“I want to build a system that is highly secure, scalable, reliable, performant, compliant, robust, resilient, and durable.” Add more adjectives to that to really dream of a quintessential solution. Is that even possible? Where do we make the two ends meet — aspirations vs reality? What is the right intersection point? To answer that, we probably need to categorize the above, and maybe a few more quality attributes, into two major cross-cutting concerns — security and performance, and see where and how to strike a balance between the two, often referred to as architectural or design trade-offs.
Security is a requirement for each and every component involved in the overall system, which may include devices, networks, data, services, applications, storage, etc. However, it is not always mutually exclusive in the sense that the security of one component can partly or fully ensure the security of other components, depending on how they are configured. For example, we often offload SSL at the gateway level as the data is expected to travel within the internal network after that, which is deemed secure to a certain extent. Likewise, the performance of the overall system depends upon how each individual component is behaving. We may have a fast rendering UI but a slow API response that really sucks, or vice versa.