A successful deployment of SD Elements begins with defining key roles of ownership for different aspects of the system. These roles are global in nature, meaning they are about overall usage of SD Elements rather than within a specific project. Defining owners ensures accountability. Since usage of SD Elements affects processes, owners are critical to driving adoption, customization, and operations.
While one person may play many or all of these roles in a smaller organization, several people are usually involved in a larger organization. In all cases, somebody needs to be appointed for each role. Lacking owners will lead to underuse of SD Elements and may in fact have a substantial impact on adoption.
The champion is responsible for spearheading adoption of SD Elements, from a technical standpoint. This is the most critical role in a deployment.
Specific responsibilities include:
- Setting objectives and defining metrics
- Finding people to fill other roles, or filling in for those roles
- Helping development teams understand and use SD Elements
- Communicating about SD Elements to internal stakeholders
- Leading product deployment across the enterprise
- Customizing product features to fit internal standards, not including content customization
- Maintaining communication with Security Compass for learning about new features and providing feedback
Qualifications for a successful champion:
- Interest and experience with deploying application security initiatives in the organization
- Strong desire to implement security early in the SDLC
- Good organization-specific knowledge (e.g. personal relationships with people throughout the organization)
The content owner is responsible for customizing SD Elements content to include organization-specific policies, procedures, requirements, and language. In smaller organizations that are relatively new to application security, there may not be a need for a separate content owner.
- Amending SD Elements original content with organization-specific modifications
- Reviewing SD Elements content updates for relevance and impact to organization
- Adding new organization-specific Profiles, Tasks, Problems and How-Tos
- Domain knowledge of application security
- Technical writing/editing ability
- Familiarity with organizational policies & processes
The system administrator is responsible for the SD Elements virtual appliance. This role is only applicable to customers with an On-Site Deployment (OSD) virtual appliance.
- Installing and configuring SD Elements
- Installing SD Elements updates
- Working with SD Elements support to troubleshoot potential system-level technical issues
- Current qualifications are listed here: https://sdelements.zendesk.com/hc/en-us/articles/202758108-Suggested-OnSite-Deployment-OSD-Administrator-Qualifications
The user administrator is responsible for user management and/or Single Sign On integration.
- Adding and removing users
- Changing access for users
- Modifying roles, groups, and business units
- Configuring Single Sign On, if applicable
- Knowledge of Single Sign On mechanism, if applicable
The project manager is responsible for overseeing large deployments of SD Elements.
- Creating a project plan
- Assigning and following up on tasks to stakeholders
- Reporting status to stakeholders
- General project management skills