This describes the impact on NFRs of the information security solution pattern:
NFRs |
Description |
Availability |
Availability should not be negatively impacted, but care should be taken not to introduce single points of failure in the form of encryption key distribution and management services. |
Performance |
Performance is negatively impacted if an obscurity mechanism is introduced, because of the processing overhead associated with the mechanism. This applies in particular to complex encryption algorithms with long key lengths. |
Scalability |
There should not be a negative impact on scalability, but any mechanisms used by the security policy, such as encryption key distribution and management services, should themselves be scalable. |
Security |
Security is improved by data obscurity because, even in the event of an attack during which the attacker may gain access to the file system, system memory, and application database, any sensitive data is not usable by the attacker. Security is also improved by configuration obscurity as any attacker will find it harder to obtain the information they need to crack the system. |
Manageability |
Manageability is negatively impacted as additional resources will be needed for the encryption mechanism (such as key management). |
Maintainability |
Obfuscation techniques, in particular, can affect the maintainability of the system as the developers have to remember obscure names for the configuration files, and so on. |
Flexibility |
Flexibility may be negatively impacted as you may need to maintain back-compatibility with existing encrypted data or obscured configuration. |
Portability |
Portability is negatively impacted as you must ensure that any new platform supports the encryption mechanisms you wish to use. |
Cost |
Cost is probably increased due to the additional requirements of encryption which may require either additional capability to support software encryption or dedicated encryption hardware. One may need to buy additional encryption software depending on the capabilities of the existing platforms and tools. |