Real-World Case Studies
Learning from real-world security successes and failures provides invaluable lessons for architects. These case studies illustrate key principles in action.
Case Study 1: The Equifax Breach (2017)
What Happened
147 million records exposed due to an unpatched Apache Struts vulnerability (CVE-2017-5638). Attackers had access for 76 days before detection.
Architecture Failures
- • Unpatched internet-facing server
- • Expired SSL certificate on monitoring tool
- • Flat network allowed lateral movement
- • Sensitive data not encrypted at rest
- • Poor network segmentation
Lessons Learned
- • Automated patch management is critical
- • Network segmentation limits blast radius
- • Encrypt sensitive data at rest
- • Monitor SSL certificate expiration
- • Defense in depth matters
Case Study 2: Capital One Breach (2019)
What Happened
106 million records exposed via SSRF attack against misconfigured AWS WAF. Attacker exploited overly permissive IAM role to access S3 buckets.
Architecture Failures
- • WAF role had excessive S3 permissions
- • SSRF not blocked by WAF
- • IMDSv1 allowed credential theft
- • No detection of unusual API calls
- • Sensitive data in S3 not adequately protected
Lessons Learned
- • Apply least privilege to all IAM roles
- • Use IMDSv2 to prevent SSRF credential theft
- • Monitor CloudTrail for anomalous API activity
- • Regular IAM permission audits
- • Cloud-native security tools matter
Case Study 3: SolarWinds Supply Chain Attack (2020)
What Happened
Nation-state attackers compromised SolarWinds' build system, injecting malware into Orion software updates. 18,000+ organizations installed the backdoor.
Architecture Failures
- • Build server compromise went undetected
- • Code signing didn't prevent injection
- • Trusted software had excessive network access
- • Minimal monitoring of outbound traffic
- • Domain fronting evaded detection
Lessons Learned
- • Secure the software supply chain
- • Reproducible builds for verification
- • Monitor build system integrity
- • Zero Trust for internal software too
- • Limit network access of monitoring tools
Case Study 4: Secure Architecture Success - Google BeyondCorp
What They Did Right
After the Aurora attacks, Google rebuilt their security model. BeyondCorp eliminated the corporate network perimeter, implementing Zero Trust before it had a name.
Architecture Decisions
- • No trusted network—all access is identity-based
- • Device trust established through inventory and health
- • Access Proxy mediates all application access
- • Context-aware access policies
- • Works the same from office, home, or coffee shop
Results
- • Eliminated VPN for most use cases
- • Consistent security regardless of location
- • Reduced attack surface dramatically
- • Better user experience than VPN
- • Model widely adopted as Zero Trust
Architecture Review Template
Security Architecture Review Checklist
1. Data Security
- ☐ Data classification completed
- ☐ Encryption at rest for sensitive data
- ☐ TLS 1.2+ for all data in transit
- ☐ Key management strategy defined
2. Identity & Access
- ☐ Authentication mechanism defined
- ☐ Authorization model documented
- ☐ Service-to-service auth specified
- ☐ Least privilege applied
3. Network Security
- ☐ Trust boundaries identified
- ☐ Network segmentation designed
- ☐ Ingress/egress controls defined
- ☐ DDoS mitigation considered
4. Operations
- ☐ Logging and monitoring strategy
- ☐ Incident response plan
- ☐ Backup and recovery tested
- ☐ Patch management process
Document Your Decisions