Data Safety and Security In the Broadband Age

It's Your Responsibility

Introduction

Here’s a basic truth: these days, you can’t just slap an anti-virus package on your workstation and call it good - or call it secure for that matter. That's simply not good enough - not if you want to protect your business information assets from theft and misuse. Let's take a look at some common business data security goals and objectives.

Prevention

Prevention is part of the picture. Generally speaking, you want to:

  • pPrevent destructive attacks on your business network.
  • Prevent unauthorized access to sensitive information – Items such as credit card numbers, SSNs, passwords, etc.
  • Prevent malicious use of your system. Examples: file relay, spam engine, secret email server, worm/virus propagation, participation in denial of service attacks, etc.

Business Continuity - the Real Goal

But prevention is only part of a larger context and goal – and that is business continuity – the survival of your business operation. So – how do we define business continuity?

 

Here’s a pretty good working definition of business continuity:

 

“The uninterrupted delivery of your products and services to your customers.”

Nowadays, the uninterrupted delivery of your products and services depends entirely upon the uninterrupted flow of information through your organization. The confidentiality, availability and integrity of your business information assets is paramount.

 

C3 - Commerce, Compliance, Credibility

Business continuity also depends upon your ability to engage in commerce, to comply with regulatory issues and to acquire and keep your customers’ confidence in the integrity of your operation.

 

  • Commerce: If you’re making effective use of your business information systems, you’re reducing your costs and finding new opportunities. Cash flow, vendor negotiations, customer outreach, etc.

  • Compliance: Not everyone has to address complex regulatory issues such as HIPAA (Health Insurance Portability and Accountability Act of 1996) Sarbanes-Oxley, but even a sole proprietorship has to answer to state and federal tax agencies.

  • Credibility: Delivering prompt and accurate information to your customers (billing, new products, etc) is critical to any business. Your customers’ confidence and credibility in your business operation has taken time to develop, but it can vanish overnight if your business information systems are compromised.

     

Four Fundamental Questions

A competent, well-informed approach to a business data security plan begins with four fundamental questions:  

  1. What needs to be protected?

  2. What are the threats?

  3. What are the business requirements?

  4. What do I need to do to make it happen?

The Answer: Total System Management

You can ensure the continuity of your business through an approach we'll call Total System Management, of which security is but a part. Total System Management consists of five principal and strongly interdependent elements.

  1. Layered Defenses – A layered defense begins at the edge of your network - in most cases that's your broadband connection - and ends at the workstation level. Each distinct layer of your business network - and you have at least two layers - must be protected from hackers, worms, viruses and inappropriate use if you expect your business information assets to remain intact.

  2. Configuration Management – You can’t protect or control assets you don’t know you have. From workstations, network appliances and servers to the software running on them to the very architecture of your network - all of these things are assets. Do you know what you have?

  3. Patch Management – Your systems’ security depends upon proactive application of the latest security updates and patches and the ability to roll back ‘bad’ patches. Automated patch management systems are the key to making this happen

  4. Disaster / Recovery Planning  – When’s the last time you backed up everything? When’s the last time you backed up anything? When’s the last time you tested and verified your backups? How quickly could you get your hands on a file you erased three days ago? How would you respond to a data security breach?

  5. Enforceable Policies and Procedures – Do your employees know what constitutes acceptable use of your systems? Are there written procedures for handling things like backups and so forth? And if you have these policies, are they enforceable? Would you even know if those policies and procedures had been violated and to what extent? Faced with a clear violation of a security policy, what are you prepared to do about it? Faced with disaster – what’s your plan?

Primary Issues and Concerns

Cost Cheap - dirt cheap compared to the cost of losing your business systems and the information residing on them. Trust me on this one. And it’s less than you might think.

Complexity – Many aspects of Total System Management can be automated and run in a hands-off, lights-out environment.

Deployment – Who’s going to make it happen? StarLAN Consulting Services has the necessary experience to design and implement your Total System Management program.

Resources – Who’s going to keep it all going? Who will remediate  – put things back to rights, that is – when things go wrong? StarLAN Consulting Services has the talent, experience and expertise to make it happen.

 

Back to Top
| Solutions | Wireless Internet | Product Guide | Data Security |                                 | Educate Me | Contact Us | About Us |
Copyright 2003 - 2008   StarLAN Consulting Services