May 24, 2020
“Whaddya mean, ‘That’s not architecture’? What else could you possibly need to know, Mr. Smarty-pants Security Architect?”
If not the words, we’ve probably all seen the diagrams. Often PowerPoint, sometimes Visio, and only very rarely created in some kind of formalized automation tools, in some organizations, this is, literally, the state of the art when it comes to architecture documentation. And God help you if you actually wanted to get any kind of even remotely vague idea of how this particular bit of architecture depiction related to the 15 you’ve already seen across your desk this week.
It’s just not gonna happen.
It’s all too close to the part of the story where poor little tired and hungry Goldilocks stumbles upon the cozy little house in the middle of the forest, invites herself in and samples the suppers of it’s inhabitants:
“This one’s too detailed. Look at all those lines and boxes! Do those lines cross? Is that the same one?”
“This one’s almost a blank page. So, basically, you’re telling me that there’s 3 solution components, and that’s the extent of the changes required for a $15 million project?”
“Ah…this one’s just right. Separation of concerns. Accountable stakeholders. And, oh…layers!”
Regardless of which we actually end up eating, the odds are, it isn’t going to be anywhere near what we’d really like to see—especially as far as any security concerns go. If the world has a hard time understanding what the real purpose of architecture is…
…it has an even harder time trying to draw something many couldn’t actually describe in the first place—at least, certainly in relation to being effective in communicating anything useful to anyone else.
Still, our job needs to get done, and we’re going to need to have some kind of reliable and repeatable plan to turn someone’s impressionistic interpretation of the classic scene from Lady and the Tramp into something that allows us to not be overwhelmed by more lines than in the aforementioned plate of pasta and lost in the avalanche of assumptions that are required to actually understand whatever said “solution diagram” is attempting to convey.
Fortunately, there is a systematic way to do this based on the 7 principles, 14 practices and 3 Baseline Perspectives™ of The Agile Security System™, not the least of which is Principle #5: violently encapsulate complexity. And since turning “boxes and line” IT solution diagrams into something we can use to assess how much work is required before the thing can see the light of day is such a common problem for security architects…
…I’m going to devote the entirety of the 20+ pages of the upcoming June issue of the Security Sanity™ print newsletter to helping you do just that.
Based on an initial idea from twitter I wrote about a few months ago, I’ve added some meat to the scenario, and we’ll be walking through how to deftly guide the stakeholders through the journey that often starts with the “simple” question of:
“Are we secure?”
And gives you the guidance you need to build the models and have the confidence to move the conversation to the much more useful and meaningful question of:
“How secure are we?”
And along the way, I’ll be showing you how to prepare for a stakeholder interview, use the Baseline Perspectives to prioritize your architecture efforts and complete the worksheets that will form the basis of The Architecture Wall™ containing the living, breathing – and 100% agile-compatible – security architecture documentation.
But you’ll only get held by the hand on this walk through Security Architecture Park if you’re are a paid subscriber in good standing, e.g., up to date, before Midnight on the 1st of June. That gives you over 7 full days to decide whether a subscription to the print newsletter is right for you based on what I talk about between now and then raitch hear in these li’l ol’ emails.
On the other hand, if you’re rootin’, tootin’ and rearin’ to go already, then just ride on over to this hear link, and giddyap:
And if you’re anywhere that tomorrow’s a holiday, lift a glass of the beverage of your choice for all the ones that can’t and remember who they were, what they did, and what that sacrifice might’ve meant for you.
Stay safe,
ast
—
Andrew S. Townley
Archistry Chief Executive
