When talking about security architectures, what immediately comes to mind are security tools and applications such as firewalls, antivirus software, antimalware programs, and the like. However, a security architecture is the sum of all those things and more.
“Security architecture” is the term used to define the overall system required to protect an organization’s IT infrastructure. Such a system includes the specifications, processes, and standard operating procedures (SOPs) involved in preventing, mitigating, and investigating different threats. Just as a building’s architectural design instructs engineers how to build a structure, a security architecture defines how personnel should carry out security processes.
Other interesting terms…
Read More about “Security Architecture”
The Components of a Security Architecture
A security architecture is related to existing security policies and guidelines, rather than a standalone system. As such, it consists of more than just firewalls, antivirus/antimalware programs, threat intelligence platforms, VPN software (note that VPNs can be considered part of security architecture only if their aim is to protect users’ privacy), and other security tools and applications that protect a company’s network. A good security architecture is a combination of three components, namely:
- Tools
- Processes
- People
What does a Security Architecture Look Like?
A typical security architecture is quite long as it tackles the following areas:
- Security protocols: A security architecture defines in detail the tools and processes used in threat detection and prevention, as well as those used in incident response (the set of instructions that guides IT professionals in dealing with security breaches) and disaster recovery (a detailed plan that allows business processes to resume or continue despite a security incident). For instance, the security architecture might include specific requirements that security software vendors need to fulfill to win a bid. Incident response refers to
- Account creation and management: The security architecture also includes a guide detailing user account creation, what access to grant to the particular user, and what restrictions to impose. A security architecture must protect the whole IT infrastructure. As such, it should detail who can access sensitive data and who cannot. An accounting staff in charge of payroll processing, for example, should have access to employee timesheets and the payroll management software. Another accounting staff who handles the company’s taxes don’t necessarily need the same access. Limiting access to tools that contain sensitive data effectively reduces risks.
- Security roles and their responsibilities: Vital to any security architecture are the people who carry out every step within it. Who is responsible for the day-to-day operations of the security system? Who is in charge of maintaining specific applications and the whole network? Who are the end-users? Who will be the auditor of the overall security architecture? The answers to these questions should be part of the security architecture.
- Auditing the security architecture: The IT security landscape is continually changing, so there is a need to assess an organization’s security architecture regularly. The auditors must make sure that the current architecture is still in line with the business goals and, at the same time, meets its needs. After the assessment, they should make the necessary adjustments to the security architecture.
In all of the areas listed above, the security architecture must contain a detailed, step-by-step guide on how to carry out each task. Training could even be part of the security architecture, especially when there are adjustments after an audit.
Steps in Building a Healthy Security Architecture
Security architects have a lot on their plates, and so can do with a little help. We listed down some best practices that they can adhere to in specific steps when building a sound security architecture.
1. Limit Access
Part of every security architect’s task is to assess the so-called “network topology.” That refers to the network’s layout. It defines how different nodes or systems are connected to and communicate with each other.
Security architects need to know where and how users can access the resources they require to perform tasks while making sure that security policies and measures are in place. They need to answer these questions when designing the network topology:
- What do users need to access systems?
- Which users can be trusted?
- Which files require privileged access?
Security architects should segregate the network—splitting it into zones to control who can access what.
2. Use VLANs
Virtual local area networks (VLANs) allow for easy user segregation within a network. A VLAN is an isolated broadcast domain in a computer network.
It is easier for any organization to implement security policies and measures if it does so by zone. Security architects can group users based on their access rights and assign each to a particular VLAN. That way, they can tighten or loosen security in individual network parts, depending on the confidentiality of data stored in a VLAN. User segregation also makes responding to incidents easier as threats can be contained in affected zones.
3. Enable System Lockdown
Once security architects fully understand the business requirements, who the users are, and what systems are required, they can then begin to determine what security solutions, policies, and protocols to put in place. Apart from using username-password combinations to access systems, for instance, they can require multi-factor authentication (MFA) for computers or servers that contain privileged-access data. MFA requires the use of an additional device (typically a mobile phone) to grant access. All devices should also be capable of being locked down by administrators should these be compromised. That would prevent an entire network shutdown in case of a breach.
A network’s security architecture must evolve with the changing times. A sound security architecture is one that can successfully address threats, whether known or unknown.