Why Enterprise Architects Should Care About Security
posted by John Spacey, May 28, 2011Enterprise Architecture is too often associated with cost control and standardization — two topics that fail to capture the imagination.
Security on the other hand, gets people's attention. Security is a attractive EA value proposition for several reasons:
1. Security is easier than it looks
People tend to fear security — it seems like a complex and potentially explosive responsibility.Most EA practices don't tackle security — but usually have a plan to cover it sometime in the future (read: never). Even EA frameworks such as Federal Enterprise Architecture (FEA) and TOGAF have very weak coverage of security.
Despite its mystique — security is no more complex than other architectural considerations EAs deal with on a daily basis.
Most EAs have a cursory understanding of security and are capable of modelling security at a enterprise level. Enterprise Architects facilitate common approaches to security but do not have to be security experts themselves.
2. Security needs to be global
It is probably the most important security principle: security must be enterprise-wide. Common approaches to security are key to risk reduction and regulatory compliance.3. Security is integral to all architectural domains
Security Architecture is something of a misnomer. Security is a integral part of business, system, data and technology architecture. It is not an independent architectural domain — so it is hard to argue that EA should exclude it.4. Security standards
Enterprise Architecture is in a good position to identify opportunities for cross-silo security standards. EA Governance is in a good position to enforce such standards.5. Risk is a good living
Security is one of the last areas to experience cutbacks when business goes bad. Organizations tend to value risk mitigation. With security in your mandate — the stock of the EA team will likely rise.Recently on Simplicable
IT ROI is Fading Fast as a Measure of IT Successposted by Anna MarSomebody tell the CFO — IT ROI has gone the way of the dinosaurs. |