Applications without security architecture are as bridges constructed without finite element analysis and wind tunnel testing. Sure, they look like bridges, but they will fall down at the first flutter of a butterfly’s wings. Although many people connect data security only with software implementation, good data protection requires well-designed security architecture i.e. well-configured network devices, scaled components and multitier architectural patterns.
From the perspective of the system architecture, the ISDS approach is based on a three-tier architecture, which the main feature is the physical isolation of the tiers. The client applications no longer connect to or communicate directly with the database server, nor do they directly access the tables or raw data defined in the database(s). All-access to data – both for reading and for manipulation – goes through the application tier (web servers), which maintains full control over the data access. The web servers are usually deployed in a secure location with exposed a very limited interface to the network (standardized internet protocols like HTTP(s) and Web Socket).