Security
Protect identities, data, and services with enforceable controls and auditable operations.
What Security Covers
Security governs identity, access, data protection, workload isolation, incident response, and platform trust across the EO stack.
Why Security Matters
Without strong controls, sensitive collections and customer operations are exposed. Weak security blocks regulated adoption even if technical features are strong.
What Good Looks Like
Mature EO platforms enforce least privilege, tenant isolation, MFA/SSO, scoped API credentials, encryption, key rotation, continuous monitoring, and rapid incident handling.
Minimum Requirements
- Tenant isolation for storage, processing, and delivery paths.
- RBAC with scoped access tokens and service identities.
- MFA and SSO for operator and customer access.
- Encryption in transit and at rest with managed key rotation.
- Audit logs, anomaly detection, and documented incident workflows.
Identity and Access Control
Authentication
Use standards-based authentication for users and machine clients.
Authorization
Apply policy-driven authorization with least privilege defaults.
Role and Attribute-Based Access
Combine RBAC and ABAC for mission, tenant, and data sensitivity controls.
API Credentials and Token Scope
Issue short-lived credentials with narrow scopes and supplier boundaries.
MFA and SSO
Require MFA for privileged actions and integrate enterprise SSO.
Service-to-Service Identity
Use workload identities instead of static shared secrets.
Data Protection
Encryption in Transit
Enforce TLS and mutual authentication on internal APIs where needed.
Encryption at Rest
Protect object storage, indexes, queues, and backups with encryption.
Key Management
Use centrally governed KMS/HSM-backed keys with rotation and revocation processes.
Secret Management
Store secrets in vault systems with rotation and access auditing.
Sensitive Dataset Handling
Apply tagging, restricted processing pools, and controlled export workflows.
Monitoring and Incident Response
Correlate logs, metrics, and traces for anomaly detection. Include break-glass access controls, privileged access review, and customer communication playbooks for incidents.
Tenant and Workload Isolation
Define security controls for shared multi-tenant processing, including runtime isolation and resource guardrails to prevent lateral movement.
Supply Chain and Platform Trust
Verify software dependency trust, sign artifacts, and isolate supplier credentials so external integrations cannot escalate privileges.
Security Decisions
Key choices include tenant-per-account vs pooled tenancy, centralized vs delegated IAM, and managed vs customer-held keys.
Metrics and Health Signals
- Privileged access review completion rate.
- MFA coverage and policy exception count.
- Mean time to detect and contain incidents.
- Key and secret rotation compliance.
- Unauthorized access attempt trends.
Anti-Patterns
- Long-lived shared API keys.
- Security policy documented but not enforced in code.
- Flat networks with no workload boundaries.
- Missing incident drills and break-glass logging.
Implementation Checklist
- Is ownership clear?
- Are minimum controls defined?
- Are failure modes addressed?
- Are measurable health signals defined?
- Are anti-patterns named?
- Are dependencies on other domains explicit?
- Is there at least one EO-specific implementation example?
- Is there a practical implementation checklist?
Example EO Patterns
- Mission data partitioned by tenant with per-tenant keys and scoped delivery tokens.
- Supplier tasking API credentials isolated in dedicated trust boundaries.
- High-risk collection approvals requiring MFA step-up and dual authorization.
Related Domains
Governance and Compliance, Reliability and Resilience, Infrastructure