Architecture is the structure of components and their integration into the system. A program’s software architecture or a computerized system can be described as the structure of the said system’s software components as well as its visual properties and how they relate with each other to make the system functional (Bell 2010). Software components consist of simple programs, complex middleware components and databases. There are also several external software components for the system. These include the software characteristics and the service providers. The software requires simple calls or even complex network protocols to interact effectively with each other.
This paper seeks to put into focus SuperMediCO, a major health care business running multiple hospitals and clinics around the globe. The business has a software development department charged with the responsibility of controlling and running its information systems (Boehm 2007: p. 67). This department is regarded as one of the most important in the hospital. The department also analyses and implements software development projects in the hospital. Functional information systems are of great importance to such a vital business in society. This is to improve emergency response as well as improve service provision within the business. It is the department that is charged with the responsibility of ensuring that this happens in the organisation.
Software Architecture: An Overview
Software architecture facilitates communication between stakeholders in the system. Good and functional software architecture will enhance information sharing in the system (Singer 2009: p.27). This will significantly help in reducing delays in the provision of services in the system as well supplement human activities in the system. Appropriate software architecture also makes the system easy to understand and operate for the end-users. Users easily comprehend the different components in the software and how they interact to bring about favourable results. Implementing software architecture in SuperMediCO hospital will improve service delivery and promote the involvement of stakeholders in running the affairs of the organisation. Information security, as well as physical security, will also be enhanced.
In the case of SuperMediCO, knowledge of the existing software architectures will enable the software developers to come up with a suitable design that addresses the issues in the business promoting its smooth running. It is to be noted that each organisation in contemporary society has unique needs to be addressed by the software architecture. As a result, software architecture should be tailored to the needs of that particular organisation.
In other words, each organisation should be treated individually and as a unique case. This will go a long way in promoting the businesses’ service delivery as well as its competitiveness in the market. The various stakeholders stand to benefit from such a development too. For example, patients will benefit from improved services. Information handling will also be made easier in the organisation.
Stakeholders in Development and Operation of New Systems
There are five major stakeholders in software architecture. These can be said to be the individuals directly affected by the development of these new systems. The stakeholders are analysed below:
One such stakeholder is the client. It is noted that clients are important stakeholders in the development of new systems in any given organisation. It is the clients who are the sponsors of the project (Ousterhout 2006). These individuals commit their capital to oversee the installation as well as the functionality of the system. In the case of SuperMediCO, the owners of the business may be the sponsors of the software architecture. They provide the capital needed as well as labour to implement the new software architecture in the business.
Project managers can also be regarded as key stakeholders in the development of new software architecture. They are charged with the responsibility of identifying the various types of software architectures and their suitability in line with the nature of the business. This is because as stated earlier, the needs of each organisation are unique and the selected software architecture has to reflect this uniqueness.
The project managers charged with the responsibility of overseeing the implementation of the new system should consider its ability to positively impact healthcare service delivery (Singer 2009: p. 27). Project managers may be picked from the SuperMediCO software development department. This is considering that there are several specialists already working in the department.
System Analysts as Stakeholders
System analysts are also important stakeholders in the development of new systems. They look into the suitability of the new system in improving the older systems or completely replacing them. The analysts look into the expected trends in the future of the business and recommend suitable architectural designs. Analysts are usually experts in this field and have accumulated adequate knowledge over a long period. Analysts should make informed decisions as to which network architecture to implement (O’Reilly, 2006).
Programmers as Stakeholders
Programmers are also important stakeholders in the new systems. They are charged with the responsibility of implementing the decisions made or ratified by all the other stakeholders. They are people equipped with knowledge and skills involving software architecture (O’Reilly 2006: p.22). They integrate the various components of the software involved to produce desirable results. The SuperMediCO management may opt to hire such individuals in case none of their employees possesses the expertise. These individuals are not charged with decision making but rather the implementation of the recommendations made by the clients, the project managers and the system analysts.
