By Jarrod Loidl.
At present, I am reading “Enterprise Security Architecture: A Business-Driven Approach“, in anticipation of sitting the SABSA Foundation course. Based on the title and many people’s view the content, it isn’t the most thrilling read. While this book is certainly not perfect, I actually am enjoying it at the moment, but I think that’s because I have begun to appreciate the beauty of good architecture. To explain;
In my previous role, (and to a lesser extent current role), I reviewed a lot of solution architecture designs. I really got a buzz reviewing and helping to build a given solution and make it as secure and robust as possible.
In was during this time I really developed an appreciation for architecture as a distinct discipline in its own right. I got to work alongside many IT architects of various backgrounds and capabilities. I attended Architecture Forums where the roadmaps were presented to the CIO. What was interesting was seeing how many of the technical decisions either directly benefited through cost saving, business enablement or supported future company growth and expansion. Growing up in IT, I had often heard how IT exists to support the business. This was truly my first experience seeing the truest extent in which IT could enable the enterprise.
It is also what made me truly realise that many security professionals lack an architectural focus in what we do. Now this is not something limited to our profession is alone. There are plenty of people passing themselves off as “architects” when in fact they are really “designers”. This happens in construction all the time.
It seems intuitive to both “designers” and “architects” that “form follows function”. But what is the distinction between the two? There are application security architectures, infrastructure security architectures, heck once you start getting into SABSA, there is a model for policy security architecture! So what are all these different architectures? What do they mean? Are they just ‘fluff’? Or is there something more?