Change Management in a High Security Environment

Change management and change control are always challenges. Whether the environment is development, testing, integration or operations and maintenance, success requires knowing what changes happened when and why. In situations where security is critical, where privacy is paramount and the risk is great, sound change management becomes crucial.

High-security environments have higher risks as a matter of course. Extra care should be taken to ensure that changes required by the discovery of one vulnerability or flaw do not introduce additional problems. Conversely, a change must happen promptly if the reason for the change is a patch for a security vulnerability and there is no other means of eliminating that vulnerability besides patching. Security constraints may be violated by changes--therefore changes in a secure system require additional auditing and validation. Ensuring new problems are not created by the change is important always, but especially so where security is high.

It is even more important that because of either secrecy or limited access, configuration changes do not bypass defined change control policies. While in any sound change management structure only the approved changes should be implemented, this is even more critical when security is high. In highly secure situations additional steps or stages for approval may be required for changes. Checking, logging, recording the changes made and reporting those changes to the appropriate parties is always important, but is extremely important in high-security situations. Incorrect information about system state, configuration or other aspects of changes can bring about even bigger problems.

When data must remain private due to regulations such as HIPAA, additional examination or audit steps should be taken during the change process. For systems that deal with financial data, we should ask: Can notification of a change or documentation of the change be a vulnerability or a risk? It may seem like an unlikely case, but consider that you wouldn't want to inform burglars when the security system is going down for maintenance. A certain level of privilege or access may be important to even see or access change management proposals, decisions and related documentation. Printed material disposal such as shredding is important for change control hard copy in a secure system or environment.

Sound Change Management plans & practices, when followed properly and consistently, work well in any security environment. Just because changes are urgent, critical, mandated, even just routine, do not ignore the proper policies, procedures, and processes specific to your high-security environment.