5.5 Summary

At the beginning of this chapter, we proclaimed boldly that the security of an application is inextricably bound to the secure configuration and operation of the environment in which the application will reside. Yet, in discussions about developing secure software, these operations factors are rarely, if ever, considered. In fact, when we started writing this book, we also considered these issues to be outside its scope. As we progressed and our collaboration efforts continued, however, we became convinced that it was essential to include them. We had simply seen too many cases of companies making major mistakes in setting up their business-critical applications and suffering the consequences!

In this chapter, we showed that properly setting up an operational environment for a typical business application requires both a good amount of planning and a solid attention to detail when executing those plans. It's likely that you undertook a similar level of effort in designing and implementing your application securely. Great! Now, don't neglect this last step in ensuring that your application as a whole can run as securely as it ought to. If your application is important enough to warrant the time and effort you've spent thus far, it ought to be important enough to ensure that it runs in an equivalently secure operational environment.

Why do so many companies make seemingly simple mistakes in deploying their applications securely? There are many factors. We don't doubt, for example, that almost all companies view application development and production data center operations as two completely separate disciplines. This makes for very difficult interdisciplinary coordination of the security attributes of an application. The solution to this situation will vary from one organization to the next, and it will seldom be easy. We recommend beginning with a strong business-focused application team that oversees all aspects of any business application. That team's focus on security issues should span the entire lifecycle and must include the kinds of operations factors we outlined in this chapter.


  • If you work in a development department that is separate from the operations department, how will you introduce the concept of improving the security of your data center operations? Will this create an unacceptable political situation in your organization? How might you avoid that?

  • Perhaps you've already approached this topic with your operations organization and your pleas have gone unanswered. How can you proceed? Is it acceptable to wash your hands of the operational security of your application, knowing that your company could be exposed to a high degree of risk?

  • If you agree with the principles outlined in this chapter but haven't implemented some of them yet, how do you justify the expense of a management network segment and a dedicated log server, for example? What kinds of ROI models and such can you draw from?

  • What if business requirements force you to deploy a third-party application that makes use of highly unsecure network protocols (against our better advice)? Is it possible to deploy this application securely, even with these shortcomings, in third-party software over which you have no control?