当前位置：网站首页>Design your security architecture OKR

Design your security architecture OKR

2022-07-06 20:21:00 【InfoQ】

0x00 Preface

This article briefly talks about how to design a security architecture OKR（ Not personal workload OKR）. Architects' personal OKR It can be to solve a problem in a quarter （ Design of some platforms , Promotion of strategy , Operational indicators, etc ）.

0x01 Security architecture goals

Old rules , Look at the picture . In fact, it is not difficult to find out that strategy and technology operation are still three steps , Although it is the same , But in fact, there are not many companies .

Object

Service oriented security capabilities

Security service platform

Intelligent security platform

Promote the service of safety capability , Security service platform , And intelligent security platform . Standardize the basic ability of technology through the formulation of strategies , Integrate technical capabilities by building a security platform , Continuous delivery through operations . The three things that need to be done in the strategic technology operation in the figure are assumptions , Architects should customize according to the situation of their enterprises .

notes ： Pay attention to strategy construction , We should consider what kind of technology to use to support the strategy , When considering technology construction , We should consider how the technical architecture is delivered and operated （ Service Architecture ） etc.

Key Resources

Focus on values and threats from a strategic perspective , Carry out the construction of standards and specifications

Focus on service and delivery from a technical perspective , Carry out basic capacity-building

Focus on scenarios and quality from an operational perspective , Do a good job in life cycle management （ closed loop ）

0x02 Architecture and platform

Inside this

Every governance area needs strategies , technology , Operation support

Every governance area needs architectural guidance , Platform delivery , Operational services

Basic security determines the lower limit of application security and data security

Architecture design determines the upper limit of security platform and security operation

With the cloud of infrastructure , The categories of security services have increased , Will gradually form a security platform , At the same time, slowly assume more responsibilities . But it also depends on the organizational structure , You can think about how the enterprise is designed in combination with the above figure . According to different organizational structures , Implement different collaboration modes . For example, security architecture convergence requirements , The security platform group integrates security tools in various fields , Some security capabilities are encapsulated into services for business use , And unify the services into a security platform , Provide unified infrastructure and system control for enterprises , Provide external services for safe operation . For example, build teams in different areas of governance , Form a virtual security architecture team , Undertake demand , Collaborative implementation . Then hand it over to safe operation or respective operation .

Take data security architecture for example , Mainly make three pieces （ In some places IAM be not in data security Within limits ）.

Cryptography: HSM, KMS, PKI, Crypto Agility, Encryption as service, Transparent encryption, cert management, etc.

Data Protection: DLP, EDR, Email Protection, Data Classification/Tagging/Privacy Platform, 3rd file sharing, etc.

Identity Access & Management: IDP, MFA, Hardware Key, Passwordless, Beyond Corp / Dev, etc.

Let's go to the details Cryptography, Data security experts need to develop Crypto Control Of Policy, For different algorithms , attribute , Life cycle makes provision . Then promote the strategy , Technical experts and architects work together to build Crypto Infrastructure, Development and supply Self Service,Management Portal wait . Please refer to some previous blogs , I won't go deep here . alike , about Data Protection, Need to develop data classification , The data transfer , Leak proof Policy etc. . While promoting norms , Establish a data scanning platform , Count into different data sources , Then label all kinds of data , Provide some technologies of privacy Computing , To achieve the security control of data lifecycle , At the same time, enhance the possibility of data flow , wait .

The other is OKR For architecture , Platform and operation , The measurement indicators should be different . Architecture should focus on the ability to solve problems , What kind of functions are provided . Instead of requiring architects to design the platform to require how many access users and cover how many scenarios . Architecture can help deliver access to some scenarios , But the promotion of homogeneous scenes should be the indicator of operation . Of course, this also depends on the specific boss's cognition and requirements , After all, there is a gap between ideal and reality .

0x03 summary

OKR Actually, it's already a cliche , I remember writing an article a long time ago OKR I have done the design of wild road safety architecture . But I used to do security architecture when I was a security engineer , Usually for specific tasks , Now it is to do it as a security architect , More depends on the whole . There are still some differences , The focus has also changed . The most obvious thing is to feel the importance of communication , The importance of emotion management . The boss told me about the idea of two out of three , In the enterprise , Industry experience , Technical ability , Communication management can do well stably if you have two of them , Of course, you can also go deep into your own advantages , Make up for deficiencies . Of course, the deepening of each item requires a lot of energy , knowledge has no limit , Keep accumulating .

原网站

版权声明
本文为[InfoQ]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/187/202207061220476950.html