Creating a Solution¶
This section outlines a clear and simple way to create your security and privacy solution.
To create a sustainable solution for security & privacy issues the best start is to create a solution architecture. Since an architecture itself does not protect you but an good solution architecture reduces costs, time and lowers risks. This because in an architecture the emphasis is not only on the IT part and technical solutions but also on embedding solutions into your organisation and processes.
The perfect solution to reduce security and privacy risks to zero does not exist. An solution architecture helps in the process of optimizing and controlling your risks.
A good way to really speed up creating your solution architecture is of course to use this reference architecture as basis. This open reference architecture is created to make security & privacy architectures better and help within the process of creation.
Creating security a security or privacy solution architecture consists of the following high level steps:
- Dive in the business strategy and organization;
- Gather security and privacy principles and requirements;
- Determine important constraints that apply to your architecture or design. There are always constraints, e.g. time, budget, subject matter experts available etc.
- Derive the architecture building blocks from your architecture or design. Architecture building blocks help you to scope your solution. Using architecture building blocks gives a clear view on (new) integration aspects and where completely new solutions fit in the total IT landscape.
- Select (or create, buy) the new Solution Building Blocks. Prerequisite is of course that the functionality and technical constrains must be clear. Often prerequisites are derived from the previous design step.
So first create architecture building blocks that will form the basis of your solution. The last stop to find solution building blocks that will implement your specific problem (ABBs) that match your specific requirements, principles and constrains.
OSS Security and Privacy SBB Selection¶
When you are aware of the advantages and disadvantages of using open source building blocks for your security architecture or design, this reference architecture provides an up-to-date overview of really great open source security solutions.
A known difficult taks is to select (or create) solution building blocks that covers the needed functionality. Of course you should always start with principles, requirements and constraints first. And remember: No single tool will fit all use cases. So select the right tool for the right job.
To give some guidance on selecting products to lower risks on security and privacy a conceptual model can be usefull. The key of a usefull conceptual model is that a seperation is made between the needs (requirements) and the solution (‘the how’) is clear.
Architecture view of Security Applications¶
The number of OSS security applications available is over overwhelming. Using the following conceptual topology can help with arranging functional to product mapping needs:
For every security or privacy function or service needed you should look serious at using open transparent reusable solutions. So Open Source. Of course many vendors provide good solid security products for specific use cases. But when you feel you need a trivial security or privacy service, there is almost always a working and maintained OSS application available. When using OSS solutions, you have have a large choice of companies that deliver maintenance and support on this application on commercial bases.
Architecture view of Privacy Applications¶
Besides strong security measurements strong encryption is hard to accomplish. Especially online and when you do not use FOSS software in combination with open hardware that you can really trust! However due to the growing importance privacy the number of FOSS tools available is increasing. An framework for putting privacy Architecture Building Blocks on a map:
Using this privacy ABBs you can select OSS Solution Building Blocks that match your requirements. And remember: No single (OSS or commercial) is perfect. A tool alone will never be enough. So make sure you have a good balance between tool support and a good privacy and/or security organization to manage risks.