Help Center/ Well-Architected Framework/ Well-Architected Framework and Practices/ Security Pillar/ Design Principles
Updated on 2025-05-22 GMT+08:00
View PDF
Share

Design Principles

According to International Organization for Standardization (ISO), the security of a computer system refers to the protection on its information assets (including hardware, software, network, and data) ensure confidentiality, integrity, and availability. The objectives of computer system security are to protect information systems from various threats, including unauthorized access, use, disclosure, destruction, modification, disruption, and unavailability, while ensuring that systems can continue to deliver services.

The basic elements of system security include confidentiality, integrity, availability, auditability, and non-repudiation. Confidentiality, integrity and availability are the three basic elements and are called the "CIA triad" for short.

To implement the basic elements defined for system security, the following common security design principles are extracted based on a large number of practices in the industry:

  • Zero Trust
    • Zero Trust follows the security concept of "never trust, always verify." It assumes that no one or program is trustworthy, no matter whether they are internal users, external users, or network devices. To reduce the attack risks, the components in a system must be explicitly verified before any communication. Zero Trust transforms the existing static trust model based on authentication and default authorization into a dynamic trust model based on continuous risk evaluation and adaptive authorization.
    • Zero Trust does not determine the credibility based on the network location. It focuses on protecting resources, not CIDR blocks. Compared with the traditional security concepts, Zero Trust shifts the focus of network defense from static network-based borders to users, devices, and resources. All resources (such as people, objects, devices, applications, networks, data, and supply chains) require continuous identity authentication and trust evaluation, and dynamic security policies must be applied globally. Zero Trust reduces the attack surface and ensures system security through dynamic and continuous risk evaluation.
  • Defense in depth
    • Multi-point and multi-layer security mechanisms are used to protect organization networks, assets, and resources.
    • It does not fully depend on the security capabilities of a single layer. The protection failure on a single layer will not lead to complete exposure to attacks.
    • If a system is attacked, it will still have certain resilience capabilities to ensure minimum system running and provide minimum services.
  • Principle of least privilege (PoLP)
    • Least roles: Delete unnecessary system administrators. Periodically check for and delete expired roles.
    • Least privileges: Grant users or entities the least privileges required to perform their tasks to reduce security risks.
    • Minimum exposure: Expose the least service endpoints and service application interfaces required for different access regions and objects.
    • Least credentials: Eliminate the dependency on long-term, static credentials.
  • Data security
    • Classify and grade data, and define data protection measures at different levels.
    • Ensure proper encryption, backup, and access control of data to protect data confidentiality, integrity, and availability.
    • Protect privacy. Ensure the confidentiality and integrity of private data.
  • DevSecOps
    • The core concept of DevSecOps is to incorporate security into the entire software development lifecycle. Security is considered in all the phases, including requirement analysis, design, development, test, deployment, O&M, and operation, to ensure system security and stability.
    • DevSecOps combines security with the automated process of DevOps to detect and fix security vulnerabilities more quickly, improving the efficiency and quality of software development.
Parent topic: Security Pillar