It never fails. Walk into any IT department and ask who is responsible for the overall security architecture. Whether you ask the network guys or the consultants, chances are you will get a lot of different answers and even more empty stares.
As a security architect, I am not concerned about managing firewalls or correlating IPS logs, but rather, understanding how components fit and work together to address the overall issues.
I am consistently dumbfounded that many organizations are still struggling with this simple issue. For a discipline that has been around longer than video, data centre and social media, security finds itself without a proper champion at many organizations.
And I sometimes wonder, why?
Is it because of the rapid change? Or the potentially huge visibility of a security breach? Maybe a proper security architecture framework has never been put into place?
I have always said that true security architects are the most diplomatic, technical and knowledgeable people you’ll ever meet.
They have to be political to sell many of their ideas to the C-suite and line of business executives; technical to stand up and defend their architecture (from the plain old networking platforms to the latest data centre virtualization technologies); and they need to be knowledgeable to answer a large spectrum of frequently asked questions relating to physical and network security.
Even at Cisco we have had to cut through the hype to define a true architecture. It’s not easy and we know this.
It is hard for a single vendor to define and build an architecture without having a product to address every aspect of security. We have made major strides in the last few years with Trustsec.
Trustsec provides a blue print for security architecture from desktop and mobile devices to access switches, and through to core routing and data centre security. It is by no means a complete architecture, but a foundation that Cisco infrastructure can be built on. A blue print that those brave enough to take on the role of security architect can use to build a comprehensive security plan for their organization.
Until the day organizations realize that security architecture is as important as other IT fields, security will be an afterthought.
Let’s hope that day comes soon.