volume_mute

Conflict Between Availability and Security

publish date: 2026/06/11 07:14:52.674232 UTC

volume_mute

A system has both high availability and high security as its most important non-functional requirements. Explain why these requirements create an architectural conflict.

There is no conflict - availability and security both require the same layered architecture

Security requires redundant components; Availability requires a strictly layered architecture - these are direct opposites

Availability requires the system to run on a single computer; Security requires the system to be distributed across many computers

Availability requires redundant components that can be replaced without stopping the system; Security requires a layered architecture with the most critical assets in innermost layers with strict access controls - redundant, distributed components increase the attack surface and complicate security validation

Correct Answer

Explanation

High availability demands redundant components distributed so that parts can fail or be replaced without stopping the system. High security demands a layered structure with critical assets deeply protected and high-level security validation at each layer boundary. Distributing and replicating components for availability increases the number of potential attack surfaces and makes it harder to enforce the strict access controls needed for security. A compromise architecture - perhaps using different patterns for different system parts - is necessary.

Reference

Software Engineering, Ian Sommerville, 10th edition

Quizzes you can take where this question appears

Architecture Design: Exercises