The role of the network security architect is constantly changing due to evolution in IT landscape, its digital transformation and the position has become particularly important over the past 15 years. This is a period during technology and the way it is consumed has evolved significantly.
By Sarthak Rohal, vice-president: IT services at AlphaCodes
For instance, the first smartphone was launched in 2007, resulting in people and companies’ online presence increasing rapidly, changing the way we work.
In addition, considering current COVID Situation where work from home is the New Normal are vigorously targeted by cybercriminals due to the lack of necessary security solutions and user compliance on their devices. For instance: – As per Kaspersky team, “As of January 2021, the number of global users encountering various threats using popular online learning platforms as a lure reached 270,171 — a 60% increase when compared to the first half of 2020.”
From the network security architect’s perspective, this has brought large changes to the application portfolio, based on the necessity to secure an organisation’s online presence. However, the biggest change in the role of the network security architect probably took place in the recent years, due to the advent of new technologies and a change in technologies such as IoT, distributed cloud, blockchain and serverless micro services.
In addition, Organisations are looking for automatic scaling and lower runtime costs, along with options of demand-based flexibility to run and access applications through modern security architecture.
To enable secure way to consume IT services, security has become much more important to organisations in recent years. Cloud & network security, application security, cyber defence, security compliance, identity & access management, mobile security, including security related to Internet of Things (IoT), etc now must be taken care by the network security architect.
The importance of compliance
Compliance has also become extremely important in the past few years and this has impacted the role of a Network Security Architect. Compliance and governance form a large part of this role, as the architect needs to consider regulations such as the General Data Protection Regulation (GDPR), the Protection of Personal Information (PoPI) Act, other industry relevant compliances, etc.
In terms of skills that a network security architect needs to possess, it is somewhat of a combination. There is a requirement in three particular areas, including technical skills, understanding compliance as well as an ability to keep up with the impact of changing infrastructure and strong analytical skills.
New technologies
A network security architect must be aware about the changing landscape & technological enhancement happening through AI – ML and their business values. Most importantly need to know how these can fit into the network along with existing and the influx of new technologies.
For example, they need to know how blockchain impacts the nature of the business and how this changes the way the organisation does things. While it is important to keep up to date with those constant changes, it does not mean that the Network Security Architect needs to know in-depth details but should rather have a high-level overview.
Compliance and Regulations
From a training perspective, first is local and regional Compliance & Regulations. Network Security Architects need to be cognisant of the requirements for regulations such as GDPR, PoPI etc, as well as the nature of such Acts and their implications. Therefore, they need to understand what is needed to comply and should complete training on these regulations.
Market Trends and Updates
Thirdly , is to keep abreast with latest technology trends and prediction. However, the network security architect should not be focused on a specific company to offer training but should rather look towards industry-specific trends and innovations.
The network security architect delivers immense value to an organisation today, as companies’ growing online presence has seen data become the new oil. Most organisations are exposed to cybersecurity threats, but a cybersecurity architecture plan helps us to implement and monitor organisation’s network security systems.
A cybersecurity architecture framework positions all your security controls against any form of malicious actors and how they relate to your overall systems architecture. Couple this with the increase in cybercrime and the requirement to secure infrastructure becomes extremely important.
The network security architect is involved in various phases to keep correct organisations’ s security postures:
* Architecture Risk Assessment: focused to evaluate the influence of vital business assets, the risks, and the effects of vulnerabilities and security threats to organisation.
* Security Architecture and Design: Defining the design and architecture of security services to aid the protection of organisation’s assets in order to facilitate business risk exposure objectives and goals.
* Implementation: the actual execution of designed architecture aimed to ensure that the security policy and standards, security architecture decisions, and risk management are fully implemented and effective for a long period.
* Operations and Monitoring: focused to measures like threat and vulnerability management and threat management are taken to monitor, supervise and handle the operational state in addition to examining the impact of the system’s security.
* Compliance: – Bring right level of visibility to industry specific compliance reporting & ensuring the access of relevant data to the right people.
Security is often an afterthought as traditional security can be perceived as hampering business agility. In Additional to above, network security architect is also responsible to ensure to have a new paradigm of flexible, cloud-based, resilient architectures that deliver scalable security services at the speed of DevOps Considering these factors make the role of the Network Security Architect extremely valuable nowadays.