Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Integration and the Security of New Technologies - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Integration and the Security of New Technologies

The topic of deployment of new technology in an enterprise, and how to prepare to secure that technology is one that has come up for discussion recently.  Part of the discussion was a question asked by a reader today as to the deployment of a new system, offering a number of services via the web, and the security of those systems and services.  So my question for comment is “How do we secure this?”

 

In my experience, it is a combination of the Engineering, Testing & Installation with the Site Security team(s) working together during the deployment and initial operational phases of any system.  The Security teams are often times the firsthand and best source of knowledge for the system, or systems, being deployed.  If the Security teams are contracted for the installation and testing of the new technology, then they typically have a reliable way of getting information to/from the developers.  The Site Security teams need to be involved early on in the engineering phase, to ensure the sites current Information Security Infrastructure will readily support the incoming technologies.  Most vendors today can supply deployment and integration guides that the Security teams can provide the site early on as well.

 

I welcome your comments,

 

tony d0t carothers @t isc.sans.org

Tony

150 Posts
ISC Handler
Another approach, more general maybe, it is to follow the best practices outlined by such a framework like ITIL that indicates the steps to follow for a proper change in the IT infrastruture, this is covered under the Change Management function of the framework. Of course, security is always taken into account.
Anonymous

Posts

Sign Up for Free or Log In to start participating in the conversation!