The life of a security architect is rarely simple. Assessing, defending and improving corporate networks requires thorough knowledge of industry best practices designed to secure critical data, combined with real-world understanding of hacker tricks and tactics meant to undermine this purpose.
As noted by the InfoSec Institute, this in-demand job often comes with high expectations, odd hours, and the need for constant professional evolution to stay ahead of cybercriminal threats. Complicating matters is the breakneck pace of technological advancement. The rapid rise of cloud deployments, mobile applications, and IoT devices can make even best-laid security strategies seem like flies in amber—hopelessly out-of-date and effectively immobile.
Here’s a look at what’s bugging security architects and how they can break the mold of static security to combat emerging threats.
There’s an infosec crisis underway. According to Infosecurity Magazine, the ongoing cybersecurity skills shortage requires a rethink of hiring priorities and best practices to ensure companies have the personnel and knowledge they need to effectively combat emerging threats. As noted by Health Care IT News, the impact of compromised IT environments is severe enough that CEOs must prioritize infosec even above projects guaranteed to drive ROI.
Governments are also taking action to address ongoing security issues: As the National Conference of State Legislatures points out, 28 U.S. states now require government agencies to deploy “reasonable security measures” to protect public data; 24 states have also enacted similar laws that apply to private organizations.
For security architects, the combination of limited talent pools, evolving threats, and expanding legislation creates a cybersecurity landscape in which the status quo isn’t enough to defend corporate networks, and forward progress is hard to find.
According to a recent survey from CA Technologies, 66 percent of enterprise security architects said their biggest concern was “providing consistent, end-to-end security.” Fifty-five percent pointed to creating APIs and microservices, 39 percent worried about managing partner ecosystems, and 36 percent struggled with responding to market demands.
Here’s why it’s bugging them:
As noted above, forward progress is the goal for any security architect—building better, stronger, and more responsive security designs capable of keeping pace with the changing nature of infosec. But this progress can be elusive, and for many architects the lack of measurable impact can frustrate best intentions.
For security architects feeling trapped, here’s a three-step guide to forward motion:
It’s easy for security architects to feel trapped in the current infosec climate. Break the barrier by focusing on motion over distance, taking a comprehensive approach to application and network security concerns, and prioritizing visibility as the key to effective strategy.