Defensible architecture tradeoffs
As we have seen, defensible architecture is a collection of workflows, practices, strategies, and elements that form a defensible architecture. In this section, we will discuss some specifics of common environments and the tradeoffs that they involve.
On-premises infrastructure
An on-premises security architecture is still often defined by the defense in depth model and characterized by firewalls and implicit trust in network segments. The on-premises infrastructure of data centers are increasingly being migrated to the cloud, and one way to describe what the consequences of that migration are is to characterize it as a migration from an architecture of fear, focused on prevention, to an architecture of trust, focused on trust engineering and visibility.
Migrating to modern architecture is likely to involve the following discussions: