Secure by Design as the Foundation of Modern IT

Modern IT architectures are highly networked, distributed, and dynamic. Security is not created by subsequent controls, but by conscious architectural decisions. Secure by Design anchors security as a principle in the design, across system and organizational boundaries.

Modern IT architectures are highly networked, distributed, and dynamic. Cloud platforms, APIs, SaaS services, AI models, and external providers together form digital ecosystems that support business-critical processes. In these environments, security is not built through retrospective controls, but through conscious architectural decisions.

Secure by Design anchors security as a structural principle in the design - across system, team, and organizational boundaries. Not as an add-on. Not as a tool. But as a property of the system itself.

Why classic security approaches fail

Many security measures take effect too late:

• Firewalls after go-live

• Monitoring after the incident

• Incident response, if data has already flowed out

The reality: security risks are not primarily caused by code, but by design assumptions.

In November 2025, one of the world's best-known AI systems fell victim to a serious security incident: ChatGPT, operated by OpenAI and embedded in the Microsoft ecosystem, suffered a large-scale data leak. It was not only the scope of the compromised information - including API-related user data such as names and email addresses - that was particularly explosive, but above all, the cause of the incident.

The vulnerability was not in ChatGPT's core system, but in a connected third-party analytics service (Mixpanel), whose systems were compromised, leading to the publication of corresponding data records [1].

This incident impressively illustrates how strongly modern, digital architectures are characterized by external dependencies - and how critical architectural decisions are for the overall security of a system.

The central risk here was not in a single implementation, but in the architectural integration of external services and the associated trust assumptions.

The ChatGPT case is an example of a development that affects companies across all industries: IT landscapes are becoming increasingly complex, distributed, and dynamic. Cloud services, APIs, SaaS platforms, AI models, and external service providers are deeply integrated into business-critical processes. According to recent studies, companies' average attack surface increases significantly with each additional cloud integration [2].

At the same time, time-to-market requirements and economic pressures increase the likelihood that security considerations will be put on the back burner in favor of a rapid go-live [3].

The economic impact of such incidents is considerable. According to current market analyses, the average damage of a data leak is in the millions. Costs for incident response, regulatory penalties, business interruptions, and reputational loss dominate [4]. In particular, attacks via the software supply chain or third-party providers are among the most cost-intensive scenarios [5].

In light of regulatory developments such as NIS2 or stricter compliance requirements, it is clear that cyber risks are no longer purely technical risks, but a key management and governance issue [6].

This is precisely where the Secure by Design principle comes in. Instead of adding security mechanisms retrospectively, Secure by Design calls for security to be understood as an inherent property of a system, on a par with functionality, performance, and scalability.

Secure by design is an architectural approach in which security is not implemented additively, but is embedded in the design of architecture, interfaces, dependencies, and authorization models from the outset. Threats and vulnerabilities are thus structurally limited rather than addressed reactively during operations.

Frameworks such as the OWASP Secure by Design Framework or the NIST Secure Software Development Framework (SP 800-218) demonstrate that addressing security requirements at an early stage not only reduces risks, but also lowers long-term development and operating costs in the long term [7][8].

The ChatGPT incident makes it clear that even technologically leading organizations are vulnerable if security aspects are not considered holistically from an architectural perspective. Secure by design is therefore not an optional best practice, but a fundamental requirement for resilient, trustworthy digital systems.

Secure by design does not describe a single technical mechanism, but a fundamental approach to system architecture. In essence, it is about treating security not as an afterthought, but as an inherent component of a system that shapes its structure, interfaces, and trust boundaries from the outset [2][7].

This perspective is becoming increasingly important, especially against the backdrop of modern, highly distributed IT landscapes.

Digital systems today rarely consist of clearly delineated, monolithic applications. Instead, modular architectures with microservices, APIs, cloud platforms, and external service providers dominate. In such environments, security risks do not arise in isolation but at transitions between components, responsibilities, identities, and organizations.

Secure by Design addresses precisely these structural risks by integrating security requirements into the design of data flows, authorization models, and integration patterns [8].

Prevention instead of downstream control

In contrast to traditional security approaches, which rely heavily on downstream controls - such as firewalls, monitoring, or incident response - Secure by Design takes a preventative approach. The aim is to prevent misconfigurations, excessive authorizations, or insecure default assumptions from occurring in the first place.

Studies show that a significant proportion of successful attacks are not due to sophisticated exploits, but to basic design decisions that give attackers unnecessary freedom of movement [5].

Assumptions of trust as a central design element

A central aspect of Secure by Design is the conscious design of trust assumptions.

• Which components are allowed to communicate with each other?

• Which identities get access to which resources?

• What data is leaving the system, and under what conditions?

These issues are not only technical but also have a direct impact on the scalability, maintainability, and regulatory traceability of systems. Architectures that do not explicitly consider these aspects accumulate a security and complexity debt over time that is difficult to control and makes subsequent adaptations considerably more expensive [4].

Despite increased investment in cybersecurity, many companies fail to integrate security measures into their IT landscapes sustainably and effectively. The reasons for this rarely lie in a lack of awareness of the problem, but rather in the structural and organizational framework conditions of modern IT environments.

Complexity of distributed architectures

A key challenge is the increasing complexity of digital architectures. Cloud-native approaches, microservices, hybrid operating models, and a multitude of external services mean that security boundaries are no longer clearly defined. Responsibilities are spread across multiple teams, platforms, and service providers.

In such environments, security vulnerabilities often arise not from individual wrong decisions, but from the interaction of many small assumptions that are no longer transparent in the overall system [9].

Pressure of time and innovation

In addition, there is considerable time and innovation pressure. New products andfeaturess are being developed and rolled out inever-shorterr cycles. Security requirements are often implicitly perceived as aobstacles mainly iwhenthey are only addressed lonly ate in the development process.

The result is compromises such as temporary workarounds, excessive authorizations, or inadequately secured interfaces that remain permanently in the system [3].

Dependencies on third-party providers

Another critical factor is the strong dependence on third-party providers and software supply chains. External components, APIs, and platform services are an integral part of modern systems, but are often beyond direct control.

Current analyses show that attacks via supply chains and third-party providers are among the most serious security incidents [5].

Organic silos

Not least, organizational silos make it difficult to take a holistic view of security. Architecture, development, operations, and compliance pursue different objectives, metrics, and time horizons. As a result, security is treated in a fragmented manner - as the task of individual roles or teams rather than as a common system property.

This leads to long-term security and complexity debt, making subsequent adaptations considerably more expensive [4].

These challenges make it clear that individual security measures or tools are not enough to counter the increasing risks. What is needed is a structured approach that systematically integrates security into architecture, processes, and governance.

To effectively focus on security, a clear architectural framework is required. Certain building blocks have proven indispensable not only for implementing security requirements, but also for anchoring them permanently in the system. These include basic architectural principles, continuous security analyses through reviews and threat modeling, and a close integration of technology and governance. Only the interaction of these elements makes it possible to establish security as a stable system property - and not as a reactive measure. These building blocks are examined in more detail below.

Architectural decisions play a key role in determining how resistant a system is to attacks. Secure by Design is therefore primarily defined by fundamental architectural principles that apply across technologies, platforms, and industries. These principles do not work in isolation, but develop their effect in combination - especially in complex, distributed system landscapes.

Least Privilege

Identities - whether users, services, or machines - are granted only the rights they need for their specific task. Overprivileged access is one of the most common causes of successful attacks and facilitates lateral movement within compromised systems in particular [5].

Defense in Depth

Instead of relying on individual protection mechanisms, several layers of security are combined that work independently of each other. Architecture, identity management, network segmentation, application logic, and monitoring form a layered set of protections. This approach not only increases security but also improves the overall system's fault tolerance [7].

Secure Defaults

Default settings play a central role in the security of modern systems. Restrictive, secure defaults reduce the risk of unintentional misconfiguration, especially in dynamic, automated environments. They ensure that new components are already operated securely in their initial state without requiring additional manual intervention [2].

Separation of Duties

The clear separation of roles, responsibilities, and functions reduces the potential for abuse and prevents critical operations from being entirely controlled by individual components or identities. This principle strengthens control mechanisms while also supporting auditability and regulatory traceability [9].

These architectural principles, together, create the structural basis for systems that do not have to enforce security but support it implicitly.

Even viable architectural principles are only practical if they are continuously reviewed and contextualized. Secure by Design, therefore, integrates systematic security analyses directly into the development and architecture process.

Security reviews enable regular checks of design decisions, implementations, and configurations against security assumptions. The decisive factor here is not so much the selective control as the repetition over the entire life cycle. Architecture changes, new dependencie,s or changed data flows become visible at an early stage before they become productively established [5].

Threat Modeling supplements these reviews with a structured perspective on potential attackers, attack paths, and effects. Methods such as STRIDE help to systematically derive threats from architecture models and assess security risks in the context of business processes, data values, and system dependencies [10].

Compliance and governance serve as a connecting function between architecture, operations, and corporate management in the secure-by-design approach. Standards such as ISO/IEC 27001, ISO/IEC 27034, the NIST Secure Software Development Framework, or regulatory requirements such as NIS2 do not formulate specific technical implementations, but rather requirements for processes, responsibilities, and traceability [6][7].

Source information

[1] Euronews - OpenAI confirms data leak at ChatGPT: This is what we know | Euronews | OpenAI confirms ChatGPT data breach. Here is everything we know
[2] OWASP - Secure by Design Framework, 2025
[3] Proceedings of the 55th Hawaii International Conference on System Sciences, 2022
[4] IBM Security - Cost of a Data Breach Report, 2024
[5] Verizon - Data Breach Investigations Report (DBIR), 2024
[6] European Union - NIS2 Directive, 2023
[7] NIST - SP 800-218 Secure Software Development Framework, 2022

[8] ENISA – ENISA Threat Landscape for Supply Chain Attacks
[9] ISO/IEC 27001 & 27034

[10] Microsoft - Threat Modeling Tool & STRIDE Methodology