In this next post on solution architecture for the Power Platform, I’d like to move away from high level platform considerations and we’ll start to move onto the topic of thinking about our security approach when making implementations on the platform. This, along with data as we previously discussed, is such a hugely important element to consider, so make sure you pay good attention to this topic friends! 🔐
What can tend to happen?
So what I normally hear happens a lot, and has happened on projects I’ve been involved in, is security can sometimes be a bit of a topic that gets left out of the initial architecture and design, or gets forgotten about until implementation or sometimes even until the part just before deployment!
What should we do?
So people, as with anything, security is something we have to implement when it comes to building and deploying a new solution. That means hey… we’re going to spend time on doing this thing! So what we need to be doing is planning the design of our security model into the architecture of our solution, and we need to be planning in work items to implement the thing during the development process too!
What should we be considering?
Okay so now we now that we need to be considering security during the architecture and design phase of a project as a solution architect, but what should we be considering when designing a security model and building out work items to have the model implemented? 🧐
To begin with the approach that should be taken is one that balances achieving must have security requirements such as organisation security needs or compliance regulation needs, with giving users access to the things they need to be able to carry out their roles. In this space, consider the type of access given to users. Its essential users should perhaps be able to edit things directly relevant to their role but it may also be beneficial to give them read access to additional data that would support them in carrying out their role more efficiently.
Solution architects should consider how to simplify the security architecture by understanding the organisations needs and structure and matching a simplified design with these requirements. Understanding the organisation is so key from the beginning here in designing a long-term successful security model / solution.
Understanding the layer at which to implement security is another huge and crucial point of understanding a solution architect should have. Ideally, the implementation of security should happen at the platform and environment layer for ease of manageability.
As with every part of solution architecture, ongoing feedback and review is essential to maintaining a compliant and successful security strategy and model. Do not forget this part friends! 🚀