- Forrester Councils
- Councils Overview
- log in
Posted by Edward Ferrara on December 10, 2011
There are many types of criminals. These include thrill-seeking hackers, politically motivated hackers, organized criminals after financial gain, and state-sponsored groups after financial gain and intellectual property or both. Any of these have the potential to break these capabilities through information loss, or denial of service. Business processes and their associated transactions need to look at information security as a key component of any architectural design we might create as Enterprise Architects.
Security architecture is dependent on the idea of “security.” Security by some definitions is the trade-off of convenience for protection. When I am unloading the car and have an armful of groceries, it's challenging to unlock the front door at the same time. Alternatively I could just leave the front door unlocked but that might invite guests I had not planned for. So I trade convenience for protection.
Forrester Vice President, Principal Analyst Randy Heffner wrote in his article of May 2011, “The Future Of Solution Architecture, Part 1: Business Processes Within A Capability,” on set of architectural views to describe the enterprise and the processes and systems that make up the enterprise. Randy defines six design focal points that define successful business technology implementation. As I read this article I thought it important to provide the information security perspective on Randy’s approach.
My father was a general contractor so I really like the use of construction metaphors when I discuss systems development. (We in the technology business could learn a lot from the building trades.) All construction is done to a set of “building codes.” These codes are there to make sure the building is built in a safe and secure way and to ensure the building is “fit for purpose.” There are codes for structure, electric, and plumbing to name a few. These codes represent best practices, academic and empirical research on building safety.
Information security policies, procedures, standards and guidelines are some of the building codes we need to adhere to when we build IT systems:
Security is based on five design principles. Please note for all you purists out there, yes I have extended the original CAI security model.
As we think about Enterprise Architecture we need to make sure we build our systems “ to code.” When we operate these systems we also need to make sure we operate them in secure, safe ways. Information security best practices need to be designed into these new systems. Trained inspectors need to review these systems as they are built and check on them as they operate to maintain the security we design into them.
Lead BT Transformation
Develop customer-obsessed strategies to drive growth »
Forrester's CX Index
Predict how actions to improve CX will affect revenue performance.
Measure the customer experiences that matter most »