Building a Secure Enterprise (Invited Article)

Building a system that is functional and resilient to change can be challenging. For many established disciplines, knowledge and techniques have been developed to build something to achieve a design goal. Architects do this for houses and other structures. Engineers do this for a variety of systems, both physical and electronic. The challenge comes when trying to design a system that not only achieves a goal, but is also adaptable to accomplishing new goals in the future or the same goal in a different environment or context. This requires thinking beyond the standard design process for the current goal, environment, and available technology. This paper describes an approach to build a system for both today and tomorrow. The methods in this paper are applicable when 1) there is a defined goal, 2) accomplishing the goal requires a substantial up-front investment in planning and resources, and 3) the goal or its context or environment are likely to change over time. This approach is applied to the specific case of the Enterprise Level Security (ELS) system, which is an architecture for a secure enterprise to share information. The benefits for ELS included improved security, cost savings, and improved vendor interactions.