Building a Blueprint for Network Security - Page 2

By  Paul Rubens | Dec 17, 2003
Page 2 of 4   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

An Overall Security Architecture

OK, so far these have all been stopgap measures, but what’s really needed (in fact required — but more on that later) is an overall security architecture rather than a series of ad-hoc measures. “A high-level security architecture is a set of guiding principals, an orderly arrangement of security components,” says Mark Bouchard, a senior program director at Stamford CT-based Meta Group.

A security architecture should define roles, responsibilities, and a policy framework all the way down to the finest detail in a hierarchy. And the buck must stop with a Head of Information Security, who takes ownership of – and responsibility for – the architecture.

A corporate security architecture will probably include a business process catalogue and a domain structure that divides the organization into manageable – and meaningful – portions with different security requirements. Clearly, valuable R&D data has a different value — and as a result needs a different level of protection — than customer contact details, so these would be in different domains.


Other domains could include an executive domain and a typical user domain. Using a series of tools, models, and templates, appropriate security measures should be defined right down to the level of firewalls and passwords.

The purpose of this division by domains is quite simple — it’s all about risk management. It’s not worth spending $100 on a fence to protect a $10 horse — in other words, the security measures you take should be proportionate to the value of the information you’re protecting.

The purpose of the architecture is to use this process of risk management and codify it into a set of rules with which you can engage business users, who are understandably more interested in doing their jobs than in protecting your company’s assets.

Ultimately, a security architecture is a blueprint for all your security efforts. “Without one to guide you, investments in security will be tactical, reactive. Instead of fixing things, you will probably fix one thing and introduce new vulnerabilities at the same time,” says Bouchard.

There’s one further point in favor of ensuring you have an effective security architecture in place — it’s obligatory. Regulatory and fiduciary responsibilities demand that you take security seriously and address it thoroughly, and the Federal Trade Commission says you need to have a plan. Your security architecture is this plan.

Page 3: Devising a Security Architecture

prubens@jupitermedia.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >