Chapter 8. Security Design for Organizational Complexity
Until now, the focus of this book has been on the architecture of the organization without regard for how teams are structured. This chapter talks about how security architects can construct security measures that are compatible with the organizational structure of a microservice-based organization and how they can focus on the human aspect of security design.
It’s our job as security professionals to make sure that every employee within our organization has a smooth experience with the security mechanisms in place. A company’s security team should empower employees by equipping them with the right protection that keeps them safe from threats both external and internal, while ensuring that individuals don’t need to deal with systems in which they are not trained. At the same time, employees should be able to carry on with their work without the fear of running into a state where employees experience friction while performing their day-to-day job, also known as “security hell.”
It is often said that the road to “security hell” is paved with good intentions. Many individuals with good intentions believe their actions are beneficial for the organization at large. As a result, a blunt increase in security practices may negatively impact developers and result in less efficiency. Many organizations go overboard with security measures that make it harder for legitimate employees to do their work. Often, there is a trade-off between ...