Users of the System
The users of the system are also important stakeholders in the development of the new systems. It is important to understand that new systems are developed to suit the needs of the end-users. The plight of the users should therefore be considered first when making any decisions involving the development of the new systems. In the case of SuperMediCO, the term users can be used to refer to the members of staff. The system should allow them to update the information if the need arises. The software architecture implemented should therefore aim at meeting their individual needs as much as possible (Ousterhout 2006).
Types of Conventional Software Architecture
Software architecture can assume many styles and models. However, all architectural types should contain all the elements that are necessary for a system to be fully operational. These components include programs, databases, connectors to establish communication and connectivity between the components in the system and semantic models to help the designer understand the model (Boehm 2007: p.67). There are four main styles employed in software architecture. These are analysed below:
Styles in Software Architecture
This is applied when data is accessed and shared by the system’s clients. Clients have authority over the data, and they can update, add or even delete shared data. Clients can be easily added or removed from the architecture.
The architecture is not without its share of risks and challenges to the various stakeholders. For example, this architecture poses a risk to the business because it allows many individuals to access the system’s database (O’Reilly 2006: p. 22). Attacks from hackers and crackers can also occur hence posing a danger to the business. The information and data of the organisation are no longer assured in this architecture. Considering SuperMediCO is a healthcare business, a data-centred architecture means that anyone can access the available medical reports and alter them. Client’s confidentiality should also be considered.
Data- Flow Architecture
Data-flow architecture inputs data flow through the various system components to produce the desired output (Boehm 2007: p. 67). Its operations are based on a pipe-and-filter model whereby the filters are interconnected by pipes. These filters support both input and output data and can be independent of each other. Like the data-centred architecture analysed above, data-flow architecture also has several weaknesses. For example, the architecture cannot be considered secure enough since unauthorized persons can use the system. Such a system can also pose a danger to the clients and genuine users of SuperMediCO’s new system.
Call and Run Architecture
This architecture comprises two different versions. These are the main program and subprogram architectures. In such an arrangement the main program invokes several other subprograms that in turn invoke other components. It follows a hierarchical order in its operation. The model can also take Remote Procedure Call architecture. This model can also be referred to as a client/ server model. The main program and its subprograms are spread across computers connected to a network (Singer 2009: p. 27). This software architecture model is however complex and may not favour SuperMediCO since the users may have a hard time operating the system.
This model involves the division of the software architecture into different layers. Each layer is charged with the implementation of certain functions. The layers range from a core layer to an application layer. The outer application layer interfaces with the end-users of the systems while the inner core layer deals with operating system interfacing (Singer 2009: p. 27). The architecture is hierarchical in a way that the application layer serves the users while the core and intermediate layers are used by the system administrators. The intermediate layer provides interaction between the core and application layers.
This architecture has several advantages over the others discussed above. For example, the users of this system are limited to performing only specific tasks that the system has allowed them to access. It also protects the system from the intrusion of unauthorized persons (Boehm 2007: p. 67). It is also easy to implement security measures in this architecture. The architecture is the most appropriate one for the SuperMediCO business. This will create a user interface for the staff and clients of the healthcare business. The business administration on the other hand will be able to control the flow of information in the system as well protect confidential information from leaking out to third parties that may use it against the business.
Web 2.0 Architecture
Web 2.0 can be said to be a revolutionist concept. It is regarded as the new dawn on the internet which allows internet users to participate actively in the development and creation of webpage’s content. Web2.0 supports applications that enable activities such as information sharing, interoperability and user-generated content and collaboration. It has led to the emergence of applications such as social networking and blogs as well as e-business applications. Web2.0 is however not provided as a complete system and is provided through specialized technologies. Web2.0 architecture provides a higher-level view of the whole system (O’Reilly 2006: p.22).
