It is easy for IT professionals to become lost in their world of ones and zeroes. There are an infinite amount of technology products on the market today and the art of implementing and managing those products has taken on a life of its own. But the trillions of organized bits housed on the disks of your data center are more than just the pet projects of your IT staff. They are tangible assets that your business depends upon and they require significant protection and insurance.
With a little introspection and soul-searching, most business owners would be surprised how reliant they have become on the safety of their data. Try this small sampling of difficult but absolutely necessary questions:
- What effect would an accidental or malicious unauthorized disclosure of company data have to the health of your business? How would it affect the business legally? Would the damage done to your reputation be repairable? And most importantly, could that disclosure destroy lives?
- What would the impact be to your business if a disgruntled employee or competitor altered the state or content of your data? Think medical history or accounts payable.
- In the event of a disaster, how long could your business remain viable without access to its data? One hour? One day? One week?
- How much data can your business stand to lose? A week’s worth? A day’s worth? None?
The answers to these questions and a few others will dictate the level of effort required to secure your data. But in the world of information security, there is no silver bullet. And unless your network is isolated from the world, bad guys are attempting to gain access to your data as you read these written words. Whether you’re protecting corporate secrets or complying with governmental regulations, your IT infrastructure must implement a tactical and layered defense to have any chance of keeping a determined attacker from your data.
Information security guarantees the following:
- Confidentiality – Think James Bond. For your eyes only. Ensuring data is seen only by those who are authorized.
- Integrity – The state of data is changed only by authorized personnel at appropriate times.
- Availability – The data can be accessed when and where it is needed.
These three simple words describe the tenets of information security. The rest of this page will briefly mention several different areas and controls involved with keeping your data safe and ready. But I want to draw special attention to the most important of the security controls: the security policy.
The security policy is the quarterback, MVP, head coach, and every other corny sports related cliché that describes the leader of a team. It is the road map that details the management, operational, and technical safeguards that will be employed to watch your data when and where you cannot. Unfortunately, it is usually ignored and controls are haphazardly put in place without any forethought or expectation. HLP Networks will design, write, implement, and maintain this all encompassing piece of literature for your business, ensuring your security plan has the best chance to succeed.
The “Anti’s” of information security:
- Antivirus
- Antispyware
- Antispam
- Anti-Malicious Software
The Neo-Conservative proactive war controls:
- Security Assessments/Risk Assessments
- Vulnerability Assessments
- Penetration Testing
What happens if my city blows up controls:
- Disaster Recover/Business Resiliency
- Power Redundancy
What happens if someone convinces my employees my city has blown up to coerce secret information controls:
- User Training/User Awareness
The Berlin Wall controls:
- Secure Remote Access
- Boundary Protection
- VOIP Security/NIST 800-58
The Helen Keller controls:
- Data Encryption/Media Protection
- Cryptographic Key Management
- Transmission Confidentiality
- Wireless Security
Who are you and what do you want controls:
- Identity Management
- Principle of Least Privilege
- Desktop Security
It’s not broke so don’t fix it controls:
- Configuration Management
- Incident Response
- Systems Acquisition
- Portable/Mobile Device Security
- Logging and Auditing
The moat and alligator controls:
- Physical Security
Do all of the above or else controls:
- Regulation Compliancy and Certification
Each of these areas and sets of controls has a laundry list of specific technologies to guard your data. HLP Networks will choose and implement the appropriate number and type of these controls to protect your digital assets to the proper level.