RESILIENCE AND ENTERPRISE ARCHITECTURE IN SMES

Considering that SMEs need to embrace the drivers of resilience and that a well-defined and readily available Enterprise Architecture (EA) supports enterprise integration by enabling the common view of business processes, data and systems across the enterprise and its partners, we can say that EA is one of the tracks making resilience predictable and it should support and collaborate with other resilience tracks. However, the EA frameworks do not give relevance to the activities that contribute most to business resilience, so this paper aims to clarify the dimensions and the activities related to the development of an EA and the touching points with other enterprise wide processes in order to guarantee that resilience requirements are met in SMEs. For this I propose an approach of ecological adaptation, and four architectures: business, organizational, information, and technological, although this paper only presents the Business and Organizational Architectures. Keyword: Resilience, Enterprise Architecture, Business Architecture, Organizational Architecture


INTRODUCTION
Enterprise Architecture (EA) is a complete expression of the enterprise; a master plan which "acts as a collaborative force" between aspects of business planning such as goals, visions, strategies and governance principles; aspects of business operations such as business terms, organization structures, processes and data; aspects of automation such as information systems and databases; and the enabling technological infrastructure of business such as computers, operating systems and networks.EA is the holistic expression of an enterprise's key strategies in terms of business, applications and technologies, and their impact on its processes and functions.
In this paper I will first present the concept of enterprise resilience from a broad, systems-oriented perspective, the enterprise architecture definition, its schools of thought and dimensions, and an overview of information systems and technologies (IT) that support flexible infrastructures for the EA dimensions.In the second part, I will present the approach, dimensions and activities related to the development of the business and the organizational architectures of the EA, and the touching points with other enterprise-wide processes in order to guarantee that resilience requirements are met in Small and Medium-sized Enterprises (SMEs).Finally, I will present how I will validate the proposal and the conclusion.

CONTEXT Enterprise Resilience
The concept of resilience was first popularized by Holling (1973) and his work has formed the foundation for most studies of the concept of ecological resilience, as well as various other forms of resilience.Based on the properties of stability of natural systems, two views were added to the resilience concept, "ecological resilience" and "engineering resilience", the first focused on efficiency, constancy, and predictability, and the second focused on persistence, change, and unpredictability.
This concept also appears in interdisciplinary areas concerned with complex systems, such as enterprises, critical infrastructure systems and ecosystems, approached as a positive and desirable concept or system characteristic or attribute (Carpenter et al. 2001, He 2008).
The organizational literature has also widely used the term resilience as a multifaceted and multidimensional concept (Ponomarov and Holcomb 2009), related to a variety of topics ranging from physical material properties to supply chain management, resulting in a diverse literature base.
In the context of strategic management and strategic change, resilience is the capability to self-renew over time through innovation (Reinmoeller and van Baardwijk 2005).Strategic resilience is the ability to dynamically reinvent business models and strategies as circumstances change, requiring alternatives as well as awareness of the ability to create a plethora of new options as compelling alternatives to dying strategies (Hamel and Valikangas 2003).
In terms of Human Resources Management (HRM), for an organization to be resilient, it needs people who can respond quickly and effectively to change while enduring minimal stress, and it is these positive adaptive capabilities which differentiate the competition.Creating organizational resilience is associated with personnel and management concerns (Mallak 1999, Patterson et al. 2007, Vogus and Sutcliffe 2007) that reside within a self-organizing and learning organization.Christopher and Peck (2004a) relate the resilience of an enterprise to the resilience of its supply chain.According to Christopher and Peck (2004a), the interdependencies between the enterprises and their supply chains can be complex and introduce new risks to the enterprise.
In the context of environmental change/disaster management, resilient organizations are able to maintain positive adjustments under challenging conditions, where they actually thrive and become better (Lengnick-Hall et al. 2011) as well as developing organizational systems capable of overcoming this complexity within turbulent environmental conditions (Burnard and Bhamra 2011).Resilience is an analytical category for building corporate adaptation strategies (Beermann 2011), and a solution to organizations facing high levels of threat in all aspects of their operating environment (Sullivan-Taylor and Wilson 2009).
These descriptions of organizational resilience focus predominantly on the behavioral dynamics of the people and organization, but they do not address resilience of the other constituents of an enterprise such as processes, systems, technology and infrastructure.As we have seen in the perspectives examined above, creating resilience relies on perceiving environmental change quickly and implementing adaptive responses early (Weick and Sutcliffe 2001).
In this paper, I consider 'resilience' as an attribute of complex systems and I take a systems-oriented view of enterprise, defining an enterprise as a complex system consisting of people, processes, information systems and technology infrastructure, with the goal of producing goods or services using physical, financial and human resources.Using this holistic lens, we are equally concerned with what lies outside the enterprise as we are with what lies inside the enterprise, so we can best observe how external and internal disruptions occur and how an enterprise can most effectively adapt.
Creating a resilient enterprise is a strategic initiative that changes the way an enterprise operates and increases its competitiveness (Sheffi and Rice, 2005).These authors suggest that enterprise resilience can be achieved by reducing vulnerability, by creating redundancy, and by increasing flexibility.They also relate creating redundancy and increasing flexibility to the adaptive capacity, which indicates the ability of the enterprise to bounce back when a disruption occurs.
Enterprise resilience is defined by Gallopin (2006) as an enterprise's adaptive capacity and its ability to cope with, adapt to, and recover from a disruption.He states that, in order to adjust to potential risks and tolerate disruptions, enterprises must manage the complexity of their infrastructures.A key to being able to achieve this, and assessing the vulnerabilities embedded within the enterprise elements, is understanding the interrelationships and interdependencies between the business processes, information, and the supporting technologies within the enterprises.
Considering that an effective EA provides the ability to integrate business processes and data across the enterprise, links with external partners, increases agility and flexibility to business change, maximizes the reuse of enterprise models, and offers a common vision to business and technology communities, I can state that EA is one of the tracks making resilience predictable.