The Web2.0 architecture provides the basis and foundation for architects to map their requirements. The web 2.0 architecture has several components that make it operational. These components include the resources, services, client application tiers and the development and governance tools. These tiers are interconnected to supplement each other (O’Reilly 2006: p. 22). The web2.0 architecture unlike other architectural types is implemented over the internet and users have to log in to the World Wide Web to be able to enjoy the privileges that come with the Web2.0 architecture.
The Web2.0 is also equipped with record-keeping applications. This provides recovery functionalities and security enforcement (O’Reilly 2006: p. 22). The Web2.0 architecture also supports virtual machines which are plug-ins that emulate certain runtime environment technologies. The Web2.0 architecture can be more effective for the SuperMediCO healthcare business as compared to the layered architecture.
Web2.0 architecture has well-defined layers that are well incorporated to supplement each other (Boehm 2007: p. 67). The architecture also addresses security issues to shield user accounts from unauthorized entry. All the business stakeholders can also communicate freely using the system. This can be achieved as a result of the support provided by the internet. Customizing the user interface can also be of great importance to the business. Senior management officials can receive updates from the system through their mobile phones. This can be made possible by registering their telephone cards with the system.
Information Assurance and Risks
Information assurance entails the management of information-related risks. Information can be accidentally or maliciously accessed by third parties. Information assurance seeks to ensure that users have access to authorized information at the authorized time. A business should also apply key information assurance principles such as confidentiality, honesty, authentication, availability as well as non-repudiation (Laura 2007).
Information Assurance Risks
Several information assurance risks are applicable in the case of SuperMediCO. These risks are analysed below:
Information disclosure is the most common form of information assurance risk. Unauthorized persons may snoop into the information contained in the system and gain access to confidential data. Competitors have in the recent past resorted to dubious measures to gain milestones over their fellow business operators. Being a reputable organisation, The SuperMediCO business competitors can do everything in their power to bring it down as well as destroy its reputation. Information disclosure may be a result of irresponsible workers as well as intruders gaining access to the system. These are intruders such as hackers and crackers (Laura 2007). Such people may access personal medical files belonging to patients to conduct a smear campaign against the business.
Deception as an Information Assurance Risk
Deception is also a major risk facing information assurance. System specialists may use their skills to illegally access information from a business system. Competitors may hire the skills of such individuals to access damaging information from their rivals. In the case of SuperMediCO business, the size and strength of the organisation is a big threat to the competitors. The competitors may resort to spoofing to gain access to information from the business’ system. Advanced technology also makes it possible for hackers to pose between the sender and the receiver of information and assign their devices the same address as the sender’s default gateway. Any information from the sender is therefore passed to the system’s attacker denying the recipient information as well as confidential information falling into the wrong hands (Singer 2009: p. 27).
Disruption as an Information Assurance Risk
Disruption is also a common information assurance risk. Entry into the system by an unauthorized individual may result in a serious crisis such as denial of service. The system’s attacker may resort to blocking the genuine users of the system from accessing the information. This results in temporal disruption of the systems normal functioning. The SuperMediCO business may face such a crisis whereby an intruder may block the system users from accessing or sending information in the system. These may highly inconvenience the business and cause delays in information sharing (Laura 2007). The business is also of vital importance to its customers and delays may be fatal.
E-Crime as Information Assurance Risk
E-Crime is another source of information assurance risk. This may consist of identification fraud and identified threats. Competitors seeking to gain information from another business can pose a threat to the employee or system user. These individuals will use skills such as password cracking to gain information from the system. The competitor seeks to fully utilize vulnerabilities in a rival’s system to ruin its reputation. Vulnerabilities in the SuperMediCO business may end up costing the business its reputation (Laura 2007). The competitors may exploit weaknesses in the system to gain access to it. The information gained may be used by the competitor to formulate strategies aimed at throwing SuperMediCO out of business for good.
