Some of us security droids find this frightening.
My colleague Miriam Britt managed to sum up the reasons why one should have separation quite sussinctly and forcefully. With her permission I have copied her reasoning here and I hope many people will either reference this or copy it to their own blogs. This kind of straight forward statement needs a wide exposure.
Separation of test and production environments is one of those things that is such basic common sense that it wouldn’t occur to me to have to point to something that says to do it.
The first time you test something on your production network and it breaks something else which breaks something else, etc etc etc is the LAST time they will ask you why it has to be done on a separate network. Best of luck to you. I recommend polishing up the resume and shopping… but that’s just me.
Make your recommendations, discreetly make sure you have a paper trail in case you need to defend yourself when the “blamestorming” starts, and begin the frenzied “flight of the bumblebee” making sure backups are being done regularly and that restoration procedures work like they’re supposed to. Wait, am I assuming too much to think there are backup and restoration procedures?
The amount of testing required before you put something on a production network is time, effort, and money well spent. It costs less than the downtime you’re asking for if you don’t do it. If your network is so small that you can’t afford that much time and money, then I’d suggest you’re probably also less able to financially survive an outage.
Pay now and control it, or pay later in reaction pandimonium. I don’t think I’d want to work where they didn’t understand that very basic law of common sense, anyway.