises (with >€1 billion annual revenue) have an average of 650 applications deployed at one time. The 10% largest companies have a staggering average of 3400 applications deployed simultaneously. Currently, 75- 80% of IT budgets are spent on operating legacy systems and managing applications. Not all of these applications are mission critical.

To stay abreast of current innovative trends, provide first-class customer service, reduce cost, and scale globally, enterprises benefit from having a thoroughly rationalized application landscape. While application rationalization endeavors require an initial investment, the savings greatly outweigh the initial investment. Infosys reports that application rationalization can lead to the cost-saving of more than US $2 million in a single enterprise.

How EA and LeanIX can help

According to a study by Capgemini, 48% of CIOs believe that there are more applications in their portfolio than the business actually requires. While the business side approves the purchase of applications left and right, Enterprise Architects can embark on optimizing the application portfolio.

First, Enterprise Architects can capture all key information about all deployed applications and load them into the LeanIX software. From this organized view of the entire inventory of applications and their direct business value, Enterprise Architects can set the scope of the application rationalization project and prioritize it, e.g., starting with a specific core process or one entire business unit, depending upon the operating model of their company.

From there, Enterprise Architects can use the application matrix and application rationalization surveys from LeanIX software to quickly assess the usefulness of applications and make data-driven recommendations on which applications to tolerate, invest in, migrate, or eliminate (TIME method).

Finally, Enterprise Architects will have the information to plan a roadmap to implement the rationalization project through consecutive decommissioning projects. This roadmap can also be used as a future standard to use as a bargaining tool to decide whether new applications are necessary or not.

Fast facts about potential savings from application rationalization:
• License optimization results in 30% savings on licensing costs.
• Over 20% of applications are unused and can be retired.
• At least 10% of IT project cost can be avoided by project rationalization.
• Operational support cost can be reduced by 20%.
• Vendor consolidation can reduce the TCO of applications by 22-28%.

Application Rationalization Case Study:

Over the years, NORMA Group, a recognized leader in engineered joining technology solutions, has acquired more than 13 companies with no standard IT integration plan for their IT landscape. As a result, their application landscape grew more complex and redundant. In 2014, the management board of NORMA Group decided to harmonize business and technology on a global scale to prepare for further growth. After loading all of their information into LeanIX software, NORMA realized that they had incredible redundancieson their IT landscape.

NORMA is now in the process of moving to a standardized global portfolio and has consolidated ERP solutions. Application rationalization has uncovered an enormous saving potential. NORMA Group credits its quick results to the ease of use and guided implementation from LeanIX. The below report shows the LeanIX ApplicationMatrix, a great way to start any redundancy analysis.

 LeanIX Application Matrix report

LeanIX Application Matrix report

3. Integration Architecture

Overview of use case

As valuable applications rarely live in isolation, integration architecture is key. The average enterprise has from 600 to 3400 applications, depending on the size. To select the best-fit application solution for a specific capability, sometimes, the applications are custom-built, some may be off the shelf, and some may have a combination of both. This leads to a tricky integration situation. For example, eCommerce shops need to integrate directly with inventory systems; calendars need to be synced to HR applications, marketing applications should sync to the CRM, and so on and so forth. Applications provide the most value whenever they are working together to produce seamless solutions.

Unfortunately, enterprise integration is no easy task. By definition, enterprise integration involves multiple applications running on multiple platforms in different locations, making the term “simple integration” outright impractical. It was reported that 70% of all integration

projects fail. Most of these failures are not due to the software itself or technical difficulties, but due to management issues, constantly changing applications, unclear standards, and unclear accountability; many departments have conflicting requirements.

McKinsey found that IT staff can spend up to an overwhelming 30% of its development time on applications and making all of their interfaces work, mainly because customized applications have so many point-to-point interfaces.

How EA and LeanIX can help

With the help of LeanIX software, Enterprise Architects can document integrations between applications, data flows, and interface technologies. This helps to kickstart integration projects and allows for better decision-making in integration architecture projects. Enterprise Architects have a unique cross-company view, which puts them in the best position to advise teams on the proper design of application integrations. From this holistic view, Enterprise Architects can design and implement integration solutions. The majority of integration projects consist of a combination of various types of integrations. Common scenarios include information portals, data replication, shared business functions, or a service-oriented architecture.

