Home Computer Science Securing Systems Applied Security Architecture and Threat Models
An enterprise architecture can be thought of as a map of the interactions of the individual systems that comprise it. One of the systems expressed in Figure 7.2 is the business intelligence and analytics system. Typically, these systems handle business proprietary and sensitive data about the performance, strengths, and weaknesses of business execution. Therefore, business intelligence systems are usually not exposed to untrusted networks and to untrusted parties. The Digital Diskus data analysis and business intelligence system exists only on the company’s internal network. No portion of the system is exposed on either of the external zones (Internet and Extranet).
We begin with the first “A” in ATASM: “architecture.” First, we must understand what a business analytics/intelligence system does and a bit about how the analysis function works. The diagram given in Figure 8.1 has had enterprise components not directly connected with the business analytics and intelligence system removed. Figure 8.1 may be thought of as the gross enterprise components that are involved in business data mining for Digital Diskus.
[D]ata science is a set offundamental principles that guide the extraction of knowledge from data. Data mining is the extraction of knowledge from data via technologies that incorporate these principles.1
Like many enterprises, Digital Diskus has many applications for the various processes that must be executed to run its business, from finance and accounting to sales, marketing, procurement, inventory, supply chain, and so forth. A great deal of data is
Figure 8.1 Business analytics logical data flow diagram (DFD).
generated across these systems. But, unfortunately, as a business grows into an enterprise, most of its business systems will be discreet. Getting a holistic view of the health of the business can be stymied by the organic growth of applications and data stores. A great deal of the business indicators will either be localized to a particular function or difficult to retrieve from specialized solutions, such as spreadsheet calculations. A business analytics system will then be implemented in order to gain that holistic view of the data that has been lost due to growth. Data mining is a general term for the function that a business analytics system provides. The data mining must reach across the silos of data in order to correlate and then apply analysis tools.
In order to analyze the activity and performance of the enterprise functions, a business intelligence system will pull data from many sources. Thus, there are obvious connections to the backend databases. What may be less obvious is that the analytics will make use of the message bus, both as a listener to capture critical data as well as a sender to request data. Analysis has to tie transactions to entities such as customer, partner, or employee, and messages to things like item catalogs and pricing structures. Each of these data types may reside in a distinct and separate data store. The internal content archive will also be used for analysis, which is, again, another completely disparate storage area.
As is typical for business intelligence and analytics systems, the system will want to make use of existing business processing functions such as the internal business applications that produce statistics, for example, sales bookings and fulfillments. Sometimes, needed processing results can be obtained from databases and other repositories. In these cases, the analysis engine will have to fetch results that may only be available in the user interface of a particular application. As a result, the data analysis and business intelligence system also has a “screen scraping” capability that accesses the presentations of the business applications. Another important analytics source will be the metadata associated with individual business applications. Metadata may describe what data is to be pulled and how it may be processed.
It’s fairly usual for a business intelligence and analytics system to touch pretty much all of the backend systems and data stores. These analysis systems contain code that understands how to crawl flat file directories, parse spreadsheets, read databases, HTML and other content representations, and includes code that can parse various data interchange formats. You may think of a business analysis system as being a data octopus. It has many arms that must touch a great deal in order to collate what would ordinarily be discontiguous, siloed data and systems. That is the point of business intelligence: to uncover what is hidden in the complexity of the data being processed by the many systems of a complex business. It is the purpose of business intelligence to connect the disconnected and then provide a vehicle for analysis of the resulting correlation and synthesis.
The system shown in Figure 8.1 comprises not only the business analytics and intelligence but also the many enterprise systems with which analytics must interact. In order to consider the entire system, we must understand not only the architecture of the business analysis system itself, but also its communications with other systems. The security of each system touched can affect the security of business analytics. And conversely, the security of business analytics can impact the security posture of each system it touches. Consequently, we must view the interactions as a whole in order to assess the security of each of its parts. Figure 8.1 diagrams all the components within the enterprise architecture with which business analytics must interact. Not all of these interactions involve the analysis of data. Other interactions are also critically important.
Consider the data flow “octopus,” as shown in Figure 8.1. How can the analysis system gather data from all these sources that, presumably, are protected themselves?
If you arrived at the conclusion that the business analysis system will have to maintain credentials for almost everything, much of which is highly proprietary or trade secret, you would be correct. One of the most difficult things about a business analysis system is that it has to have rights—powerful rights—to almost everything at the backend of the enterprise architecture. The security posture of the business analytics system, therefore, can significantly affect (perhaps lower) the posture of the system to which it connects. Since it has rights to a great deal, the system can be considered a repository, not only of the sensitive data and results that it produces but also of access rights. If these rights are not protected sufficiently, business analytics puts every system from which it must gather data at greater risk of successful attack.
In the illustrated use case, business analytics also listens to the message bus to gather information about transactions coming from the external zones. As you think about this, does that also expose the business analytics system to any potential attacks?
We haven’t yet considered everything shown in Figure 8.1. Identity systems and security systems are shown on the right of the diagram. We will return to these after we consider the data analysis system itself. I purposely left all the components as they were represented in the component enterprise architecture so that you can see how business analytics fits into and interacts as a part of the enterprise architecture. Each component diagrammed in Figure 8.1 is in precisely the same place and at the same size as these components were represented in Figure 7.2.
Since the flows have become rather crowded and hard to visualize, I’ve broken them out in Figure 8.1. I have removed those flows that represent connections between
Figure 8.2 Business analytics data interactions.
non-business analytics components in order to highlight only the flows to and from the business analytics system. Please refer back to Figure 7.3 if you don’t understand how the various components interact.
Figure 8.2 is a drill down view of the data gathering interactions of the business analytics system within the enterprise architecture. Is the visualization in Figure 8.2 perhaps a bit easier to understand? To reiterate, we are looking at the business analysis and intelligence system, which must touch almost every data gathering and transaction-processing system that exists in the internal network. And, as was noted, business analytics listens to the message bus, which includes messages that are sent from less trusted zones.
|< Prev||CONTENTS||Next >|