Build out your system

Given a solid understanding of your system architecture and the security requirements, you should build out your systems with all the required security features enabled as early in the project as possible. For example, your operational infrastructure, which includes your operating systems, databases, network and applications servers, should be hardened to industry best practices or recommendations.

Each integration touchpoint should be secured. For example, you should ensure that systems or programs that interact with each other through various integration technologies, such as message queues or Web services, do so with all necessary security controls enabled.

Mandating the enabling of security controls into your development and testing environments means that your system will be tested. Do not conduct all your testing without security and then expect the system to work when you turn on security during your production “go live.”

Given the complexity of the systems, you may want to take an incremental approach to building out your system. One approach is to first build out your system on a flat network where every application and component is placed in a simple single network segment. The goal of this exercise is to build up your experience in installing, configuring, and running the applications as an integrated system. You should ensure that all system components and applications are installed and integrated. In the early project phases, you may have to create some test programs or stubs to fulfill the integration. Implementing the system on a flat network means you do not have to worry about network connectivity.