Governance Led Security Architecture in Large Scale Enterprise Systems

Article Sidebar

PDF
Published: 2023-08-03
DOI: https://doi.org/10.15662/IJRPETM.2023.0604009
Keywords:
Governance-led security architecture, cloud-native computing, enterprise systems, microservices security

Main Article Content

Vasudevan Subramani
Development Manager and Solution Architect, USA

Abstract

This paper studies governance-led security architecture in large-scale enterprise systems using a quantitative approach. It determines the impact of governance mechanisms like security review boards (mean 4.1), architectural guardrails (3.8), compliance enforcement (3.9) and approval workflows (3.5) in security outcomes in distributed environments. Findings indicate that the high governance minimizes security incidents from 45 incidents to 12 incidents every year and minimizes the compliance violation from 39 to 8. Average resolution time is increased from 5.2 hours from 18.4. There are strong, negative relationships (-0.78) between governance maturity and incidents. Results indicate that there is a necessity to have balanced automated governance structures.

Article Details

Issue

Vol. 6 No. 4 (2023): International Journal of Research Publications in Engineering, Technology and Management

Section

Articles

How to Cite

Governance Led Security Architecture in Large Scale Enterprise Systems. (2023). International Journal of Research Publications in Engineering, Technology and Management (IJRPETM), 6(4), 9037-9045. https://doi.org/10.15662/IJRPETM.2023.0604009

References

[1] Kurma, J., Mamidala, J. V., Attipalli, A., Enokkaren, S. J., Bitkuri, V., & Kendyala, R. (2022). A review of security, compliance, and governance challenges in Cloud-Native middleware and enterprise systems. www.ijrai.org. https://doi.org/10.15662/IJRAI.2022.0501003

[2] Korhonen, J. J., Hiekkanen, K., & Mykkänen, J. (2012). Information Security Governance. In IGI Global eBooks (pp. 53–66). https://doi.org/10.4018/978-1-4666-0197-0.ch004

[3] Gashgari, G., Walters, R., & Wills, G. (2017). A Proposed Best-practice Framework for Information Security Governance. A Proposed Best-practice Framework for Information Security Governance, 295–301. https://doi.org/10.5220/0006303102950301

[4] Mayer, N., Aubert, J., Grandry, E., Feltus, C., & Goettelmann, E. (2017). An Integrated Conceptual Model for Information System Security Risk Management and Enterprise Architecture Management based on TOGAF, ArchiMate, IAF and DoDAF. arXiv (Cornell University). https://doi.org/10.48550/arxiv.1701.01664

[5] Gali, V. K. (2022). Governance Framework Approach for Oracle Cloud ERP: Secure and Scalable Enterprise Governance. International Journal of Emerging Research in Engineering and Technology, 3, 136–147. https://doi.org/10.63282/3050-922x.ijeret-v3i3p114

[6] Berardi, D., Giallorenzo, S., Mauro, J., Melis, A., Montesi, F., & Prandini, M. (2022). Microservice security: a systematic literature review. PeerJ Computer Science, 7, e779. https://doi.org/10.7717/peerj-cs.779

[7] Pereira-Vale, A., Fernandez, E. B., Monge, R., Astudillo, H., & Márquez, G. (2021). Security in microservice-based systems: A Multivocal literature review. Computers & Security, 103, 102200. https://doi.org/10.1016/j.cose.2021.102200

[8] Bryce, C. (2019). Security governance as a service on the cloud. Journal of Cloud Computing Advances Systems and Applications, 8(1). https://doi.org/10.1186/s13677-019-0148-5

[9] Abidi, S., Essafi, M., Guegan, C. G., Fakhri, M., Witti, H., & Ghezala, H. H. B. (2019). A web service security governance approach based on dedicated micro-services. Procedia Computer Science, 159, 372–386. https://doi.org/10.1016/j.procs.2019.09.192

[10] Hannousse, A., & Yahiouche, S. (2021). Securing microservices and microservice architectures: A systematic mapping study. Computer Science Review, 41, 100415. https://doi.org/10.1016/j.cosrev.2021.100415