Look in any tech magazine to find an article or white paper that defines the "Well-Architected Framework", providing an explanation of cloud architectural design principals and guidance for creating a proper framework on a selected platform. Even customers are joining the march, requiring the same "Well-Architected Framework" in solutions delivered.
Microsoft Azure's version of the "Well-Architected Framework" separates their architectural best practices into five categories or pillars: cost management, operational excellence, performance efficiency, reliability, and security.
AWS has their own version of the "Well-Architected Framework", adding an additional pillar over Azure: sustainability.
Regardless of the hyper-scaler, the intent is the same.
They want to promote standardization of the architecture and workloads across the enterprise. The concepts are not new, but the approach includes more modernization with automated tooling (and buzzwords).
But, what role does security play in the "Well-Architected Framework"?
The idea of assigning security to just one "pillar" seems misplaced.
The best foundation for any workload should include a strong set of security practices. The key is ZERO TRUST. All the tools and techniques for the architecture should have a well-defined and practiced process for enabling organizations that adopt the cloud to achieve their security compliance goals. Any "Well-Architected Framework" begins with the building blocks to protect data, applications and platforms.
The starting point for all pillars in a "Well-Architected Framework" is a strong security strategy.
Comments