Protecting the Enterprise with Cybersecure Technology
As digitization creates new cyberthreats, businesses should make security an integrated part of their IT infrastructure.
November 2010 | by John Olivier
Secure enterprise architecture begins with an initial security assessment to identify and isolate capabilities by threat level. The assessment goes beyond identifying gaps in defense; it also involves analyzing the most critical business assets, such as proprietary trading algorithms or underwriting data that, if compromised, could result in material losses and reputational harm.
Threat-based isolation separates high-value and high-risk assets and processes from low-value and low-risk ones while still allowing organizations to take advantage of shared infrastructure and virtual environments. High-value financial transactions, for instance, can be processed through a separate authorization engine, and an online banking portal can be made to run on different applications and servers from those for the bank’s public website. The data and process steps that support these activities are grouped under discrete capabilities, such as online account opening or money transfer. A “business back” analysis of the value at risk determines an adequate level of protection and links the resulting grouping to a security zone in the architecture. The value at risk can be determined by estimating the operational, reputational, financial, competitive, and regulatory impact of a breach. The value at risk also considers the downtime of a process because downtime can lead to regulatory fines, for example, for negligent handling of customers’ personal information.
We call this approach “castle architecture,” for its multiple layers of defense, including the following elements.
A ‘castle keep.’ Segregating threats according to the value at risk places the company’s most valuable assets within the most secure domain, access to which is highly restricted. Valuable data assets such as these would come under strict master-data management. No data with a security rank of “confidential” or higher would be stored on mobile devices. Laptops would employ virtual clients with no local data storage. All classified information could be retrieved only from the master-data database on demand by authorized systems, and all access would be monitored. Assets with lower value or risk can be housed in more accessible layers with appropriate levels of security.
Defense in depth. The interlocking layers of security we describe function as defense perimeters. With each layer, access becomes increasingly restricted, and information on unusual events is tracked. Inner layers of security are tightly integrated. Sensors and logging mechanisms monitor the outer perimeter and important applications within the network. Database trails are also recorded and analyzed in near real time to detect unusual access patterns, while auditing engines monitor database transactions.
Service architecture. Service architecture is an effective means for managing different levels of security within individual business domains. Data and process steps are encapsulated in services (for example, validating a customer’s credit-card information) such that each service effectively creates a perimeter within each domain. Since each capability is modeled as a service from an architecture point of view, companies can better monitor the flow of data across the network. For instance, all communication goes over defined service interfaces and a common bus, with services classified according to their security requirements. Service-based architecture secures each asset with a private ring fence.
Common bus communication. By routing all communication among the services through a common application service bus, companies can effectively monitor the flow of information.
Large-scale pattern-recognition tools can be introduced to detect suspicious changes in communication patterns. Most companies have defined patterns that they consider suspicious. But in order to detect such patterns, the monitoring devices need to be able to process data from all parts of the IT landscape. Strict enforcement of bus communication cuts across all direct connections between applications. This secure approach will become an imperative in future enterprise architectures; at the moment, a large part of major IT system landscape architectures is still characterized by direct connections between applications, mainly for performance reasons. CIOs must now accept that cleaning up the legacy landscape and introducing a modern bus that is part of their mandate.
Standardization and simplicity. Secure enterprise architecture fosters an environment in which interfaces, technologies, and cross-sectional functionalities are standardized and harmonized, the number of interfaces is minimized, and data flows are clearly structured. One application service bus handles all messages between applications, and one consistent role-based authentication and authorization system is used for employee access. The variety of end-user devices and operating-system versions on the network is minimized, and the number of different database engines and software versions is strictly limited. Clarification of all interfaces with the database enables the detection of suspicious operations. Introducing security audits for nonstandard devices and providing preapproved solutions as services to the organization are prerequisites to drive standardization.
Innovation ‘sandboxes.’ Companies need the ability to build and deploy software rapidly to support everything from new campaigns to product development. A heavily shielded “development sandbox” can provide an appropriate safe haven for new projects and experimentation. Creating such sandboxes is one way digital leaders can carve out space for innovation while maintaining the transactional back-end systems that keep the business running. We call this “two-speed architecture.While two-speed architecture is mainly discussed using the lens of faster time to market or greater customer intimacy, security is becoming a decisive argument to move toward a zoned or multispeed IT landscape.