About this article
Thank you for visiting this site. This article is a guide listing all 8 articles in the “Security Architecture” category of the Architecture Crash Course for the Generative-AI Era series.
Security cannot be bolted on after the fact. By embedding authentication, authorization, encryption, and network defenses into the design from the start, you achieve security that actually works. This category systematically covers design decisions about security — from perimeter defense to the zero-trust paradigm shift.
Article index
1. Overview — Defense in Depth and the Zero-Trust Big Picture
Starting from the CIA triad (Confidentiality, Integrity, Availability), maps out authentication, authorization, encryption, network, secrets management, the shift from perimeter defense to zero trust — the full map of security architecture.
2. Authentication Design — IDaaS + Passkey + Short-Lived Tokens
Covers the three factors of authentication, MFA, Passkey, SSO, social login, and IDaaS selection criteria. Learn modern authentication design that accounts for both humans and AI agents. Understand the rationale behind delegating auth to IDaaS instead of building it in-house.
3. Authorization and IAM — Practicing Least Privilege
Covers when to use RBAC, ABAC, and ReBAC; the principle of least privilege; IAM operations; and Service Account management. Understand from a practical standpoint why machine permissions must be even stricter than human ones in the AI era.
4. Encryption — Key Management Determines Cryptographic Strength
Systematically covers symmetric keys, public keys, TLS, hashing, KMS, Envelope Encryption, and TDE. Understand the practical iron rule that “the strength of encryption equals the strength of key management” and learn how to design proper key management.
5. Network Security — From Perimeter to Zero Trust
Covers the major elements of defense in depth: firewalls, VPC, WAF, DDoS mitigation, IDS/IPS, VPN/ZTNA. Also addresses egress controls (outbound traffic restrictions), whose importance is growing in the AI era.
6. Zero Trust — Trust Nothing, Verify Everything
Covers the five NIST SP 800-207 principles, ZTNA, SASE, micro-segmentation, and continuous monitoring. Provides a phased roadmap and teaches the practice of zero-trust design that treats humans and machines equally in the AI era.
7. Secrets Management — Zero Secrets Is the Best Defense
Covers Secrets Manager, secret scanning, auto-rotation, and zero-secrets via IAM Role/OIDC. Learn how to design systems that aim to hold no secrets at all to prevent leak = instant unauthorized access.
8. Vulnerability Scanning — Run Checks in CI Every Day
Covers when to use SAST, DAST, SCA, IAST, penetration testing, and SBOM. Sets Dependabot/Semgrep as the baseline and teaches how to build an operation that runs automated checks in CI every day.
Summary
This article listed all 8 articles in the Security Architecture category of the Architecture Crash Course for the Generative-AI Era series.
Security is a cross-cutting concern that spans every layer. After getting the big picture from the overview, prioritize reading the themes closest to your area of responsibility.
For the overall series structure and other categories, see the master series index.
Hope you’ll check out the next article as well.