ASP/Hosting Architecture

[Don Kendrick <strider () mailworks org>]

Dear Wizards,

Need some direction/advise from anyone that has worked in the 
development of a network/firewall architecture for an ASP or hosting 
company. I'm currently working on developing a plan for an organization 
that will host multiple organization's IT infrastructures.  Some of the 
organizations have a high risk tolerance and some have (or should have) 
a very low tolerance.

When you look at developing a network/security architecture for an 
organization, you are usually looking at one organization's assets and 
can then apply the standards for tiering (presentation, application, 
and data) and segmentation based on criticality and confidentiality.

The problem is how do we do this in an environment that also has to be 
segmented based on owner.  Things start to not scale well quickly. Lots 
of firewalls,  segmented SAN/NAS devices, segmented enterprise backup 
systems.  If you don't address some of this you run the risk of the 
weakest link being exploited to escalate into other more secure 
co-located systems that might share infrastructure.

I'm sure that there are some organizations with this type of problem 
that do it the wrong way, basically going flat with the tiering and/or 
data segmentation and only segmenting (maybe even only with VLANs) on 
the data owner (hosting client).

Is anyone doing it right? How do you make it scale? Any models, ideas?

don

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards