The elements of cybersecurity hygiene and secure networks -- Part 1
The two fundamental building blocks in ensuring that your data is secure are physical infrastructure and network security. Understanding and protecting your information from threats and human error requires meticulously layered security protocols.
Last year, British Airways canceled over 400 flights and stranded 75,000 passengers because of an IT outage caused by an engineer who disconnected a power supply at a data center near London’s Heathrow airport. When it comes to data centers and networks, even minor human errors can have a major impact on businesses and their customers. With the exorbitant costs and human resources required to maintain an on-premise system, organizations should look to public cloud companies. These companies bring capital and expertise to the table to properly manage their data centers, which are better protected than those that most companies could put in place themselves.
Google’s focus on security and data protection remains the primary design criteria when constructing their data centers. It uses a layered security model that includes safeguards like custom-designed electronic access cards, vehicle access barriers, and laser beam intrusion detection on the data center floor. The data centers are monitored 24/7 by high-resolution cameras that can detect and track intruders. Access logs, activity records, and camera footage are available if an incident occurs. Furthermore, only approved employees are provided the credentials necessary to enter the data floor, which is only accessed through a security corridor with multi-factor access control that requires a security badge and biometric confirmation.
If you think your firewalls are secure, think again. Protecting your cyber network is just as vital as physical security. Almost half (48 percent) of organizations who suffered a cyber attack identified the root cause of their data breach as a malicious or criminal attack. Not only are internally-built firewalls often poorly managed and more vulnerable to being hacked, but they are also unable to provide organizations with the necessary risk alerts. The only companies that truly have enough properly trained staff and dedicated resources to stay on top of network security are public cloud companies.
Vulnerabilities like the notorious USB Conficker worm and the backdoors that Cisco discovered confirm that companies need strong protection. Without regular maintenance, hackers can and will break through firewalls and off-the-shelf security software. Having a firewall is not enough to ensure that the data in your company’s network is secure. However, the regular testing, maintenance, and upgrades are too rigorous for many businesses trying to go it alone.
Some top cloud companies employ hundreds of security and privacy professionals in their software engineering and operations divisions. Employees of public cloud companies include some of the world’s foremost experts in data, application, and network security. Their highly specialized teams are broken down into agile and specific departments, ensuring that customers’ security needs receive more detailed attention.
Many network vulnerabilities can be fixed, but a company must regularly update its operating systems, databases, and web servers for patches to be applied. Companies frequently neglect this responsibility, putting the entire organization at risk for cyber threats. Keeping a company’s software stack updated includes more than just upgrade and installation costs. It also requires cooperation from the corporate IT team and individual employees who use company-issued or personal devices for work.
Many IT departments delay the deployment of critical updates to minimize the impact of service interruptions. This is a common pitfall of organizations who use traditional legacy systems, where regular updates require coordinating with multiple departments. This also concerns organizations who don’t replace systems before they become outdated -- even if they have a warning from the software companies themselves.
As illustrated with the WannaCry attack, patches for old software may not even be available. "Many of the computers affected by WannaCry were running the Windows XP operating system, which couldn’t initially be patched because Microsoft stopped supporting the program in 2014 except for a high fee," explained USA Today. The implications of a software vulnerability can be as severe as any other IT security breach. IHG released data shows that cash registers at more than 1,000 of its properties were compromised by malicious software designed to siphon customer debit and credit card data.
Document permissions and user authentication go a long way in ensuring proper organizational security. To guarantee the correct people access your data, your organization should use strong passwords, multi-factor authentication, and physical security keys; all things in which public cloud companies are investing heavily. For example, Google’s Titan Security Key uses multi-factor authentication to protect users from attacks. Hackers have a much harder time stealing a physical security key. With multi-layered authentication practices, organizations reduce the risk of unauthorized persons posing as approved users.
Case in point, Deloitte, once named "the best cybersecurity consultant in the world" by Gartner, suffered a cyber attack in 2017. Hackers accessed Deloitte’s network after cracking the password of an administrator account that didn’t require multi-factor authentication. This gave the cybercriminals unrestricted access to the company’s emails and email attachments. Had Deloitte used multi-factor authentication, the hackers wouldn’t have had the secondary identifier needed to log in and the account owner would’ve been alerted about the unauthorized use of their account. These factors likely could have prevented the breach.
Still, it’s not just about passwords. It’s also about having the right policies and procedures in place. A public cloud solution provides customizable permissions and integrated workflows that help improve security and increase productivity. Organizations can monitor who is trying to access their network and proactively block unknown devices from connecting.
Stéphane Donzé is the founder and CEO of AODocs, a software company he created from the idea that the enterprise's need for compliance and efficient processes is not contradictory with a good user experience. Prior to founding AODocs, he was VP of Engineering at Exalead, a leading enterprise search company. After Exalead was acquired by Dassault Systèmes in 2010, he relocated to California from Paris as VP of Product Strategy. Stéphane has a master's degree in software engineering from Ecole Polytechnique in France (X96). With 18 years of experience in enterprise software, he is passionate about user experience across an organization.