As the transformation to hybrid multicloud accelerates, businesses require a structured approach to securing their workloads. Adopting zero trust principles demands a systematic set of practices to deliver secure solutions. Regulated businesses, in particular, demand rigor in the architectural process to ensure the effectiveness of security controls and continued protection.

This book provides the first comprehensive method for hybrid multicloud security, integrating proven architectural techniques to deliver a comprehensive end-to-end security method with compliance, threat modeling, and zero trust practices. This method ensures repeatability and consistency in the development of secure solution architectures.

Architects will learn how to effectively identify threats and implement countermeasures through a combination of techniques, work products, and a demonstrative case study to reinforce learning. You'll examine:

• The importance of developing a solution architecture that integrates security for clear communication
• Roles that security architects perform and how the techniques relate to nonsecurity subject matter experts
• How security solution architecture is related to design thinking, enterprise security architecture, and engineering
• How architects can integrate security into a solution architecture for applications and infrastructure using a consistent end-to-end set of practices
• How to apply architectural thinking to the development of new security solutions

Table of Contents

Part I. Concepts

Chapter 1. Introduction

Chapter 2. Architecture Concepts

Part II. Plan

Chapter 3. Enterprise Context

Chapter 4. Requirements and Constraints

Part III. Design

Chapter 5. System Context

Chapter 6. Application Security

Chapter 7. Shared Responsibilities

Chapter 8. Infrastructure Security

Chapter 9. Architecture Patterns and Decisions

Part IV. Build

Chapter 10. Secure Development and Assurance

Part V. Run

Chapter 11. Security Operations

Part VI. Close

Appendix A. Case Study

Appendix B. Artifact Mapping

Appendix C. Exercise Solutions

About the Authors

Mark Buckwell is a cloud security architect, thought leader, speaker, and trainer with 30 years of experience architecting and delivering security solutions. He is known for leading the successful delivery of global security solutions to protect business-critical enterprise workloads. With an emphasis on regulated environments, he has worked with organizations to develop their security strategies, enterprise architectures, and solution architectures across a variety of industries. He is currently helping clients with the design and delivery of security for hybrid cloud solutions. He has also been using his extensive experience to help develop the next generation of security architects through training security professionals globally and students through an assessed cyber security master's degree module at two UK universities.

Stefaan Van daele is an Open Group Level 3 certified security architect at IBM Security. He is also the architect profession leader for the Benelux region and assists IBMers with their architect certification journey. As a senior security architect, he has been leading security transformation projects at organizations throughout Europe. He is also an instructor in security architecture classes, both internally at IBM and externally. In his current role, he is helping clients with enterprise security strategies around zero trust, cyber security mesh architecture (CSMA), and enterprise security architecture topics in general. He is a trusted advisor to CISOs and their teams.

Carsten Horst is an Associate Partner and Open Group Level 2 certified security architect. In his more than 20 years of experience, he has helped organizations develop and implement their security strategies and security architectures across a variety of industries. In his role, he has been leading security transformation projects across Europe. He is also an instructor and co-author of security architecture classes at IBM. In his current role as Associate Partner with IBM Security, he is helping clients with the design, implementation, and management of security solutions within a hybrid cloud context.