Enterprise Architects can introduce particular concepts such as the Enterprise Service Bus (ESB). This standardized interface can greatly ease the burden of system integration and minimize the chore of dealing with frequent local changes. An effective enterprise architecture team is needed to govern the optimized use of IT and other resources, to drive strategic initiative and promote reuse, to standardize and rationalize the use of middleware and beyond.

With the help of LeanIX, Enterprise Architects can manage integration standards. With the invention of XML, XSL, and Web services, there are many advanced standards-based features in an integration solution. However, the hype around Web services has paved the way for a new marketplace filled with supporting “extensions” and “interpretations” of the standards - all of which need to be managed.

Enterprise integration requires a significant shift in corporate politics. Business applications generally focus on a specific functional area, such as Customer Relationship Management (CRM), Billing, Finance, etc. Successful enterprise integration needs to establish communication between multiple computer systems and between business units and IT departments. In a fully integrated enterprise, each application is looked at as part of an overall flow of integrated applications and services.

EAs using LeanIX software have helped customers to:

  • Reduce Cost – Through data and interface consolidation opportunities. Each reduced point-to-point interface is estimated to save thousands of dollars – through lowering maintenance costs, or identifying points of failure due to a high number of interfaces.

  • Reduce Risk – Through better data management and the additional securing of highly interdependent applications.

  • Increase Agility – Through the faster initiation of integration projects and advice on the integration architecture patterns best suited to specific measurements. These savings are estimated to save thousands of dollars.

    The report below shows an overview of a data flow between multiple applications.

 LeanIX Data Flow Report

LeanIX Data Flow Report

4. Technology Obsolescence

Overview of use case

Across all industries, organizations are becoming increasingly reliant on technology to run their operations and provide services. How organizations handle their technology risk can have a significant impact on their operations. Technological risk takes on many forms: IT outages, legacy applications, and their supporting infrastructure lead to data breaches, and the damages can be staggering. A study has estimated the average cost of one hour of IT outage at € 140,000. In the case of data breaches, costs are even higher: on average, the cost of a single data breach amounts to US $3.5 million

The six hidden costs of obsolete technology:

1. The inability to support business
2. Higher complexity
3. Security vulnerability
4. Compliance issues
5. Lack of skill and support from vendors
6. Lower IT flexibility

The 20 largest technology vendors alone provide over a million different technology products, and their components change daily. New versions need to be tracked, lifecycle information changes and certain components need to be upgraded. Every day, the information about 2,500 products changes. This is too much information to keep track of manually.

How EA and LeanIX can help

Technology risk management is a broad, complex topic that cannot be solved by manual data maintenance – no matter how great your team is. With the help of LeanIX software, Enterprise Architects can quickly source up-to-date technology product information. This information is essential when assessing the risk of the application landscapes, and to plan, manage and retire technology components in a smart way.

LeanIX teamed up with BDNA, creators of Technopedia, the most complete and authoritative enterprise IT data worldwide, to provide a comprehensive technology data basis. Technopedia automatically updates over a million products and more than 50 million market data points. This up-to-date information feeds directly into LeanIX and presents your organization with up-to-date, high-quality data about your technology. Access to current data prohibits disconnected information silos, lack of integration, and incomplete data about technology.

Efficient technology risk management with LeanIX

LeanIX provides smart matching algorithms to cleanse existing data sets. This enables your company to have a quick start in identifying obsolete technology. The LeanIX reports help you to highlight applications that are built on outdated or risky technology visually. The LeanIX software provides the platform to combine all the critical information about each technology object in one place. With our software, you can establish, strengthen and complete your information base with quantitative and qualitative information.

Our software will help you answer pertinent questions like:

  • Does the app need tech upgrades to ensure ongoing support of business requirements?
  • What is the life-cycle of this application?
  • What are the application response times?
  • Are response times bad compared to other applications?
  • Did the application have an increasing number of outages over the last year?
  • Is the system prone to incidents?
  • How many users are affected by a potential outage?
  • What revenue impact does an application outage have?
  • What are regulatory or compliance impacts?
  • Does the technology risk result in an inability to meet needs for further business growth?

