When possible, design the system to take advantage of Windows security. Windows has rich support for authentication, authorization, and encryption—which have already undergone threat modeling, security reviews, and a huge amount of testing. Where possible, try to use these built-in capabilities instead of creating your own.