Data threats are complicated; security doesn’t have to be.

Stephen Mulligan
By:
On: 14 Feb 2019
Share this post

security

In Terry Pratchett’s ‘Discworld’ novels, the world is presented as a flat disc balanced on the back of four elephants, which in turn stand on the back of a giant turtle. Similarly, your ICT environment has three distinct layers of control: people, processes and systems. Each layer stands and depends on the one below so, to ensure your network is fully secure, security needs to be inherent in every layer.

Some businesses fear migrating data or systems to the cloud because they fear that the cloud in and of itself presents a security risk. However, it’s actually poor security that’s the real security risk. Even new threats such as cloudjacking and cryptojacking (hijacking cloud processing and storage capabilities to mine for cryptocurrency) can be countered by many of the same security solutions that we are already familiar with.

In fact, so much is being invested by reputable cloud providers into multi-level security measures, that the cloud is almost certainly more secure than an on-premise solution. Having said that, if your business doesn’t adopt at least the most basic security measures, then your data will be equally at risk whether it’s on-premise, in the cloud, or travelling around your network.

Basic security hygiene.

Passwords

Password security is the single most effective step you can take to protect any data, anywhere. Whereas passwords need to be complex to be secure – preferably a random combination of letters, numbers and symbols – advice on passwords is disarmingly simple: change them often; never write them down; never share them with anyone else.

Updates

Maintaining your system at its most up-to-date level is also important. In the digital world as in the real world, criminals are often one step ahead and security needs to adapt accordingly. Ensuring software patches and updates are installed as soon as they are supplied is essential to protect against new and emerging threats. This is important for all network-connected devices, e.g. PCs, laptops, tablets, smartphones, printers, room booking systems, air-conditioning controllers… the list goes on. A Configuration Management Database (CMDB) can be a useful tool to keep a track of everything that connects to your network.

Maintaining effective update procedures can be a challenge if your business lacks the necessary IT resources, but a reputable cloud or managed service provider can take on much of the heavy lifting on your behalf as part of their service.

Servers

The next level of security to consider is your server infrastructure, be they physical or virtual. Servers need strong firewalls and intrusion protection measures in place to resist digital threats, and if they are “on-premise” you will also need effective physical security in place.

A cloud or managed service solution from a reputable provider will typically use a remote server in a highly-secure location, behind the strongest firewalls and most effective intrusion protection systems available. With SLAs to adhere to, a provider has to do everything in their power to optimise not only network security but also reliability and resilience.

A risky journey.

When data travels from server to device or vice versa, it’s another potential weak spot for the cybercriminal to exploit.

Whether you’re sending data via a Fixed Line (DSL/Fibre) or Wireless Connection (Wireless Leased Line/Cellular/Wi-Fi), end-to-end security is essential. A managed network provider’s own private network (using MPLS, VPN, SD-WAN or other similar technologies) will always ensure greater protection than is possible on the open internet.

Then, once the data reaches the end-user’s device, it’s exposed to a new set of threats. Not only the data but also the device itself needs to be secured. Modern Mobile Device Management (MDM) solutions can ensure the security both of business and personal data on smartphones and tablets. Even on a “personal” device, sensitive business data can still be secured. Devices lost or stolen can be selectively wiped, for example, so that only the business data is removed.

The weakest link?

The last link in the chain – and possibly the least secure of all – is the person standing on the surface of our disc, resting on both the elephants and the giant turtle, holding a laptop or mobile device. This brings the security story full circle to effective and secure practices and procedures. With a bit of thought and effort, you can create your greatest asset from your weakest link by educating your users to be security aware, by establishing processes to make it clear what steps they need to take and by putting the systems in place to make it easier to be secure than to not be.

Finally, just as a burglar will pass by the house with an alarm in favour of the one with an open window, so too will the cybercriminal look for the softest targets. Choose a managed or cloud service from a reputable provider and you are giving your data the best available protection and giving the would-be cybercriminal the hardest possible nut to crack.

For more on cybersecurity and protecting your business: