Security on Architecture Level
The term Security Architecture has many meanings depending on the context: In this service’s context it defines the hardening of your architecture by including security controls and multiple layers of defense (Defense-in-Depth) right from the beginning. This does not only take the implementation layer of your applications into account, but also focuses more on architecture and component level.
If you answer any of these questions with yes, then security architecture consulting might be a good idea to include in your process at an early stage:
- You want to change your architecture towards a microservice design?
- You want to shift parts of your architecture into the cloud?
- You want to offer previously customer-hosted services also as SaaS solutions?
- You want to move towards a more container-based component approach?
- You want to connect multiple clients (including mobile apps) and systems to your APIs?
- Or simply: You just want to discuss your architecture (existing or planned) with a security expert?
In all these cases security architecture consulting is the process of discussing your software and system design with a security expert with a strong background in software architecture.
Individual Consulting Package
For supporting you in these scenarios with my architecture and security experience in the best possible way, a short conf-call to discuss your individual requirements makes sense. After that I can offer you an individual security architecture consulting package, targeted at your specific situation: Let’s talk
Relation to Threat Modeling
Depending on your concrete needs, a security architecture review can include or can be executed as a threat modeling workshop, which details the risks of the architecture under review: See Agile Threat Modeling