Understanding the 3 Phases of Cybersecurity Architecture

13 Oct 2022

by Nick Murison

Are you reading this blog on a work device?

If so, your organization’s security specialist likely has a plan to prevent a security breach on your device. With a proactive approach, cybersecurity architecture teams stop attacks before they happen. 

Why is cybersecurity important, and how does it work?

Without security measures, anyone with the right “skills” can enter and simply steal data.

Let’s say that your work device is like a building - a museum, for example. The museum needs a powerful security system to keep its priceless collection safe from thieves. Naturally, the VanGogh painting will have stronger security than, say, a collection of 1980s memorabilia.

Keeping an organization secure involves a complex system with many different elements. There are even living parts with minds of their own, like you and all of your colleagues. Unfortunately, it’s these living parts that can open your organization up to danger. As Verizon noted in their 2022 Data Breach Investigations Report, 82% of data breaches involved a human element.

The more everyone understands cybersecurity, the easier it is to avoid human error. Unfortunately, cybersecurity isn’t always explained in plain English. 

In this article, we’ll decode cybersecurity architecture and help you understand what your organization’s cybersecurity architects do and why it’s important.

A Brief Overview of Cybersecurity Architecture

Let’s think of cybersecurity architecture like a building’s architecture. A cybersecurity architect creates the building safety code, ensuring secure structural design. E.g., the safety standards for the foundations, roofing, structural support, etc. Often developers help write the code, protecting people from disasters. The developers then construct the physical structure while (hopefully) carefully following the cybersecurity architect’s suggestions.

In short: cybersecurity architects design systems, functions, and services that account for security best practices. They eliminate or reduce the risk of security breaches through the design process.

Cybersecurity architects base decisions and planning on cost vs. benefit-risk calculation. Organizations decide if it’s less expensive to implement the proactive solution or to put out the fire with a reactive measure. In some cases, the best approach may simply be doing nothing because the problem is too expensive to fix.

Back to the museum example: you’d spend more money protecting the VanGogh, while maybe the 1980s memorabilia wouldn’t have any security at all because it’s easily replaced.

Now let’s look at how this works to protect your organization.

The 3 Phases of Cybersecurity Architecture

Security architects tailor their security approach to best fit their organization and sector, keeping in mind the risk calculations. Most plans have 3 common elements:

  • Phase 1 Develop Policies, Standards, and Best Practices
  • Phase 2 Implementation of Phase 1
  • Phase 3 Monitoring of Phases 1 and 2

Learning about these phases helps everyone understand on a deeper level how security architecture works and why it’s so important.

phases of cybersecurity architecture

Phase 1 Developing an Organization’s Policies, Standards, and Best Practices

Security architects develop their organizational policies, standards, and best practices based on frameworks. These frameworks give guidelines like ‘sensitive data must be encrypted.’ However, there’s no indication of the encryption strength. 

Back to the museum analogy: the framework would suggest that all objects worth between $2 to $3 million need “high security.” It's then up to the museum to decide how to define its high security.

Common frameworks include ISO 27001 for information security, NIST Cybersecurity Framework addressing threats and supporting business, and OWASP Top Ten for web application security.

After a company has developed and implemented the framework, it can take a step toward official certification. When they pass the audit, their customers are assured of the organization's level of safety. Over time, changes occur as the security architect adapts systems to stay secure and maintain the certifications.

For some frameworks, cybersecurity staff training is required. It’s an important step because the training helps ensure employees understand their responsibilities and supports maintaining security in the organization. When an organization fails to train, the certification and customer trust are at risk.

A nerdy note: A standard defines thresholds for compliance, and frameworks offer guidelines. But you’ll often find frameworks referred to as company standards.

Phase 2 Using the Building Blocks of Security and Applying Design Concepts

Once security architects define the organization’s policies and standards, the development teams design and implement the software. This stage applies these requirements and principles at the building block level. 

Many organizations apply a principle called "Security by Design." This involves designing and implementing software components with built-in security controls, ensuring each part of the system is protected against attack. In a way, it’s like building something block by block with Lego. The developers design and construct various building blocks of code to include required security measures relevant to their functionality. When the finished solution is assembled, they have already accounted for many potential security issues.

For example, when considering an app, the cybersecurity architects write the safety rules for authentication and authorization. Such rules may include “Block users who repeatedly enter the wrong password” or “Always check if a user is logged in before giving them access to data.” The developers apply the rules as they make the building blocks. Then they use these existing blocks in other parts of the app, knowing they adhere to the security principles. Finally assembled, the blocks make a secure and robust application.

Phase 3 Monitoring for Changes, Updates, and Implementation

Security architects monitor their systems. They watch to ensure that standards are met, update these standards for new technologies, and keep track of exceptions.

Looking back at our museum building metaphor:

  • Phase 1: The architects decide what safety features the building needs.
  • Phase 2: The builders bring in raw materials and construct the walls.
  • Phase 3: The building inspectors come back to check that the building is safe.

In other words, the security architects monitor phases 1 and 2 to ensure they meet their standards.

In addition, the security architects keep an eye on the list of existing issues that need to be fixed, also called technical debt. Old technologies provide much more surface exposure and are vulnerable to attack. Once or twice a year, a company-wide risk assessment for cyber defense should take place. This helps security architects consider costs and risks and then adapt accordingly. 

In the context of our museum analogy, the museum’s building might have been built to withstand freak thunderstorms, but the architects hadn’t foreseen that a new restaurant next door would create a rodent problem. A regular risk assessment would help them review their existing assumptions and realize that pest control would be a valuable investmentcybersecurity architecture

Keeping Standards Up-To-Date

When a company has a strong body of standards, there will always be a lot of updates. There will be a constant evaluation of the standard’s effectiveness; as they change, the implementation and the old ‘building blocks’ and connections from step 2 will need to be updated. Failure to update creates security problems in the infrastructure.

Making Room for Exceptions

There will always be some instances where the body of standards doesn’t make sense. Usually, people can file an exception to the Architectural Review Board (or something similar). For example, using multi-factor authentication everywhere would improve security, but older systems can't support such a modern approach for log-ins. In this case, exceptions can be made or you can request to change or refine the standard.

Behind the scenes, cybersecurity architecture teams work to safeguard your company. Designing security from the start helps organizations lower the risk of getting hacked and save time and finances, as re-building components later to add security is much harder.

Whatever security measures your cybersecurity architects have designed to keep your ‘museum’ of data secure, don’t forget that you, too, play a vital role.

Discover how Ardoq can help design your cybersecurity architecture. Book a demo.Get Started With Ardoq

Nick Murison Nick Murison Nick Murison is Ardoq’s Chief Information Security Officer. He is passionate about helping Ardoq to meet our customers’ needs - safely and securely.
Ardoq Insights & Events

Subscribe to Ardoq's Newsletter

A monthly digest of the latest news, articles, and resources.