Addressing Information Assurance Risks
Having identified the various risks that are likely to be faced by an information system, it is now important to look at the various ways through which this can be addressed. It is to be noted that tough times call for tough measures. Information is the secret behind a business’ success and efforts should be made to ensure that business information does not fall into the wrong hands. Any information in the wrong hands can be manipulated by the competitors to tarnish the image and business of the organisation. Businesses competing with SuperMediCO would rejoice in the business’ woes. Security measures should aim at preventing and detecting attackers as well as information recovery methods (Singer 2009: p. 27).
Addressing the Information Assurance Risks
Several strategies can be adopted to deal with the various information assurance risks that were identified above. These areas are analysed below:
Addressing Information Disclosure and Snooping
Information disclosure and snooping can be dealt with through the introduction of security measures in the business. This can be in the form of providing authorized users with usernames and log-in passwords. These passwords should not be written down or left in obvious places. Strong passwords should include a combination of upper and lower cases, numbers as well as symbols. Through the help of the Web2.0 architecture, businesses like SuperMediCO healthcare can be able to keep a list of trusted employees and users and issue them with usernames and passwords for them to access the system (O’Reilly 2006: p. 22). This will reduce the possibilities of attacks on the business’ system.
Deception is another risk facing information assurance and can be taken care of through the introduction of authentication measures. Any person trying to access the system should be taken through the authentication process. The process is comprised of the use of passwords and usernames to access the system. Using security measures implemented in the Web2.0 architecture, the SuperMediCO business can be able to maintain its system effectively by tracking all the users of the system. They can also control the internet protocol addresses of all the computers using the system. This way, new devices can be identified and denied access to the system. Using the Web2.0 architecture, a user will only be granted access to the system upon passing all the authentication processes (O’Reilly 2006: p. 22).
Addressing Disruptions and Denial of Services
Disruptions and denial of services can also be prevented through the creation of redundant links in the system. Modern software architecture should be able to withstand obvious crises such as system’s failure. Organizations and businesses should be able to maintain backup files in their system to avoid total data loss (Laura 2007). The SuperMediCO business should take advantage of the features such as files databases as well as enterprise resource management supported in the Web2.0 architecture to secure their system from abrupt data loss as a result of a breach in security. Resource packages also supported by the Web2.0 architecture can allow the business to operate alternative sites to allow continuity in the provision of services even after the main site has been attacked or even blocked.
E-Crime can also be prevented by employing tight authentication measures. Identity fraud can be prevented by issuing users with strong passwords as well as ensuring that the usernames and passwords are not leaked to unauthorized persons who may pose a danger to the system. The users should also avoid social engineering sites that mat require them to give vital information. The SuperMediCO business management should desist from using obvious usernames and passwords that are easy to crack by intruders (O’Reilly 2006: p. 22). Users should also be responsible enough to avoid putting the business’ information assurance at risk.
Enterprise Application Development Frameworks
Enterprise application development frameworks involve the actual implementation process of the system project. This normally occurs after careful consideration of the software architecture type suitable for a particular setting and the information assurance risks involved. This paper seeks to address four enterprise application development frameworks commonly used in organizations. Their applicability to the organisation under consideration will be critically analysed. These frameworks include .NET, COBOL, Java EE 6 and Ruby on Rails. These areas are analysed below:
This is a software framework that runs on Microsoft Windows. It supports interoperability between many programming languages. The framework also supports plug-ins such as virtual machines that offer key services such as security, exception handling and memory management..NET programs operate under the auspices of the Common Language Runtime assuring users of security and exceptional handling of data (Guthrie 2007).
The.NET framework also ensures that security is maintained in the system and inhibits the activities of malicious software. The framework is also an open standard one and can be implemented in any system (Guthrie 2007). The applications in this framework however require more system resources and cannot be installed in windows below Windows 7.
