The topic of deployment of new technology in an enterprise, and how to prepare to secure that technology is one that has come up for discussion recently.  Part of the discussion was a question asked by a reader today as to the deployment of a new system, offering a number of services via the web, and the security of those systems and services.  So my question for comment is “How do we secure this?”

In my experience, it is a combination of the Engineering, Testing & Installation with the Site Security team(s) working together during the deployment and initial operational phases of any system.  The Security teams are often times the firsthand and best source of knowledge for the system, or systems, being deployed.  If the Security teams are contracted for the installation and testing of the new technology, then they typically have a reliable way of getting information to/from the developers.  The Site Security teams need to be involved early on in the engineering phase, to ensure the sites current Information Security Infrastructure will readily support the incoming technologies.  Most vendors today can supply deployment and integration guides that the Security teams can provide the site early on as well.

I welcome your comments,

tony d0t carothers @t isc.sans.org