When do you need a Security Architect?
In the expanding tech world of today, a security architect is often overlooked or seen as a luxury. You can certainly begin a technical project without a security architect. However, the next question you ask yourself should be:
“Do I really want to risk the business?”
A Security Architects’ main role is to ensure the security of design and development at the beginning of the project. Too often security architects are brought in at the end stages, after a project has been planned and funded, only to have project managers find, that the design and development has missed crucial security controls and is now open for threats and vulnerabilities. Having this discovery so late into your project, will cause many setbacks, not only time but financial as well.
Engaging a security architect in the beginning phases of design and development will ensure that your project will be securely implemented, and all threats and vulnerabilities will be discovered and mitigated at the proper time.
A recent scenario we encountered, it was discovered that engineers and a project manager were engaged in a 3-month technical project without the knowledge or participation of a security architect. While things were running as smoothly as possible, the time came for implementation and our security architect team was called for a security review and approval. We determined that a crucial step had been missed in the beginning and there was concern for a potential breach had this project been fully implemented. Due to this vulnerability, the team requested that the whole design and development start from the beginning in order to determine where and how to mitigate the vulnerability. Once the vulnerability was detected and mitigated, engineering and program management were able to move forward with the project and with the approval of the security architect team.
The determined risk in this scenario is that the project has missed a crucial deadline, and there are also financial implications, a high-level team has now been brought back to the beginning of this project to revise all the work that has been previously performed.
With MAC Cyber Designs, we work alongside your engineers and project managers to ensure that all projects are built with security in the design and development phase to remediate risk.