Network Architecture Review
A Network Architecture Review is a detailed analysis of relevant network artifacts (e.g. network diagrams, security and regulatory requirements, technology inventory, exposed applications and APIs, public/private cloud utilization) to ensure that the network elements and overall solution architecture optimally protect critical assets, sensitive data stores and business-critical interconnections.
Consult with members of the network, security, enterprise architecture, and applications teams and management to understand:
- The business goals as they relate to the enterprise public/private/hybrid cloud infrastructure.
- The contractual obligations, laws/regulations, and internal/third-party objectives relating to the data being stored/processed/transited (e.g., PCI/CMMC segregation requirements, CSA STAR, ISO 27001, a “zero trust” model).
- The key applications and services that need to be exposed to employees, contractors, and business partners.
- Key controls integral to securing the network, applications and critical data (e.g., firewalls, multi-factor authentication, Network Access Control, Cloud Access Security Brokers, Web Application Firewalls, key management/encryption, vulnerability/asset/configuration management, logging, incident response, data loss prevention (DLP), vendor risk management).
- Results for previous risk assessments, gap assessment, penetration tests, and/or security incidents.