Enterprise Architecture for Implementing Security
Depending on who you ask, the world is either heading for, or already in the midst of a data downpour. A study as recent as 2015 found that global internet traffic will likely reach 1.4 petabits per second – the equivalent to 125 terabytes p/s.
This trend is likely to continue upward, and the implications for those monitoring such data are huge.
Most damning of such implications, is the growing threat that mass data leaks pose to the consumer and to business. Warranted public outcry following a number of high profile data leaks and breaches is more than enough to put this into perspective.
This boom in data has lead to businesses having to revise and improve their risk management policies and relevant tools. Any flaw in the way data is stored or monitored is a potential ‘in’ for cybercriminals, and so businesses have to ensure security surrounding sensitive information is thorough, and covers the whole business.
The problem is, implementations of new security tools and procedures often happen on a reactionary basis. Meaning they’re introduced as a new flaw in security is uncovered. This tends to lead to a staggered implementation, for short term fixes, rather than long term solutions.
This isn’t an effective way to implement new security protocol, as it often leads to critical areas being overlooked, misalignment and poor execution.
To effectively govern the implementation of security, we need to think in terms of Enterprise Architecture.
Enterprise Architecture’s Role in Implementing Security
Enterprise Architecture’s holistic view of the business makes it perfect for actioning new security.
Because of Enterprise Architecture’s layered approach – meaning the systems and structure on one layer dictate the systems and structure on the layer above – EAs can take a fine combed approach of introducing new security systems and ensure that nothing is missed, and that they don’t restrict the business. This ensures weaknesses are dealt with at the source, rather than quick fixes being tacked on after the fact.
With this in mind, it’s also important to recognize the need to properly integrate EA. Both in terms of systems and company ethos. The aforementioned benefits of leveraging EA to implement security, won’t be fully realized if EA is confined to an Ivory Tower.
Business leaders need to give EA the reach it requires in order to effectively impact the business. That means centralizing EA, freeing it from its dated, fringe-IT perception, as this limits the required holistic view of the organization EA needs to be effective. There’s even an argument for EAs to be recognized and utilized as a direct advisory body to the CIO.
Why Your Enterprise Architecture needs to be Agile
As with much of what Enterprise Architecture deals with, we can never be 100% prepared – or in this case, secure.
The uncertainty pertaining to EA and what it governs over was a huge catalyst in calls for a more agile take on Enterprise Architecture. Agility in EA can help businesses be prepared enough so they can respond quickly, or even capitalize on unforeseen disruptions.
In working towards securing a business’ sensitive data, organizations have a lot of variables to consider – and they’re constantly evolving. There isn’t a one size fits all solution to security as security costs money and not every department of a business has the same needs. Businesses will have to evaluate where the risks are highest, and prioritize in order to not overspend. Security has to be tailored to fit as many different areas as required.
Enterprise Architecture can help in determining which risks yield the best return, and thus, influence decision making and spending going forward.