    All these questions can help you rate the technical fit of applications on a four-star scale based on easy to understand definitions.

5. Data Compliance

Overview of use case

Staying compliant is costly, but fees for noncompliance even higher. Studies show that regulatory compliance costs businesses a collective $1.86 trillion. Compliance can cover many focus topics, but with data hacks being reported on a consistent basis, new security regulations are being proposed and enforced.

Take EU GDPR for example. On May 25, 2018, the EU General Data Protection Regulation (GDPR) comes into force. Under this regulation, any company regardless of size and location that processes the personal data of EU citizens will have to comply with EU GDPR. The GDPR has numerous advantages due to the standardization it entails, but for many businesses, the regulation presents them with a drastic change in how they approach data management.

How EA and LeanIX can help

The key to GDPR compliance is having a clear overview of your organization’s data. The EU GDPR requires organizations to provide a mandatory Data Protection Impact Assessment (DPIA). After the enforcement date, your organization will need to know which data is collected, how it is processed, where it is stored, and how to quickly access the data to make key changes. Collecting this information can be a daunting and time-consuming task, and you may not have all of the information that you need.

Enterprise Architects are in a good position to demonstrate GDPR compliance. With the help of LeanIX software, you can easily establish GDPR stakeholders within the company, identify which data is personal data, detect and assess risk, and define checks and implement measures to ensure continued compliance.

LeanIX software will help you easily identify the information you need to stay compliant with GDPR. Our survey feature provides you with the tools to answer key GDPR compliance questions such as the following:

• Who is responsible for the processing of personal data?
• Which applications use these data?
• Are they additionally processed and stored outside the EU?

After identifying the responsible GDPR stakeholders, they can quickly fill out a questionnaire and provide you with the required information to demonstrate compliance for each application. The Subscriptions feature helps to identify the responsibilities of individual stakeholders concerning a specific object. Subscriptions can also be used in the filter and the Survey add-on, so you can filter, e.g., for all data objects for which a certain user is the data owner.

LeanIX enables you to identify all data that is defined as Personally Identifiable Information (PII) according to the GDPR. After classifying the contents of data, determine their level of privacy sensitivity, and categorize them as public/unclassified, sensitive, restricted, or confidential. LeanIX also provides Heat Map reports in this phase as it will help you localize any applications that process sensitive data and enable you to clearly identify business capabilities that use the applications in question.

Following these steps will prepare you for the mandatory DPIA assessments from GDPR. Being prepared for this DPIA will put you in a better position than 50% of businesses worldwide. A current Gartner study shows that around 50 percent of all organizations will not fully meet the new EU General Data Protection Regulation by the end of 2018. These organizations don’t know where to start. LeanIX will guide you through the process, saving you the potential of paying exorbitant fines. Find below a sample IT security survey.

 LeanIX Survey about IT security and compliance

LeanIX Survey about IT security and compliance

6. Standards Governance

Overview of use case

The use of standardized information technology in large corporations has measurable benefits: reduced training time and costs, lower support and maintenance costs, better bargaining power with a smaller number of vendors, and enhanced communication.

Standardization often goes hand in hand with centralization, the process of giving your IT department more control over purchases of hardware and software, as every new piece of software equipment you add to your IT arsenal can require installation, maintenance, staff training, repair, patches, upgrades, etc.

Standardization can have its drawbacks as well, as technologies change very quickly, and processes must update when technology is updated. To stave off killing innovation, companies also use alternative concepts, like radical agility. Radical agility, a term coined by LeanIX customer, Zalando, is an architectural concept that builds on a service-oriented architecture. This method allows engineers to get work done while management gets out of the way. The radical agility approach is based on three pillars: autonomy, mastery, and purpose, all bound by organizational trust rather than command and control. Being open and adaptive to new technologies is crucial to both your organization’s mission and its ability to operate efficiently. Similarly, being flexible when it comes to individual preferences — whether it is working on a specific platform or using a particular spam filter — can help employees work better and encourage creativity.

For these reasons, it is important to adopt a standardization policy that fits your situation and needs. How can enterprises improve good governance while staying agile simultaneously? LeanIX can help steer you in the right direction.

