May 26, 2020
Maybe it’s not every time you get some kind of project solution architecture in your inbox, but most of the time, there’s bound to be at least one stick figure in the picture. Maybe it’s labeled “customer”, maybe it’s “user”, maybe it’s even something a bit more racy…like “administrator”. But, it’s bound to be there.
And, actually, if it isn’t, you can be fairly certain you’re gonna have your work cut out for you to deliver the mission and purpose of security, because you’ve no idea who your customers are, and that makes it neigh-on impossible to figure out what their mission is and how to enable it—let alone keep them safe in the process.
Who knew a solution diagram without a stick figure was just unlabeled buckets of fail?
Well…maybe it’s only those of us who’ve had to deal with them. And if you think I’m being a bit too harsh on our friends the intrepid infrastructure modeler, maybe I am. Maybe the diagram in question (DIQ? No, probably not) is part of a dedicated architecture viewpoint labeled “Infrastructure” or, more likely, “Deployment”, because that’s the set of concerns it’s actually trying to address.
Because despite my good natured ribbing, there is most certainly a time and a place for an infrastructure diagram who can happily invite several of their friends. But more often than not, that place isn’t called a viewpoint. Nor does it even resemble one enough in passing to be accused of playing one on TV, social media or even those old vacation videos you might see shoved in your face by Flakebook as a “memory.”
The reality is that whether it’s there or whether it’s missing…either way you have a problem. And that fundamental problem is trying to figure out who is supposed to actually benefit from the solution you’re supposed to christen as “secure.”
And just because there happens to be a plucky stick figure or 7 in the diagram, don’t be lulled into a false sense that all of the recipients of value…
…and therefore all the value potentially at risk…
…is represent in what you’re given to work from.
This too is part of the hide-and-seek game of “find the business value” every security architecture needs to become a master at playing. And it’s not just once. It’s every damn day of our professional career.
It’s one of those lines in the fine print of our job description written in the 2pt font—light gray on white, of course.
But this is just one of the architecture games you’ll need to play as the security architect assigned to the support and ultimate approval of this particular new business initiative. So, wouldn’t it be kinda useful to have a robust and repeatable way to play this and all the other games so that you were not only confident that you’d identified a viable solution…
…but that you’d done it in a way that was integrated and aligned with the rest of the organization’s approach to security…
…and that you’d done it as fast as humanly possible?
I was just talking about this to someone today, but that goal was probably one of the main drivers of the development of The Agile Security System™ in the first place, because being able to effectively handle the development or justification of architecture from a back-of-the-napkin solution design is just so much of what we ultimately do.
That’s why we need to be better at doing it, and it’s also why we need to WAAAAAAY better at doing it in a consistent, coherent and way that’s easy to communicate and integrate with the rest of the work we’ve done…
…and the rest of the work everyone else is doing right along with us.
That’s also why I’ve decided to make the June issue another “over the shoulder” view into how I apply the 7 principles, 14 practices and 3 Baseline Perspectives™ to build an enterprise-enabled security architecture based on a one-off architecture diagram. As part of the journey, I’ll also walk you how to build your own physical version of the Architecture Wall™, which is the system’s way of documenting security architecture in an agile and accessible way. But I’m also going to reveal some tips for building a Digital Architecture Wall using tools you probably already have integrated into your day-to-day workflow that will give you at least 80% of the benefits of the physical wall and be a lot more useful in the WFH world we’re living in right now.
But to get all this, there’s one thing you have to do: you’ll need to be a paid subscriber in good standing to Security Sanity™, my monthly print newsletter delivered directly to your door – logistical gods willing – anywhere in the world at no additional cost to you. It’s just one of the many perks you get when you’re a subscriber.
And, in the case of this issue, I’m also expecting that a few people will be taking advantage of another of the perks available only to subscribers—the ability to ask me questions via email about anything I’m qualified to talk about. While I don’t expect there will be issues understanding the issue (and yes, I did that on purpose)…
…I do expect that the content will spark some ideas and further questions about how to potentially put it in practice for you—regardless if anyone’s officially given you permission to do proper architecture or not.
My motto is: if you want to do architecture, then do it—if for no other reason than to reduce your own overhead and protect your sanity.
If you can’t, then there’s something wrong, and you owe it to yourself to go figure it out. However, that’s a topic for another day.
To get this “over the shoulder” view of the application of The Agile Security System™ on your doorstep within the first couple of weeks of June (depending on where you live), then get thee to this link today:
My cute little app I now use since I was having some trouble with timezone math a few months ago tells me that as of this very moment, you have 5 days 5 hours and 23 minutes of fence-sitting time left to decide if subscribing to the newsletter is right for you. But for those of you who’ve already subscribed before and your payment has gone through, there’s nothing more you need to do. You’re on the list.
But if you have subscribed in the past and your payment isn’t received by the deadline at the end of the month, there’s no “roll-over” period. Any pending payment will result in your subscription being cancelled, and you will not receive the June issue.
I don’t expect this to happen, but if it does, then don’t come around later saying you didn’t know what would happen. That’s just the way it has to work.
I hope those who had a long weekend managed to stay safe and still have a good time. The good news from this side of the world is that the beverages of an alcoholic nature will be available for purchase for me to celebrate the delivery of the June issue for the first time in over 2 months. However, I’m glad I don’t smoke, because if I did, I still wouldn’t be allowed to buy tobacco…gotta love legislation by decree during a declared National Emergency here in South Africa.
Back to business: think all you want, but don’t think too long. The deadline is chugging along, slow and steady.
Stay safe,
ast
—
Andrew S. Townley
Archistry Chief Executive
