Security by Design: Zero-Trust Architectures and Privacy-Preserving Computation in Finances

The security properties of a digital financial system should be designed and verified from the ground up by systematically identifying the assets and potential threats, establishing trade-and-risk metrics, analyzing the existing security controls, and examining whether these controls provide adequate protection for the underlying assets against the underlying threats. This analysis typically shows that traditional security safeguards such as role-based access control, firewalls, and perimeter defenses are necessary but not sufficient. For digital financial systems based on privacy-preserving computation, some fundamental zero-trust principles must be adopted.