PreEmptive logo

Fly in Amber: What’s Bugging Infosec Architects?

The life of a security architect is rarely simple. Assessing, defending and improving corporate networks requires thorough knowledge of industry best practices designed to secure critical data, combined with real-world understanding of hacker tricks and tactics meant to undermine this purpose.

As noted by the InfoSec Institute, this in-demand job often comes with high expectations, odd hours, and the need for constant professional evolution to stay ahead of cybercriminal threats. Complicating matters is the breakneck pace of technological advancement. The rapid rise of cloud deployments, mobile applications, and IoT devices can make even best-laid security strategies seem like flies in amber—hopelessly out-of-date and effectively immobile. 

Here’s a look at what’s bugging security architects and how they can break the mold of static security to combat emerging threats.

The Current State of Cybersecurity

There’s an infosec crisis underway. According to Infosecurity Magazine, the ongoing cybersecurity skills shortage requires a rethink of hiring priorities and best practices to ensure companies have the personnel and knowledge they need to effectively combat emerging threats. As noted by Health Care IT News, the impact of compromised IT environments is severe enough that CEOs must prioritize infosec even above projects guaranteed to drive ROI. 

Governments are also taking action to address ongoing security issues: As the National Conference of State Legislatures points out, 28 U.S. states now require government agencies to deploy “reasonable security measures” to protect public data; 24 states have also enacted similar laws that apply to private organizations.

For security architects, the combination of limited talent pools, evolving threats, and expanding legislation creates a cybersecurity landscape in which the status quo isn’t enough to defend corporate networks, and forward progress is hard to find.

Don’t Bug Me

According to a recent survey from CA Technologies, 66 percent of enterprise security architects said their biggest concern was “providing consistent, end-to-end security.” Fifty-five percent pointed to creating APIs and microservices, 39 percent worried about managing partner ecosystems, and 36 percent struggled with responding to market demands. 

Here’s why it’s bugging them:

  • Consistent End-to-End Security: The Holy Grail for security architects but remains an elusive goal. Hackers now rely on a combination of new threat vectors and historically successful attacks (such as phishing and macro malware) to compromise corporate networks. Finding solutions that work both in situ and over time is challenging, even for experienced architects.
  • APIs and Applications: 63 percent of app developers share this concern, and it’s no surprise. If hackers can compromise applications or third-party APIs by reverse engineering source code or probing and altering network traffic to find vulnerabilities, they could circumvent security checks and/or gain access to critical data.
  • Partner Ecosystems: Third-party ecosystems are often corporate weakpoints because in-house IT can’t control the APIs and applications. While security architects can draft agreements that include security requirements, the onus is on first-party data owners to ensure they comply with government or private industry regulations.
  • Market Demands: The security landscape is constantly changing, making it difficult for architects to know when to invest in security solutions and when to wait for the next market shift. Mobile applications are a good example: The sheer number of apps now used by companies daily demands robust management and agile security solutions.

Forward Motion

As noted above, forward progress is the goal for any security architect—building better, stronger, and more responsive security designs capable of keeping pace with the changing nature of infosec. But this progress can be elusive, and for many architects the lack of measurable impact can frustrate best intentions.

For security architects feeling trapped, here’s a three-step guide to forward motion:

  1. Measure by Movement, Not Distance: It’s not about how far you go. It’s about making progress. Why does this matter? Because infosec pros tend to prioritize perfection, it’s impossible to ensure networks and applications are 100 percent secure. Architects can make measurable progress that offers direct business benefits by identifying key issues that can be improved with current resources and talent, such as implementing two-factor authentication or utilizing in-app protection. 
  2. No Bug Spray is Perfect: No single solution will solve every security problem, no matter what the marketing says. End-user analytics, intrusion detection, and application hardening tools each have a role in reducing the frequency and sting of cyberattacks. Still, consistent end-to-end security is only possible with multiple solutions working in tandem.
  3. Seeing is Believing: You can’t defend what you can’t see. For many security professionals, this is their stumbling block: Lack of visibility makes it impossible to create effective infosec policies. Tools that prioritize end-user activity, application behavior, and network traffic patterns are critical to gaining insight and informing long-term strategy.

It’s easy for security architects to feel trapped in the current infosec climate. Break the barrier by focusing on motion over distance, taking a comprehensive approach to application and network security concerns, and prioritizing visibility as the key to effective strategy.

In This Article:

Try a Free Trial of PreEmptive Today!