Forum Discussion

daveu8282_20327's avatar
daveu8282_20327
Icon for Nimbostratus rankNimbostratus
Feb 15, 2011

Policy creation: who's in the driver's seat?

We have ASM 10.1.0 in-house. We've not yet gotten around to putting it into use but I've lately been asked to setting up policies for some of our applications. I've taken a look at the Getting Started...
app sec
BIG-IP Access Policy Manager (APM)
security
hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Feb 17, 2011
Your situation is pretty similar to the customers I was working with on ASM. I don't like the idea of app owners exclusively maintaining the policy. Management generally already places too much emphasis on functionality and new features over security. If there is no one outside them and the app owners to dictate security policy, you end up with very open, insecure implementations.

 

 

If you feel like publishing anonymized versions of any of your documentation or processes, I'm sure other ASM admins would appreciate it. I know a lot might be specific to your company, but I imagine a decent amount could go towards helping others establish best practices.

 

 

Aaron