Security Basics mailing list archives
Re: Procedural Issues
From: Kenton Smith <listsks () yahoo ca>
Date: Tue, 9 Jan 2007 09:23:56 -0800 (PST)
Security is all about mitigating risk. You're right, there are certainly risks associated with someone from development accessing production servers, however that is less risk than having all developers with access to production environments. Some risks that might come up would be unauthorized changes to production, accidental deletion of files, access to confidential information. In our company, it is our QA manager along with the VP Development that have to sign off on the code before it moves from development to production. We also have an integration group who are the people that actually have acess to the production servers, so the QA manager doesn't actually deploy the changes to production. Our company obviously has a bigger infrastructure and because of business reasons we do it this way. However you may find that the risks are so small relative to the additional staff needed that it makes more sense to put the trust in the development team lead to work with the production servers. It's not a simple yes/no decision, it really comes down to what works best in your environment while incurring the least amount of risk. Kenton ----- Original Message ---- From: WALI <hkhasgiwale () gmail com> To: security-basics () securityfocus com Sent: Monday, January 8, 2007 10:50:28 AM Subject: Procedural Issues In a software development environment, what risks do we have if we allowed software development team leader, access to Live production servers? Security demands that the two environments be segregated. If I segregate the two environments, who would shift the code from development to Live? --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect --------------------------------------------------------------------------- __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Re: Procedural Issues Kenton Smith (Jan 09)