A summary of an enterprise SOA architecture - The Rings of the Enterprise [link]
Ring Zero: WS/RMI/.NET Remoting, Java/C#, business logic + processes, databases, no security
Ring One: Messaging middleware, business system, application security, secure sockets
Ring Two: B2B collaboration, security is a big issue, firewalls, encrypted comms
Ring Three: The world, unsafe
Since Ring Zero has no security, I would expect a business process to be implemented to ensure that staff are unable to interfere with the live system / ring zero. In the simpest of applications, this would imply that a developer doesnot imbed some sort of backdoor or "feature". The security process would be code review. In a larger enterprise system it would be complete network isolation of ring zero allowing only ring zero and ring one to communicate. A deployment process that ensures only certain individuals have access to the live system and a QA review and testing process independant of the developers.