Security – Should Just Work

Defense in depth

This continues the data security theme with the most important security principle – defence-in-depth, This means having at least two strong defences against any attack, with monitoring to detect when either is breached.

Recently, we have seen attacks on weather bureaus, ambulances, sporting clubs – hardly “high-value targets”. A decade ago, strong defences applied to banks, government, and such – now it’s for all of us. We can’t turn all software architects into security experts so in these articles I will give security blueprints. You can apply them without fully understanding why you need them, or how they work, and the result will be a more robust system.

Personal data safe at rest

Data breaches – a $5 million average cleanup cost and $11 trillion drain on the world economy. That’s the GDP of the 130 poorest countries on earth. As software architects, we enabled all that. In our hubris, we put insecure systems on the Internet, declared them ‘done’, and set up our users and employers to become victims. We should be ashamed.

Personal Data is the target of the big data breaches, and when it’s at rest it’s easiest to steal. This post will show strong and easy-to-follow techniques for protecting personal data at rest.

Data extraction from microservice architectures

Reporting and ETL “just work” in a DB-centric design, when the data is in 3rd Normal Form. In a microservice design, they do not. If you apply the traditional ETL tools to your microservice stores, you will lose your microservice benefits. Let’s see a way to get better-than-SQL reporting, without sacrificing time-to-market, team velocity or SLAs, and opening a path to the CQRS pattern.