Understanding the 3 Phases of Cybersecurity Architecture

20 Mar 2024

by Nick Murison

Are you reading this blog on a work device? 

If so, your organization’s security specialist likely has a plan to prevent a security breach on your device. With a proactive approach, cybersecurity architecture teams stop attacks before they happen. 

Why is cybersecurity important, and how does it work?

Without security measures, anyone with the right “skills” can enter and simply steal data.

Let’s say that your work device is like a building - a museum, for example. The museum needs a powerful security system to keep its priceless collection safe from thieves. Naturally, the VanGogh painting will have stronger security than, say, a collection of 1980s memorabilia.

Keeping an organization secure involves a complex system with many different elements. There are even living parts with minds of their own, like you and all of your colleagues. Unfortunately, it’s these living parts that can open your organization up to danger. As Verizon noted in their 2023 Data Breach Investigations Report, 74% of data breaches involved a human element.

The more everyone understands cybersecurity, the easier it is to avoid human error. Unfortunately, cybersecurity isn’t always explained in plain English. 

In this article, we’ll decode cybersecurity architecture and help you understand what your organization’s cybersecurity architects do and why it’s important.

What Is Cybersecurity Architecture

Where Enterprise Architecture is about mapping, analyzing, and designing the enterprise as a whole, cybersecurity architecture zeroes in on what's in place to secure the business's digital assets, data, and systems from various threats and vulnerabilities. It should encompass a framework and robust policies at different layers of the organization.

There are many components and layers to cybersecurity architecture including: 

  • Network Security: Securing the organization's network infrastructure using firewalls, intrusion detection and prevention systems (IDPS), and virtual private networks (VPNs) to control and monitor network traffic.
  • Endpoint Security: Protecting individual devices like computers, smartphones, and servers using antivirus software, endpoint detection and response (EDR) tools, and mobile device management (MDM) systems. Also includes safeguarding against malware and unauthorized access.
  • Data Security: Encrypting data to prevent data breaches. Data loss prevention (DLP) tools and encryption protocols are leveraged here to protect sensitive information from unauthorized access or theft.
  • Application Security: Securing software and applications through regular code reviews, vulnerability assessments, and web application firewalls (WAFs) to help identify and mitigate application-level vulnerabilities.
  • Regulatory Compliance: Ensuring compliance with relevant industry regulations and data protection laws, as non-compliance can result in severe legal and financial consequences.
  • Threat Intelligence: Staying up-to-date and being quick to respond to emerging threats and vulnerabilities. Threat intelligence provides the organization with valuable information for proactive defense.

The Role of Cybersecurity Architects

If we think of cybersecurity architecture like a building’s architecture. A cybersecurity architect creates the building safety code, ensuring secure structural design. E.g., the safety standards for the foundations, roofing, structural support, etc. Often developers help write the code, protecting people from disasters. The developers then construct the physical structure while (hopefully) carefully following the cybersecurity architect’s suggestions.

In short: cybersecurity architects design systems, functions, and services that account for security best practices. They eliminate or reduce the risk of security breaches through the design process.

Cybersecurity architects base decisions and planning on cost vs. benefit-risk calculation. Organizations decide if it’s less expensive to implement the proactive solution or to put out the fire with a reactive measure. In some cases, the best approach may simply be doing nothing because the problem is too expensive to fix.

Back to the museum example: you’d spend more money protecting the VanGogh, while maybe the 1980s memorabilia wouldn’t have any security at all because it’s easily replaced.

Now let’s look at how this works to protect your organization.

The 3 Phases of Cybersecurity Architecture

Security architects tailor their security approach to best fit their organization and sector, keeping in mind the risk calculations. Most plans have 3 common elements:

  • Phase 1 Develop Policies, Standards, and Best Practices
  • Phase 2 Implementation of Phase 1
  • Phase 3 Monitoring of Phases 1 and 2

Learning about these phases helps everyone understand on a deeper level how security architecture works and why it’s so important.

phases of cybersecurity architecture

Phase 1: Developing an Organization’s Policies, Standards, and Best Practices According to Cybersecurity Architecture Frameworks

Security architects develop their organizational policies, standards, and best practices based on cybersecurity architecture frameworks. These frameworks give guidelines like ‘sensitive data must be encrypted.’ However, there’s no indication of the encryption strength. 

Back to the museum analogy: the framework would suggest that all objects worth between $2 to $3 million need “high security.” It's then up to the museum to decide how to define its high security.

