KuppingerCole Report
Leadership Brief
By Dan Blum

A Practical Approach to Enterprise Security Architecture (ESA)

An enterprise security architecture (ESA) is a critical component to an enterprise architecture (EA) that describes how IT services, processes, and technologies should be protected given a customer’s unique business, security, and compliance requirements.
By
db@kuppingercole.com

1 Understanding ESA

Like a building, an enterprise IT environment needs an architecture to be most useful and efficient. Thus, the need for IT architecture, or “EA” i ...

Login Free 30-day Select Access Get full Access

2 Recommendations

An Enterprise Security Architecture (ESA) should provide a framework that ties security, risk, and audit processes and infrastructure closely to broad ...

Login Free 30-day Select Access Get full Access

3 Analysis

An ESA spans organizational, conceptual, logical, and physical IT layers. It provides a coherent structure for security governance and management, con ...

Login Free 30-day Select Access Get full Access

3.1 Available Architecture Standards for Security

Multiple types of industry standards shown in Table 1 contain elements of security architecture. Those in the first row could provide an ESA; those in ...

Login Free 30-day Select Access Get full Access

3.2 Basic ESA: Use NIST CSF for Control Priorization and Alignment

The U.S. NIST CSF Version 1.1 was developed to help organizations relatively quickly assess and improve their security posture. Although initially cre ...

Login Free 30-day Select Access Get full Access

4 Comprehensive ESA: Distill and Adopt Core Concepts from SABSA

SABSA is a model and methodology for enterprise security architecture and service management. It was developed independently from EA models, but uses ...

Login Free 30-day Select Access Get full Access

5 Summary

Using ESA, customers can better align IT, security, and risk processes and architecture. Customers can begin to view security issues such as vulnerabi ...

Login Free 30-day Select Access Get full Access

Copyright

©2019 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarksTM or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole Analysts, founded in 2004, is a global analyst company headquartered in Europe focusing on Information Security and Identity and Access Management (IAM). KuppingerCole stands for expertise, thought leadership, outstanding practical relevance, and a vendor-neutral view on the information security market segments, covering all relevant aspects like: Identity and Access Management (IAM), Governance & Auditing Tools, Cloud and Virtualization Security, Information Protection, Mobile as well as Software Security, System and Network Security, Security Monitoring, Analytics & Reporting, Governance, and Organization & Policies.

For further information, please contact clients@kuppingercole.com.

top