Staff Writer

Code to Cloud: How Architects Secure the Stack

In a landscape punctuated by increasingly frequent data breaches, the role of software architects in the world of cybersecurity is gaining newfound respect and urgency. Kaviraj K C, Principal Enterprise Architect at OpenText, didn't just scratch the surface; he went all-in during his talk at Great International Developer Summit. His message? Security is everyone's job, especially when it comes to software development.

Kaviraj kicked off by dropping some hard truths about data breaches, tracing their alarming rise since 2004 with data updated until September 2022. Old-school security measures like perimeter and network protections are so last decade. The industry has been somewhat slow to react to the glaring need for application security, a glaring blind spot considering we're all interlinked in this digital world.

Here's a stat to chew on: according to a report by Cybersecurity Ventures, the global damage costs due to cybercrime are expected to reach $6 trillion annually by 2021. These numbers give Kaviraj's arguments an added layer of urgency.

But all's not lost. Kaviraj illuminated how each stage of the Software Development Life Cycle (SDLC) is fraught with security considerations. Originated by Microsoft around 2005-2006, this holistic approach has been adopted by innovative companies that understand the stakes. Everyone from product managers to the deployment team has a part to play in ratcheting up security protocols.

So, what can software architects specifically do to make our digital lives safer? According to Kaviraj, they've got three main arenas of influence:

  • Masters of Secure Design: They must understand principles like "Defense in Depth," "Fail Secure," and "Least Privilege" like the back of their hand. These aren't buzzwords; they're tactical rules for making systems inherently resilient.
  • The Art of Threat Modeling: Architects should be sketching out the blueprint of the software, identifying the weak links and potential attack vectors. Think of it as cybersecurity feng shui.
  • Crafting the Game Plan: With the lay of the land clear, architects need to strategize on the best countermeasures to deploy.

Kaviraj wasn't content with dropping just those knowledge bombs. He gave us an exhaustive list of design principles that should be part of any architect's security manifesto:

  • Layer Up: A Gartner report emphasized that a multi-layered security approach is less prone to single points of failure.
  • Don't Let Failures Become Fiascos: System failures shouldn't be a gateway to security disasters.
  • The Less Access, The Better: A Verizon Data Breach Investigations Report once noted that insider threats are often facilitated by excessive access permissions.
  • Two Heads Are Better Than One: Multiple authorizations can act as an effective check and balance system in sensitive operations.
  • Keep It Simple, Smarty: Complexity is the enemy of security. A straightforward design is not just easier to manage but also easier to secure.
  • Transparency for the Win: Transparent design practices can attract collective scrutiny, which is beneficial for identifying security blind spots.
  • Always Play It Safe: Default settings should always lean towards the most secure options.

As for threat modeling, Kaviraj gave it the importance it deserves. Whether it's Microsoft's STRIDE model or open-source alternatives like OWASP, architects have a range of tools to work with. Document those threats and equip your development team to act fast and smart.

Let's also talk tech. Kaviraj was clear that architects have a utility belt full of tactical countermeasures, like Multi-Factor Authentication (MFA) and intrusion detection systems. For instance, Statista reports that the MFA market is expected to grow exponentially, highlighting its increasing adoption.

But hold on, what if the unthinkable happens? Kaviraj reminded us that crisis management is part of the architect's job description. A PwC survey revealed that 39% of companies lack an incident-response plan. Therefore, architects must lead the charge in crafting effective, comprehensive response plans.

In the end, Kaviraj's talk wasn't just insightful; it was a call to action. And in an era where cyber threats aren't slowing down—on the contrary, they're accelerating—his guide to building a secure software ecosystem is a playbook we all need. Adopting these strategies isn't a luxury or an option; it's a must-do in our intertwined, digital society. Because as Kaviraj elegantly put it, our collective digital well-being depends on it.

Watch the full video of the talk, here.

Have questions or comments about this article? Reach out to us here.

Banner Image Credits: Kaviraj K C at Great International Developer Summit

See Highlights

Hear What Attendees Say


“Once again Saltmarch has knocked it out of the park with interesting speakers, engaging content and challenging ideas. No jetlag fog at all, which counts for how interesting the whole thing was."

Cybersecurity Lead, PwC


“Very much looking forward to next year. I will be keeping my eye out for the date so I can make sure I lock it in my calendar."

Software Engineering Specialist, Intuit


“Best conference I have ever been to with lots of insights and information on next generation technologies and those that are the need of the hour."

Software Architect, GroupOn

Hear What Speakers & Sponsors Say

Scott Davis

“Happy to meet everyone who came from near and far. Glad to know you've discovered some great lessons here, and glad you joined us for all the discoveries great and small."

Web Architect & Principal Engineer, Scott Davis

Dr. Venkat Subramaniam

“Wonderful set of conferences, well organized, fantastic speakers, and an amazingly interactive set of audience. Thanks for having me at the events!"

Founder of Agile Developer Inc., Dr. Venkat Subramaniam

Oracle Corp.

“What a buzz! The events have been instrumental in bringing the whole software community together. There has been something for everyone from developers to architects to business to vendors. Thanks everyone!"

Voltaire Yap, Global Events Manager, Oracle Corp.