Managing Security Projects with Infrastructure Changes
February 19, 2009
The last several years have brought a deluge of new compliance requirements, mainly affecting budget-constrained IT departments. Many organizations are still struggling to comply with the new regulations and industry standards with limited resources. Infrastructure hardening has come out of hiding after years of lurking in the background behind development.
Managing these infrastructure changes is different from managing development projects, and requires some tweaking to the traditional SDLC.
The requirements and design phases are shorter for infrastructure projects, as changes involve either buying a solution or essentially “flipping a switch” on existing systems. In a traditional development project, this
phase focuses primarily on features and usability. Features are still a component of infrastructure projects, but the primary focus shifts to the architecture, and how the changes are going to impact other systems.
The development phase is the most drastically shortened phase of the SDLC, as infrastructure changes are often a matter of plugging something in or making a simple configuration change. The impact of these changes is
increased because many types of infrastructure changes, such as installing firewalls or appliances and hardening existing network or server components, have to be made directly in production.
Testing occurs immediately following the change. Since these changes are often made in production, planning and coordination efforts must begin earlier and have greater attention to detail than many development projects
that may go through many iterations of testing.
Implementation may be the same as the development phase in an infrastructure project. Post-implementation activities are the least different between development and infrastructure, as they involve monitoring, managing issues, and potentially rolling back.
Before undertaking your next infrastructure initiative, consider revisiting and revising the SDLC deliverables and scalability to determine how best to accommodate the differences between development and infrastructure projects.
Comments
Got something to say?