As the transformation to hybrid multicloud accelerates, businesses require a structured approach to securing their workloads. Adopting zero trust principles demands a systematic set of practices to deliver secure solutions. Regulated businesses, in particular, demand rigor in the architectural process to ensure the effectiveness of security controls and continued protection. This book provides the first comprehensive method for hybrid multicloud security, integrating proven architectural techniques to deliver a comprehensive end-to-end security method with compliance, threat modeling, and zero trust practices. This method ensures repeatability and consistency in the development of secure solution architectures. Architects will learn how to effectively identify threats and implement countermeasures through a combination of techniques, work products, and a demonstrative case study to reinforce learning. You'll examine: The importance of developing a solution architecture that integrates security for clear communication Roles that security architects perform and how the techniques relate to nonsecurity subject matter experts How security solution architecture is related to design thinking, enterprise security architecture, and engineering How architects can integrate security into a solution architecture for applications and infrastructure using a consistent end-to-end set of practices How to apply architectural thinking to the development of new security solutions About the authors Mark Buckwell is a cloud security architect at IBM with 30 years of information security experience. Carsten Horst with more than 20 years of experience in Cybersecurity is a certified security architect and Associate Partner at IBM. Stefaan Van daele has 25 years experience in Cybersecurity and is a Level 3 certified security architect at IBM. Cover Copyright Table of Contents Preface Audience Contents of This Book Conventions Used in This Book Using Figure and Table Examples O’Reilly Online Learning How to Contact Us Acknowledgments Acknowledgments from Mark Buckwell Acknowledgments from Stefaan Van daele Acknowledgments from Carsten Horst Part I. Concepts Chapter 1. Introduction Foundational Security Techniques Data-Centric Security Secure by Design with Threat Modeling Zero Trust Architecture Compliance Management Users of the Security Techniques Architect Roles for Security Security Architect Infrastructure and Application Architect Security Champion Book Structure Artifact Framework Artifact Dependency Diagram Case Study Book Organization Solution Architecture Decomposition Method Techniques Summary Further Reading Exercises Chapter 2. Architecture Concepts From Design Thinking to Compliance Design Thinking and Consulting Practices Transitioning to Architectural Thinking Transitioning to Engineering Operational Thinking Enterprise Context Compliance Waterfall to Agile Delivery Security Architecture in Agile Enterprise and Solution Architecture Enterprise Architecture Solution Architecture Zero Trust Architecture Core Architecture Components Architectural Thinking Integration Zero Trust Solutions Technique: Enterprise Security Architecture Security Processes or Services? Enterprise Architecture Decomposition Security Services Responsibilities Cloud Controls Mapping Security Service Design Summary Exercises Part II. Plan Chapter 3. Enterprise Context Chapter Artifacts External Context Laws and Regulations Industry or Expert Organization Best Practices Corporate Expectations Consumer Expectations Threat Landscape Cybersecurity Vulnerabilities Internal Context Business and Information Systems Strategy Current IT Environment and Security Control Plane Policies, Practices, and Standards Risk Management Enterprise Architecture Guiding Principles Architecture Patterns and Automation Enterprise Processes Summary Exercises Chapter 4. Requirements and Constraints Chapter Artifacts Requirements Concepts Functional Requirements Non-Functional Requirements Constraints Specifying Quality Requirements Prioritizing Requirements Specifying Functional Requirements Use Cases Journey Maps User Stories Swimlane Diagrams Separation of Duties Matrices Case Study: Process Definition Specifying Non-Functional Requirements Sources of Non-Functional Requirements Non-Functional Requirement Dependencies Documenting Non-Functional Requirements Improving Requirement Specification Case Study: Specifying a Requirements Catalog Identifying Security Requirements Elaborating Security Requirements Rewriting Security Requirements Requirements Traceability Summary Exercises Part III. Design Chapter 5. System Context Chapter Artifacts Data Protection Value of Data Data Security Lifecycle Metadata Zero Trust and Data Flows System Context Diagram System and Security Architect Roles System Context Concepts Business and IT Context Case Study: System Context Diagram Identifying Human Actors Identifying System Actors Documenting the System Context Information Asset Register Data Classification Actor Use Case and Data Summary Exercises Chapter 6. Application Security Chapter Artifacts Functional Viewpoint Component Architecture Component Architecture Diagram Sequence Diagram Collaboration Diagram Data Flow Diagram Component Architectural Thinking Process Case Study: Component Architecture Security Concepts Threat Modeling Identify Boundaries Identify Assets Identify Threat Actors Identify Threats Identify Controls Prioritization of Controls Threat Modeling Tools Case Study: Threat Model Summary Exercises Chapter 7. Shared Responsibilities Chapter Artifacts Cloud Computing Concepts Cloud Computing Benefits Cloud Service Models Cloud Computing Platforms Cloud Security Responsibilities Landing Zones Hybrid Cloud Architecture Using the Hybrid Cloud Architecture Diagram Shared Responsibilities Model Shared Responsibilities Stack Diagram Cloud Service Provider Responsibilities Cloud User Responsibilities Cloud Security Policy Responsibility Case Study: Shared Responsibility Model Identifying PaaS Services Identifying SaaS Services Identifying the Compute Platforms Identifying Environments Documenting a Shared Responsibilities Stack Diagram Summary Exercises Chapter 8. Infrastructure Security Chapter Artifacts Deployment Viewpoint Deployment Architecture Deployment Architecture Diagram Deployment Architecture and Supporting Documentation Architecting Infrastructure Security Network Segmentation Case Study: Deployment Architecture Diagram Zero Trust-Based Security Infrastructure Network-Based Solutions Service Mesh Solutions Endpoint-Based Solutions Identity and Access Management Architecting Zero Trust Practices Case Study: Zero Trust Cloud Architecture Organizing Cloud Security Cloud Architecture Diagram High Availability Case Study: Cloud Architecture Diagram Summary Exercises Chapter 9. Architecture Patterns and Decisions Chapter Artifacts Architecture Patterns Solution Architecture Patterns Solution Design Patterns Deployable Architecture A Distributed Version Control System Continuous Integration/Continuous Delivery (CI/CD) Pipeline Infrastructure as Code Toolchain Using a Deployable Architecture Architectural Decisions Documenting Architectural Decision Records Forms of Architectural Decision Managing Architectural Decisions Case Study: Architectural Decision Summary Exercises Part IV. Build Chapter 10. Secure Development and Assurance Chapter Artifacts The Software Development Lifecycle From DevOps to DevSecOps Design Develop Build and Package Deploy, Test, and Release Operate and Monitor Security Assurance Cloud Security Operating Model Risks, Assumptions, Issues, and Dependencies Case Study: RAID Log Summary Exercises Part V. Run Chapter 11. Security Operations Chapter Artifacts Shared Responsibilities Defining Processes, Procedures, and Work Instructions Case Study: Vulnerability Management Service Process Definition Procedures and Work Instructions Definition Case Study: Deployment Architecture Update Threat Detection Use Case Case Study: Threat Detection Use Case Incident Response Runbook Case Study: Incident Response Runbook Threat Traceability Matrix Summary Exercises Part VI. Close Chapter 12. Closing Thoughts Getting Started Don’t Forget the Basics Minimum Viable Artifacts Iterate for Maturity Get the Balance Right Security Silos Artificial Intelligence in Security Architecture AI for Security Securing AI Summary Go Learn, Practice, and Share Exercises Appendix A. Case Study Clean Air Guildford Case Study Appendix B. Artifact Mapping Appendix C. Exercise Solutions Chapter 1. Introduction Chapter 2. Architecture Concepts Chapter 3. Enterprise Context Chapter 4. Requirements and Constraints Chapter 5. System Context Chapter 6. Application Security Chapter 7. Shared Responsibilities Chapter 8. Infrastructure Security Chapter 9. Architecture Patterns and Decisions Chapter 10. Secure Development and Assurance Chapter 11. Security Operations Chapter 12. Closing Thoughts Index About the Authors Colophon