Best Practices for Securing Web-based Solutions

Increasingly organizations are conducting more and more of their business online. In fact, I was reading some research from McKinsey today about Measuring the Net’s growth dividend where they report that in mature countries the internet is responsible for up to 20% of GDP (gross domestic product).

Intel actively reaches out to consumers, enterprise customers and business partners worldwide using web sites and external social media platforms to conduct business and drive collaborative innovation - and keeping this environment safe falls to the Intel IT organization.

Intel’s business groups use hundreds of Web sites and third-party solutions—including social media platforms—to communicate and conduct business with customers and business partners. Collectively, these externally facing Intel-branded solutions are known as Intel’s external presence.

Until 2006, these web sites proliferated rapidly in response to business needs, without centralized oversight. Given this growth, we established the Intel Secure External Presence (ISEP) program inside our IT organization to manage the risk associated with Intel’s external presence.

By January 2011, we had completed the ISEP security review process for more than 750 new projects and we conduct daily vulnerability scans on all of our externally facing web sites—more than 450 in total—to maintain a high compliance level against a vulnerability assessment standard.

Overall, ISEP has effectively helped secure Intel-branded externally facing Web sites and solutions, resulting in a significant reduction in risk for Intel’s external presence. This enterprise security whitepaper shares the history, evolution and next stage challenges of this program which ensures the Intel IT organizaiton is able to secure our web-based solutions as a means to enable our business growth.