Monday, September 16, 2013

Shepparding multi-stakeholder architectural decisions

What fun. I recently moved with my Family from an island off the west coast of Canada to as far east as you can get in North America; St. John's, Newfoundland. One of the benefits of this is I can become more involved in the technology community. My previous island life made it prohibitive to participate in social and technology events in the city. Now that I can participate, I will.

St. John's has a number of technology conferences (or events) in the fall. And one of these is aligned with the bsides security conference. I decided to participate by proposing a lightning talk, fortunately my talk was selected... what fun. The title and abstract of my talk is as follows; and will allow me to discuss my experience with shepparding multi-stakeholder architectural decisions to agreement.

Title: Defence in Depth: Approaches and Importance of Enterprise Architecture Security Decisions
Abstract: In this lightning talk we will explore one approach to getting multi-stakeholder agreement on Enterprise Architecture decisions focused on a defence in depth security model. Corporate enterprise technology environments can be large and complicated. And when it comes to making changes to the internet facing security environment both rigorousness and resistance to change increase. These increased challenges can be overcome with good project / process management, solid end-to-end architecture, and a comprehensive decision making template. In a nutshell, this talk explores the enterprise architecture decision.

Defence in depth is an age old practice.

Fortunately, over the last 15 years many of the projects I have worked on were internet facing and had security and privacy issues baked into the project. The bigger the project the more technical stakeholders were involved in designing, building and deploying the solution(s). utilizing all these technical people can make for a stronger and more comprehensive and well engineered solution. Coming to agreement across all the stakeholders can be difficult, for they sometimes have opposing tasks and responsibilities that are counter to another. With good process and a strong engineering mindset it is possible to find the common ground and build a solution where all stakeholders technical constraints can be met. This talk explores this process in the context of altering an existing network infrastructure and related governance groups to deepen defence in depth approaches to enterprise security.