Enterprise Architecture
Enterprise architecture (EA) is a high-level definition of the data, applications and technology needed to support the business (Smith et al. 2002) that provides a common view of both the primary resources of any enterprise (people, processes and technology), and how they integrate to provide the primary drivers of the enterprise (Anaya 2005).EA brings together the product, process, technology, information and application architectures (Jonkers 2006), and presents the relationship between the elements of the enterprise (Anaya 2005).
A well-defined and readily available EA supports enterprise integration by enabling the common view of business processes, data and systems across the enterprise and its partners (Vernadat 1996, Kosanke and Nell 1997, Bernus et al. 2003, Schekkerman, 2004, 2005).
The most cited benefits of EA from the literature include: reduced costs, providing a holistic view of the enterprise, improved business-IT alignment, improved change management, improved risk management, improved interoperability and integration, and shortened cycle times.

EA Schools of Thought
Lapalme (Lapalme 2012) identify three schools of thought regarding EA, each grounded in its own belief system.Consequently, each school has a particular definition of EA, specific concerns and assumptions.Enterprise IT Architecting-EA is about aligning an enterprise's IT assets (through strategy, design, and management) to effectively execute the business strategy and various operations using proper IT capabilities.
Enterprise Integrating-EA is about designing all facets of the enterprise.The goal is to execute the enterprise's strategy by maximizing the overall coherency between all of its facets -including IT.This school is grounded in systems thinking, so it approaches enterprise design holistically or systemically.
Enterprise Ecological Adaptation -For this school, EA is about fostering organizational learning by designing all facets of the enterprise-including its relationship to its environment-to enable innovation and system-in-environment adaptation.

EA Dimensions
Addressing the needs of the different stakeholders in a company, EA is decomposed into several dimensions.Thereby, slight differences between the naming and the number of dimensions exist between different EA approaches.The EA modeling language ArchiMate, for instance, defines three layers, i.e., the business, the application and the technology layer (Lankhorst, 2005).Similarly, DoDAF is decomposed into an operational view, a systems and services view, as well as a technical standard view (DoDAF 2013, Minoli 2008, Schekkerman, 2004).Zachman (2010) differentiates between a contextual, conceptual, logical, physical, and detailed representation view.TOGAF is divided into the four dimensions of business, application, data, and technology architecture (The Open Group, 2013).

