Other

Lean on Your Common Sense

Avoid three typical information-security mistakes.
This story appears in the March 2007 issue of BizTech Magazine.

 


Photo: Hot Shots Imaging
Jim Shanks, Executive Vice President and former CIO of CDW

Information security is complex, but it’s still a mixture of knowledge, technology and common sense — leaning heavily on the common sense part of the equation.

 

Yet somewhere between the knowledge and the common sense, and actually putting security into action, technology managers and security administrators fall prey to several of the same mistakes. Avoiding these pitfalls can make a huge difference in protecting your data or network.

Place security ahead of novelty or convenience. When a new appliance is introduced or your operating system vendor releases a new version, don’t be compelled to jump on the bandwagon. Before choosing to deploy new technology or upgrade old technology, you must determine the business benefit.

You generally have the benefit of firsthand knowledge of how your existing environment works and how to secure it; you also know and may have even fixed many of the flaws and vulnerabilities. A new product may have snazzy bells and whistles, but if it doesn’t help solve a real need, fill a gap or significantly affect the bottom line, you need to strongly consider whether your business should adopt it.

Plan ahead. Bad things will happen. Data centers will catch on fire. Hard drives will crash. A zero-day attack or wild worm will infect and compromise your network.

Trying to figure out what actions to take and who to contact as the incident is occurring just fuels the disaster and inflates the negative impact of the event. The time to figure out what you need to do is when things are running smoothly and the proverbial “stuff” is not hitting the fan. Create an asset inventory, risk assessment and incident response plan so that you can prioritize and understand how to address concerns. Identify which groups or individuals must be involved to most efficiently handle a given incident. Individuals should be designated by title or role, and not name only, so that the response plan doesn’t have to be re-created every time someone changes positions.

Don’t forget to keep your plan in a place where it can be accessed and used during an incident. Storing it as a file on a server in the data center (the one that is on fire now) would not be wise.

Security goes beyond the box. There is no silver-bullet appliance or application you can deploy that will automatically and proactively secure and protect your network. There is no tool or technology to secure your network without monitoring and maintenance. Security is neither a product that can be purchased nor a moment in time that passes. It is an ongoing process that often is as manual as it is technology-driven, and that changes and evolves as the needs of the business and the threat landscape change.

These suggestions are by no means comprehensive. There are a great many more mistakes that can affect your network security. But these three mistakes are, however, among the most common and most easy to rectify.

Still, it’s up to the information technology team to know when and how to apply knowledge and technology to understand the architecture of the environment, the threats that might affect the technologies you use and the needs of your business. IT then must execute on the common-sense part of the equation to make sure that the technologies employed and the processes followed make sense for the business and add more value than risk.

Jim Shanks is executive vice president of CDW, a $6.8 billion technology services company.
Sign up for our e-newsletter

Security

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
Tools to Maintain Mobile Sec... |
Far-flung devices pose serious challenges, but a variety of technologies can help protect...

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...
The Value of Converged Infra... |
Improvements in security, management and efficiency are just a few of the benefits CI can...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
The Tools That Power Busines... |
Ever-evolving analytic software can greatly improve financial institutions’ decision-...
XP-iration Date: Today Is th... |
It’s officially lights out for Windows XP as an operating system. Here’s how the world is...