Engagement Options

Network Security Architecture Development

A security technology architecture, which is closely related to IT architecture, is defined as the desired structure of an enterprise’s technology components and technical safeguards. (As such, a security technology architecture is a subset of organizational security architecture, which includes nontechnical as well as technical controls.) With a security technology architecture in place, an enterprise has a framework for more informed decision making and a guide for ongoing planning, design, and implementation activities.

Security technology architecture typically provides:

A way to evaluate applicability of new technologies, products, and services
A blueprint for future applications and infrastructure growth
A framework for security technology decision making
A method of cost avoidance
A macro view of security-relevant systems and components
A method for creating and documenting consensus
A statement of direction for IT

Burton Group provides a service to assist the enterprise in developing a security architecture consistent with business and regulatory requirements. Burton Group uses their Security and Risk Management Reference Architecture as a guideline throughout this development process.

The engagement begins by documenting the business and regulatory requirements the security architecture must support. This is accomplished by interviewing 15-20 key stakeholders on site or via teleconference in one-hour sessions. At this time Burton Group is also documenting the baseline or “as-is” security architecture. A deliverable is provided that documents:

Business Requirements
Regulatory requirements
Current security architecture
High-level gap assessment

The strategic architecture is developed using Burton Group’s Reference Architecture, a mature and proven methodology for identity management architectures. The Reference Architecture is comprised of a series of organization-specific Technical Positions, as defined further below.

Reference Architecture principles represent the highest level of guidance for technology infrastructure planning and decision-making. Principles are simple statements of an enterprise's beliefs about how it wants to use IT resources over the long term (two to five years in the future). They provide the primary linkage between business strategies and technology strategies, and thus between line management and technology management. Principles are defined for Principles play a key role in developing any technology architecture. They can formalize a commitment by upper management to make investments in the infrastructure. Because many aspects of an architecture specification will likely be ‘enabling’ in nature, it is often impossible to justify recommendations based purely on cost/benefit or return on investment (ROI) analyses. In this case, the IT or services manager may appeal to the higher order of direction offered by the architecture principles.

Burton Group’s Reference Architecture methodology divides principles into three categories that should be used to guide a number of key IT architecture and product decisions going forward: management principles, vendor principles and user principles.

Burton Group will assist in the development of a security architecture that will include the following security-related technical positions:

Encryption: What encryption mechanisms should be used to protect information confidentiality?
Host Security Choices: What protection posture should an organization take with regard to host security?
Malicious software: What mechanisms and approaches should organizations use to mitigate malicious software (e.g., unwanted viruses, spyware, and Trojan horses)?
Network intrusion detection and response: How should enterprises detect and respond to security incidents on their network?
Perimeters and zones: How should enterprises separate network resources into logical or physical network security zones, and what perimeter protections should they use to protect the zones?
System placement and trust mechanisms: How should systems be placed into security zones?
Vulnerability Management: How should enterprises assess and mitigate vulnerabilities in the resource layer?

Development of these technical positions will provide the foundation for the creation of the strategic conceptual architecture.

Templates are “blueprints” or models of the identity and directory architecture, depicting how multiple system or application components relate to each other.

Burton Group’s consultants will work with the project team to develop conceptual, logical, and (where appropriate) physical templates of the Security architectural components based on our proven Reference Architecture:

User and Content
- Mitigating Malware and Spam
- Discovering Sensitive Resources
Perimeter Layer
Detection Services
Identity and Access Layer

Burton Group assists in the development of the security architecture by facilitating a three day workshop. At the conclusion of workshop the entire team will come away with an understanding of the team’s consensus opinions regarding various architectural elements; Burton Group will document these “stake in the ground” decisions (and the basis for technical positions), as well as a high-level migration strategy into a report to include: