System architects (which means IT professionals who design platforms and infrastructures) have lots of things to think about when they do their work. Performance and availability are essential considerations. So are legacy compatibility, future-proofing, and scalability.
Security wasn’t always high on the list of priorities for system architects. Traditionally, security was someone else’s job. But that has changed. We live in a DevSecOps world where everyone — security architects included — now needs to own security.
With that necessity in mind, keep reading for a primer on what system architects should know about security today.
Why system architects need to think about security
With so many other requirements for system architects to address, it can be easy to let security take a back seat when architecting an IT system. That’s especially true given that many traditional security risks arose not at a system level, but instead within discrete components of the system; therefore, the risks were addressed by other people. A security flaw within code was the responsibility of a developer, not a system architect; access control settings were IT Ops’ problem.
Today, however, the security calculus for system architects has changed. Although many security vulnerabilities are still limited to specific infrastructure layers, the complexity of interactions between those layers, combined with the fast-changing nature of modern IT systems, means that the only real way to secure an IT system is to architect it with security as a foremost goal.
If you don’t, you can’t manage the complex security threats of modern environments. Nor can you mitigate the risk that a breach will escalate beyond its place of origin to affect the rest of the system.
How system architects can improve security
What, specifically, can system architects do to help improve the overall security of the IT systems and platforms that they design? Consider the following strategies for responding from an architectural perspective to modern security threats.
Rethink the firewall
Once upon a time, firewalls offered a great way of wrapping your entire infrastructure or platform in a neat security blanket that separated it from all unauthorized Internet traffic.
Today, that strategy no longer works. Most infrastructures span multiple types of environments — public clouds, private clouds, on-premises — and you can’t simply set up a firewall around them and call it a day.
That doesn’t mean firewalls have no role to play in modern system architectures. They still matter, but they need to be much more intelligent to do their jobs effectively. They need to be cloud-native firewalls that use machine learning to filter traffic in dynamic environments.
Workload isolation requires a new approach
Just as firewalls no longer neatly isolate workloads from the network in the way they once did, workloads are much harder to isolate from each other today. Gone are the days when you could run each workload in a separate virtual machine in order to achieve a high level of isolation; today, organizations that want to take advantage of the portability and performance benefits of containers have to operate with less isolation, because containers don’t provide the same level of isolation between workloads as virtual machines.
Meanwhile, modern workloads often consist of complex networks of microservices, so it wouldn’t make sense to try to isolate each service, even if you could.
This isn’t to say that system architects should give up on the idea of workload isolation. Instead, they need to take a different approach to isolation, by focusing on the software tools (like Kubernetes pod security policies and Docker resource quotas) that help restrict the ways in which containerized services interact with one another and their host servers. And they need to ensure they have tools in place to enforce the configurations that support software-defined isolation.
With the right approach to isolation, system architects can help mitigate the fallout of a breach. You don’t want one compromised container to allow an attacker to take over an entire system.
Standardize access control
I mentioned above that access control was once something that IT Ops had to deal with.
Given the complexity of modern infrastructures, however (and the fact that they often involve multiple clouds or other platforms, and each has its own access-control framework) system architects now have a more important role to play in ensuring that access control can be properly configured. In particular, they must ensure that the systems they design can be secured through an integrated access control policy. If that requires using multiple access-control frameworks, architects should make sure that they can enforce their organization-wide access-control policies across those frameworks in a feasible way.
Future-proof your security architecture
If there’s one thing we should all have learned over the past decade, which saw the explosion of Docker containers and serverless (and the new security challenges that come with them), it’s that no one can predict with certainty what the next big thing in infrastructure technologies will be. Nor can anyone say for sure how new technologies will impact security requirements.
System architects can, however, plan for future changes by ensuring that the security architecture that is part of their system is adaptable for the future. For example, it might not be a smart idea to rely on a particular cloud vendor’s monitoring tools, because you don’t know whether you’ll still be using that cloud in a year or five years or a decade. Similarly, it’s wise to adopt tools that can enforce compliance with security policies on any type of infrastructure or system, even as your infrastructure and services change.
System architects have a hard job. They have to plan for a wide array of different requirements. In many cases, they must make compromises between different priorities; the most scalable system may not be the most high-performing one, for example.
But when it comes to security, compromises are almost never worth it. Today’s system architects have a central role to play in designing IT systems that are secure by default. Indeed, it’s only with their help that developers and IT Ops engineers have any hope of staying on top of the various security threats they face within the complex systems they support.