Enterprise architecture rose to significance in the 1980s with the publication by John Zachman in the IBM Systems Journal1 of a seminal paper entitled A Framework for Information Systems Architecture. This was followed in 1995 by The Open Group publishing its Architectural Framework (TOGAF) which has subsequently become the leading methodology for developing and maintaining an enterprise architecture. The Zachman framework was adopted by John Sherwood during the creation of the SABSA enterprise security architecture, culminating with the latter’s publication in the form of the SABSA Blue Book2 in 2005 and becoming an integrated security viewpoint for TOGAF in 2011.
A key aspect of the Zachman information systems architecture is that it starts with the contextual layer in which the business goals and objectives are defined, and this then drives the subsequent decomposition through the architectural layers. Zachman in 2015 wrote that he lived to regret initially calling his framework “A Framework for Information Systems Architecture,” instead of “Enterprise Architecture”, because the framework actually has nothing to do with information systems. Nevertheless, the Enterprise Architecture function is often aligned with IT rather than reporting to an enterprise strategy or functional business group, so leading to an IT-first focus on architecture. Adopting SABSA as an enterprise architecture methodology addresses this through its clear emphasis on taking a business-first approach.
Machine learning, sometimes called the algorithm, has quietly been delivering results for businesses for some time. However, the emergence of Generative AI with its consumer-led ChatGPT service was anything but quiet and propelled artificial intelligence rapidly to the point of now being a major and highly disruptive technology. Generative AI and the follow-on Agentic AI technology is being adopted by businesses for everything from innovation labs to core business flows, and is often introduced via IT-led proof of concept projects. These have become a key component of CIOs’ AI strategies, enabling businesses to test AI use cases at low cost and with limited commitment.
While Generative AI promises to deliver efficiencies and innovation for businesses, it comes with a new class of AI-specific threats which need to be addressed. These include toxic responses that are not acceptable to users, irrelevant or just plain incorrect responses, and new ways to achieve traditional forms of cyber exploitation. Unfortunately, securing AI has been deprioritized in many cases and the number of AI incidents being made public is rapidly rising. With the EU AI Act having come into force, businesses increasingly need to ensure their AI systems operate in a safe and responsible manner.
By the end of 2024 and into early 2025 it was being reported that anywhere from 75% to 95%3 of projects did not transition to production and so failed to deliver a return on investment. While these reports have been criticised for focusing on financials, they highlight a very real problem with the approach to GenAI delivery. This problem is addressed by RAND Corporation in their report on the root causes of AI project failure4, in which they identify five key causes:
- not understanding the business problems that need solving;
- not having the necessary data to adequately support solving the business problem;
- focusing on the use of AI technology not business problems;
- inadequate infrastructure to manage Generative AI; and
- business problems which are too difficult for AI to solve.
With the investment in AI growing over the next few years, there’s an urgent need to correct these issues and start delivering a return on AI investment to the business. This is supported by the 2025 survey by Dataiku5, in which it was reported that nearly three-quarters of CEOs worldwide (and more with a purely US focus) are concerned that they could lose their jobs if they don’t deliver measurable AI-driven business gains within two years.
Adopting an Enterprise Architecture-first approach to Generative AI will go a long way to addressing its alignment with business requirements, and using the SABSA methodology will enable secure, safe and responsible architectures to be modelled and applied in the businesses’ AI solutions. By developing an AI viewpoint across both the SABSA Architecture and SABSA Service Management matrices, the Enterprise Architecture can identify and model AI business requirements into the conceptual architecture and so address the first issue. By architecting the data requirements so that they line up to the business requirements, the Enterprise Architect also addresses the second requirement. The third issue is more problematic – this requires executive education commitment to using Enterprise Architecture to ensure business alignments
Since the emergence of Generative AI, there has been an increase in the reporting on the real role of an Enterprise Architect in an AI world. CIO Magazine has reported that Enterprise Architecture is the “engine of digital survival” as enterprises navigate their digital transformation journeys, evolving into a strategic approach to managing change, delivering value, and preparing for an increasingly complex AI-first future. Gartner has projected that 60-70% of enterprises will reposition enterprise architecture to focus on business outcome driven transformation, and that by 2028 Enterprise Architecture teams will be acting as coordinators of autonomous governance. This is supported by a report from SAP LeanIX which suggests that Enterprise Architects are best placed to drive AI governance to accelerate AI adoption.
At DLC we’re helping Enterprise Architects build the skills they need to meet business expectations with the launch of our SABSA-focused AI Architecture course. Graduates of this course gain not only the understanding of AI necessary to operate in an AI-first world, but have the knowledge and tools to ensure AI projects are business aligned, adopt safe and responsible AI practices, and can demonstrate clear value.
Architecting Secure AI Training
Secure & Responsible AI Services
1IBM Systems Journal: Volume 26, Number 3, Page 276 (1987)
2Enterprise Security Architecture: A Business Driven Approach, ISBN 157820318X
3The GenAI Divide: State of AI in Business, July 2025, MIT
4The Root Causes of Failure for Artificial Intelligence Projects and How They Can Succeed, RAND Corporation, 13 August 2024
5The High-Stakes Reality of Leading With AI: Confessions From 500 Global CEOs, Dataiku March 2025