Security architecture, engineering and operations

By Piyush Jain
Introduction to Security
Architecture & Engineering

Concepts of Security Architecture
● Security architecture is defined as the architectural design that
includes all the threats and potential risks which can be present in
the environment or that particular scenario.
● Security architecture also includes the security controls and the use
of security controls.

The high-level design of the system architecture
● Security Architecture deals with the when, how and where of
security control application, and addresses the potential risks
involved for an organization in certain scenarios or environments.
● Security Architecture in many cases helps to define the relationship
between the various components inside the IT architecture, their
dependencies and the specifics of their interaction.
● This gives it an association with Data Architecture, but Security
Architecture can take many forms, such as risk management,
benchmarking, financial & legal, and regulatory.

The Security Architect commonly takes
the initiative through a four-phase journey
Phase 1
It starts with a risk
assessment that
examines the
likelihood and
potential effect of
security threats to
business assets
Phase 2
This will inform
the second phase,
during which the
enterprise’s
security
specifications are
designed and
mapped.
Phase 3
The architecture
arising from the
second phase is
then implemented,
operated and
controlled in the
third phase.
Phase 4
The fourth phase
comprises the
operating and
monitoring of day-
to-day security
processes, such as
threat and
vulnerability
management.

Secure System Designs
Importance:
● Developing an infrastructure that’s considerably secure is not an easy task
with the ever-increasing sophistication of hackers.
● If you are to consider yourself an information security expert, however, you
need to be aware of the tenets of a secure system; this is why security
engineering plays an important role.
● Adequate R&D, experience, and skills are required to set up an architecture
that upholds the principles of secure system design.

Secure System Design principles
Reduce the impact of compromise
05 Design to naturally minimise the severity of any
compromise.
Make compromise detection easier
04
Even if you take all available precautions, there’s still a
chance your system will be compromised by a new or
unknown attack. To give yourself the best chance of
spotting these attacks, you should be well positioned to
detect compromise.
Make disruption difficult
03
When high-value or critical services rely on technology for
delivery, it becomes essential that the technology is always
available. In these cases the acceptable percentage of ‘down
time’ can be effectively zero.
Make compromise difficult
02
Designing with security in mind means applying concepts
and using techniques which make it harder for attackers to
compromise your data or systems.
Establish the context before
designing a system
01
Before you can create a secure system design, you need to
have a good understanding of the fundamentals and take
action to address any identified shortcomings.

1. Establish the context before designing a system
➢ It is essential to have a clear understanding of the purpose of any system. We
need to know which data, connections, people, and other systems will be
required for it to operate.
➢ We should determine what impacts we are not willing to accept.
➢ We can explore examples from many organisations where things have gone
wrong, and play out what this would mean in we own context.
➢ To inform our design decisions, we will also need to know which risks are
acceptable. We need to make a document of the risks that we are willing to
take and ensure that all people involved in designing the system are familiar
with them, so they can make well-informed decisions.

2. Make compromise difficult
➢ Any data from an external or less trusted source could have been crafted to attack our
system.
➢ Well structured data can be validated to ensure it conforms to the expected format. If
this isn't possible, the only way to gain confidence in its trustworthiness is to transform it.
➢ If we cannot transform the data, we'll need to take care when we render it, ideally doing
so in an environment we don't mind being compromised. If we're importing software or
binaries, we should validate cryptographic signatures to ensure the software really was
built by a vendor we trust.

3. Make disruption difficult
1. Ensure systems are resilient to both attack and failure
In order to cope with failure it is common practice to provide standby
systems, alternative routes, and data backups. These perform well
against random failure or mistakes, but often less well against malicious
attack.
For example, if you have 10 identical load balanced servers and each
has a 1 in 10 chance of random failure, the chances of them all failing at
once are 1 in 10,000,000,000. However, if they all have the same
vulnerability, it's very little extra work for an attacker to make all 10 fail
rather than just one.

3. Make disruption difficult
2. Identify bottlenecks, test for high load and denial of service conditions
Identify any system bottlenecks. For example, low capacity, legacy
business technology, or an essential microservice which calls a third
party service. Ensure that we have a plan in place to handle these
bottlenecks during periods of high load or outage.
Add specific tests for abnormally high load, and for denial of service, to
our overall testing strategy. For instance, we could simulate some denial
of service attacks by purposefully terminating certain microservices or
infrastructure elements in our pre-production environments.

4. Make compromise detection easier
➢ Collect all relevant security events and logs
Having the right data is essential. This is true whether we want to be well prepared
for analysis in event of a breach, or if we want to detect potential and actual
compromises in real-time.
Ensure we log enough to perform root cause analysis in event of a failure. Will our
logs hold the data you need to work out whether a failure happened as a result of a
breach? Both infrastructure and application level logs may be needed.
➢ Detect malware command and control communications
Watch for attempts by compromised components to contact their command and
control infrastructure. This can be achieved by allow listing external domains, or
addresses that are acceptable for data egress. Attempts to reach other domains
should be prevented and reviewed.

5. Reduce the impact of compromise
➢ Remove unnecessary functionality, especially where unauthorised use would be
damaging
If functionality exists for authorised users then it can be abused by unauthorised
users in event of a compromise.
Reduce the presence of unnecessary functionality and we reduce this risk. In doing
so we'll also cut the operational overhead of maintaining software or functionality
we don't need, simplifying our system and making monitoring easier.
Removing unnecessary functionality can take several forms, such as tuning the
default configurations of the software we use, or removing debug or test
functionality from production systems.