How EA and LeanIX can help

LeanIX can help you to document your technology standards in a transparent and efficient manner. First, it is important to create company-wide standards and make them accessible. Then, identify the use of non-standard technologies. Find out why these technologies have such an exceptional usage. From there, plan standardization guidelines that best fit your company.

In the LeanIX software, you are able to note important information for each technology in an organized manner:

  • Create IT component Fact Sheets for every standard with a defined lifecycle, and add a “standard” tag
  • Set a successor in the case of outdated technology
  • Define a Tag Group for all with a necessary Standard status (e.g., leading technology, exceptional use, sunset)
  • Add a “Standard” Status Tag to each standard IT component Fact Sheet
  • Create a Technology Stack for the whole list of standards (e.g., databases, application servers, methods)
  • In combination with an ITSM solution, like ServiceNow, Enterprise Architects can make sure that only standard technologies that are overseen by the EA are deployed

    Additionally, LeanIX also supports the concept of a radical agility architecture. LeanIX allows you to plan and manage a service-oriented architecture, such as microservices; see the microservices use case. For the concept of radical agility to work, standardized interfaces are needed. Their management is also a key strength of LeanIX; see the integration architectures case.

7. Monolith to Microservices

Overview of use case

Rapidly accelerating digitalization is forcing many businesses to rethink their architectures. To meet the constantly growing expectations of technology-savvy customers, companies must ensure that their products are available on all digital channels and as quickly as possible.

Over time, monoliths develop very complex structures that make it increasingly difficult to perform changes quickly. Moreover, scaling cannot be limited to individual parts but must be applied to the entire application. One way to reduce throughput times is to introduce a microservices architecture in software development.

Microservices break down monoliths, which allows for rapid changes and short release times along with high scalability and autonomous teams. Companies that use microservices deploy new software releases five times faster than those that do not use microservices.

However, even companies that have adopted microservices still have the same hurdles as companies that have not adopted them - legacy issues and missing information does not get easier.

How EA and LeanIX can help

In a microservices organization, state-of-the-art EAMcan create more added value than ever. Although it is not always easy for companies to introduce microservices, there are excellent reasons to do so. Allan Naim, Product Manager Container Engine and Kubernetes at Google, predicts that in the not-too-distant future, every organization, no matter the industry or sector, will become a software company. Customer data is becoming as valuable as products and services.

LeanIX forms the link between the individual teams and technologies and provides an overall view of the system. LeanIX software offers all employees up-to-date access to information on the IT landscape in their personal context, which is a basic requirement if a microservices architecture is to work.

As a single instance of truth, all important information about the microservice can be stored in LeanIX in an Application Fact Sheet. Dependencies are reflected as IT Components and will be automatically linked to the Application Fact Sheet. This allows you to automatically transfer the information from development environments into the LeanIX repository, and enjoy a holistic overview of the microservice landscape.

8. Cloud Transformation

Overview of use case

Cloud paves the way for new service-driven business models, which in turn create high business value and unprecedented levels of customer satisfaction. Cloud computing has the potential to bring many benefits including cost-savings, efficiency improvements, increased time to market, shortened development cycles, and the ability to scale at demand. Enterprises can also dramatically improve asset utilization, reduce operational expenses, and redefine IT staff relationships after moving to the cloud.

Gartner analysts believe that by 2020 a “no-cloud” policy will be just as rare as a “no-internet” policy is today. Unfortunately, often companies do not know how to set up their cloud endeavors. Cloud has become a key determinant of IT and business strategy. Over 60% of companies are planning to heavily intensify the usage of cloud solutions. However, complex business landscapes and rapidly changing infrastructure pose a serious obstacle to mastering cloud transformation.

To successfully move to the cloud, major organizational, operational, and technical modifications are required. Numerous influencing constraints occur along the way, including budget limits, need of exponential scale, growing complexity in company policies and external regulations. Enterprise Architects need to be able to implement a roadmap from legacy infrastructure to the cloud.

How can EA and LeanIX help?

LeanIX software will also help you govern and improve your cloud endeavors. Enterprise Architects are in the best position to evaluate the organization’s cloud readiness. Cloud transformation concerns the transformation of the entire business model and presents a new way of working.

Enterprise Architects, as a first step, evaluate cloud readiness ask the following questions: Is the current status mostly on-premise IT? Are some services already outsourced? Is DevOps in use? Do the capabilities to manage private, public, and hybrid clouds exist?

From here, Enterprise Architects may design the target cloud architecture for their prospective companies. For a successful cloud transformation, a wide variety of factors should be considered: current and future capabilities, the application portfolio strategy, operational and organizational questions related to people and processes, as well as cost metrics.

With the help of LeanIX software, Enterprise Architects can define target capabilities, decide which applications will move to the cloud, and which applications should stay on internal databases. LeanIX has helped many companies transfer their appropriate applications to the cloud. Our software will prompt you to answer and record dire questions to prepare for cloud transformation.

9. IoT Architectures

Overview of use case

Gartner reports that 20.4 billion connected “Things” will be in use by 2020. While the world finds space in their personal lives and homes for smart accessories, Enterprise Architects should look into how theInternet of Things (IoT) can benefit their organizations. IoT brings shorter times to market, provides real-time Big Data insights, enables new services and business models, and reduces cost. With all of the potential, there are also five significant challenges that face the IoT:

With data breaches occurring almost weekly, security is a crucial issue and proves to be a significant challenge for the IoT. Poorly designed devices can expose a user’s data to theft, harm their personal safety, and pose a significant risk for rights violations.

The United States Federal Trade Commission has outlined a list of concerns about the security and privacy of connected and embedded devices. The FTC went on record acknowledging that IoT devices are capable of collecting, transmitting, and sharing highly sensitive information.

Standards and regulations
As a brand-new technology framework, the IoT world has a lack of set standards. This lack of documented standards leaves the door open for inappropriate behavior by IoT devices.

Gartner research analysts claim that “through 2018, half the cost of implementing IoT solutions will be spent integrating various IoT components with each other and back-end systems. It is vital to understand integration is a crucial IoT competency.”

Adapting to a different IT architecture can prove to be difficult. Having an IoT roadmap will keep you from adding valueless technology to your landscape.

How EA and LeanIX can help

In this digital age, progressive companies are looking for ways to manage risk, not to avoid it altogether. Enterprise Architecture can directly contribute to a beneficial IoT roadmap by managing the risks through defining relevant business capabilities; defining the scope of retirements and new applications; ensuring the proper interoperability of applications; driving and tracking transformation progress in projects, eliminating security risks; and establishing relevant data for future business decisions.

A Business Capability map provides the basis for creating a clear business and IT alignment. Business Capability maps help to define a list of priorities for application support, draw a common language between business and IT, and relate IoT requirements to existing business capabilities. With the LeanIX business capability map, Enterprise Architects can identify the current applications supporting the IoT capabilities, detect gaps in the application support, evaluate the quality of capability support based on defined criteria, develop requirements for existing applications, and identify the need for enhancements or new applications.

With the help of LeanIX software, Enterprise Architects may:

  • Identify conflicts in requirements between different projects regarding the same applications,
  • Plan and track application transformation (phase-ins of new applications and retirements of legacy applications)
  • Build future scenarios for the application landscape
  • Evaluate technology risk for applications and business capabilities based on the underlying IT components
  • Identify the IT components to be replaced in order to mitigate security risks.


As digital transformation makes business morecomplex, it is important to rely on a professional EAMtool to support your business endeavors. Using self- made tools like Excel and PowerPoint are initially attractive because of the low start-up cost, easeof use, and minimal training required due to theirfamiliarity, but they pale in comparison with using a specialized EAM tool. Enterprise Architects can utilize LeanIX to solve the most common use cases and bring measurable value to their organizations. LeanIXhas helped enterprises gain transparency in theirapplication landscape, save millions in cost, and avoid costly compliance penalties.

The Road to GDPR: The Continuous Reform of EU Data Protection Rules

The Road to GDPR: The Continuous Reform of EU Data Protection Rules

There's no question - The European Commission cares about the protection of your data. From early 2012 until now, the European Commission, the Council, and the Parliament has continually met to update the laws and regulations regarding the data protection of its citizens. 

In this article we summarize the comprehensive history of EU data protection.

