Friday, February 3, 2017

Tech-Sec Guideline: Compartmentalization

Guideline: Compartmentalization

Part of: Technology Security Guidelines
OverviewBuilding a set of Guidelines for Security and Privacy

On every level of the technology stack there should be a reasonable amount of compartmentalization of components, systems and zones. Every crossover between two or more compartments are to be managed through ‘mediators’ that can manage and secure the access between them.

A striking analogy of this principle is that of a ship. Every (larger) ship is built in compartments. When a breach in the outer-wall has happened, the compartments makes sure that the flooding won't impact the entire ship. This principle can and should applied in technology also.

The principle of compartmentalization is to prevent that a breach does not impact the entire infrastructure, but only a small(er) part of it. In a, for instance, often less protected Test-environment a breach can occur more easily than a Production-environment. When these are properly compartmentalized, a crossover might be not possible and a full-scale data-leakage then can be prevented.

Compartmentalization can be applied on multiple levels within technology and you can do it as extreme as you want. Remember that there is a trade-off when it comes to compartmentalization of systems and environments. Because every transaction that needs to crossover to another compartment needs to be validated before it is allowed. It will require maintenance (which could be automated to some degree), and it will take for sure resources like processing power.

More information from Wikipedia about Compartmentalization.



Post a Comment