When planning your Converged Application Server implementation, consider the following:

• Which resources need to be protected?

  • You need to protect customer data, such as credit-card numbers.

  • You need to protect internal data, such as proprietary source code.

  • You need to protect system components from being disabled by external attacks or intentional system overloads.

• Who are you protecting data from?

  For example, you need to protect your subscribers' data from other subscribers, but someone in your organization might need to access that data to manage it. You can analyze your workflows to determine who needs access to the data; for example, it is possible that a system administrator can manage your system components without needing to access the system data.

• What will happen if protections on a strategic resources fail?

  In some cases, a fault in your security scheme is nothing more than an inconvenience. In other cases, a fault might cause great damage to you or your customers. Understanding the security ramifications of each resource will help you protect it properly.