Security Architecture: Do you need a chef or a cookbook?

May be it’s because I’m on a diet at the moment, but I keep thinking of cookery analogies for security. As a security consultant with a strong technical background I often get involved in security architecture on assignments. This ranges from systems which fit with standard “recipes” or patterns through to those which don’t fit any pattern and often use new technology concepts or existing technology in an unconventional way.

Until recently many organisations have chosen to deploy systems which conform to these well-defined patterns, because they are simple to assure and are unlikely to present difficult problems at inconvenient moments. However the combination of the recession, the growth of domestic technology and “cloud” solutions has forced many organisations to consider deviating from these standard patterns in an attempt to get more “bang for their buck”. This move often highlights that whilst security and technical resources can implement and assure a well-tested pattern they have little understanding of how to effectively manage changes to the pattern or deal with the absence of a pattern. This can be considered analogous to those who are happy to follow a well-tested recipe (such as those by Delia Smith) but wouldn’t know how to alter a key ingredient or make something without a recipe.

In these situations you need the security architecture equivalent of a chef. Not only can they change a recipe on the fly with predictable results, but they can develop solutions to make unlikely options palatable; apparently bacon and egg ice cream prepared by Heston Blumenthal is very tasty.

So next time you are looking for support with security architecture for a challenging project, you need to ask yourself. “Do I want somebody to turn up with just the security equivalent of a copy of Delia Smith under their arm or do I need a security chef to help deliver cost effective, palatable and innovative solutions to my needs?”