25 January 2012, the European Commission proposed a comprehensive reform of data protection rules to increase users' control of their data and to cut costs for businesses. This EU Data Protection Reform consolidated the confusing and costly administrative burdens and saved businesses upwards of €2.3 billion per year.

13 May 2014, the Court of Justice of the European Union acknowledged that under existing European data protection legislation, EU citizens have the right to request internet search engines to remove search results directly related to them. This sparked a lively debate on the “right to be forgotten.”

15 December 2015 - With technology rapidly changing and digitalization affecting the way our data is manipulated, the European Parliament, the Commission, and the Council met again to reform the EU data protection law. The particular reform included directives to protect citizens’ fundamental rights, including the personal data of victims, witnesses, and suspects of crime.

18 December 2015 - These changes were also welcomed by the European Council as a major step forward in the implementation of the Digital Single Market Strategy.

6 May 2015 The Digital Single Market Strategy was officially announced. The strategy was made up of three pillars -

  • Access to online products and services
  • Conditions for digital networks and services to grow and thrive
  • Growth of the European digital economy

The Digital Single Market Strategy did away with the expensive EU roaming charges and valued the European trade markets as the highest in the world for online businesses.  UK shoppers are estimated to have spent €153 billion online in 2016. During the same time, the US spent €363 billion online. Today, the EU online spend is valued at just under €500 billion, a figure expected to double by 2020. According to the Juncker Commission, a fully functional Digital Single Market could contribute €415 billion per year to the EU economy.

8 April 2016, the Council adopted the Regulation and the Directive. And on 14 April 2016, the Regulation and the Directive were adopted by the European Parliament.

On 4 May 2016, the official texts of the Regulation and the Directive have been published in the EU Official Journal in all the official languages. While the Regulation will enter into effect on 24 May 2016, it shall apply from 25 May 2018. The Directive was enforced on 5 May 2016, but EU Member States have two years to transpose it into their national law by 6 May 2018.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA.

Just in the past 4 years, the EU has enacted many laws and regulations to protect consumer data. This means a lot of changes for IT specific companies, including timely breach notification, right data to access, the right to be forgotten, and privacy by design. These regulation changes bring a lot of network and framework changes for your IT landscape. 

Is your company ready for General Data Protection Regulation (GDPR)? Take our GDPR Readiness Test to find out your next steps to mastering GDPR compliance. 

Are Your Cloud Apps GDPR Compliant?

Are Your Cloud Apps GDPR Compliant?

As you may know, the EU's General Data Protection Regulation (GDPR) will be in full effect on May 25, 2018. As we discussed in a previous article, the aims of this regulation are to protect the fundamental rights and freedoms of natural persons and to also ensure their right to protection of personal data as well as the free movement of said data.

The date may seem far away, but it gives just enough time for your organization to make the proper changes in the IT framework to comply. Gartner predicts that by the end of 2018, more than 50 percent of companies affected by the GDPR will not be in full compliance with its requirements. In order to subvert hefty fines and tarnished reputations - organizations should prepare for the regulation now.


  1. The GDPR gives individuals rights to a copy of their personal data, an explanation of the categories of data being processed (e.g., location data, browsing history, demographic data, voice data), the purpose of the data processing, and to name any third parties that might receive that data.
  2. Individuals will have the right to erase personal data that is no longer relevant to the reason it was collected. For enterprises, this means data needs to be removed from all databases, including backups, archives and anywhere else that it is stored.
  3. Individuals have the right to rectify their personal data - and these changes must be reflected in all databases.
  4. Individuals have more say in the processing of their data. They may require that irrelevant data is deleted, and relevant data is simply stored and not processed.
  5. Individuals have the right to a copy of their data.
  6. Organizations now have to ensure:
    • Sensitive personal data is encrypted/pseudonymised
    • Processing systems and services maintain data confidentiality, integrity, and availability
    • Deleted or lost personal data can be restored in a timely manner in the event of a physical or technical incident
    • Security measures are routinely tested for competency
    • Breach detection and prevention tools are in place
  7. Individuals have the right to be immediately notified when a breach has taken place. 


