The cyber security threat landscape is rapidly evolving. Increasingly sophisticated attacks, multiple threat actors, strict regulations on security and privacy, new-age trends on BYOD, remote working and growing adoption of cloud, and digital transformation initiatives are just some of the varied challenges that Information Security teams face. And the lack of adequate skilled resources compounds these challenges to manage various security responsibilities.
As news comes in every week of more cyber-attacks, Chief Information Security Officers (CISO) are searching for solutions and measures to improve their organization’s cyber security posture. Often, solution providers pitch various solutions/technologies to solve these challenges. Information Security teams assure that these solutions, with built-in next-gen features, can flag attempts to disrupt business, prevent attacks and minimize impact.
But multiple studies and industry surveys over the years have shown that procuring and implementing a solution does not mitigate the threat on its own. Often these implementations face challenges like high costs, lack of skilled resources to manage the solutions, poor or inadequate configuration of policies, absence of integration with other solutions, insufficient supporting workflows, and processes, and so on.
So, if just buying a solution and implementing is not enough, where does one start? The answer is Security Architecture Review — an activity that can help organizations understand their security threats and identify which solutions can mitigate these risks. The complex nature of the IT infrastructure of organizations today means that a thorough review is needed to identify the critical security risks and the solutions to address them.
Security Architecture Review is a holistic review of security that covers networks, Data, Applications, Endpoint, Cloud, etc. It identifies gaps in your Architecture, Policies, and Controls that may put your critical assets at risk from attackers.
So, what does a Security Architecture Review involve?
Security Architecture Review begins with a study of the Business and IT environment of an organization and the key security and privacy requirements that are mandated by clients and regulations like GDPR, CCPA, PCI DSS, etc. Organizations wanting to adopt best practices can look at information security and data privacy standards and frameworks like NIST 800-53, ISO 27001, CSA STAR, etc.
Identifying security and privacy risks is the next critical step as Information Security teams need to know what assets, applications, and processes need stringent controls and monitoring.
The next step is to study the existing architecture for network and security, understand cloud adoption, study existing solutions for security for design and implementation effectiveness, and identify gaps. We also recommend assessing the configuration of key solutions to understand the implementation effectiveness and identify any gaps.
After studying architecture, it is important to assess the current solutions implemented and their design effectiveness as per the security domains such as Access, Patch, Monitoring, etc. This helps in identifying the solutions that address various security and privacy risks.
After identifying the gaps, it is important to identify the right solutions to mitigate the gaps and address critical risks. Again, the solutions must address a few key criteria–risk mitigation, compliance management, integration with other solutions and interoperability, monitoring capabilities, and the ability to provide detailed reports as per organizational policies.
While identifying solutions, one must also consider the state of the infrastructure–On-prem, cloud or hybrid. One must also look at security components that are provided by Cloud Service Providers.
The end-state architecture must comprise solutions that offer protection from critical risks, integrate with other solutions deployed to provide relevant alerts and minimize the impact of any attack. Finally, one must also fortify the Information Security team with Subject Matter Experts (SMEs) who will manage the solutions.
No matter how secure your organization’s cyber defenses may be, a Security Architecture Review (SAR) can identify potential vulnerabilities and recommend countermeasures. The process begins with an assessment of your current state of security, followed by the development of a roadmap for improvement.
A SAR is especially important in the current environment, where cloud security services are becoming more popular. By definition, the cloud is a distributed system that spans multiple data centers and devices. This makes it more difficult to secure and increases the risk of data breaches.