This weeks topic was security architecture. In my organization and the organizations that we support, security has always been important. But in the past few years, security architecture has become a well planned discipline, that is much more proactive than reactive. Security is now being treated like an important component to the overall enterprise architecture, like business and application architecture, rather than an after thought.
My organization was recently working with a sponsor to help them re-engineer their current enterprise. Not surprisingly, security was a big concern of theirs. My organizations core competency is systems engineering, so our approach is to view the enterprise as a sum of its parts rather than various entities that need to be bolted together. I find that there is much overlap been the systems engineering and enterprise architecture disciplines, as the focus is on integrating sub-systems and systems together.
After our group examined their currently deployed enterprise architecture and interviewed their various stakeholders, we were able to develop a conceptual design for a new architecture that allowed for a much tighter integration of their application, infrastructure and security operations than what is currently existing. The end goal is to not only create better overall security, but to make that security less of a foreground task that end users have to endure and much more of a background task that they hardly notice. Yet all the while providing much greater security for the organization than what previously exists.