Security Architecture for a Software Development Enterprise Explained Using Defence-in-Depth Mechanism
We often come across the term "defence in depth" in the field of security. Have you ever wondered how we apply various security controls/principles in a typical enterprise network? I will attempt to demystify this concept for all of you.
Defense in depth refers to the creation of multiple layers of security around and within an organization's network.
To explain the different layers, let's consider a dummy organization called "Org." This organization has four main departments: HR, Finance, Development, and QA. Org also has a product called "Product1," which is accessible over the internet.
Security Layers:
1. Digital Certificates/HTTPS:
At the top of the Org diagram, we have digital certificates. These certificates verify the identity of the organization claiming to be Org. They are exchanged with clients through HTTPS communication, providing non-repudiation.
2. External Firewall:
The next layer is an external firewall placed in front of the gateway to protect all traffic flowing in and out of Org.
3. VPN (Virtual Private Network):
The VPN is used by Org employees who need to connect to the network remotely. It creates a secure, end-to-end encrypted tunnel for users connecting to the Org network, ensuring secure communications.
4. IAM (Identity Access Management):
To access the Org network, users need to be authenticated and authorized through Identity and Access Management (IAM). This can be a custom-developed system or a third-party solution.
Recommended by LinkedIn
5. Access Control Policies:
Access control policies define the access mechanisms. There are various access control mechanisms like MAC (mandatory access control), Role Based Access Control (RBAC). Here we use RBAC which will be based on the user's role, such as HR, Finance, Dev, and QA. Each role has its own set of access policies determining access to resources like file shares, databases, and printers.
6. Access Control Lists:
Access control lists are permission objects that associate a subject's permissions for accessing an object. Like what kind of access is enabled. For e.g. Read access, write access.
7. Encryption:
All data at rest stored within Org's network, such as HR data or Finance data, needs to be protected using encryption. Since encryption is a resource consuming operation, it is recommended be used only for sensitive data.
8. DMZ (Demilitarized Zone):
For Org's public website, where users can access the Company network without a VPN, an additional security layer is required. This can be achieved by adding an internal firewall to protect the internal network from unwanted access.
9. Patch/Endpoint Management:
All machines in Org's network, across all departments (HR, Finance, Dev, QA), need to be regularly updated for OS updates and access control policies. OS updates prevent exploitation of known vulnerabilities, while access control policies allow Org to control internal employees' resource access. If the organization handles sensitive data that must be protected from internal leaks, a Data Loss Prevention (DLP) agent should be utilized. These software solutions can be centrally managed through an Agent/Patch Manager Service.
10. Load Balancing:
This layer ensures the availability of services, covering the last pillar of the Security Triad. Data redundancy is created to ensure availability for customers.
11. Securing Development/Deployment CI/CD Pipeline:
During software development, it is crucial to scan all third-party libraries. When deploying, tools like Static Application Security Testing (SAST) and Dynamic Analysis Security Testing (DAST) should be employed to address security bugs. Penetration testing should be conducted to identify security flaws. Finally, binaries should be signed with digital certificates.
By implementing a defence-in-depth approach with these security layers, a software development enterprise can significantly enhance its overall security posture and protect against various threats.
