This is one of the most critical components that need to be secured. After all, you are putting layers of security at the access, web, application, and network layers to secure your data. Data can be exchanged between two systems, so it need to be secure in transit, or it may be sitting in a database or some storage where data needs to be secure at rest.

Solution design needs to plan data-in-transit security with Secure Socket Layer/Transport Layer Security (SSL/TLS) and security certification. Data at rest should be secured using various encryption mechanisms, which may be symmetric or asymmetric. The design should also plan to secure the encryption key with the right key management approach, as per application requirements. Key management can be achieved using a hardware security module or services provided by cloud vendors.

While ensuring security, it is essential to have a mechanism to identify any security breach as soon as it occurs and respond to it. Adding automation to every layer to monitor, and get an immediate alert for, any violation must be part of the solution design. DevSecOps is becoming a trend in most organizations since it applies best practices to automating security needs and security responses during the software development life cycle. You will learn more about DevSecOps in Chapter 12, DevOps and Solution Architecture Framework.

To adhere to compliance with the local legislation, solution design needs to include an audit mechanism. For finance, regulatory compliance such as Payment Card Industry Data Security Standard (PCI DSS) is strictly required to gain the log trails of every transaction in the system, which means all activity needs to be logged and sent to the auditor when required. Any Personal Identifiable Information (PII) data, such as customer email IDs, phone numbers, and credit card numbers needs to be secured by applying encryption and limited access for any application storing PII data.

In on-premise environments, it is the customer's responsibility to secure the infrastructure and application and also to get certification for compliance. However, in the public cloud, environments such as AWS ease this burden since infrastructure security and compliance are taken care by a cloud vendor. The customer shares responsibility for the security of the application and make sure it's compliant by completing the required audit.