Security for Software Architects

Security is about managing risk. No usable system is 100% secure – that’s a fact. Of course it is possible achieve 100% security by placing a system in a physically guarded bank vault and disabling all communication mechanisms. Based on how the society uses software systems it's clear that such approach is not suitable for most usable software systems. It’s not possible to defend against all vulnerabilities, not only because organizations don’t have the resources, but because new threats arise daily. It’s the architect’s job to work with the system stakeholders to seek the balance between risks and resources.

Read a new article on this topic on SoftwareArchitectures.com. It's written is for both seasoned and apprentice software architects in mind. Security has always been an important topic, but with rapid software evolution software architects are forced to pay more attention to this quality attribute. In not so distant past, before standardization of various protocols (e.g. TCP/IP, SMTP, etc.) most business systems were isolated and existed within the physical boundaries of proprietary communication infrastructure. At that time there was little, if any, electronic data exchange between organizations. The subject of security did not become prevalent until the need for interconnectivity and interoperability emerged and the cost of security breach became a real cost to business.

Firebrand Architect on duty: CK