close
close

Interview with Sumit Dahiya on Secure System Design

Posted on by darion

Currently, I am a Solution Architect in a globally recognized bank (name confidential due to security policy), specializing in designing secure, enterprise-class systems that protect against constantly evolving cyber threats. My contribution to technology and cybersecurity has been widely recognized, including receiving prestigious awards Global Recognition Award (GRA) for excellence in digital transformation and security initiatives at Barclays.

Additionally, I was honored with the title Influencer of the Year by the Asian African Economic Forum for my leadership and innovative contributions to systems architecture and cybersecurity, Interview with Sumit Dahiya on Secure Systems Design.

With over 18 years of experience in systems architecture, digital transformation and cybersecurity, I am committed to pushing the boundaries of secure systems design while mentoring the next generation of technology leaders.

Designing secure enterprise systems: practical tips for today’s world

In today’s digital era, security is the foundation of every company’s operations. As cyberattacks become more sophisticated, designing a secure system is no longer a luxury – it has become a necessity. Whether you’re building a new platform or improving an existing one, here are some essential tips to ensure your enterprise system remains secure, reliable and resilient.

  1. Start with safety in mind

The biggest mistake organizations make is leaving security issues at later stages of development. Instead, safety should be part of the discussion from day one. Designing a system with security at its core ensures that vulnerabilities are not overlooked and security is built into every layer.

Tip: Involve security professionals early in the design process. Create a threat model to identify potential vulnerabilities before you start coding and develop it based on this framework.

  1. Implement a zero trust architecture

The Zero-Trust model is simple: trust nothing, verify everything. This approach assumes that threats can come from anywhere, even your own network. Each user, device and connection must be verified before access is granted.

Tip: Use multi-factor authentication (MFA) and implement strict access controls. Make sure users only have access to the data and systems they absolutely need.

  1. Encrypt everything

If your data is sensitive, one of the best ways to protect it is through encryption. Data must be encrypted when stored on disk, transmitted over a network, and required for processing (use). Advanced encryption standards prevent hackers from navigating or stealing sensitive data.

Tip: Applying end-to-end encryption (E2EE) to communications and secure data storage algorithms such as AES-256. Encrypt your backups too!

  1. Update systems

One of the most common ways for attackers to get into systems is through outdated software. By not taking care to patch and update this software on time, you are simply leaving your system open.

Tip: Set up a recurring patch management plan. For critical updates, automate as much of the process as possible. Everyone should update their tools and software, not only their own application, but also third-party tools (in this case, let’s say dependencies/submodules), applications, or anything that runs in the same window as yours.

  1. Monitor everything

To provide real-time protection, we must constantly monitor threats. Many breaches that occur over the years are never even noticed due to the lack of proper monitoring systems.

Tip: Always maintain well-documented logs of all system components and use centralized discovery, such as SIEM (Security Information and Event Management) as the central discovery mechanism. It is good to detect deviations and react to potential threats early enough

  1. Use role-based access control (RBAC)

Not everyone needs access to everything. Role-based access control ensures that users only have the permissions necessary to do their job, reducing the risk of data exposure and limiting the damage if an account is compromised.

Tip: Regularly review user roles and permissions to ensure they remain appropriate. Remove access for employees who have left the organization or changed roles.

  1. Design for failure and recovery

Systems will crash and cyber attacks will occur. The idea is not to avoid failure in all cases, but to design the system so that it can recover as quickly as possible with minimal damage. If a system is resilient, it can maintain its core functions in the face of an attack or failure long enough to recover from the event without large-scale disruption.

Tip: Implements failover elements with backup systems and disaster recovery options. Make sure your data is backed up regularly and stored in a safe place so that you can restore it when needed.

  1. Secure APIs and microservices

APIs are at the heart of all modern enterprise architectures, especially microservices-based systems. However, they are also one of the greatest assets that can be attacked. Since each API call is effectively a potential attack surface, securing these interactions becomes extremely important.

Tip: All APIs should use strong authentication, rate limiting, and input validation. Audit your APIs frequently to find unwanted, vulnerable fields and patch them

.9. Regularly test your system’s security

Untested system = insecure system. This is a simulation of a real-world attack that usually uncovers vulnerabilities you may have missed.

Tip: Perform penetration testing periodically and whenever the system has been significantly updated or changed. In this way, you use these checks to strengthen your defenses and heal any weak point.

  1. Support a safety-first culture

Even the most secure system can be destroyed by human error. Phishing scams, weak passwords, and social engineering attacks are examples of threats that bypass technical defenses and exploit human vulnerabilities.

Tip: Educate employees on security best practices and inform them about the latest threats. Promote a culture where safety is the responsibility of everyone, from top management to entry-level employees.

Final thoughts

Designing secure, enterprise-class systems is a constant challenge. The cybersecurity landscape is constantly evolving, and attackers are always finding new ways to exploit vulnerabilities. But by following these key tips—starting with a security mindset, encrypting data, securing APIs, and developing a culture of awareness—you can build a system that is not only secure, but also resilient enough to withstand the threats of tomorrow.

Remember that safety is not a one-time task, but a continuous process of improvement, vigilance and adaptation. Be proactive and your enterprise will be better prepared to defend against cyber threats