Secure Architecture Principles
Our approach to Secure Architecture is based on repeatability, accessibility, and variability, aka RAV Engineering. RAV Engineering reflects a set of principles that support resilience across both the enterprise and software delivery lifecycle.
When an activity is repeatable, it minimizes mistakes and is easier to model mentally. Accessible security means stakeholders don’t have to be security experts. Supporting variability means supporting adaptation and evolution.
When an activity is repeatable, it minimizes mistakes and is easier to model mentally. Accessible security means stakeholders don’t have to be security experts. Supporting variability means supporting adaptation and evolution.
Assign the Least Privilege Possible
Goal
Method
Examples
Method
Examples
Prevent unauthorized access.
Assign minimal necessary privileges and segregate accounts for sensitive data.
Specific user privileges for service processes.
Assign minimal necessary privileges and segregate accounts for sensitive data.
Specific user privileges for service processes.
Separate Responsibilities
Goal
Method
Examples
Method
Examples
Limit overall system compromise from localized breaches.
Compartmentalize duties and data and separate user roles.
Restricted data access on a need-to-know basis.
Compartmentalize duties and data and separate user roles.
Restricted data access on a need-to-know basis.
Trust Cautiously
Goal
Method
Examples
Method
Examples
Mitigate risks from external entities.
Validate all connections and use robust authentication.
MFA implementation, restrict third-party code.
Validate all connections and use robust authentication.
MFA implementation, restrict third-party code.
Simplest Solution Possible
Goal
Method
Examples
Method
Examples
Reduce complexity and enhance security.
Use proven components and avoid unnecessary features.
Opt for minimal viable changes and reduce system updates.
Use proven components and avoid unnecessary features.
Opt for minimal viable changes and reduce system updates.
Audit Sensitive Events
Goal
Method
Examples
Method
Examples
Maintain records and monitor activities.
Use tamper-resistant logs, and notify users of significant changes.
Enable AWS GuardDuty and GCP Cloud Audit Logs.
Use tamper-resistant logs, and notify users of significant changes.
Enable AWS GuardDuty and GCP Cloud Audit Logs.
Fail Securely & Use Secure Defaults
Goal
Method
Examples
Method
Examples
Ensure secure operations even in failure.
Enforce secure settings and consider failure scenarios.
Reject invalid TLS certificates and secure error messages.
Enforce secure settings and consider failure scenarios.
Reject invalid TLS certificates and secure error messages.
Never Rely Upon Obscurity
Goal
Method
Examples
Method
Examples
Assume full system knowledge by potential attackers.
Transparent security measures and thorough documentation.
Secure even non-public servers and avoid hidden admin paths.
Transparent security measures and thorough documentation.
Secure even non-public servers and avoid hidden admin paths.
Implement Defense in Depth
Goal
Method
Examples
Method
Examples
Prevent unauthorized access.
Assign minimal necessary privileges and segregate accounts for sensitive data.
Specific user privileges for service processes.
Assign minimal necessary privileges and segregate accounts for sensitive data.
Specific user privileges for service processes.
Never Invent Security Technology
Goal
Method
Examples
Method
Examples
Utilize established, tested security measures.
Avoid custom security solutions and rely on expert advice.
Use standard SSO and encryption methods.
Avoid custom security solutions and rely on expert advice.
Use standard SSO and encryption methods.
Find the Weakest Link
Goal
Method
Examples
Method
Examples
Strengthen or eliminate the most vulnerable points.
Continuous threat modeling, considering user behavior.
API security and enforcing strong authentication.
Continuous threat modeling, considering user behavior.
API security and enforcing strong authentication.
