What is the difference between security architecture and security design?
Both security architecture and security design are elements of how IT professionals work to provide comprehensive security for systems. However, these two terms are a bit different.
Security architecture is the set of resources and components of a security system that allow it to function. Talking about security architecture means talking about how a security system is set up, and how all of its individual parts work, both individually and as a whole. For example, looking at a resource like a network monitor or security software application in the context of the overall system could be described as addressing security architecture.
Security design refers to the techniques and methods that position those hardware and software elements to facilitate security. Items like handshaking and authentication can be parts of network security design. By contrast, the applications, tools or resources that facilitate handshaking and authentication would be parts of the security architecture. Part of the reason that security architecture and security design so often go in the same sentence is that pros are using sets of resources (the architecture) to implement the concept (the design) in effective ways that guard both "data in use" (as it is transmitted through a system) and "data at rest" (data that is archived.)
IT professionals use various principles and ideas to address security design. Some examples are the use of conceptual security domains or levels, where creating a vast gap between an elite number of administrators and a large number of users is one way to protect a system. Direct monitoring and control of data in use are also common security design elements. IT professionals may also talk about layering or abstraction as additional design elements, where separating various parts of a security architecture can provide better security and abstraction, or closed-door engineering can prevent some of the kinds of reverse engineering that lead to security breaches.
More Q&As from our experts
- What does the mobile network state mean?
- With more big data solutions moving to the cloud, how will that impact network performance and security?
- What is the difference between cloud computing and web hosting?
- Information Assurance
- Wi-Fi Protected Access
- Wi-Fi Protected Access II
- Port Knocking
- SQL Injection
- Cross Site Scripting
- Access Control List (Microsoft)
Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
- Robotic Process Automation: What You Need to Know
- Data Governance Is Everyone's Business
- Key Applications for AI in the Supply Chain
- Service Mesh for Mere Mortals - Free 100+ page eBook
- Do You Need a Head of Remote?
- Web Data Collection in 2022 - Everything you need to know
- How to Protect Microsoft 365 from NOBELIUM Hackers