Overview
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHORS
-
Nicolas CHARBONNIER: Information systems security architect - Agence nationale de la sécurité des systèmes d'information (ANSSI), Paris.
-
Frédéric BABIN: Information systems security architect - Agence nationale de la sécurité des systèmes d'information (ANSSI), Paris.
-
Olivier MÉMIN: Information systems security architect - Agence nationale de la sécurité des systèmes d'information (ANSSI), Paris.
-
Hervé CHOUPOT: Information systems security architect - Agence nationale de la sécurité des systèmes d'information (ANSSI), Paris.
-
Michael DECHANDON: Information systems security architect - Agence nationale de la sécurité des systèmes d'information (ANSSI), Paris.
INTRODUCTION
Everyone thinks of an architect as the designer of a building or a work of art. By analogy, the architect of an information system (IS) must take into account all environmental constraints to build a functional and resilient IS, with reasonable investment and maintenance costs. His or her role is to judiciously assemble the building blocks that will ultimately deliver digital services to users. To carry out his mission, he defines technical and organizational requirements and recommendations.
Against a backdrop of growing, protean threats, IT architects must also integrate security requirements, so that the architecture they design is that of a secure information system. One of his objectives is to design architectures not only to prevent intrusions, but also to detect them should the protections implemented fail, be compromised or ineffective in the face of a type of attack. These protections must cover both interconnections and internal exchanges. Securing an IS does not consist in installing an all-in-one box, but in identifying risks with the business and defining a strategy for dealing with them. This requires specific skills in information systems security (ISS).
While historical security models made it possible to secure the first IS within a controlled perimeter and in a digital environment where threats were rare and opportunistic, this IS ecosystem has evolved considerably as digital technology has shaped the way we work. New terms such as "Zero Trust Network" and "X as a Service" regularly appear in the technological news, without it being easy to discern a profound, truly structuring change from a purely marketing approach. This article aims to provide a few keys to understanding the situation. Among other things, the now structuring subjects of automation and detection are discussed in greater detail.
With the exception of start-ups, who may choose to deploy an IS entirely in the cloud, it is now common to find IS composed of a historical part hosted in situ (at least within a known and controlled perimeter) and a more recent part, outsourced in the cloud. These are referred to here as hybrid IS.
The aim of this article is to explain how to approach a hybrid IS architecture from a security point of view, i.e. one in which the security concepts inherited from historical models are adapted to contemporary technological capabilities and realities.
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Hybrid information systems and security: a return to reality
Bibliography
- (1) - Secrétariat général de la défense nationale - La défense en profondeur appliquée aux systèmes d'information. - Guide Version 1.1, ANSSI, juillet 2004. https://www.ssi.gouv.fr/defense-profondeur
- (2)...
Legal texts
LOI n° 2013-1168 of December 18, 2013 relating to military programming for the years 2014 to 2019 and bearing various provisions concerning defense and national security, 2013.
https://www.legifrance.gouv.fr/jorf/id/JORFTEXT000028338825/ .
LAW no. 2018-607 of July 13, 2018...
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference