5.5 Summary
At the beginning of this chapter, we proclaimed boldly that the
security of an application is inextricably bound to the secure
configuration and operation of the environment in which the
application will reside. Yet, in discussions about developing secure
software, these operations factors are rarely, if ever, considered.
In fact, when we started writing this book, we also considered these
issues to be outside its scope. As we progressed and our
collaboration efforts continued, however, we became convinced that it
was essential to include them. We had simply seen too many cases of
companies making major mistakes in setting up their business-critical
applications and suffering the consequences!
In this chapter, we showed that properly setting up an operational
environment for a typical business application requires both a good
amount of planning and a solid attention to detail when executing
those plans. It's likely that you undertook a
similar level of effort in designing and implementing your
application securely. Great! Now, don't neglect this
last step in ensuring that your application as a whole can run as
securely as it ought to. If your application is important enough to
warrant the time and effort you've spent thus far,
it ought to be important enough to ensure that it runs in an
equivalently secure operational environment.
Why do so many companies make seemingly simple mistakes in deploying
their applications securely? There are many factors. We
don't doubt, for example, that almost all companies
view application development and production data center operations as
two completely separate disciplines. This makes for very difficult
interdisciplinary coordination of the security attributes of an
application. The solution to this situation will vary from one
organization to the next, and it will seldom be easy. We recommend
beginning with a strong business-focused application team that
oversees all aspects of any business application. That
team's focus on security issues should span the
entire lifecycle and must include the kinds of operations factors we
outlined in this chapter.
If you work in a development department that is separate from the
operations department, how will you introduce the concept of
improving the security of your data center operations? Will this
create an unacceptable political situation in your organization? How
might you avoid that? Perhaps you've already approached this topic with
your operations organization and your pleas have gone unanswered. How
can you proceed? Is it acceptable to wash your hands of the
operational security of your application, knowing that your company
could be exposed to a high degree of risk? If you agree with the principles outlined in this chapter but
haven't implemented some of them yet, how do you
justify the expense of a management network segment and a dedicated
log server, for example? What kinds of ROI models and such can you
draw from? What if business requirements force you to deploy a third-party
application that makes use of highly unsecure network protocols
(against our better advice)? Is it possible to deploy this
application securely, even with these shortcomings, in third-party
software over which you have no control? |
|
