Slide 1
Slide 1 text
The Art of Secure Architecture
Julia Potapenko
Slide 2
Slide 2 text
Security Software Engineer
@julepka
We help companies to protect their
sensitive and valuable data.
Slide 3
Slide 3 text
Secure architecture
Slide 4
Slide 4 text
Secure architecture
for small startup companies
Slide 5
Slide 5 text
Secure architecture
for small startup companies
Fast-pacing development
Prioritized feature delivery
Smaller team
No security team
& decision making
Tight deadlines & budget
Slide 6
Slide 6 text
… security decreases usability … and performance …
… security feature is in conflict with another feature …
We want it secure but…
Slide 7
Slide 7 text
We want it secure but…
Slide 8
Slide 8 text
We want it secure but…
Why do we postpone security features?
Slide 9
Slide 9 text
Security is invisible
- No direct business value.
- You can’t see if it’s working, you can see when it fails.
Slide 10
Slide 10 text
Secure architecture –
Slide 11
Slide 11 text
Secure architecture – is a combination of structural
security decisions…
Slide 12
Slide 12 text
Secure architecture – is a combination of structural
security decisions that efficiently addresses risks…
Slide 13
Slide 13 text
Secure architecture – is a combination of structural
security decisions that efficiently addresses risks
considering business goals.
Slide 14
Slide 14 text
People make poor decisions under pressure.
Secure architecture is about decision making.
People mess up the processes under the pressure.
Secure architecture is about following the process.
Slide 15
Slide 15 text
SSDLC
Requirements Design Develop Test Deploy
Slide 16
Slide 16 text
Requirements Design Develop Test Deploy
Security
review,
security
features
Design
review,
threat
model
Secure
coding,
static
analisys
Security
code
review,
pentesting
Security
monitoring,
security
assessment
SSDLC
Slide 17
Slide 17 text
Requirements Design Develop Test Deploy
Security
review,
security
features
Design
review,
threat
model
Secure
coding,
static
analisys
Security
code
review,
pentesting
Security
monitoring,
security
assessment
SSDLC
Slide 18
Slide 18 text
Building Secure Architecture
See also: TOGAF
BUSINESS
GOALS
BUILD
THE ARCH
ARCH
DECISIONS
& DESIGN
RISKS &
TRADEOFFS
Slide 19
Slide 19 text
Building Secure Architecture
BUSINESS
GOALS
BUILD
THE ARCH
ARCH
DECISIONS
& DESIGN
RISKS &
TRADEOFFS
Document risks!
Slide 20
Slide 20 text
… you assess risks every and do
security decisions every day…
Slide 21
Slide 21 text
Imagine you are an artist.
You want to gift your friend a painting: a portrait.
You know your friend is somewhat picky.
Slide 22
Slide 22 text
Watercolor
Pros: trendy, not expensive
Cons: mistakes not allowed
Imagine you are an artist.
You want to gift your friend a painting: a portrait.
You know your friend is somewhat picky.
Slide 23
Slide 23 text
Watercolor
Pros: trendy, not expensive
Cons: mistakes not allowed
Oil paint
Pros: mistakes allowed
Cons: expensive, not trendy
Imagine you are an artist.
You want to gift your friend a painting: a portrait.
You know your friend is somewhat picky.
Slide 24
Slide 24 text
Watercolor
Pros: trendy, not expensive
Cons: mistakes not allowed
Oil paint
Pros: mistakes allowed
Cons: expensive, not trendy
Gouache
water-based as watercolor
but not that opaque, not
expensive, allows minor
mistakes
Imagine you are an artist.
You want to gift your friend a painting: a portrait.
You know your friend is somewhat picky.
Slide 25
Slide 25 text
What could go wrong?
Lack of time
Not assessing risks and tradeoffs
Picking tools before sticking to the core idea
Lack of awareness
Slide 26
Slide 26 text
Risk assessment for beginners
Slide 27
Slide 27 text
What is important for your business?
What I don’t want to share or loose as a user?