Information Systems and Technologies
A key to being able to achieve enterprise resilience, and assessing the vulnerabilities embedded within the enterprise elements, is understanding the interrelationships and interdependencies between the business processes, information, and the supporting technologies within the enterprises.Enterprise resilience requires interoperability and integration between the process, systems, and underlying technology across business partners.
EA is the organizing logic for business processes and IT infrastructure, reflecting the integration and standardization requirements of the company's operating model (Ross et al. 2006).Understanding the interrelationships and interdependencies between business processes, information, and supporting technologies within the enterprises is very important.The effective use of enterprise systems can provide timely information and faster decision-making abilities that result in increased flexibility, agility and adaptability (De Leeuw and Volberda 1996, Fiksel 2006b, Helaakoski et al. 2007, Haimes et al. 2008).
A Service Oriented Architecture approach (SOA) will enable flexible systems to be built, thus implementing changing business processes quickly, making extensive use of reusable components, and increasing interoperability, business and technology domain alignment, return on investment, and organizational agility.Cloud Computing is the computational paradigm that offers a scalable infrastructure and capabilities available as services.Cloud Computing paradigm will allow computing resources to be available when needed, offering agility, innovation, scalability and simplicity.In this way, these technologies can contribute to enterprise resilience because they allow flexible systems and scalable infrastructures to be built.They also favor the interoperability and integration between the process, systems, and underlying technology across business partners.

Service Oriented Architecture
Service Oriented Architecture (SOA) is a technology initiative which requires a software architecture approach where the basic element of design and development is a service (Kumar et al., 2007).SOA and services provide the means to achieve real business agility, which can take two forms: the ability to change the business processes to satisfy market demand, as well as that of clients, and reduce costs; and the ability to perform business processes, or launch new processes, products and service more rapidly.Agility and speed are both tangible benefits of migration to SOA and to reusable services.If an approach to SOA and services is adopted, business software systems are disassociated from the enterprise processes through the use of business services.SOA simplifies the development of enterprise applications as modular, reusable business services that are easily integrated, changed and maintained.

Cloud Computing
There are many definitions for cloud computing.A widely accepted definition is given by Mell and Grance (2011) at the National Institute of Standards and Technology who define cloud computing to be "a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly supplied and released with minimal management effort or service provider interaction".
The major benefit of Cloud Computing is the flexibility as the cloud provider might offer a choice among a number of computing and storage resource configurations at different capabilities and costs, and the cloud costumer will have to adjust his or her requirements to fit one of those models.
Resilience is achieved through the availability of multiple redundant resources and locations.Moreover, disaster recovery and business continuity planning are inherent in using the provider's cloud computing platforms.

RESILIENCE AND ENTERPRISE ARCHITECTURE IN SMES
There In order to build sustainable SMEs, resilience as a concept becomes critical (Sheffi 2005, 2006, Moore and Manring 2009), and perhaps the essence of sustainability is resilience, the ability to resist disorder (Gunderson, 2002).Therefore, a sustainable economy should be based on a dynamic world view in which growth and change are inevitable for SMEs (Starr et al. 2003, Christopher andPeck 2004) and SMEs need to embrace the drivers of resilience gracefully (Blackhurst et al. 2005, Sheffi and Rice 2005, Bergman et al. 2006, Tompkins 2007, Cascio 2009).
Considering that SMEs need to embrace the drivers of resilience and that a welldefined and readily available Enterprise Architecture supports enterprise integration by enabling the common view of business processes, data and systems across the enterprise and its partners (Vernadat 1996, Kosanke and Nell 1997, Bernus et al. 2003), I can say that EA is one of the tracks making resilience predictable, and it should support and collaborate with other resilience tracks.However, the EA frameworks do not give relevance to the activities that contribute most to business resilience.Therefore, this paper aims to clarify the dimensions and the activities related to the development of an EA and the touching points with other enterprise-wide processes in order to guarantee that resilience requirements are met in SMEs.For this, I present a proposal supported in four main dimensions, as well as an approach to, and a number of domain activities for, the development of Business and Organizational Architectures.

Dimensions
Addressing the needs of the different stakeholders in an enterprise, EA is decomposed into several dimensions: business, organization, information and technology (Hoogervorst 2009).Associated with these domains are four architectures:  Business -This domain is concerned with the enterprise function, having to do with topics such as products and services, customers and the interaction/relationship with them, the economic model underlying the business, and the relationships with the environment (sales channels, market, competitors, milieu, and stakeholders).The business architecture guides the way the business domain is to be exploited and explored.
 Organization-The organization domain has to do with the internal arrangement of the enterprise, for example with processes, employee behavior, enterprise culture, management/ leadership practices, and various structures and systems.
 Information -Information is a crucial factor within both the business and organization design domain.Many informational aspects play a role here, such as the structure and quality of information, the management of information (gathering, storage, distribution), and the utilization of information.The information design domain also has to do with the enterprise construction.Information architecture guides the way information (or better, 'data') must be used and handled.So, its principles might concern the handling of customer and supplier data, or the way operational systems update informational systems.It is to be noted that information architecture differs from IT architecture.
 Technology -Technology is essential for business, organizational and information systems support, as well as for future enterprise development.Technology is, thus, an important part of the enterprise construction.Therefore, for every technology, there is an associated architecture, guiding its design.
In this study I consider a separation between business and organization architectures, followed by two other architectures, Information Architecture and Technology Architecture.These are generally proposed by all the EA frameworks, and I propose applying an enterprise security approach through all the development phases of the architectures, as shown in Figure 1.