Common frameworks include ISO 27001 for information security, NIST Cybersecurity Framework addressing threats and supporting business, and OWASP Top Ten for web application security.

After a company has developed and implemented the cybersecurity architecture framework, it can take a step toward official certification. When they pass the audit, their customers are assured of the organization's level of safety. Over time, changes occur as the security architect adapts systems to stay secure and maintain the certifications.

For some frameworks, cybersecurity staff training is required. It’s an important step because the training helps ensure employees understand their responsibilities and supports maintaining security in the organization. For effective training, companies can use poster templates to create informative and visually appealing training posters about cybersecurity.When an organization fails to train, the certification and customer trust are at risk.

A nerdy note: A standard defines thresholds for compliance, and cybersecurity architecture frameworks offer guidelines. But you’ll often find frameworks referred to as company standards.

Phase 2: Using the Building Blocks of Security and Applying Design Concepts

Once security architects define the organization’s policies and standards, the development teams design and implement the software. This stage applies these requirements and principles at the building block level. 

Many organizations apply a principle called "Security by Design." This involves designing and implementing software components with built-in security controls, ensuring each part of the system is protected against attack. In a way, it’s like building something block by block with Lego. The developers design and construct various building blocks of code to include required security measures relevant to their functionality. When the finished solution is assembled, they have already accounted for many potential security issues.

For example, when considering an app, the cybersecurity architects write the safety rules for authentication and authorization. Such rules may include “Block users who repeatedly enter the wrong password” or “Always check if a user is logged in before giving them access to data.” The developers apply the rules as they make the building blocks. Then they use these existing blocks in other parts of the app, knowing they adhere to the security principles. Finally assembled, the blocks make a secure and robust application.

Phase 3 Monitoring for Changes, Updates, and Implementation

Security architects monitor their systems. They watch to ensure that standards are met, update these standards for new technologies, and keep track of exceptions.

Looking back at our museum building metaphor:

  • Phase 1: The architects decide what safety features the building needs.
  • Phase 2: The builders bring in raw materials and construct the walls.
  • Phase 3: The building inspectors come back to check that the building is safe.

In other words, the security architects monitor phases 1 and 2 to ensure they meet their standards.

In addition, the security architects keep an eye on the list of existing issues that need to be fixed, also called technical debt. Old technologies provide much more surface exposure and are vulnerable to attack. Once or twice a year, a company-wide risk assessment for cyber defense should take place. This helps security architects consider costs and risks and then adapt accordingly. 

In the context of our museum analogy, the museum’s building might have been built to withstand freak thunderstorms, but the architects hadn’t foreseen that a new restaurant next door would create a rodent problem. A regular risk assessment would help them review their existing assumptions and realize that pest control would be a valuable investmentcybersecurity architecture

Keeping Standards Up-To-Date

When a company has a strong body of standards, there will always be a lot of updates. There will be a constant evaluation of the standard’s effectiveness; as they change, the implementation and the old ‘building blocks’ and connections from step 2 will need to be updated. Failure to update creates security problems in the infrastructure.

External changes will also impact an organization’s information security program, requiring them to re-visit Phase 1. Some recent changes with significant cybersecurity implications are:

  • Changes in industry standards: ISO27001 was updated in 2022, and companies are required to move to the new version by 2025.
  • Emerging technology: Last year's huge advances in AI have created huge opportunities, but equally but also new forms of risk that companies will need to consider.

Making Room for Exceptions

There will always be some instances where the body of standards doesn’t make sense. Usually, people can file an exception to the Architectural Review Board (or something similar). For example, using multi-factor authentication everywhere would improve security, but older systems can't support such a modern approach for log-ins. In this case, exceptions can be made or you can request to change or refine the standard.

Behind the scenes, cybersecurity architecture teams work to safeguard your company. Designing security from the start helps organizations lower the risk of getting hacked and save time and finances, as re-building components later to add security is much harder.

Whatever security measures your cybersecurity architects have designed to keep your ‘museum’ of data secure, don’t forget that you, too, play a vital role.

Discover how Ardoq can help design your cybersecurity architecture. Book a demo.

Get Started With Ardoq

More to Explore
Nick Murison Nick Murison Nick Murison is Ardoq’s Chief Information Security Officer. He is passionate about helping Ardoq to meet our customers’ needs - safely and securely.
Ardoq Insights & Events

Subscribe to Ardoq's Newsletter

A monthly digest of the latest news, articles, and resources.