Adding security everywhere

Security is one of the essential aspects of solution design; any gap in security can have a devastating effect on business and the organization's future. The security aspect can have a significant impact on solution design, so you need to understand your security needs even before starting the application design. Security needs to include in platform readiness at the hardware level and in application development at the software level. The following are the security aspects that need to be considered during the design phase:

• Physical security of data center: All IT resources in data centers should be secure from unauthorized access.
• Network security: The network should be secure to prevent any unauthorized server access.
• Identity and Access Management (IAM): Only authenticated users should have access to the application, and they can do the activity as per their authorization.
• Data security in-transit: Data should be secure while traveling over the network or the internet.
• Data security at rest: Data should be secure while stored in the database or any other storage.
• Security monitoring: Any security incident should be captured, and the team alerted to act.

Application design needs to balance security requirements such as encryption, and other factors such as performance and latency. Data encryption always has a performance impact as it adds a layer of additional processing because data needs to be decrypted in order to be utilized. Your application needs to accommodate the overhead of additional encryption processing without impacting overall performance. So, while designing your application, think of use cases where encryption is really required. For example, if the data is not confidential, you don't need to encrypt it.

The other aspect of application design to consider is regulatory compliance for adherence to local law. Compliance is essential if your application belongs to a regulated industry such as health care, finance, or federal government. Each compliance has its requirement, which commonly includes the protection of data and the recording of each activity for audit purposes. Your application design should build comprehensive logging, and ensure through monitoring, which will fulfill the audit requirement.

In this section, you have learned to apply security thinking while designing and keeping any regulatory needs in mind. Security automation is another factor, which you should always implement along with your design, in order to reduce and mitigate any security incidence. However, you have a high-level overview here. You will learn more details in Chapter 8, Security Considerations.