According to Netskope Cloud Report, the average European enterprise is using 608 cloud apps. Going forward, it will be imperative to know which apps meet GDPR security standards and take measures to exclude the applications that do not. GDPR requirements include greater data access and deletion rules, risk assessment procedures, gives individuals the right to alter their data.

An Enterprise Architecture Management tool such as LeanIX will help you uncover vulnerabilities and systematically follow up on their correction. Visualization tools such as the LeanIX Heat Map can provide information on business-critical consequences for your company in the event of an application failure or hacking attack.  


After the GDPR is in place, it will be imperative to display how you process personal data, how you handle risks and what measures for damage limitation you have implemented. The latter is especially relevant when you conduct a DPIA - which the GDPR requires for every implementation of a new system that uses personal data. The LeanIX Inventory View function demonstrates your GDPR compliance by providing a quick and clear overview in table form of all applications, interfaces, data objects and technologies in your IT landscape.

As you can see, compliance with the GDPR will take measurable time, expertise, and implement many changes in the IT landscape. Is your company ready for these changes? Learn how to Master the GDPR with Enterprise Architecture.

6 Major Changes That GDPR Brings to Your Company

6 Major Changes That GDPR Brings to Your Company

Many companies incorrectly believe that the GDPR doesn’t affect organizations outside of the European continent. Nothing could be more incorrect.

The European Union's General Data Protection Regulation, which will be enforced beginning in May 2018, will affect all organizations that handle Europeans' personal data - no matter where it is stored - Ohio, Singapore, or São Paulo.  

What is GDPR?

The aims of the regulation are to protect the fundamental rights and freedoms of natural persons and to enshrine their right to protection of their personal data as well as the free movement of these data (see Art. 1 GDPR).


This regulation calls for a level of access and transparency like never before required. To comply with the General Data Protection Regulation, there are six major areas that companies will have to consider:

  1. Data protection through technology - Art. 25 GDPR
    Companies are required to define internal strategies and initiate steps to ensure data protection through technology (by design) and as a standard approach (by default). Possible measures include minimizing and pseudonymizing the processing of personal data.
  2. Heightened Accountability - Art. 5 GDPR
    Companies are required to ensure and demonstrate adherence to data protection regulations, for example through certification.
  3. Immediate notification requirements - Art. 33 GDPR
    Companies are required to report data breaches within 72 hours, to the competent supervisory authority and the affected data subjects. Failure to do so may lead to fines of up to 20 million euros or 4% of the company's global annual turnover.
  4. Data protection officer - Art. 37–39 GDPR
    According to the GDPR, the data protection officer's responsibilities include informing and advising the data controller or processor and the employees who carry out processing; monitoring compliance with the GDPR and national data protection provisions; awareness raising and training; providing advice as regards the data protection impact assessment and monitoring its performance; and cooperating with the supervisory authority.*

    *Want to know if your company is required to appoint a DPO under the EU GDPR? Check out our DPO decision tree to find out. 
  5. Data Protection Impact Assessment (DPIA) - Art. 35 GDPR
    A DPIA must be performed "[...] where a type of processing, in particular, using new technologies, and taking into account the nature, scope, context, and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons [...]". The data protection officer analyzes the risks of the process together with the technology owners and then submits a declaration on the legality of the data processing.
  6. Penalties and fines - Art. 83–84 GDPR
    More severe fines and penalties are designed to deter companies from infringing against data protection regulations and to make companies more aware of the fact that offenses also violate the EU Charter of Fundamental Rights. Fines of up to 20 million euros or, for companies, up to 4% of annual turnover in the previous business year may be levied. Other penalties, such as seizure of profits, injunctions to end infringements, and permanent prohibition of data processing may also be imposed.

Which barriers are organizations facing in implementing GDPR protocols?

Companies face organizational and bureaucratic changes to prepare for and continually comply for GDPR. The General Data Protection Regulation forces businesses to be more transparent with the way they handle data. Data flows must be visible, and easily accessible to the end user. Companies previously over-collected personal data of the end user without a true purpose for the data. GDPR allows for a close examination of what data is being collected and for which purpose. The GDPR encourages a more regulated approach to the treatment of personal data.

The GDPR has numerous advantages due to the standardization it entails, but for many businesses, the new regulation is both a blessing and a curse. Learn how to prepare your company for the GDPR here.