Enterprise Security Architecture Blueprint
Enterprise Security Architecture (ESA) is a relatively new concept to most business & IT stakeholders. However it is gaining an increase in adoption due to the need by the CISO’s of enterprises to strategically address information security debt and meet the increasing burden of Privacy related compliance.
However, the lack of maturity in this area of information security presents organisations with a number of challenges, particularly if they plan on using security architecture to address information risk on an enterprise-wide basis. The information below is to help:
- Gain an appreciation of the topic of security architecture by understanding the key terms and concepts
- Become familiar with how security architecture is developed and used
- Understand the key steps required to develop a security architecture
What is Enterprise Security Architecture?
What is Enterprise Security Architecture and why is it useful?
In practice, security architecture involves more than just producing a set of representations that relate to an environment.
Enterprise Security Architecture is a set of representations that describe the function, structure, and interrelationship of the security components within an environment. This can be supportive and influenced by various elements of the Information security function. These include:
- Security governance (e.g. strategy, principles, policy, standards / procedures)
- Information risk analysis (e.g. business impact assessments, threat and vulnerability assessments and control selection and evaluation)
- Security operations (e.g. asset management, information and security classification, and change management)
- Information security related projects (e.g. systems development, application security and systems configuration)
- Other aspects of security (e.g. physical security and business continuity).
Where does Security Architecture fit in?
Why should you use an Enterprise Security Architecture?
Business benefits of using a Security Architecture approach
Security Architecture has the potential to deliver a broad range of business benefits, provided it is addressed in a thorough and effective manner. The potential benefits fall into six categories:
Key concepts: Enterprise Security Architecture - Design Principles
Security Architecture principles are fundamental security rules that should be met during the development of a security architecture, and applied when the corresponding security controls are implemented.
A range of security architecture principles are typically defined by a security architecture team and approve by an architecture board. They are used to help guide security architects (and other architects) during the development of a security architecture and technical solutions.
Core Security Architecture principles, which are considered fundamental within the information security community are:
- #1 Security by design
- #2 Simplicity
- #3 Defence in depth
- #4 Least privilege
- #5 Default deny
- #6 Fail secure
- #7 Do not trust external systems
The security requirements of a system or application should be considered as part of its overall requirements (and not as an afterthought), to avoid wasting unnecessary time, money and effort.
By reducing the complexity and diversity of security controls, less mistakes and errors should occur. Simplicity of security controls should result in better understanding and management of security controls, and the prompt resolution of security-related issues.
Using layers of security increases the level of effort required by an attacker to gain unauthorised access to a system or application. In the event one security control fails or is compromised, another security control should prevent the exposure of information or an information system.
Only the minimum possible privileges should be granted to a user or a process for accessing a resource.
The default setting for a security control should be to deny access to a resource, and require a configuration to specifically grant access.
If a security control fails, it should maintain a state of deny access.
External systems and environments are typically not under the control of an organisation. Therefore, it is recommended that external systems are assumed to be insecure until a level of trust is established.
Key concepts: Enterprise Security Architecture - Layers
Security architecture layers help the security architect (or equivalent) to model and communicate the different levels of detail in a security architecture. A common model of security architecture comprises three layers (e.g. conceptual, logical and physical), as shown below. However, SABSA is a security architecture framework that extends this base model to include a business context, a component level architecture view and consideration of Security Service Management requirements.
Conceptual Security Architecture Layer
Typical characteristics: Capability based. Few components are included, Technology & Vendor agnostic, appropriate for discussing with business representatives. Includes high-level security services.
Logical Security Architecture Layer
Typical characteristics: Provides additional detail, highlights specific security services, indicates security domains, includes high-level security solutions.
Physical Security Architecture Layer
Typical characteristics: includes a great deal of detail, representative of the physical security components to be deployed, specifies security products, security protocols and security standards
Key concepts: Enterprise Security Architecture - Linking the Security Architecture layers
Linking Security Layers
The development of a security architecture can often be an iterative process, with numerous changes made to more than one layer. It is only when the security architecture has been developed that a clear link between the business security requirements and the corresponding security controls can be established.
Key concepts: Enterprise Security Architecture - Traceability
Traceability addresses the ability to trace the security controls back to the original business security requirements. This is needed to determine if they are appropriate for a specific business risk.
Using a layered model for developing security architecture is considered a way of achieving traceability, to help justify and validate the contents of each layer of security architecture and ultimately the resulting implemented security controls.
Key concepts: Enterprise Security Architecture - Security Domains
The term “Security Domain” is commonly used to describe a group of IT and Security components, within a security architecture, that have a common set of security requirements and a defined boundary.
The contents of a security domain can vary, but typically include users, geographical locations, business processes, security services, business applications, computer systems and networks.
A familiar use of a security domains model is in the design of a corporate network, where the Internet, a DMZ and the internal network might be considered to be three separate security domains.
Security domains are often used in more than one layer (e.g. conceptual, logical and physical layers) of a security architecture.
Key concepts: Enterprise Security Architecture - Security Services
Security services are typically used in the development of security architecture to indicate the type of security functionality required to protect the IT infrastructure and business application components. Common security services used in security architecture include:
- Identity services concerned with the lifecycle management of digital identities
- Authentication services relating to verifying the identity of a user or process
- Authorisation services dealing with granting and preventing access to resources
- Cryptographic services concerned with protecting the confidentiality and integrity of Information & Data
Developing and using a Security Architecture
There a number of touch points where a Security Architecture can be developed and used:
Development of business applications
Individuals involved in designing and developing business applications use security architecture to help: Meet business security requirements make effective design decisions manage complexity and scale reduce development time improve quality and security.
Help manage the IT infrastructure
Security architecture is used in the development and management of the IT infrastructure. The security architecture is often used to help: Assess the strength of security controls Highlight gaps in protection Make key decisions about proposed changes.
Help manage Major IT Projects
Major IT projects can often involve complexity, large scale environments and information risks. Using a security architecture approach during the early design stages of a major IT project can help to:
Translate high-level business security requirements into standard controls help visualise the security environment provide greater level of assurance that information risks are being mitigated.