Approach
A systemic approach alone is not sufficient for enterprise design (Lapalme 2012); it is necessary to achieve environmental and enterprise co-evolution by purposefully changing the environment, systematically designing the enterprise as well as its relationship to its environment.The key assumptions are that the environment can be changed, and that system-in-environment co-evolution is essential for strategy elaboration, and organizational coherency is necessary for effective strategy execution.Thus, for the Business and Organizational Architectures of EA, the enterprise architect must be able to foster sense-making and transformation processes within the organization, which lead to learning.
Of the four architectures mentioned in 3.1 above -business, organizational, information, and technological, I will present the activities related to the development of Business Architecture and Organizational Architecture, and the touching points with other enterprise-wide processes in order to guarantee that resilience requirements are met in SMEs.

Development of Business Architecture
The first is Business Architecture, and the activities related to its development are: strategic agility, business imperatives via SOA, and contextual security architecture.

Development of Strategic Agility
The concept of agility emerged to address how companies can operate and grow in environments characterized by turbulence.Instead of being limited to acting in a responsiveness mode, the agility concept aims to encourage businesses to be forward thinking or proactive in their approach to the marketplace.Given the greater flexibility of the SME form, the adoption of an agile approach makes good sense.Developing proactive strategies favors a 'top-down' approach, whereby strategic thinking and planning act as a prime means to compliment operational capabilities.The tendency is for SMEs to behave reactively as opposed to proactively.I suggest using the framework proposed by Ismail (Ismael et al. 2006, 2011) that takes as a starting-point the fact that the adoption of a strategic approach is correlated with improved performance, and that SMEs are at a distinct disadvantage in turbulent environments where little or no strategic planning capability exists.The approach builds on the premise that resilience occurs as a result of the implementation of both operational and strategic capabilities.Prior to undertaking a strategic analysis, the portfolios of products and services are examined with regard to financial contributions and perceived avenues for growth.All manner of activities that make a company's offerings attractive to both customers and the company are also examined.The top-down strategic framework is detailed in the following steps: 1-understanding differentiation factors for the industry; 2-examining industry trends and impacts; 3-positioning versus competitive strengths and weaknesses; 4-the setting of targets and selection of growth options; 5-assessment and prioritization of growth options; 6-development of growth plans; and 7implementation and review.

Development of Business Imperatives to SOA
Business imperatives are what motivate a business to seek a new way of achieving business agility and IT flexibility via SOA (Marks and Bell 2006).Business imperatives help galvanize the demand for a different model of IT delivery based on business servicesin other words, SOA.To the identification of SOA imperatives I will add these activities: assess external environment, review current business/organization strategy and business/operating model, review IT strategy and IT operating model, understand market position and market segments (where appropriate), understand customers and customers segments, know products and services that serve customers, understand current and planned business initiatives, and identify core business activities by business units.By adopting an SOA approach and implementing it using supporting technologies, companies can build flexible systems that implement changing business processes quickly, and make extensive use of reusable components.Increased interoperability, increased business and technology domain alignment, increased return on investment, and increased organizational agility are all benefits of the SOA approach (Bieberstein et al. 2006).

Definition of Contextual Security Architecture
True business resilience starts with understanding exactly what a business with strategic agility needs in order to survive unexpected events and plan ahead for challenges that could come at any time.Whether an event is IT related, business related, or a natural disaster, there will always be challenges to overcome.If there are resilience strategy plans for these events, the actual impact to a business can be reduced.Business security embraces three major areas: information security; business continuity; and physical and environmental security.
One of the important quality aspects of an enterprise architecture is the risk regarding information security, and the way this can be managed.It is the common experience of many corporate organizations that information security solutions are often designed, acquired, and installed on a tactical basis.In this process there is no opportunity to consider the strategic dimension, and the result is that the organization builds up a mixture of technical solutions on an ad hoc basis, each independently designed and specified, and with no guarantee that they will be compatible and interoperable.
To create a description of the business context in which secure systems must be designed, built and operate, I propose using a business view such as in "SABSA" methodology (Sherwood 2005), which is concerned with: the business; its assets to be protected (brand, reputation, etc.) and the business needs for information security (security as a business enabler, secure electronic business, operational continuity and stability, compliance with the law, etc.); the business risks expressed in terms of business opportunities and the threats to business assets; the business processes that require security; the organizational aspects of business security; the business geography; the business time-dependencies.I chose to use SABSA because it is a methodology which is business-driven for developing risk-driven enterprise information security and information assurance architectures, and for delivering security infrastructure solutions that support critical business.

Development of Organizational Architecture
The second is Organizational Architecture and the activities related to its development are: a strategy for improving supply chain resilience, analysis of human involvement in organizations, creating an agile organizational structure, SOA value analysis, cloud computing value analysis, and definition of a conceptual security architecture.

Development of a Strategy for improving Supply Chain Resilience
Strategic resilience imperatives call for supply chains to be less brittle and more adaptable to change through (1) supply chain design, (2) focus on business process management to enhance capabilities across the supply chain, (3) visibility of demand and supply throughout the supply chain, (4) supplier and customer relationship management, and (5) infusing a culture of resilience (Wisdomnet 2006).Petit (Petit et al. 2010(Petit et al. , 2013) identify a research gap in linking vulnerabilities and threats to the strategies to overcome them.Resilience was proposed to consist of two constructs: vulnerabilities (turbulence, deliberate threats, external pressures, resource limits, sensitivity, connectivity and supplier/customer disruptions), which are fundamental factors that make an enterprise susceptible to disruptions; and capabilities (flexibility in sourcing, flexibility in order fulfillment, capacity, efficiency, visibility, adaptability, anticipation, recovery, dispersion, collaboration, organization, market position, security and financial strength), which are attributes that enable an enterprise to anticipate and overcome disruptions.Pettit (Petit et al. 2010, 2013) further develop the vulnerability and capability constructs to include 21 factors comprised of 111 sub-factors.To measure the current state of a supply chain's resilience, to identify links between vulnerabilities and capabilities to achieve balanced resilience and, finally, to examine the relationship between resilience and performance, I will use the measurement instrument SCRAM (Supply Chain Resilience Assessment and Management (Petit et al, 2013).

Analysis of Human Involvement within Organizations
Resilient SMEs should also possess the resilient qualities of human beings because one cannot separate a business from the people forming and operating it.Four important traits for resilience are: flexibility, motivation, perseverance and optimism.The review of literature allowed us to identify and summarize the most important attributes of the agile workforce.Based on the models of Griffin and Hesketh (Griffin and Hesketh 2003) and Dyer and Shafer (Dyer and Shafer 2003), the attributes of the agile workforce were grouped into three dimensions: proactivity, additivity and resilience.Resilience describes the ability to function efficiently under stress and despite changing environment, or when applied strategies have not succeeded.The following traits belong to this dimension: (1) positive attitude to changes, new ideas, and technology; and (2) tolerance of uncertain and unexpected situations, and differences in opinions.

Creating an Agile Organizational Structure
An organization needs to be designed to consistently implement business model recommendations without negatively impacting productivity.Consistently analyzing an organization's design to ensure that there is the capacity and capability to absorb iterative change is a process.The key to this process is to realize that an organization's design is comprised of multiple components that are symbiotic and need to be analyzed as a whole: reporting relationships reflected on an organization chart, organizational roles/responsibilities, performance measures, work group design and integrating mechanisms.

SOA Value Analysis
SOA value analysis helps identify focus areas for SOA initiatives by identifying business and process domains of particular interest for business improvement efforts.Once there is some definition of scope for the initial SOA efforts, the process of services identification can proceed (Mark and Bell 2006).The architect should consider the following artifacts which are particularly important for SOA because they contribute to the definition of SOA building blocks: Business Service Interaction Diagram, Business Process Diagram, Business Services Catalog, Business Services/Location Catalog, Event/Process Catalog, Contract/Service Quality Catalog, Business Service Interaction Matrix, Business Service/Information Matrix, and an Information Component Model.

