Chapter 5. Compartmentation

We shape our buildings; thereafter they shape us.

Winston Churchill

The Principle: Isolate system elements and enable and control the interactions essential for their intended purpose.

Key Question: Is this made of distinct parts with limited interactions?

Related Concepts: Modularity, Forward Secrecy, Least Privilege, Air Gapping, Cryptography

Compartmentation is the Principle of breaking apart our interconnected world; it is about building systems in isolation, and defining and controlling the ways in which they interact with one another. Compartmentation is where we ensure that the architecture of systems facilitates security, both now and in the future.

Too often, security is viewed (even by security experts) as an add-on—armor that you bolt onto the outside of existing systems to manage their vulnerabilities. By accepting this role, we acquiesce to insecurity that could be prevented or fixed at the architectural level. The most robust security is built into the very architecture of systems.

Rather than allow systems to operate as tangled messes of interconnectivity, Compartmentation teaches us to build systems that are defined, discrete, and limited. We shouldn’t only view the world in terms of “we need a lock on that door;” sometimes, we need to say “we don’t even need a door here.” And if you need something, maybe all you need is a mousehole, or a paper-slot, or a peep hole. The world of information security needs fewer bouncers with ever-growing ...