Maksim Kabakou - Fotolia
Security Think Tank: Data architecture and security must evolve in parallel
How can infosec pros and data architects work together to support business goals and achieve a good level of cyber security?
The rapid transformation of data from a tool and by-product of information systems to a critical business asset has seen the role of the data architect propelled upwards in most data-heavy organisations. Add to this the regulatory pivot in recent years that has moved the legal focus in Europe and further afield squarely onto how we gather, store, use, protect and dispose of data, and it is no surprise that the function of the data architect and the discipline of data architecture are legally, financially and productively crucial to modern business.
This legislative and best-practice focus on data, along with the activities of the data architect, has created a degree of friction for data-related activities – often as a result of data architecture and information security operating in series, rather than in parallel. Ultimately, the frictionless data needs of users and the organisation at large cannot be fulfilled at the expense of security needs and concerns. But the way to achieve that is through closer integration, shared processes and shared goals.
What is absolutely essential is a strong sense of cooperation between the cyber security and data sides of the IT team and the wider organisation. Data architecture and cyber security strategy cannot operate in isolation – neither one is effective if it is applied after the other.
Architects from both sides – data and security – should collaborate from the outset to ensure the following base criteria are satisfied and integrated into any project:
- Designing or reviewing whether security controls for any data repository and any system using it are suitable.
- Understanding of both data and systems use and context, and how a given system or data repository is likely to be attacked or compromised by either external or internal factors.
- Researching and developing techniques or tools to address the more systemic security problems while keeping user and regulatory data requirements front-of-mind.
- Advising the c-suite on data architecture and the integration of cyber security into that architecture when making strategic decisions.
Processes and technology can help support a collaborative framework and workflow for data architecture and cyber security. But it is the leadership of an organisation that is ultimately responsible for the successful implementation of the processes and optimal use of the infrastructure. This is why the last point is so important to improving collaboration between information security professionals and data architects.
Ultimately, the key to successful collaboration between data architects and information security professionals is verification and consistency of skillsets. Ensuring that both roles have a consistent level of repeatable skills, regardless of location, is essential to successful collaboration and global roll-out of best practices.
Having cyber security staff in any given country who have completed a core set of education and certification goals, and data architects who have done the same in their field, will ensure that the organisation can make base-level demands of these teams globally to work together.
This will mean that work between the two on development, testing, policy and process to support business goals will not be undermined by parts of the overall team having wide variations in their professional competence and technical disciplines.
Read more from Computer Weekly’s Security Think Tank about how infosec pros and data architects could work together to support the business and protect data
- CIA at heart of infosec-data architect partnership.
- Interdisciplinary ties are key to security integration.
- Dialogue between data architects and security leads is essential.
- Security is a business, not an IT function.
- Communication, processes and tech: A new beginning for security.
- Balancing data accessibility with security controls.
- Data architects should be key allies of infosec pros.