Architecture

What Is It?

Computing architecture is the design of a system or environment, encompassing all the elements within it to make it functional such as servers, applications, networking hardware and end user devices to name but a few. It is normally defined in architectural diagrams, showing how elements are linked together and interact, alongside documentation that can be high or low level in nature.

Why Assess It?

There are many reasons to conduct an architecture security assessment, five of which are below.

Embed Security

By conducting a focused security assessment of your architecture you can ensure that defensive mechanisms are built in at a foundational level. These defences can help mitigate any future vulnerabilities discovered in the system and often severely impede a threat actors’ ability to progress through the environment towards their objective.

Save Cost

An architecture is designed early on in the project and as the project progresses changes become more expensive. An architecture security assessment allows you to ensure you have a robust design to build on from, saving unnecessary security related changes to the architecture at a later date.

Save Time

An architecture design is fundamental to your organisations project. Once the architecture has been defined a lot of subsequent decisions are made regarding tooling, hosting environments and much more. When a change is needed later, particularly to add a security enforcement control, these post design choices often need to be re-evaluated and that can severely delay a project. Conducting an architecture security assessment can save you time by not having to make the changes later in the project.

Ease Assurance Overhead

A good security architecture both reduces the risk to the organisation but also aids future assurance. A security assessment conducted at an architecture level ensures that any security assessment completed at a later stage can be focused on specific areas, as you have the confidence in the underlying architectural design as well as knowing it will benefit from the built in mitigations to vulnerabilities.

Ratify Design Processes and Patterns

Once you have confidence in the security posture of the architecture, you can be confident that the design can be turned into a pattern and used again inside the organisation thus compounding the benefits of the initial exercise as future projects already start from a robust design.

The Agility Cyber Approach

Like all our engagements, we want you to get the most out of your architecture security assessment and we do this by:

Depth and Breadth

We ensure that the whole architecture is covered, not just the big components. We drill down into the detail of each component and understand its role, how it interacts with other components and what security enforcing controls it may offer as well as any vulnerabilities that we believe may be appropriate to consider and mitigate against.

Threat Actor Mindset

Your organisation has already architected a solution so has a good body of experience in your teams. Typically this focus is on delivering functionality, adhering to service level agreements and other requirements with security a consideration but not the sole focus. We understand how threat actors work and bring this knowledge to benefit your architecture design as well as upskill your teams so that greater awareness and detail is available.

Tailored Feedback

Your architecture is designed to meet your requirements. It would be wrong to align you to an architectural template that does not work for you so we strive to make specific recommendations delivered in a timely and accurate manner to support you in improving the security posture of your architecture.

Simplification

Feature and scope creep are a real challenge to organisations designing architecture. We will identify where designs are overcomplicated in areas as if left overcomplicated these can increase administrative burden and hinder security both from a protection and response standpoint.

Multiple Inputs

A high value architecture assessment takes inputs from different areas. We do not just review a single high level design document or base the assessment off a single high level demonstration during a call. We use any resources we can to build up a true picture of the system or environment in scope and use architecture diagrams, documentation, verbal summaries as well as light touch technical enumeration amongst other sources to add value.

Benefits of Partnering with Agility Cyber

Mutually Invested

Our experts work with you, not against you. There are no egotistical celebrations when a serious issue is discovered, just rapid full disclosure with pragmatic suggestions for effective remediation followed by ongoing support.

Clarity and Simplicity

We always provide clarity, believe in simplicity and value your time. An example is rather than waiting until the engagement starts, we will conduct open source intelligence gathering activities before the scoping meeting to help us understand your organisations position and risk posture thus enabling us to ask better questions, securing you higher value and saving you time.

Full Consultancy

Our team, based in the UK, is technically exceptional but we pair that with business sense to discover, triage and help you remediate the full range of security issues.

Impartiality

We are impartial, we do not sell you products or the latest buzzword laden trending solution.

Outstanding Service

We have an industry leading turnaround, agility is in our name after all. Proposals are shared with you within 24 hours of the scoping meeting. Accurate and complete daily debriefs are given during every engagement. The report is shared within 5 working days at the latest.

Scroll to Top