COBOL is an acronym for the Common Business Oriented Language (Guthrie 2007). It is one of the oldest programming languages and is commonly applied in the business and finance domains. It consists of a picture clause for various field specifications. COBOL supports recursion and also memory allocation. The framework also supports a variety of hardware platforms and operating systems. COBOL allows for a straightforward coding style (Rui 2006: p. 32). The framework has previously been used in military organizations, in governments as well as in large organizations around the world.
Java EE 6 Framework
Java EE 6 framework provides a runtime environment for developing enterprise software such as network and web services (Bell 2010). The platform supports applications such as fault tolerance, web service as well as object-relational mapping. The platform has been primarily developed in the Java programming language. Users of this framework must however meet certain requirements such as acquiring JavaBeans, connectors, servlets as well as several web service technologies.
Ruby on Rails Framework
This is a web application for the Ruby programming language. It provides web developers with the ability to gather complete information from web servers as well as querying and giving opinions regarding the database. This framework, therefore, follows a routing system independent of the webserver. Ruby on Rails also supports tools that ease development tasks. The framework is also divided into several packages that enable plug-ins to extend to existing packages. The framework is normally installed using RubyGem which is normally a package manager. The framework emphasizes rapid development principles. The framework can also retrieve information from a database based on class names (Guthrie 2007).
Ruby on Rails can be considered to be one of the best types of frameworks. The framework would be of great help to the SuperMediCO healthcare business. This is because the framework is only applied at the software level and does not require the business to purchase additional hardware. It is also compatible with the already existing operating systems. Ruby on Rails framework hence can be applied to the already existing system’s infrastructure. Ruby on Rails can also be rapidly developed to cope with emerging issues (O’Reilly 2006: p.22). The framework would be of great importance to the SuperMediCO business since it can ensure high-speed service delivery which is vital to the business. This will also ensure that patients are attended to effectively and efficiently.
Ruby on Rails is also easy to implement and would adapt easily to the existing system. If implemented, the framework can help the SuperMediCO business to acquire greater control over the database. The framework supports services such as information gathering. The users can also query or give an opinion on a database. Ruby on Rails also has an independent routing system. In this case, the routing system is independent of the webserver. This will ensure that the system continues to operate normally even after the webserver experiences some failures or breakdowns. The framework can also be developed easily to suit emerging trends in the world of business (Bell 2010). This in turn helps a business to remain competitive in the market.
Software architecture is an important and emerging trend in the world of business today. For a business to remain competitive, it must implement a software architecture that fully caters for its needs, and which will ensure its existence and survival amid tough competition levelled against it by its business rivals (Bell 2010). The software architecture type implemented should also take into consideration the information assurance risks likely to face the business. It should also be able to prevent the occurrence of such risks.
After careful consideration and identification of the most favourable software architecture out of the many alternatives, the business’ management team should pick the best enterprise application development framework that will suit the nature of their business. Information security should be a key factor in making decisions on the architecture and framework of the business (Boehm 2007: p. 67). System analysts and software developers must not forget that the new systems have been developed to ease information flow in the organization. This information if left in the wrong hands can be more damaging to the business than its absence.
Bell, M 2010, ‘SOA modeling patterns for service-oriented discovery and analysis’, The American Researcher, vol. 23 no.3, pp 44-54.
Boehm, B 2007, Software engineering economics, Prentice-Hall, New York.
Guthrie, S 2007, ‘Releasing the source code for the NET framework’, The Original, p.20.
Laura, R 2007, ‘What classroom technology has taught me about curriculum, teaching, and infinite possibilities’, English Journal, vol. 2 no.9, pp. 43–48.
O’Reilly, T 2006, Opening welcome: state of the internet industry, Free Press, New York.
Ousterhout, S 2006, ‘Websites organizing and sharing particular types of content’, E-Business, vol. 3 no. 4, pp.32-67.
Rui, O 2006, The power of COBOL. Booksurge Publishing, South Melbourne.
Singer, B 2009, The role and regulations of technology in social work practice and e-therapy, Oxford University Press, New York.