Choosing the right Security framework
● A security framework is a series of standardized processes that can be used to define the
procedures and policies around which the implementation of a system can be carried out.
● The frameworks can be looked upon as blueprints for building information security programs
that can be implemented to reduce vulnerabilities and mitigate threats/risks.
● For an information security expert, the utilization of these frameworks should not be more
difficult than a stroll in a park. Similar to the customization of building blueprints to achieve
desired specifications, frameworks can also be customized to solve intriguing security problems.
● Different frameworks have different levels of complexity and scalability and choosing the right
one depends on your needs and the expectations of the system. Following are some of the most
famous security frameworks:
COBIT
NIST SP 800 SERIES
ISO 27000 SERIES
SABSA

SABSA: Sherwood Applied Business Security
Architecture
● SABSA is a framework of complementary frameworks that work together to ensure all
relevant risks are managed so the organization has confidence it can reach its goals.
● Originally developed as part of the Swift interbank transfer project in 1995 by John
Sherwood SABSA.
● SABSA is now used in over 2000 organizations worldwide by more than 5000 officially
certified PSAPs of security architects to ensure their organization's information is
protected from cyber threats.

Overview of SABSA
● SABSA provides a structured transparent way to enable the organization to embrace this
uncertainty and take risks with the confidence provided by a complete integrated and
monitored set of security controls.
● SABSA methodology is the only risk management or cybersecurity method that can
demonstrate transparency and traceability from the goals and objectives the
organization wants to achieve clear through to the processes and technical
implementations of the controls that enable managing the threats to business success.

NIST cybersecurity framework
● To help these organizations manage their cybersecurity risk, NIST (National Institute of
Standards and Technology) convened stakeholders to develop a Cybersecurity
Framework that addresses threats and supports business.
● The Framework not only helps organizations understand their cybersecurity risks
(threats, vulnerabilities and impacts), but how to reduce these risks with customized
measures.
● The Framework also helps them respond to and recover from cybersecurity incidents,
prompting them to analyze root causes and consider how they can make improvements.
● Companies from around the world have embraced the use of the Framework, including JP
Morgan Chase, Microsoft, Intel, Bank of England and other.

Implementation of NIST framework

Current cyber security trends
Artificial Intelligence
04
● As of 2021, companies increase the making of AI-based
products because of their efficiency and popularity.
Unfortunately, cyber-criminals are also taking the help of AI to
conduct their cyber-attacks. Cyber-security professionals can
help to stop these AI-based cyber-attacks.
Multi-Factor Authentication
03
● MFA forces users to have more gadgets for confirming their
identity trend helps to increase the scope of cyber-crime. As
telephone networks have weak security, Microsoft recently
urged users to stop using multi-factor authentication. So
people need to be aware of this trend and stop thinking of this
as better cyber-security practice.
Ransomware Attacks
02
● Ransomware attacks have become a concerning trend.
According to experts, the average costing of a ransomware
attack in 2020 was 4.44 million dollars, which was higher than
the average cost of a data breach.
Remote Work
01
● Covid-19 pushes the majority of businesses, institutions, and
other working fields to shift for remote work.This unplanned
shifting results in side-stepping the security measures and
increases the risk and vulnerability.

Insider Threats
08
● Insider threats become ordinary day by day. The remote-only
hiring enables all the people worldwide to work for the
company, which is the biggest reason for this increasing
insider threat. According to reports, 15% to 25% of data
breaches are caused by trusted business partners. It is
becoming a trend and the biggest concern.
Chief Security Officer
07
● It is now a trend to have a Chief Security Officer or CSO for
companies.This is because organizations are more concerned
about their security than before. So this trend widens the area
of the job as well.
Cyber Insurance
06
● Because of the increasing number of cyber-attacks, cyber
insurance has become a trend. All the organizations are
buying cyber insurance to protect them from cyber-attacks.
The increase of cyber-attacks during the covid-19 pandemic
caused a sharp rise in cyber coverage.
Cloud Usage
05
● Businesses are adopting cloud-based processes. However,
despite having numerous advantages like efficiency, cost-
effectiveness, and much more, the cloud is highly vulnerable.
As a result, the cloud remains a prime target for cyber-
attacker.

Digital Acceleration
12
● Work from home works more profitable for organizations.
This model saves money, resources and increases
productivity. The company need not bear any extra cost of
rent, transportation, food, cleaning, power usage, or any other
employee facility-related cost.
Zero Trust Framework
11
● An unauthorized user can quickly access the entire network
through a VPN. This problem leads to the adoption of the Zero
Trust Framework called ZTNA. It decreases the cyber-attack
surface, improves connectivity, and gives a more secure
network to the user.
IoT and 5G
10
● In 2021, cyber-attacks on various IoT devices will become a
trend, which is expected to worsen shortly. In 2021 more
devices will be directly connected with the 5G network,
increasing the risk as this connection will make the gadgets
defenseless against any direct cyber-attacks. This trend will
increase infrastructure instability.
Cyber-security startup
09
● Because of all these increased risks and attacks, it becomes a
trend to start a cyber-security startup. Many cyber-security
startups have already become unicorns in a concise time. This
motivates others to land a cyber-security startup as well.

Security architecture, engineering and operations

In this document