Collaborative Enterprise Security Architecture Delivers Broad Rewards

In many organizations, Enterprise Security (ES) architecture has become somewhat of a silo, enforcing rigid standards on solutions development teams. While security is critical to the health of any business, this can cause development teams to be blind to the goals and requirements of other business units, creating isolated and difficult-to-maintain solutions. At Intel, collaboration between ES architects and Agile Persistent Teams (APTs), as well as cross-collaboration between all architects, has resulted in an iterative process and a fully integrated, modularized ES architecture. We’ve torn down the silos that existed within our own organization. Through deliberate, careful planning, we have moved from a centralized security model toward a distributed, federated model in which APTs have more flexibility. Through collaboration and a “trust-but-verify” approach, we can ensure compliance with security standards. Read the white paper Security Architecture Enables Intel’s Digital Transformation.

Through collaborative architecture solutions and bi-weekly collaborative meetings, architects across the organization have gained a comprehensive understanding of how all of our deployments and processes affect each other. We can now identify opportunities to reuse components—or modules—avoiding silos and redundancy while promoting standardization. For example, if an APT is developing a cloud-based solution, architects from other teams discuss and share their own business goals and perform authentication and ID governance/access management in the cloud. When an existing module can be reused, we do so. We continuously ask, what capabilities can we use, what is missing, and what needs to be pursued? If the business goals include specific requirements not addressed by existing modules, the APT can use foundational pieces of the architecture and customize precisely what is necessary for a new module to address their needs. The collaborative process creates a circle of influence among all architects as we work to mesh our solutions for true integrated security. At various times, each architect may be a customer, a driver, or an influencer for a solution.

Intel uses Persistent Agile methodology to keep cycles short and adapt to constant change. The modular ES architecture is documented in a central repository, and as technologies change and advance, modules are routinely reviewed by the collaborative team for opportunities to consolidate. Validating and consolidating modules—or meshing them—helps reduce our overall technical debt, further improving our agility as well as reducing costs.

One example of ES architecture in action is demonstrated through a comprehensive security solution we recently developed to address advanced persistent threats. As a part of this solution, we moved to a new data lake to modernize our incident response and better govern security. Our ES architecture was a foundational component of the solution, which contains 99 percent of the attacks that occur. We were able to minimize new software purchases, reducing technical debt and the costs associated with additional solutions and licenses.

Collaboration fosters greater career development opportunities

One of the most exciting aspects of the collaborative ES architecture model has been career growth and development among Intel engineers. Sharing experience, business goals, and solutions has helped junior engineers learn how to build better systems and more seasoned engineers understand the bigger picture. Throughout the ES ecosystem, we have achieved better solutions in less time, and we have created an environment that rewards people for sharing their knowledge. We can now challenge each other in ways that are both positive and that sharpen the team’s collective skills.

For details, read the IT@Intel white paper, Security Architecture Enables Intel’s Digital Transformation.

Published on Categories SecurityTags , , , ,
Shachaf Levi

About Shachaf Levi

Shachaf Levi is a Cloud Security Architect at Intel. He has been working in cloud security for the last six years, and has been with Intel since 2004. He is currently building a combined strategy and architecture for cloud security, covering public and private cloud, SaaS (software as a service), PaaS (platform as a service), and IaaS (infrastructure as a service). This includes creating a reference architecture, roadmap, and capability building blocks, then selecting solutions to secure cloud usages across the various threats and compliance requirements. He enjoys new technology, innovative ideas, and working with and empowering engineering and operational teams toward successful solution adoptions while encompassing stakeholders’ needs. In particular, he is interested in automated solutions. Shachaf has published several white papers and a YouTube video documenting his security and automation work.