Security Architecture & Engineering — Building Trust by Design

Architecture is where strategy stops being abstract. If the diagram doesn't show where trust ends and begins, the program doesn't really have a position on the question. I spend a disproportionate amount of my consulting time on the same problem: organizations have a security strategy on paper, but their reference architectures contradict it.

What's shifting right now

• Cloud-native is the default, even where it shouldn't be. Migrating last-decade enterprise patterns into AWS/Azure/GCP without redesigning trust boundaries is the most common failure mode I see. Lift-and-shift inherits the blast radius of the old environment plus the new one.
• Confidential computing is leaving the lab. Enclaves (Nitro, AMD SEV-SNP, Intel TDX) are reaching the point where regulated workloads can move into shared infrastructure with provable isolation. The architectural implications are bigger than most teams have absorbed.
• Post-quantum cryptography is a transition, not a flag day. Migration plans matter now — NIST has standardized the first set; the harder problem is identifying every place keys and certificates live and how they rotate.

What keeps proving true

• Reference architecture without an exception process is theater. Every architecture decision has edge cases; design for the exception, not against it.
• The cheapest place to enforce a security property is the platform. If every team has to remember to do something, eventually somebody won't.
• Cryptographic agility costs money up front and saves catastrophes later. Make algorithms swappable before you have to swap them.

Below: the architecture-blog stream — cloud-provider security publications, NIST, and the research that shapes the next generation of secure design patterns.