[AA2.2: 12] Standardize architectural descriptions (including data flow).
Defined AA processes (see [AA2.1 Define and use AA process]) use an agreed-upon format for describing architecture, including a means for representing data flow. This format, combined with an architecture analysis process, makes architecture analysis tractable for people who are not security experts. In the case of cloud applications, data is likely to flow across the Internet. A network diagram is useful in this case, but the description should go into detail about how the software itself is structured. A standard architecture description can be enhanced to provide an explicit picture of information assets that require protection.
Standardized icons that are consistently used in UML diagrams, Visio templates, and whiteboard squiggles are especially useful.