Cloud Computing Value Analysis
Cloud computing is becoming a game changer for SMEs by offering scalable infrastructure and capabilities available as services.It is a paradigm where computing resources are available when needed, and payment for their use is made in much the same way as for household utilities.When selecting cloud service providers, the IT organizations of SMEs need to develop proper security policies and procedures, and they need to utilize these guidelines when evaluating cloud service providers (Williams 2010).It is, however, not always the right solution, and there are several forms of cloud computing which have different advantages in different situations.The cloud buyers' decision tree (Skilton and Gordon 2010) can help to determine whether to use cloud computing, whether a public or private cloud is appropriate, and whether IaaS, PaaS, or SaaS cloud offerings would best meet certain business and technical requirements.

Definition of a Conceptual Security Architecture
Conceptual security architecture defines the principles and fundamental concepts that guide the selection and organization of the logical and physical elements at the lower layers of abstraction of the security architecture (Sherwood 2005).These include: what you want to protect, expressed in the "SABSA" methodology in terms of Business Attributes; why the protection is important, in terms of control and enablement objectives; how you want to achieve the protection, in terms of high-level technical and management security strategies and a process-mapping framework through which to describe business processes; where you want to achieve the protection conceptualized in terms of a security domains framework; when the protection is relevant, expressed in terms of a business time-management framework; who is involved in security management, in terms of roles and responsibilities and the type of business trust that exists between the parties, including asset owners, custodians and users, and service providers and service customers.

PROPOSAL VALIDATION
To validate this proposal I will use the case study methodology (Yin 2005), considering two cases in construction companies; one with successful internationalization, and resilient in the context of crisis in Portugal, and the other less successful in the same context.I selected the construction sector in which there was progressive growth between 1990 and the early 2000s, followed by a period of stagnation with a growing deficit and an excess of supply from the industry, leading to a significant reduction in turnover.However, worldwide strong growth has been registered in the construction sector, with major investments in infrastructure and real estate (Baganha 2002).The case study to be conducted in the two construction companies will be explanatory.It seeks information that enables the establishment of cause-effect relationships between the activities proposed in the development of business and organization architectures of an EA, and enterprise resilience from a broad, systems-oriented perspective.Among the tools for data collection we will use a questionnaire, as well as document sources from the companies.In addition to the aforementioned collection tools, we will conduct semi-structured interviews individually with the various stakeholders, as well as group interview.

CONCLUSION
Based on the importance of enterprise resilience for SMEs, this paper clarified the dimensions and the activities related to the development of an EA, and the touching points with other enterprise-wide processes in order to guarantee that resilience requirements are met in SMEs.The paper focused on Business and Organizational Architectures, and their respective developmental strategies.A set of tools was also proposed that will allow the topics considered to be evaluated in terms of their effectiveness for organizational resilience.This proposal differs from other EA frameworks which do not give relevance to the activities that contribute most to business resilience, particularly in SMEs, through the following:  Using several dimensions, since they consider Business Architecture and the separate Organizational Architecture, which do not happen in other EA frameworks and methodologies since they usually only consider Business Architecture; in Business Architecture I give relevance to the following activity: the development of strategic agility, in Organizational Architecture I give consideration to these activities: the development of a strategy for improving supply chain resilience, the analysis of human involvement within organization, and the creation of an agile organizational structure;  Taking an approach of ecological adaptation.This is because the systemic approach alone is not sufficient for enterprise design; it is necessary to achieve environmental and enterprise co-evolution by purposefully changing the environment, systematically designing the enterprise as well as its relationship to its environment;  Using an SOA approach to support Business Architecture and Organizational Architecture, identifying the business imperatives, and implementing the approach using supporting technologies in information and technology architectures, as well as cloud computing, by offering scalable infrastructure and capabilities as services;  Applying an enterprise security approach through all the EA development phases, in Business Architecture I emphasize the activity of defining contextual security architecture, while in Organizational Architecture I give relevance to the definition of a conceptual security architecture.
are a number of definitions of what constitutes an SME.One is that SMEs are "enterprises which employ fewer than 250 staff and which have an annual turnover not exceeding 50 million euro, and/or an annual balance sheet total not exceeding 43 million euro" (Article 2 of the Annex of Recommendation 2003/361/EC).SMEs in Europe contribute to economic development by virtue of their sheer numbers and increasing share in employment and gross domestic product (GDP) (Van Gils 2005, Mikhailitchenko and Lundstrom 2006).