What sensitive data or PII can be there?
Do I need to be compliant to any regulations?
Why may the company loose a lot of many?
How much do I care about reputation damage?
Risk assessment for beginners
Slide 28
Slide 28 text
What is important for your business? - Profit
What I don’t want to share or loose as a user? - Credit card
What sensitive data or PII can be there? - Name, address, phone
Do I need to be compliant to any regulations? - GDPR, CCPA
Why may the company loose a lot of many? - Availability issues
How much do I care about reputation damage? - I care a lot
Food delivery service example
Slide 29
Slide 29 text
What is a possible damage from this or that attack?
What is our attack surface?
How often this or that attack may appear?
How probable it is?
How interesting (profitable) it may be for an attacker?
What skill level is required for it?
Do we have (plan) other security controls covering it?
What is the cost of implementing the security control?
What is the cost of attack mitigation?
See also: FAIR, NIST RMF
Measure and prioritize
Slide 30
Slide 30 text
Building Secure Architecture
BUSINESS
GOALS
BUILD
THE ARCH
ARCH
DECISIONS
& DESIGN
RISKS &
TRADEOFFS
Document risks!
Slide 31
Slide 31 text
Be creative!
Building Secure Architecture
BUSINESS
GOALS
BUILD
THE ARCH
ARCH
DECISIONS
& DESIGN
RISKS &
TRADEOFFS
Document risks!
Slide 32
Slide 32 text
Be creative!
Pick tools here!
Building Secure Architecture
BUSINESS
GOALS
BUILD
THE ARCH
ARCH
DECISIONS
& DESIGN
RISKS &
TRADEOFFS
Document risks!
Slide 33
Slide 33 text
Creativity
Slide 34
Slide 34 text
Creativity Industry Guidelines
Technology expertise
Tools
Slide 35
Slide 35 text
Creativity
- the ability to create
- the use of imagination or original ideas to
create something; inventiveness
Synonyms:
imagination, vision, inventiveness
Industry Guidelines
Technology expertise
Tools
Slide 36
Slide 36 text
Be creative!
Pick tools here!
Building Secure Architecture
BUSINESS
GOALS
BUILD
THE ARCH
ARCH
DECISIONS
& DESIGN
RISKS &
TRADEOFFS
Document risks!
Slide 37
Slide 37 text
BUSINESS
GOALS
BUILD
THE ARCH
ARCH
DECISIONS
& DESIGN
RISKS &
TRADEOFFS
Document risks!
Be creative!
Communicate!
Pick tools here!
Building Secure Architecture
Slide 38
Slide 38 text
Communicate!
Business owner view
Architect’s view
Designer’s view
Software engineer’s view
Manager’s view
See also: SABSA
Building Secure Architecture
Slide 39
Slide 39 text
Communicate!
Business owner view
Architect’s view
Designer’s view
Software engineer’s view
Manager’s view
QC engineer’s view
Marketing view
Infrastructure engineer’s view
People management view
Graphical designer’s view
Legal view
Support team view
See also: COBIT 5
Building Secure Architecture
Slide 40
Slide 40 text
Why engineers can’t make it secure?
Slide 41
Slide 41 text
Secure Architecture
- is about decision making process
- is based on risks and business goals
- is an abstraction
Secure Coding
- is about writing code
- is based on industry guidelines
- is platform-specific
Why engineers can’t make it secure?
Slide 42
Slide 42 text
You operate risks and business goals,
abstracting from the tools
You operate tools,
you don’t make business decisions
Secure Architecture
- is about decision making process
- is based on risks and business goals
- is an abstraction
Secure Coding
- is about writing code
- is based on industry guidelines
- is platform-specific
Why engineers can’t make it secure?
Slide 43
Slide 43 text
You operate risks and business goals,
abstracting from the tools
You operate tools,
you don’t make business decisions
Creating structure
Adding details
Secure Architecture
- is about decision making process
- is based on risks and business goals
- is an abstraction
Secure Coding
- is about writing code
- is based on industry guidelines
- is platform-specific
Why engineers can’t make it secure?
