Building a Fortress: Why the Architecture of Security Matters

By Vijay Nagaraj, Security Consultant, Cognizant Technology Solutions    It can be disheartening for many organisations faced with the prospect of creating cyber defences when much of the news...

By Vijay Nagaraj, Security Consultant, Cognizant Technology Solutions   

It can be disheartening for many organisations faced with the prospect of creating cyber defences when much of the news is dominated by the headlines, ‘Nothing is impenetrable’. If security defences aren’t 100% secure, then why bother?

The answer is simple. Protecting your data is a permanent feat of engineering to create a fortress that presents as many barriers to your attackers as possible. The harder it is to penetrate the more chance you have at defending some, if not most of your territory. Just like the strongholds of ancient medieval castles, fortifying your defences is about identifying the threats and building appropriate mechanisms to thwart entry, attack and limit any potential damage.

Multi-Layered Defences

Some defences are built to prevent entry whilst others are about buying valuable time to protect critical data. Some mechanisms are put in place simply to divert attacks and are a means of subterfuge; real cloak and dagger chicanery straight out of the middle ages. What is important is the layers of defences employed and how these are adapted to suit the prevailing threats.

Consider the basics of protecting a small township and how this relates to data security. On a basic level, if you afford your townsfolk with no physical curtain walls then you are effectively leaving them open to any form of attack. However, walls were built to be scaled and determined attackers will simply find a way to climb or destroy this barrier. In order to deter intruders further, fortifications were usually supplemented by battlements, moats and barbicans and the whole castle would be built upon a raised motte allowing greater visibility of any potential attacks.

The perimeter was patrolled by armed forces and key areas were afforded extra protection such as the castle’s keep. The main entrance was usually a heavily guarded gatehouse complete with drawbridge, projecting towers and portcullises.

A well-designed fortress could withstand many sieges and posed a difficult target for all but the most determined and skilled of attack forces. Of course, no fortress was 100% secure but it’s multi-layered architecture offered the best defence it could.

In the same way that a good castle offers protection for its inhabitants, your network security architecture should afford the best defences for your data. A multi-layered approach of firewalls, anti-virus and anti-malware software combined with a well segmented network, virtualised environments and multi-domain management can all help to keep your fortress safe in the event of an attack.

The Human Element

Just as in mediaeval times, the weak point of entry to any castle would often fall to human error or the cunning of attackers (it is no coincidence that some viruses are named after one of history’s most successful military bluffs – the Trojan Horse) humans remain the weak link in any chain of defence.

In the battle against cyber attackers, it is employees unwittingly opening malicious emails or accessing unsecure portals that provides a gateway for criminals to gain access to your network. Addressing this important element of your defence architecture is just as important as ensuring that your castle walls are well maintained. Training staff on the proper, and safe, use of the internet and network is vital to prevent breaches in security.

Getting the Right Help

Just as constructing a fortress takes a team of professionals, building the right security infrastructure requires more than just a desire to build walls. In order to create the most secure environment you need to employ the services of skilled trades and use the best materials.

Partnering with cyber security professionals with a proven track record in designing purpose built fortresses for defending data networks is essential to afford your ‘citizens’ with the protection they deserve.

In this article

Join the Conversation