Upload
peter-rawsthorne
View
969
Download
1
Embed Size (px)
DESCRIPTION
In this lightning talk we will explore one approach to getting multi-stakeholder agreement on Enterprise Architecture decisions focused on a defence in depth security model. Corporate enterprise technology environments can be large and complicated. And when it comes to making changes to the internet facing security environment both rigorousness and resistance to change increase. These increased challenges can be overcome with good project / process management, solid end-to-end architecture, and a comprehensive decision making template. In a nutshell, this talk explores the enterprise architecture decision.
Citation preview
Defence in Depth
Shepherding Solution Architecture Security Decisions
AGENDA
1. Description of Defence in Depth
2. Defence in Depth within the Enterprise2.1. From the solution architect perspective
3. Issues toward implementation
4. Getting to finished
http://technet.microsoft.com/en-us/library/cc512681.aspx
2 Perspectives
CORP
Perimeter
DMZ1
api
api
CORP
Data GovernancePerimeter
Security & Privacy
Standards & Compliance
Content Access & Management
DMZ1
Business Continuity & DRP
IDZ
people.healthcare.com partners.healthcare.com doctors.healthcare.com
Net
wor
k P
ract
ices
Dire
ctor
y P
ract
ices
Dat
abas
e P
ract
ices
SD
LC P
ract
ices
api Perimeter
DMZ1
api
api
vendors.com
Shepherding the Decision
1. Concise problem statement2. Identifying the technical stakeholders3. Approvers and reviewers4. Comprehensive set of options5. Iterate6. Make a recommendation7. Related systems and issues8. Future considerations
Some examples
● Identity system
● Online publishing
● Directory location
● Network segmentation
● Data location
● Search
● Being mindful of legacies
Peter Rawsthorne, B.Tech, M Ed [email protected]@prawsthornehttp://www.linkedin.com/in/prawsthorne
QUESTIONS?