Slide 44
Slide 44 text
“We’ve created a mobile app for our store! Now, you can pay with
the app! No need to interact with people!”
Why engineers can’t make it secure?
Slide 45
Slide 45 text
“We’ve created a mobile app for our store! Now, you can pay with
the app! No need to interact with people!”
“The fraud level is way too high. Let’s ask engineers to investigate
and fix the issue”
Why engineers can’t make it secure?
Slide 46
Slide 46 text
“We’ve created a mobile app for our store! Now, you can pay with
the app! No need to interact with people!”
“The fraud level is way too high. Let’s ask engineers to investigate
and fix the issue”
After a couple of month engineering team arrived with nothing.
One of them asked:
“What is the actual percentage of fraudulent transactions?”
Why engineers can’t make it secure?
Slide 47
Slide 47 text
“We’ve created a mobile app for our store! Now, you can pay with
the app! No need to interact with people!”
“The fraud level is way too high. Let’s ask engineers to investigate
and fix the issue”
After a couple of month engineering team arrived with nothing.
One of them asked:
“What is the actual percentage of fraudulent transactions?”
The actual percentage was actually better the industry statistics.
Why engineers can’t make it secure?
Slide 48
Slide 48 text
Requirements Design Develop Test Deploy
Security
review,
security
features
Design
review,
threat
model
Secure
coding,
static
analisys
Security
code
review,
pentesting
Security
monitoring,
security
assessment
SSDLC
Slide 49
Slide 49 text
Requirements Design Develop Test Deploy
Security
review,
security
features
Design
review,
threat
model
Secure
coding,
static
analisys
Security
code
review,
pentesting
Security
monitoring,
security
assessment
Architectural
decisions
SSDLC
Slide 50
Slide 50 text
Requirements Design Develop Test Deploy
Security
review,
security
features
Design
review,
threat
model
Secure
coding,
static
analisys
Security
code
review,
pentesting
Security
monitoring,
security
assessment
Architectural
decisions
Software
developers
SSDLC
Slide 51
Slide 51 text
Force upgrade feature
Essential for desktop and mobile apps (but not for backend, web)
But its logic includes both app and backend side.
Why engineers can’t make it secure?
Slide 52
Slide 52 text
Force upgrade feature
Essential for desktop and mobile apps (but not for backend, web)
But its logic includes both app and backend side.
If the app is already released, it take more time to implement it
(existing error handling logic created limitations).
Why engineers can’t make it secure?
Slide 53
Slide 53 text
When security was postponed:
1. Error handling implemented
2. App devs discover the risk
3. App devs communicate with
architect and manager
4. App devs communicate with
backend
5. Updating error handling
6. Adding force upgrade
Why engineers can’t make it secure?
Slide 54
Slide 54 text
When security was postponed:
1. Error handling implemented
2. App devs discover the risk
3. App devs communicate with
architect and manager
4. App devs communicate with
backend
5. Updating error handling
6. Adding force upgrade
Security right from the start:
1. Architect communicates with devs
2. Architect discovers the risk
3. Error handling implemented
4. Adding force upgrade
Why engineers can’t make it secure?
Slide 55
Slide 55 text
Requirements Design Develop Test Deploy
Security
review,
security
features
Design
review,
threat
model
Secure
coding,
static
analisys
Security
code
review,
pentesting
Security
monitoring,
security
assessment
SSDLC
Slide 56
Slide 56 text
Requirements Design Develop Test Deploy
Security
review,
security
features
Design
review,
threat
model
Secure
coding,
static
analisys
Security
code
review,
pentesting
Security
monitoring,
security
assessment
… tips for small startups…
SSDLC
Slide 57
Slide 57 text
Requirements Design Develop Test Deploy
document
risks and
sensitive
assets
design and
discuss with
security in
mind
Secure
coding,
static
analisys
Security
code
review,
pentesting
Security
monitoring,
security
assessment
… tips for small startups…
See also: OWASP RAF
SSDLC
Slide 58
Slide 58 text
Requirements Design Develop Test Deploy
document
risks and
sensitive
assets
design and
discuss with
security in
mind
secure coding
knowledge
sharing, static
analysis
Security
code
review,
pentesting
Security
monitoring,
security
assessment
… tips for small startups…
SSDLC
Slide 59
Slide 59 text
Requirements Design Develop Test Deploy
document
risks and
sensitive
assets
design and
discuss with
security in
mind
secure coding
knowledge
sharing, static
analysis
security
checklists,
dependency
checkers,
SAST, DAST.
