Modern software architectures show a significantly higher distribution compared to traditional monolithic on-premise applications. The ingredients are Clouds, CDNs, SaaS, Libs and a high number of microservices. If you want to play it safe, you use Threat Modelling for orientation. On behalf of our clients, we evaluate the architectures towards application, file and communication security and derive the resulting recommendations.
A modern software architect faces seemingly endless choice of tools and options for his project. Aside from functional requirements and usability, security aspects also play an important role in the success of the project. But what do platforms, that host part of the services of the application, mean for the security of the entire system? What changes if a CRM doesn’t run in my own datacenter anymore, but instead as service in the web? Should I outsource my frontend assets for better performance onto CDNs or am I making myself or my clients vulnerable by doing so? The fine granularity of microservices might be tempting, but how do I combine all of the services so no one can intercept or even manipulate the communication?
The practice of Threat Modelling is the anwer to all those questions. It was specifically developed to keep an overview even when working with complex or confusing architectures.