VIEWPOINT
A NEW BREED OF SECURITY DMITRII ROSHCHENKO, SENIOR CYBERSECURITY ARCHITECT AT AXON TECHNOLOGIES, ON WHY SECURITY ENGINEERING AND ARCHITECTURE MATTER
I
n order to respond to this question, we need to introduce a typical company scenario that runs a business to understand what are the challenges and the solutions that are going to solve the problems. In this age of digital transformation, being fully connected to the internet is fundamental for companies to receive orders, communicate with their customers and suppliers, promote their business, pay invoices, check their bank accounts, and so on… The larger the company, the more it depends on digital transformation, hence increasing its exposure to both external/ internal threats. In terms of cybersecurity, below are some official statistics that represent the threat scenarios companies face nowadays: In this scenario, the organisations’ IT managers entrust the cybersecurity industry which offers solutions and products that are designed to mitigate specific risks. Selecting the right set of products and solutions to meet their requirements, often represents an additional challenge.
12
CXO INSIGHT ME
JUNE 2022
Many organisations rely on their Enterprise Architecture and Engineering departments, which are focused on aligning with the business’s vision, but frequently they consider security an element of complexity that limits the company’s functionalities and capabilities. Wrongly, many times rather than embedding the security in the solution by Enterprise Architecture and Engineering departments using a holistic approach, they are an enforcement of rules and compliance that aim exclusively to satisfy a checkbox list requirement. To avoid the tick in the box effect, any mature organisation must approach the security problems leveraging the support from the Security Architecture and Engineering departments. “Security architecture and engineering are disciplines that use a set of frameworks, standards and best practices used to assess, design, implement, integrate, monitor, and dispose of security infrastructures declined in terms of people, processes,
and technologies in order to safeguard confidentiality, integrity, and availability of information” To better understand why they matter, we are going to define their responsibilities. Security Engineering Security engineering is the process of identifying the tools and methods needed to implement and build systems to remain dependable in case of an attack or threat and to align with the architectural high-level design of a company’s security infrastructure. One of the most important aspects of security engineering is communication with the stakeholders to define their protection needs and concerns in order to develop methods and processes capable of translating business objectives into technical requirements. When it comes to implementation, many points are to be taken into consideration: • Reviewing the security architecture plan. • Defining the systems and technology
