14 Best Practices for a More Secure IT Infrastructure
In the good old days, computer security consisted of remembering to back up the hard drive in case of a crash. Compared to today’s boiling cauldron of a threatscape, those halcyon days look as beautiful as a Maxfield Parrish landscape.
Reading the newspaper headlines can be exasperating. If the federal government, banks and hospitals — with all of their assumed IT prowess and security expertise — can’t avoid security breaches, what’s a midmarket organization supposed to do?
Well the answer is: As much as possible.
The threatscape continues to become ever more threatening. And while there are no 100% guarantees with security, the better prepared you are the more likely you are to avoid problems. All of this makes the discovery process critically important as you seek ways to enhance the security of your infrastructure.
This involves all of us.
The best first step you can take on your security discovery path, may well be to create a cross-functional team that can come together to analyze your organization’s current security status and explore how to enhance it. Security isn’t just an IT concern. It needs to involve everyone.
The composition of a cross-functional team will vary from one organization to the next, but some classic participants include a very senior executive sponsor — preferably the CEO — to demonstrate organizational commitment to change. You’ll want to include your chief information officer, and if you have a security organization, then your chief security officer or chief information security officer. While security goes beyond IT, IT plays a foundational role, so you’ll want the chief technology officer and other representation. Legal should be represented, as should human resources — especially when dealing with creation and enforcement of security policies, including regulation of bring your own device. Your team should also include representatives from the major business units, to gain their line-of-business insights, and to help pave the way for rolling out new security initiatives.
There is help from beyond.
The brilliant personal computer pioneer Alan Kay once said, “A change in perspective is worth 80 IQ points.” Your cross-functional team is designed to gather multiple perspectives. An outside independent security advisor can bring yet another high-value perspective. So consider bringing in some independent expertise who can advise you based upon what he or she is seeing in the broader realm of security. They can bring a wealth of experience and can advise on the successful strategies — as well as the pitfalls — that others have found.
Rapid click has perils.
Don’t overlook employee education. While this might be greeted with a yawn, even employees at security firms — those who professionally know better — have been taken in, perhaps while absent mindedly plowing through their inbox. Similar attacks can happen while browsing the Web. Mobile users can open the door to attacks when using unsecured and unencrypted public Wi-Fi services, such as from a coffee shop or hotel lobby. Even plugging into an airport charging station can be risky. So security education needs to be a dedicated and continuing effort.
Secure the ship from stem to stern.
Your cross-functional team should discover if your organization has a security framework. If it does, then the existing framework should be reviewed for completeness. If it doesn’t, you should evaluate which framework will work best for your operations and adopt it. Similarly, your organization should deploy a Security Information and Event Management (SIEM) tool, to provide proactive security to identify anomalous behaviors, trends, attacks and to trigger protective measures, before your network can be breached. Along the way you can discover the best mix of firewalls, packet sniffing, and other anti-intrusion hardware and software, as well as policies and best practices to secure your infrastructure and all of the mission critical data it supports.
To learn more about midmarket security discovery — including best practices for security and pitfalls to avoid, download our Insight white paper, “14 Best Practices for Creating a More Secure IT Infrastructure.”