Useful resource for security architecture
One of the nice things of my job is that I’m challenged and pushed on a continual basis. Most recently, I had to produce a security architecture for a fairly complex system. Among the things that made this interesting is that the system exposes several public facing entry points, and uses a fair amount of interesting tech, things like:
- In-memory data grid
- Complex event processing / rules engine
- Geographic redundancy
These kind of things are quite interesting from a security perspective, and not being a security specialist, I needed to find some framework or reference architecture to benchmark against – basically a library of considerations and patterns that I could apply to the solution. I finally found the Open Security Architecture framework, and must say that I found it very, very useful to validate what I was doing.
Though it is clearly still a work in progress, it already contains lots of patterns (for example, Public Web Server) to compare against, and a catalogue of Controls that you can work through to ensure you’ve considered the security aspects of the system.
Pretty useful stuff, and well worth a look. And best of all, it’s all licensed under Creative Commons so you’re actually allowed to use it – nice.