Making errors is human, so it would be wise to assume that while developing your BizTalk solution and implementing the BizTalk environment, there will be slip-ups, inconsistencies, or errors that make your solution prone to disruptions. When developing applications, it is important to put them through a rigorous functionality and user acceptance test. It is a good practice to draft thick test plans and form test teams to achieve this. However, many organizations fail to fully implement structured security testing.You might ask yourself why so few organizations perform security testing. The two main reasons:
■ It's expensive, since you need to build a test environment that is a copy of the production environment.You cannot get away with just a few servers and a switch, because security testing is not only based on the exact configuration of a server, firewall, or network switch. Most of these tests need to be performed on complete communication paths, a process known as end-to-end testing.
■ Most IT departments work in a reactive way and are organized to solve problems, not prevent problems. This means that they seldom have time to make security test plans and execute them, as there are too many problems in need of solutions.
It only makes sense to take measures to limit risks. An IT department must be proactive, using security and infrastructure test plans to solve problems before they become out of control. In fact, every change on the production IT infrastructure must be preceded with thorough testing to confirm that the change has the anticipated effect and does not disrupt other functions.
I have witnessed too many instances where changes in the infrastructure left users unable to access the applications they needed. One example was a router table that was modified incorrectly, disabling a remote location from accessing the main network. Another example was a library (DLL file) on a Windows NT server that was replaced with the newest version, instantly killing the MSMQ service. Both problems could have been avoided, or at least minimized, by proper planning and testing.
Was this article helpful?