The quick answer is to have a quality assurance group that does security audits on any application or service added...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
to the infrastructure. In reality it's a matter of defining a security strategy and the appropriate testing standards that can be applied to any service being implemented. A good start is to test the application against the Open Web Application Security Project (OWASP) Top 10 application risks. This list identifies the most common deficiencies found in application deployments.
In addition, you should work with your compliance and security organizations to include other tests based on your organization's requirements: For example you might need to do a PCI self-assessment if the application in question handles credit card information, or a HIPAA review if you deal with health care info. There isn't a one-size-fits-all Windows Active Directory security configuration assessment, but between OWASP and your security team, you should have a good list to build from.
Related Q&A from Randall Gamby
Which authentication method is better for securing enterprise devices and systems: two-factor authentication or multifactor authentication?continue reading
Securing biometric information is a crucial step for enterprises to take, but what happens if the data is still compromised? Expert Randall Gamby ...continue reading
Simple photography cracking biometric systems highlights the need for two-factor authentication in enterprises according to expert Randall Gamby.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.