Architecture security requirements

Software architecture is very important because it determines how the entire software realizes its business architecture and data flow. However, the architecture and data flow of complex business system are very complicated which cannot be learnt and understood thoroughly in short term. Although it is difficult, the team shall carry out architecture security analysis as early as possible to clarify technical security demands and identify security risk points in the architecture timely. Otherwise, due to the inherent deficiency of architecture in security design, it is very likely to bring security risk to application developed. Therefore, during architecture design or before development, security of software architecture shall be analyzed to see whether there are any potential security vulnerabilities which, once occurred, can be fixed at its beginning stage.

Applications today often involve docking between many modules and systems, and architects in the design of system architecture need to give full consideration to security threats at each level. For example, how to ensure the integrity of the data of users during use to avoid being tampered by a hacker? How to ensure that important sensitive data are not being stolen when a user is resetting a password? Can the whole software architecture effectively deal with sudden large-scale access requests? How to guarantee service availability?