What is security architecture? Well in short, it is the design of an architecture to protect your network and data systems against unwanted intrusion or interference in anyway. Preferably it needs to be put together at the same time as your overall systems, ensuring it is integrated and comprehensive. In practice however, that is rarely the case, particularly in the SMB market.
There are multiple reasons for this, a main one being networks and systems that have grown organically over time ie bringing on new business, new employees and departments etc and simply buying extra server space and/or desktops/laptops to service those new business lines. Almost without exception, these will be added with little thought to security apart from some anti-malware.
Most SMBs will rely on their local IT provider to ensure that security is taken into account. This can be somewhat problematic. The local IT provider will probably be what is known as a Value Added Reseller or VAR. This means that they provide products with attached services. This is a perfectly proper line of business and that is the crux, in that they are there to make money and will probably be operating on margins that are just as fine as the SMBs they are supporting, and they will do what needs to be done to make their margin, and no more. I realise that this is a generalisation, but it is an accurate one, and I can’t blame them for doing what they do.
An effective security architecture is done by assessing risk by understanding threats and vulnerabilities. In that way effective design and controls can be put in place to mitigate those risks and an understanding of what is an acceptable level of risk to the business can be developed. That is why cyber security is not a technical issue but a business issue. Without an effective Information Security Management System, ISMS, your business is at risk.