Why Enterprise Architects Should Care About Securityposted by John Spacey, May 28, 2011
Enterprise Architecture is too often associated with cost control and standardization — two topics that fail to capture the imagination.
Security on the other hand, gets people's attention. Security is a attractive EA value proposition for several reasons:
1. Security is easier than it looksPeople tend to fear security — it seems like a complex and potentially explosive responsibility.
Most EA practices don't tackle security — but usually have a plan to cover it sometime in the future (read: never). Even EA frameworks such as Federal Enterprise Architecture (FEA) and TOGAF have very weak coverage of security.
Despite its mystique — security is no more complex than other architectural considerations EAs deal with on a daily basis.
Most EAs have a cursory understanding of security and are capable of modelling security at a enterprise level. Enterprise Architects facilitate common approaches to security but do not have to be security experts themselves.
2. Security needs to be globalIt is probably the most important security principle: security must be enterprise-wide. Common approaches to security are key to risk reduction and regulatory compliance.
3. Security is integral to all architectural domainsSecurity Architecture is something of a misnomer. Security is a integral part of business, system, data and technology architecture. It is not an independent architectural domain — so it is hard to argue that EA should exclude it.
4. Security standardsEnterprise Architecture is in a good position to identify opportunities for cross-silo security standards. EA Governance is in a good position to enforce such standards.
5. Risk is a good livingSecurity is one of the last areas to experience cutbacks when business goes bad. Organizations tend to value risk mitigation. With security in your mandate — the stock of the EA team will likely rise.
The exciting world of ITIL metrics.|
Service-oriented Architecture (SOA) is as simple as can be — it can all be boiled down to these 9 principles.|
Imagine your hardcore IT geek talking to a company executive. What would they talk about? |
Understand the threats to your organization.|