3.1 Security implication of different architecture models

Responsibility Matrix (Cloud)(Architecture/ Infrastructure concepts)

Clarifies shared security responsibilities between provider and client, like a guideline of responsibilities.

Example: Cloud provider secures infrastructure, client secures data

Hybrid Considerations (Cloud)(Architecture/ Infrastructure concepts)

Mix of on prem and cloud brings complex integration and risk, like VPNs needed to secure hybrid app flow./

Third Party (Cloud)(Architecture/ Infrastructure concepts)

External providers must be vetted for security risk

Example: Saas vendor storing customer data, is a security implication

Iac (Infrastructure as a code) (Architecture/ Infrastructure concepts)

Manages infrastructure through code/script which has to be secured

Example: Terraform script provisioning AWS instances with security groups

Serverless (Architecture/ Infrastructure concepts)

Apps run without managing servers but still need secure function level permissions

Example: AWS Lambda (classic serverless service) with a restricted IAM role (access control)

Microservices (Architecture/ Infrastructure concepts)

Apps split into smaller services, which each must be secured and monitored


Example: Authentication service is separated from the billing service.

Physical Isolation *(Architecture/ Infrastructure concepts)

System separated physical from others

Example: Sensitive server in locked room without network access

Air Gapped (Architecture/ Infrastructure concepts)

Completely disconnected from any network


Example: Nuclear Facility system with no internet access, similar to physical isolation, also seperated`

Logical Segmentation (Architecture/ Infrastructure concepts)

Uses VLAN, firewalls and other controls to logically segment access

Example Finance VLAN cant access HR VLAN

SDN, Software defined Networking (Architecture/ Infrastructure concepts)

Centralized network control VIA software, needs strict control access


Example: SDN controller restricts traffic between data center zones

On premises (Architecture/ Infrastructure concepts)

Resources are hosted internally giving full control but high responsibilities

Example: Company hosts mail server in its own datacenter

Centralized vs Decentralized (Architecture/ Infrastructure concepts)

Centralized is easier to control; while decentralized reduces single point of failure


Example: Single HQ login server vs Regional login servers

Containerization (Architecture/ Infrastructure concepts)

Lightweight app instances isolated for security


Example: Docker, containers running isolated microservices

Virtualization (Architecture/ Infrastructure concepts)

VMs allow multiple OS instances but risk VM escape

Example: Multiple VMs on one hypervisor

IoT (Architecture/ Infrastructure concepts)

Devices may lack full security, need segmentation and patching

Example: Smart thermostat vulnerable to remote access

ICS/SCADA (Architecture/ Infrastructure concepts)

critical infrastructure systems with unique security challenges

Example: Water treatment SCADA systems need protection from cyber attacks

RTOS (Real time OS) (Architecture/ Infrastructure concepts)

Special OS used in time sensitive environments often resource limited


Example: Medical devices needing real time responses

Embedded Systems (Architecture/ Infrastructure concepts)

Limited resources devices with fixed firmware

Example, a ATM of a smart fridge that can have firmware vulnerabilities

High Availability(Architecture/ Infrastructure concepts)

Ensures uptime with redundancy and failover

Example: Load balancer shifts traffic if one server fails

Availability (Architecture/ Infrastructure concepts)

Systems remains accessible when needed

Example: Use of redundant server

Resilience (Consideration)

Ability to recover quickly from issuses

Example; Failover system activates on a outage

Cost (Consideration)

Financial impact of solution and upkeep

Example: the cloud reduces capex, increases opex

Responsiveness (Consideration)

How fast a system adapts to needs or issues

Example: Auto scaling cloud services under load

Scalability (Consideration)

Ability to handle growth

Example: Add nodes to database cluster

Ease of Deployment (Consideration)

Simplicity and speed of setup

Example: One click deployment via IaC

Risk Transference (Consideration)

Shift risk to vendor or insurer

Example: Cyber insurance for breach costs

Ease of Recovery (Consideration)

How simpler and speed the setup is

Example: One click deployment via IaC

Patch availability (Consideration)

Whether updates exist

Example: New Windows patch for RCE flaw

Inability to Patch (Consideration)

Legacy systems cant be updated easily

Example: OLD ICS devices with no firmware support

Power (Consideration)

Systems electrical requirements

Example: Battery backup for power outages

Compute (Consideration)

Processing capability needed

Example: AI workouts needing GPU to meet demand