Creating a Solution

This section outlines a clear and simple way to create your security and privacy solution.

The steps

To create a sustainable solution for security & privacy issues the best start is to create a solution architecture. Since an architecture itself does not protect you but an good solution architecture reduces costs, time and lowers risks. This because in an architecture the emphasis is not only on the IT part and technical solutions but also on embedding solutions into your organisation and processes.

The perfect solution to reduce security and privacy risks to zero does not exist. An solution architecture helps in the process of optimizing and controlling your risks.

A good way to really speed up creating your solution architecture is of course to use this reference architecture as basis. This open reference architecture is created to make security & privacy architectures better and help within the process of creation.


Creating security a security or privacy solution architecture consists of the following high level steps:

  • Dive in the business strategy and organization;

  • Gather security and privacy principles and requirements;

  • Determine important constraints that apply to your architecture or design. There are always constraints, e.g. time, budget, subject matter experts available etc.

  • Derive the architecture building blocks from your architecture or design. Architecture building blocks help you to scope your solution. Using architecture building blocks gives a clear view on (new) integration aspects and where completely new solutions fit in the total IT landscape.

  • Select (or create, buy) the new Solution Building Blocks. Prerequisite is of course that the functionality and technical constrains must be clear. Often prerequisites are derived from the previous design step.

So first create architecture building blocks(ABBs). These blocks form the basis of your solution. The last step is to find solution building blocks (SBBs) that implements your specific problem (ABBs) that match your specific requirements, principles and constrains.

Generic Security & Privacy Architectures

A good reference architecture for security or privacy helps you solving your problem. The aim of this reference architecture is that you can create your specific solution architecture faster and with higher quality. You should not spend time and money reinventing the wheel over and over again. So this section outlines generic architecture for security and privacy that covers all most used high level aspects.

When you are aware of the advantages and disadvantages of using open source building blocks for your security architecture or design, this reference architecture guide provides an up-to-date overview of really great open source security solutions.

A known difficult task is to select (or create) solution building blocks that covers the needed functionality. Of course you should always start with principles, requirements and constraints first. And remember: No single tool will fit all use cases. So select the right tool for the right job.

To give some guidance on selecting products to lower risks on security and privacy using a generic conceptual architecture model is useful.

The key of a useful conceptual model is that a separation is made between the needs (requirements) and the solution (‘the how’) is clear.

Security Reference Architecture

The number of security applications available to solve your security problems is over overwhelming. But for a good security architecture you should first determine WHAT must be solved before jumping into solutions. Only if you have a good understanding of your problem, a effective selection of security solutions that reduce risks is possible.

The following conceptual security topology helps with arranging functional to product mapping needs:


For every security or privacy function or service needed you should look serious at using open transparent reusable solutions. So Open Source. Of course many vendors provide good solid security products for specific use cases. But when you feel you need a trivial security or privacy service, there is almost always a working and maintained OSS application available. When using OSS solutions, you have have a large choice of companies that deliver maintenance and support on this application on commercial bases.

Privacy Reference Architecture

Besides strong security measurements strong encryption privacy is hard to accomplish. Especially online and when you do not use FOSS software in combination with open hardware that you can really trust! However due to the growing importance privacy the number of FOSS tools available is increasing.

When searching for solutions to control privacy you should make a clear distinguish between: - Architecture Building Blocks (ABBs) and - Solution Building Blocks (SBBs)

In this section a generic privacy architecture is outlined. This architecture outlines WHAT must be done, so the ABBs do not yet force you into a solution.

A generic privacy framework with relevant privacy Architecture Building Blocks:


Using this privacy ABBs you can select OSS Solution Building Blocks that match your requirements. And remember: No single (OSS or commercial) is perfect. A tool alone will never be enough. So make sure you have a good balance between tool support and a good privacy and/or security organization to manage risks.