Security Architecture Primer

Security Architecture Primer

The primary purpose of creating an enterprise security architecture is to ensure that business strategy and IT security are aligned. As such, enterprise security architecture allows traceability from the business strategy down to the underlying technology. However, many IT organizations have moved away from formal security architecture governance in favor of rapid deployment cycles and tactical changes which over time risk diverging into complexity and fragmentation – with unresolved security exceptions. Complexity not only leads to insecurity and the increasing potential for human error but also increased cost of operations.

Technology Foundation

The good news is that with an Adaptive Security Architecture Lifecycle process organizations can enjoy the best of both worlds – to enable business agility and tactical deployments by allowing a healthy amount of chaos and innovation at the edge together with planned iterative consolidation and integration of infrastructure into the core … guided by the security architecture blueprint which drives towards holistic convergence, integration, organization and, automation.

Back to Basics

A security architecture is a design document describing the security components that will protect the enterprise, and the ways they relate and interact with each other. It represents a two- to three-year planning horizon that defines the desired state of an organization’s extended enterprise or e-business enabled infrastructure. The architecture sets the context for planning, design, and implementation. It enables a company to evolve and to become agile, multi-functional, and competitive, allowing the seamless adoption of new capabilities and applications into a common
infrastructure.Security architecture also facilitates budgeting for security solutions and personnel.

Executives struggle with security spending because it is difficult to see any return on investment. Having a document that defines the current security architecture makes it easier to justify and communicate to non-security individuals what needs to be done and why. Associating business objectives with security in the document also assists management in understanding the need for security in the enterprise.

Building Blocks

Policies and procedures are very important and need to be a part of every organization. But if no one knows they exist or where to find them, then they are not worth the effort it took to write them. Using one major security architecture document as the blueprint gives planners only one location to go to when addressing a security issue. The process of building the security architecture also builds consensus across functional areas and gains management acceptance. This helps with compliance and enforcement of security practices.

In summary, the security architecture provides:

  • A way to evaluate applicability of new technologies, products, and services
  • A framework for technology decision-making
  • A macro view of IT systems and components, from the security perspective
  • A statement of direction for IT
  • A way to reduce and manage risk in the most cost-effective manner
  • A way to facilitate compatibility and easier administration of systems
  • A blueprint for future network growth
  • A way to create and document consensus
  • A methodology to force consideration of all design factors
  • A guide for the creation of an enabling infrastructure for unforeseen new applications

The purpose of this blog is to help readers and followers to develop a comprehensive, adaptive, and proactive security architecture and roadmap program. Security architecture should be considered a living document and updated as plans are accomplished, technology changes, business requirements surface, new risks are discovered, and improvements are made to your architectural structure.

This Security Architecture series will guide readers through an Adaptive Security Architecture Lifecycle process.

Thanks for your interest.

Nige the Security Guy.

Advertisements

About secureadvisor
Security Guy

10 Responses to Security Architecture Primer

  1. Pingback: InPlayToday™ – Back to Basics in Cyber and Network Security

  2. Pingback: Security Series Master Index | Nige the Security Guy

  3. Pingback: Architecture Case Study – Part 1 | Nige the Security Guy

  4. Pingback: Architecture Case Study – Part 2 | Nige the Security Guy

  5. Pingback: Security Program Best-Practices 3 | Nige the Security Guy

  6. Pingback: Advanced Threat Defense – Part 1 | Nige the Security Guy

  7. Pingback: Security Strategy Retrospective | Nige the Security Guy

  8. Pingback: vCISO Smart Practices – Part 1 | Nige the Security Guy

  9. Pingback: Security Architecture Series Guide | Nige the Security Guy

  10. Oh my goodness! Incredible article dude! Thank you so much, However I
    am going through problems with your RSS. I don’t know the reason why I am unable to subscribe to it.
    Is there anybody having the same RSS problems? Anyone that knows the answer can you
    kindly respond? Thanx!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: