ALERT

[FREE DEMO] Deploy Your Enterprise Cloud in Minutes

What is the difference between security architecture and security design?

Q:

What is the difference between security architecture and security design?

A:

Both security architecture and security design are elements of how IT professionals work to provide comprehensive security for systems. However, these two terms are a bit different.

Security architecture is the set of resources and components of a security system that allow it to function. Talking about security architecture means talking about how a security system is set up, and how all of its individual parts work, both individually and as a whole. For example, looking at a resource like a network monitor or security software application in the context of the overall system could be described as addressing security architecture.

Security design refers to the techniques and methods that position those hardware and software elements to facilitate security. Items like handshaking and authentication can be parts of network security design. By contrast, the applications, tools or resources that facilitate handshaking and authentication would be parts of the security architecture. Part of the reason that security architecture and security design so often go in the same sentence is that pros are using sets of resources (the architecture) to implement the concept (the design) in effective ways that guard both "data in use" (as it is transmitted through a system) and "data at rest" (data that is archived.)

IT professionals use various principles and ideas to address security design. Some examples are the use of conceptual security domains or levels, where creating a vast gap between an elite number of administrators and a large number of users is one way to protect a system. Direct monitoring and control of data in use are also common security design elements. IT professionals may also talk about layering or abstraction as additional design elements, where separating various parts of a security architecture can provide better security and abstraction, or closed-door engineering can prevent some of the kinds of reverse engineering that lead to security breaches.

Have a question? Ask Techopedia here.

View all questions from Techopedia.

Techopedia Staff
Profile Picture of Techopedia Staff

At Techopedia, we aim to provide insight and inspiration to IT professionals, technology decision-makers and anyone else who is proud to be called a geek. From defining complex tech jargon in our dictionary, to exploring the latest trend in our articles or providing in-depth coverage of a topic in our tutorials, our goal is to help you better understand technology - and, we hope, make better decisions as a result. 

 Full Bio

Quotes

  • E-mail is not a threat. (Postal mail) is universal. The Internet is not.
    - USPS spokesperson Susan Brennan, in a 2001 Wired article.