0
0
HLDsystem_design~7 mins

Why security must be designed in in HLD - Why This Architecture

Choose your learning style9 modes available
LearnWhyDeepArchPracticeChallengeDesignRecallScale
Problem Statement
When security is added as an afterthought, systems often have hidden vulnerabilities that attackers can exploit. This leads to data breaches, service disruptions, and loss of user trust, which can be costly and damaging to the business.
Solution
Security must be integrated into the system design from the start, ensuring that every component and data flow is protected. This approach allows for identifying risks early, applying appropriate controls, and building a strong defense that is harder to bypass.
Architecture
User Input
(Untrusted)
Validation &
Authentication
& Checks
Data Storage Layer
Data Storage Layer

This diagram shows how security is embedded at multiple stages: input validation, authentication, authorization, and secure data storage, ensuring protection throughout the system.

Trade-offs
✓ Pros
Reduces vulnerabilities by addressing security risks early in design.
Improves user trust by protecting sensitive data and operations.
Lowers long-term costs by preventing expensive security breaches.
Enables compliance with legal and regulatory requirements.
✗ Cons
Increases initial development time and complexity.
Requires specialized security knowledge during design.
May add performance overhead due to security checks.
Always use for systems handling sensitive data, financial transactions, or personal information, especially when scaling beyond 1,000 users or processing critical operations.
Not applicable to trivial or prototype systems with no real user data or security impact, where speed of development is prioritized over protection.
Real World Examples
Amazon
Designed security into their e-commerce platform from the start to protect payment data and prevent fraud during high-volume sales events.
Uber
Integrated security in ride request and payment flows to safeguard user location and financial information against attacks.
Netflix
Built security into streaming and account management systems to prevent unauthorized access and protect content licensing agreements.
Alternatives
Security as an afterthought
Adds security only after the system is built, often as patches or add-ons.
Use when: Only in very early prototypes or throwaway projects where security is not a concern.
Security through obscurity
Relies on hiding system details rather than designing robust security controls.
Use when: Never recommended; only used in legacy systems with no redesign options.
Summary
Adding security only after building a system leads to vulnerabilities and costly breaches.
Designing security into every part of the system from the start creates stronger protection and trust.
Early security design reduces risks, saves costs, and ensures compliance with regulations.