What is it that you want out of your Security Architecture? The industry generally defines a few things, and these are Confidentiality, Integrity, Availability, Accountability.

Confidentiality is the state for which information is only available to those parties in which it should be available. Integrity is the assurance that information is what it should be and that it has not changed in any unauthorized way. Availability is the state that information is accessible to those that need to access that information. Accountability is the quality that allows actions to be placed on some responsibly entity whether that be a person or some other thing.

One certainly wants to make sure whatever happens in their bedroom is confidential so good window shades are a must. One must certainly desire for the roof to have integrity during a rainstorm. We all want to know who, or who is not, in our house. So, a good camera and alarm system is desired (Accountability). But what if we can’t even get into our house or worse yet, what if one day our house simply isn’t there anymore? Well Availability is the greatest must have feature!

Traditionally security architecture loves to concern itself with Confidentiality, Integrity and Accountability but often neglects Availability. This is the main reason why users get frustrated with the security department and rightly so. Proper security architecture coupled with proper risk assessments can prevent most of this friction between the users of technology and the persons responsible for implementing security.

Any architecture decision should begin with the mindset of making sure that information and resources are always available to legitimate users. With this type of approach, the focus is naturally on a successful and secure business process instead of on ways to “keep the bad guys out”. This approach almost always requires a deeper understanding of what the end users need to accomplish and as a result, Availability is optimized and usually a greater amount of the other products will be achieved in addition.