Aligning Application Portfolio Management and Enterprise Architecture

The challenge for Applications Portfolio Management and Enterprise Architecture

For the past two decades large enterprises have invested heavily in architecture skills. These skills are fundamental in being able build the right capabilities in support of business functions as well as help the business make sense of the applications they support. The challenge we have, however is that architecture has been traditionally a point-in-time activity, which often gets placed on the shelf once the product, application or technology is implemented. As changes occur within the business, these are often implemented within the application and get lost in the myriad of engineering documents, project management platforms, change notes and other tools used to describe the change. Before we know it, we have an organic infrastructure supporting a range of bespoke application services with out-of-date designs.

Knowledge of “the existing”, clouded by “the new”

As the business grows and staff rotate, knowledge of the existing becomes less accurate and blurred, with service information captured in written notes and spreadsheets. This results in the loss of underpinning knowledge on the technologies which make up the application and in many cases, this is held by individuals.

These changes are subtle and grow steadily within the business. Knowledge of “the existing”, clouded by the excitement of “the new”, often results in the perpetuation of legacy technologies, technical debt and most importantly, duplication of both applications and data where once known applications have been forgotten and replaced by the new.

Duplication of applications and data can cripple a business and increase implementation timelines, development effort, engineering and licencing costs without the business even realising it.

The proliferation of applications will in most cases require complex integrations making it increasingly difficult to access and maintain disparate data sources across the business.

Information on Architecture, SLA’s, OLA’s, DR (Disaster Recovery) and the many “quirky” features of the applications are strewn across the estate. For a new “Application Portfolio Manager” (APM) or “Enterprise Architect” (EA) coming into an organisation this is a real challenge. The APM and the EA need to support the wider organisation and need to know how technologies and applications support the business.


Responding to the challenge

There are many ways to manage portfolios within enterprises and equally, lots of ways to capture architectures. Bringing them into a single platform however is crucial for gaining control of your organisation, understanding technical debt, identifying duplication, and removing integration complexity from your environment. Being able to retain your existing portfolio model or move towards a product orientated delivery model requires a new way of thinking…



LeanIX is a new way to bring business functions, supporting applications and underpinning technologies into one platform.

Using LeanIX we can focus more on the business than the technology. Using the platform, we can describe the business, its departments, supporting portfolios or product lines and map these capabilities using language that the business understands. We can identify and categorise applications (cloud or on-premises) and map these to one or more business functions which will in turn enable us to generate system design outputs essential for the Enterprise Architecture function. This will enable us to identify duplication of technologies, applications and data and look for future opportunities to rationalise, optimise and simplify.

… we can gain insights into the technical debt across the estate to support with refresh and remediation…

Using the platform’s Technology Lifecycle Service (LeanIX TLS), we can gain insights into the technical debt across the estate to support with refresh and remediation and see how this maps to business applications to determine the current level of risk being accepted on the most critical assets.

Continuous Contextual Access Control

Humans right? The weak link in the Security chain because they click on stupid links, enter their credentials into fake websites and their devices and accounts get compromised?

We’ve all heard it said many times and there’s another debate and fresher way of thinking that revisits that mindset and negative view and engagement with our colleagues but is way out of scope of this article.

A Zero Trust model can mitigate these compromise situations by denying access requests to applications based on the geo-location or device ID originating the request.

Another consequence of a successful phishing attacking is a ransomware payload being dropped onto your infrastructure. Again, a Zero Trust/Micro-Segmentation architecture comes to the rescue preventing the spread beyond a single device due to the access and authorisation required between every workload.



Separation is a security principle as old as time. Going back to Armadillos and Castles & Moats, this was simply separating the ‘trusted’ network from the ‘untrusted’ wild west that was/is the internet.

Then within that we further separated tiers & domains, legacy systems, bastion hosts, the corporate network and possibly by departmental function too.

So from the concept of separating things (with the intent of restricting free or lateral movement around an internal network) it’s similar but that’s where it ends. That was about placing security controls as close to what it is you’re trying to protect as possible.

With Zero Trust the security control is applied as close to the origin as possible, i.e the endpoint or the edge. If they don’t comply with the policy for that service, application or specific request, then there is no access, the device simply doesn’t participate on the network at any level.

By designing with Micro-Segmentation in mind, security policies can be enforced at a level as granular as each workload.

The rich reporting functionality of LeanIX allows us to build reports for many persona types including CxO’s, architecture, engineers, developers, and operational support, granting controlled access to each report as required. The factsheet model allows us to create a collaborative questionnaire to glean more insights into the business function, application, technology, SLA/OLA’s, support model, suppliers, data objects and types using a collaborative publish and subscribe model.



The business transformation module (BTM) within LeanIX allows us to take “Current State Architecture” and landscape perspectives which are stored within the platform and make informed decisions about future strategies.

These perspective and capability modelling will help inform your approach to removing complexity and duplication from your environment.

We can also leverage BTM to model these decisions against a “Future State Architecture” whether it is on-premises, cloud, or a hybrid environment.

CloudKubed and our strategic partnership with LeanIX is uniquely placed to help you gain control of your existing business portfolios, map your enterprise architecture and support your future transformation goals. 

If you would like to know more about LeanIX or how CloudKubed can help you on your transformation journey, please contact us here.

More Posts:

CloudKubed Digital Transformation & Cloud Experts