Chapter 13: Ten Steps to Designing a Secure Enterprise System

Overview

The key concept in this chapter is:

• Designing security into applications

Let’s suppose you’re working for a major player in the field of miniature plastic dinosaur retailing. As part of its information systems overhaul, the company is commissioning the development of new software that will replace its aging systems. At the kick-off meeting for the new software project, the CEO herself gives you the honorable task of “making it secure.” Wow, your first real security assignment! For a moment, your chest swells up with pride, your head spins giddily with excitement, and everyone around you appears small and insignificant. Then reality comes crashing down, and you realize you don’t know what to do. Sure, you own a lot of security books you’ve never read, you can impress people with complicated strings of security jargon words, and you know enough programming techniques to loudly criticize and pick holes in other people’s work, but designing a secure system is a big challenge. Where do you start? What do you do? To make matters worse, you’re part of a bigger team that’s already starting to design the real features of the system. The bigger team is not thinking at all about security because this area is your responsibility, not theirs. Whew! This is going to be tough.

Before discussing what to do, let’s touch on what not to do—outlining a sure-fire formula for disaster. Step 1 of what not to do: Loudly proclaim yourself to be the security expert and reassure everyone, “Don’t worry; I’ll take care of it.” Step 2: Agree with the development team to “do the security stuff at the end of the project, after the features have been completed.” Step 3: Retreat to your office, lock the door, and feverishly start reading those unopened security books so that you know what to do when the time comes to “do the security stuff.” The result of following this formula is that when it comes time to “do the security stuff,” the development is already over budget and late, the development team is tired and has already made major architectural decisions that are grossly insecure, and your chances of successfully securing the system are now close to zero. How could this have gone better?

Let’s rewind and find out. Step 1: Get the entire team to agree to work together and take ownership to make the system secure. Step 2: Ensure security is designed into each feature. Step 3: Ensure security is implemented as each feature is built. Sounds simple, right? The following sections discuss the challenges in designing secure systems and provide 10 important steps you should take to make sure the new system is designed and implemented securely.