Several design goal topics could be seen as contributing to the solution’s security, so in this chapter I always focus on protection against outside threats.

When security officers in larger organizations review my solution architecture documentation they tend to go directly to this chapter, followed by visits to the Authentication, Authorization and Compliance chapters.

Describe how incorporated technologies contribute to the security. For example, many companies hide their services behind API gateway servers, which both provide access control, intrusion protection, encryption and more.

Explain security mechanisms in place for each connection in and out of you solution, as well as between internal connections between subsystems.