System Architecture Guidance
Designing a Secure System Architecture for Sensitive Data
This prompt helps engineering teams create a secure system architecture for applications that handle sensitive data, such as personal information or payment details. It focuses on implementing encryption, access control, and compliance with industry standards to protect data integrity and privacy.
Responsible:
Engineering/IT
Accountable, Informed or Consulted:
Engineering
THE PREP
Creating effective prompts involves tailoring them with detailed, relevant information and uploading documents that provide the best context. Prompts act as a framework to guide the response, but specificity and customization ensure the most accurate and helpful results. Use these prep tips to get the most out of this prompt:
Define the types of sensitive data being processed and relevant compliance requirements.
Gather current security practices, including encryption and access control policies.
Review the potential attack surface and identify high-risk areas for extra protection.
THE PROMPT
Help design a secure system architecture for [specific application] to handle sensitive data, such as [e.g., personal information, financial data]. Focus on:
Data Encryption: Recommending measures, such as, ‘Implement encryption for data at rest and in transit using industry standards like AES-256 and TLS 1.3.’
Access Control: Suggesting role-based strategies, like, ‘Define strict role-based access controls (RBAC) and use multi-factor authentication (MFA) to limit access to sensitive systems.’
Data Segmentation: Proposing separation techniques, such as, ‘Segment sensitive data from general data by using isolated databases or secure data lakes.’
Audit and Monitoring: Including oversight measures, such as, ‘Integrate monitoring tools like Splunk or AWS CloudTrail to log access and detect unauthorized activity.’
Compliance Alignment: Recommending adherence to standards, such as, ‘Ensure the architecture complies with GDPR, PCI DSS, or HIPAA as applicable to the type of data being handled.’
Provide a comprehensive architecture plan that ensures data security and compliance with applicable regulations while maintaining system performance. If additional details about data sensitivity or expected traffic are needed, ask clarifying questions to refine the architecture.
Bonus Add-On Prompts
Propose strategies for securely managing encryption keys using tools like AWS KMS or HashiCorp Vault.
Suggest methods for implementing zero-trust architecture principles in the system design.
Highlight techniques for incorporating regular penetration testing into the system’s security lifecycle.
Use AI responsibly by verifying its outputs, as it may occasionally generate inaccurate or incomplete information. Treat AI as a tool to support your decision-making, ensuring human oversight and professional judgment for critical or sensitive use cases.
SUGGESTIONS TO IMPROVE
Focus on architecture for specific data types, such as healthcare records or payment processing.
Include tips for integrating secure API gateways to protect sensitive endpoints.
Propose ways to implement real-time threat detection and response mechanisms.
Highlight tools like OpenSSL for encryption and Okta for access control.
Add suggestions for conducting periodic security audits to identify vulnerabilities.
WHEN TO USE
When developing or updating applications that handle sensitive or regulated data.
To enhance security measures after a risk assessment or compliance audit.
During system design to ensure proactive protection against potential data breaches.
WHEN NOT TO USE
For systems that do not store or process sensitive information.
If compliance requirements or security objectives are unclear.