Architecture occasionally still has an image issue. To many, architecture means solidness, rigour, slowness and conservativeness. Fortunately, this image is outdated, even though not everyone realizes it yet. Something similar is the case with security. Security is associated with prohibitions, walls and slowness as well. We accept that security is important, but that does not mean we like it.
Of course, security is becoming increasingly important. With the event of new European legislation such as GDPR, organizations cannot ignore security without risking large penalties. On the other hand, big data offers tremendous opportunities for organizations to really personalize their offerings and services to their clients. And many clients also expect such a personal approach. And they do not want to provide data that they already provided before. I still vividly remember a somewhat irritated email message from a guy who went to register for our yearly DYA seminar, but stopped the registration process because he was so annoyed. He had to enter the same credentials that he had provided the year before. After an intensive email exchange, I ended up doing the registering for him. Which took me no more than 3 minutes. But it was a matter of principle. On the other hand, I would not be surprised at all, if other attendees would have been annoyed when all their credentials had appeared automatically, thinking: who told you that you could save these data from last year?
The new GDPR law requires that organizations have solid control over the data they record and process. Enthousiastic development of new services making full use of big data, without any thought for privacy involves great financial risks.
The dilemma is clear: it is a waste not to make full use of the data that is floating around, but the risks are not to be ignored.
This dilemma is expressed in the fourth principle of the Architecture Manifesto:
We recognize that security measures are a trade-off between risk and innovation speed, and the best way to deal with this is to address security from the start.
Exactly because there is a trade-off between aspects such as innovation speed and risk we have to take a multidimensional approach in our design activities, all the way through.
The fourth principle of the manifesto relates to the following core value of the manifesto:
Innovation and ecosystems over industrialization and value chains
We value Innovation over industrialization, but, as the fourth principle states, not without taking security to heart right from the start. I covered the ecosystems and value chains part in a previous blog post, Ecosystems Over Value Chains.