The European Union Agency for Cybersecurity (ENISA) has developed the European Cybersecurity Skills Framework (ECSF) to provide a common language and a standardised approach to describe cybersecurity skills and competencies. The ECSF defines a set of role profiles that can be used by organisations to assess their cybersecurity workforce.
Cybersecurity Architects represent one of the roles, as they ensure efficient technology implementation and usage across the company, which is especially important when companies transform or adapt. They are responsible for designing and implementing secure computer systems, networks, and software applications that align with the organisation’s business objectives and security requirements. Besides this, their main tasks include:
Cybersecurity Architects work closely with network engineers, software developers, and security analysts to ensure that security measures are integrated into all aspects of the organisation’s technology infrastructure. Moreover, they have a deep understanding of emerging threats and risks that may impact the company’s operations and reputation.
The COVID-19 pandemic pushed forward the changes introduced by digital transformation, including a significant shift in the way people work. Many organisations are going on with a hybrid work model, which offers increased flexibility and productivity for their workforces, though presenting security risks, like difficult-to-control access to corporate data, or securing sensitive assets across IT, OT and IoT domains.
Cybersecurity architects face the challenge of rebuilding networks to ensure that they can support the new work model, while also maintaining a strong security posture. Here are some recent concepts they adopt to help their organisations innovate in a cyber safe way:
Zero Trust Architecture. In a Zero Trust Architecture, no one is trusted by default, and access to resources is granted on a need-to-know basis. This approach is particularly relevant in a hybrid work environment, where employees may be accessing resources from a variety of locations and devices. According to a recent report, by 2025, 80% of new digital business applications will be accessed through Zero Trust network architectures.
Secure Remote Access. With employees working remotely, it is critical to ensure that their devices and connections are secure. Cybersecurity architects can deploy solutions such as secure access service edge (SASE) to enable secure remote access. According to Gartner, by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018.
Cloud Security. With an increasing number of applications and services moving to the cloud, the global cloud security market size is going to grow from $ 34.5 billion in 2019 to $ 68.5 billion by 2024. On their side, cybersecurity architects need to ensure that their networks are secure in a cloud environment. This can involve deploying cloud access security and management solutions.
Endpoint Protection. In a hybrid work environment, endpoint security is a baseline, going beyond workstations, and spreading across multiple devices, platforms, and applications to ensure business operation continuity. Cybersecurity architects deploy detection and response solutions and ensure company entry points are visible, secure and compliant.
Reaching out improved security, increased flexibility, simplified management, and cloud readiness, offered by migration to a new architecture, requires several steps on behalf of the cybersecurity architect:
Cybersecurity architects therefore play a critical role in implementing and managing secure architectures within companies, ensuring that they are compliant, and optimised to meet the evolving needs of modern business.