data.day
trust boundary / architecture / procurement

Draw the Trust Boundary in 15 Minutes. Then Buy Nothing by Accident.

Before you purchase software, you must map the flow of liability. A simple diagram prevents expensive data leaks and failed audits.

Lars Parse Lars Parse

Do Not Buy What You Cannot Map

We often see Operations Directors buying software the way they buy office furniture. They look for comfort, style, and price. But software is not a chair. Software is a system of pipes. If you connect a sewage pipe to a drinking water pipe, it does not matter how expensive the faucet is; the result is contamination.

Before we sign a contract, we must understand the plumbing. We must draw the Trust Boundary.

This is not an exercise for the IT department. It is an exercise for the person who signs the checks. You must define who is “inside” and who is “outside.”

The Vulnerability: The porous perimeter.

Modern software is designed to be “social.” It encourages you to invite guests, share links, and integrate with other apps. The Machine does not understand that some data is privileged. The Machine only understands that “User A clicked Share.”

If you do not define the boundary, your employees will define it for you. They will integrate a secure legal database with a public task manager. They will copy a client list into a free translation tool.

Strictly speaking, every time data crosses from a system you control to a system you do not control, you have created a vulnerability. You have punched a hole in the wall.

If you have ten SaaS tools, and they all talk to each other, you do not have a fortress. You have a sieve.

The Architecture: The Map is the Control.

We perform a simple ritual. We take a blank sheet of paper. We draw a circle.

Everything inside the circle is “The Trusted Zone.” This includes your employees and your owned devices.

Everything outside the circle is “The Wild.” This includes the internet, your vendors, and your clients.

Now, look at the tool you intend to buy. Where does it sit?

  1. Does it sit inside the circle? (e.g., A database running on a server in your physical office).
  2. Does it sit on the line? (e.g., A cloud portal where clients upload documents).
  3. Does it sit outside? (e.g., A public AI tool).

If the tool sits on the line, it is a gate. You must place a guard at the gate. This means strict permissions, audit logs, and Multi-Factor Authentication.

If the tool sits outside, you must never send it the raw truth. You send it only sanitized data.

The “No” Is Powerful

Once you visualize this boundary, decision-making becomes binary.

  • “Can we connect our billing system to this new marketing app?”
  • Look at the map.
  • The billing system is inside the circle. The marketing app is outside. The data contains credit card numbers.
  • The answer is No.

There is no nuance here. The Machine does not negotiate. If you connect those systems, the marketing app—which likely has lower security standards—becomes the master key to your billing system.

By drawing the Trust Boundary, you stop hoping for security and start engineering it. You save money because you stop buying tools that require expensive remediation later.

Do not let a vendor erase your lines. Define the boundary. Defend the boundary.

FAQs

Do I need a technical degree to draw this?

No. You need a marker and a whiteboard. If the diagram is too complex for a whiteboard, the system is too complex for your safety.

Why is the default setting usually wrong?

Vendors optimize for 'virality' and 'collaboration.' They want data to move so more people use their tool. You want data to stay still so you do not get sued.

What is the most dangerous button in software?

The 'Share via Link' button. It turns a private record into a public broadcast.