Security
monitoring,
security
assessment
… tips for small startups…
SSDLC
Slide 60
Slide 60 text
Requirements Design Develop Test Deploy
document
risks and
sensitive
assets
design and
discuss with
security in
mind
secure coding
knowledge
sharing, static
analysis
security
checklists,
dependency
checkers,
SAST, DAST.
security
events in
analytics,
responsible
disclosure
… tips for small startups…
SSDLC
Slide 61
Slide 61 text
Requirements Design Develop Test Deploy
document
risks and
sensitive
assets
design and
discuss with
security in
mind
secure coding
knowledge
sharing, static
analysis
security
checklists,
dependency
checkers,
SAST, DAST.
security
events in
analytics,
responsible
disclosure
… tips for small startups…
SSDLC
Slide 62
Slide 62 text
Have you ever caught your development team
in the situation when the very first app release is
coming, but it lacks security completely?
Requirements Design Develop Test Deploy
Slide 63
Slide 63 text
Have you ever caught your development team
in the situation when the very first app release is
coming, but it lacks security completely?
Requirements Design Develop Test Deploy
What are the
most critical
events that may
happen to your
business?
Prioritise!
Slide 64
Slide 64 text
Have you ever caught your development team
in the situation when the very first app release is
coming, but it lacks security completely?
Requirements Design Develop Test Deploy
What are the
most critical
events that may
happen to your
business?
Prioritise!
Communicate.
Assess what you
already have.
Book time.
Slide 65
Slide 65 text
Have you ever caught your development team
in the situation when the very first app release is
coming, but it lacks security completely?
Requirements Design Develop Test Deploy
Build step by
step. Make sure
basic security
functionality is
working. Then,
improve.
What are the
most critical
events that may
happen to your
business?
Prioritise!
Communicate.
Assess what you
already have.
Book time.
Slide 66
Slide 66 text
Have you ever caught your development team
in the situation when the very first app release is
coming, but it lacks security completely?
Requirements Design Develop Test Deploy
Build step by
step. Make sure
basic security
functionality is
working. Then,
improve.
Create a checklist
with all the
security controls.
What are the
most critical
events that may
happen to your
business?
Prioritise!
Communicate.
Assess what you
already have.
Book time.
Slide 67
Slide 67 text
Have you ever caught your development team
in the situation when the very first app release is
coming, but it lacks security completely?
Requirements Design Develop Test Deploy
Build step by
step. Make sure
basic security
functionality is
working. Then,
improve.
Create a checklist
with all the
security controls.
Set up alerting
What are the
most critical
events that may
happen to your
business?
Prioritise!
Communicate.
Assess what you
already have.
Book time.
Slide 68
Slide 68 text
Have you ever caught your development team
in the situation when the very first app release is
coming, but it lacks security completely?
Requirements Design Develop Test Deploy
Build step by
step. Make sure
basic security
functionality is
working. Then,
improve.
Create a checklist
with all the
security controls.
Set up alerting
Prepare Plan B
What are the
most critical
events that may
happen to your
business?
Prioritise!
Communicate.
Assess what you
already have.
Book time.
Slide 69
Slide 69 text
Summary
- Book time for security in advance
- Stick to SSDLC as early as possible
- Secure architecture is not a single person responsibility
Slide 70
Slide 70 text
Thank you!
@julepka
Photo by Lukas Blazek
https://unsplash.com/@goumbik