Beyond the Box

Author: Arindam Bhattacharya Good and flexible architecture models are yet to exist while there are several good initiatives on developing some guiding principles to assist the community on Architectural best practices.  However, this article is yet another attempt to simplify the architeutal ingradients at very high level so exploring in depth could be possible with the acquired knowledge.  Architecture is a foundation for any technical know how's and a model is the engine of that foundation that orchestrates everything together. Below are the general components of the proposed model. 1. Business - Keeping business out, no architecture could be meaningful. Business is where the Strategies & Needs are defined and everything else needs to align with the Business. So, business is always the "WHO" context. 2. Product - The purpose of the Business is revenue through a Product. The product may constitute anything which is presented to the clients, even a service, or an app

Author- Arindam Bhattacharya DevSecOps merely cannot improve security unless there is a cultural shift. Security incidents/ issues could have been come down long before if there was proper attention given to the security processes. When we talk about any processes it is driven by both manual and automated processes.  While automation works best when the processes are made straight forward and desired outcome is known in advance but if this is not the case, intervention of manual process is what all needed. All gaps, incompleteness of the processes.are.because of such manual dependencies. DevOps pipelines helps to achive automation across the development and operational lifecycle but when security needs to be embedded, this require the same pipeline extended to security lifecycle as well. There are some practicality that works against this idea as because not all security processes can be invoked automatically.  For example - post a development module is set to form production, it needs

Author- Arindam Bhattacharya When cyber security compromises taken place, it has already passed through multiple defense layers to attain the final goal of persistence those are very hard to detect because of the family of compromises involved, no independent traffic but a carrier in others service entities. The time such activities detected (appearing  false positives or true positive?) that means the multi layer kill chain compromise already took place prior but the silo incidents are overlooked that intern gave a room for an unknown security breach for longer with no clues. When a network operation is of sensitive nature and that "unknown factor" indicates there is an issue in multiple dimension - Capability, Hygiene and Maturity etc.  Detection challenges are more in "on premise" than Cloud that has an offer for stricter policies & controls but compliance "in the cloud" sometimes remains a challenge due to absence of full stride solutions - meaning

Author- Arindam Bhattacharya Peer 2 peer models were successful much before even today's internet though it exists even today but in dark net. The purpose or intent was good to safeguard against online surveillance, privacy or overall confidentiality over internet, however, misuse started soon after it launched and that enforced Govt to ban such network's lagal usage and so, today such networks are not official and legalized.  The concept if leveraged, to the traditional white networks, may bring good relief against exposure of security weaknesses, however, there is no guarantee that it would not be misused again.  Traditionally, server side being deployed with modern security stacks, possibility of a breach taking place at the host layer is comparatively lower unless the resources that it's hosting have some vulnerabilities. Alternatively, the hosted services, may be virtually patched to overcome such weaknesses incase if the vulnerabilities are not mitigatelable due to so

Author- Arindam Bhattacharya When technology is changing fast, it's imperative that we need to be at per with the knowledge that technology brings in. However, as we are moving forward, it's validation of knowledge getting more important than the practical know how's. This is moving in a way that technology is adopted just because of certifications but emphasizing on insights are getting lesser or almost missing. Except research professionals or some enthusiast, this trend is falling.  Industry professionals diverting their full attention towards gathering certifications as much, because this is becoming an industry norm and the need for a start. Till date initial shortlistings done just through how many different skills that one has mentioned, how many certifications, trainings, participations obtained etc. which are the major criteria set for a purpose but out of all these, platforms have some invisible issues. Taking the "skill" as an example - A company is loo