Security Architecture

Quick Description of Security Architecture

Security Architecture provides the framework needed to implement security controls in an environment to adhere to the policy and business needs of an organization. Architectures should address the Who, What, Where, When, Why, and How (5 Ws + H) through the use of key security artifacts around the contextual, conceptual, logical, physical, component, and operational areas. These architectures need to be reviewed regularly, especially as changes are made to the environment, and must adapt organically to permit continued security posture growth and enable business outcomes in an organization. Security architectures that hinder the growth of an organization are set up for failure and would likely be bypassed or ignored as the business grows beyond said architecture.

A proven methodology of creating successful security architectures is provided by the SABSA model. SABSA focuses on business-driven, risk and opportunity-focused architectures that enabled security architects to align seamlessly into IT-driven architecture methods and frameworks (SABSA, 2018). SABSA provides us with a layered view of the above architectures as seen below.

Contextual Security Architecture

The Contextual Security Architecture layer is also known as the Business View. In this layer, we are answering the 5Ws+H as to the importance of the information system we are securing within the business. Why does it exist? Who will be using it? How does it affect our business? These questions help set the stage to understand the business impact of the information system and ensure that the architecture is addressing the business needs of the information system. This is a crucial first step to ensuring a successful, business-driven architecture is implemented.

Conceptual Security Architecture

The next layer, the Conceptual Security Architecture layer, is also known as the Architect's View. In this layer, the "architect" provides a grand view to protecting the system. In short, this is an overall approach to concepts that need to be considered to provide a strong security architecture for a given information system. The 5Ws+H here focus on why the protection is important, who's involved in managing, setup, configuration, and use of the system, where are the security domains, when should protections be present, and so on. Concepts discussed within this layer are broad and widespread, giving high-level guidance on where the security for the system needs to go.

Logical Security Architecture

The Logical Security Architecture layer, also known as the Designer's View, is where the concepts of the architect are disseminated down into logical structures to be implemented in the security of an information system. This layer is where the rubber starts to hit the road. It takes into consideration current security postures and controls within an environment and maps those as well as new controls to secure the information system. The 5Ws+H of this layer focus on the actual users, domains, entities, business information, and other critical assets that are required to create a logical representation of their interaction with the information system.

Physical Security Architecture

The Physical Security Architecture layer is also known as the Builder's View. In this view, the logical representation of the architecture is taken and mapped to the products, applications, and other systems that will be utilized to build the architecture. These various technologies are built to work together to provide a holistic security posture for the information system. The 5Ws+H for this layer focus on mapping technologies and data sets to the information provided by the above layers to ensure each component works together to plan.

Component Security Architecture

The Component Security Architecture layer, also known as the Tradesman's View, is where all the technologies are implemented, managed, and maintained by specialists in those fields. Firewalls are installed and configured by network security admins, servers are set up and configured by systems administrators, and applications are developed by DevOps to address integration needs are just a few examples of what this layer is responsible for.

Operations

The final layer of the SABSA model is the Operations layer, also called the Facilities Manager's View. This layer focuses on the operation and runtime activities of the information system once it's been brought online. In a sense, this layer is providing feedback to all other layers for future projects to call out areas that may need improvement or are working well. Operations ensure that the architecture continues to run as designed and may trigger the re-architecture of an in-production system if changes are needed due to updates, new assets, or other attributes affecting the information system.

Reflection

In the physical world, we trust in Architects to provide us with beautiful structures that are safe, appealing to the eyes, and ideally don't break the bank for their owners. It's important for Architects to understand the full need of a business and work with all parties involved to ensure the vision becomes a reality. The same holds true in the cybersecurity world. As I make a career change to a Solutions Architect role at Palo Alto Networks, the information learned during this course has become near and dear to me. Starting with a holistic focus on the business, its needs, its growth plans, and the impact of both a successful and failed security posture brings what we do into perspective. Many IT and security professionals will get caught up in the cool features that a product will provide for them. IT and security leaders will take a step back and do the mapping between the business, the information system, and understand what needs to be done to remain compliant, promote growth, and build a strong organization-wide security posture.

From the ethical side of the conversation, I have two views around how Security Architecture needs to take ethics into consideration. The first is the duty to the business to build an effective architecture that is cost-effective yet impactful in the goals of the business. Carefree guidance can cause a loss of time and money which negatively impacts the business. Another view is around the efficacy of any given architecture. If point products are thrown together as a "checkbox", the efficacy of said architecture may fail causing the business to fall victim to cyber threats. Both of these viewpoints can cause a negative impact on the business and put the assets of the business at risk. It's important that a strong Security Architecture take these matters into consideration and, as part of the architecting process, provide feedback to continue to be effective towards the business and new threats.

References and Important Readings for Security Architecture

Bodeau, D. J., & Graubart, R. D. (2017, May). Cyber Resiliency Design Principles. The MITRE Corporation. Retrieved February 20, 2022, from https://www.mitre.org/publications/technical-papers/cyber-resiliency-design-principles

Ghaznavi, R. (2017). Enterprise Security Architecture. ISACA. Retrieved February 20, 2022, from https://www.isaca.org/resources/isaca-journal/issues/2017/volume-4/enterprise-security-architecturea-top-down-approach

SABSA. (2018). SABSA Executive Summary. The SABSA Institute. Retrieved February 20, 2022, from https://sabsa.org/sabsa-executive-summary/

Sherwood, J., Clark, A., & Lynas, D. (2005). Enterprise Security Architecture: A Business-Driven Approach. Taylor & Francis.