Laws of Security

STABLE, SECURE, RESILIENT

KEEP IT SIMPLE

Simplicity, for the most part, guarantees security. The simpler a system is, the easier it is to maintain and patch. Simple designs allow for better ways to upgrade their parts and make sure that all elements are understood, known, and easier to assess if needed..

DON’T REINVENT THE WHEEL, USE KNOWN, PROVEN TECHNOLOGIES

There are proven ways of doing things, from the architecture of systems, to the technology supporting the development and deployment of them. Don’t try to create something of your own just for the sake of saying you did it, stay with the things that work. Update and enhance, but always keeping stability and security in mind.

ARCHITECT FOR SCALE AND REDUNDANCY

Guarantee resiliency. Your solution needs to work for one user or one connection and thousands of them. Factoring in earlier scalability will make sure that your solution will continue to work, regardless of how much use/growth it has. Same with redundancy, make sure you build a way to either have backup systems / elements / what-not, and the ability to switch between parts or revert to a previous working state fast, in case one part fails.

LIMIT YOUR OPTIONS

Create a restricted list of technologies and processes you can use to develop your solution. Doing this will help you keep in track with simplicity, the use of proven technology, and the ability to architect the solution better.

REDUCE THE SOURCES OF DATA

Make sure your data always comes from a trusted source. Reduce where your solution / app / system can read data from, and who can send (and how) data to it. Always verify, and assume malicious intent. Reduce the sources of that.


Original source.