Follow the Data: Five Questions That Make Security Architecture Clearer
Every security architecture problem I have ever worked on, from payments to confidential computing to AI agents, has come down to the same question: Where is the data, and what happens to it? Not “what framework are we using.” Not “are we zero trust.” Not “which compliance checkbox do we need.” Those matter eventually. But they are not where you start. You start by following the data. The questions When I was at RBC working on mobile payments, I learned this the hard way. Every time I was confused about how to approach a security problem (and there were many times), the answer was always the same: stop thinking about the system. Start thinking about the data. ...