Not a day goes by, it seems, where some large data breach, cyber-attack, or intrusion is not hitting the news. According to the US Government, Cyber-attacks have gone up over 800% in the last 8 years, with some reports showing that breached data and lost records have increased over 500%. And I can believe it.
Cloud computing has done great things to lower the cost of innovation and even in helping to start businesses. Long gone are the days where a tech startup had to pay large sums of money to HP, Sun, IBM, for its technology. Today it all starts in the cloud. That transformation has also changed not just the way we do business but how malicious users access technology and scale. We’ve all benefitted from cloud’s transformation – and so have the bad guys!
It’s now possible to marshal 10,000s of VMs and servers to employ increasingly sophisticated botnet, malware farm, and spam cannon thanks to the Cloud! It has become easy to start a multiple gigabit DOS (denial of server) attack from hundreds of locations. 96% of applications and server OS’s have security vulnerabilities – and it takes an average of seven days to detect a security breach. That’s a lot of vulnerable systems and a lot of time to do damage. The average mid-enterprise company has hundreds of applications and servers creating a lot of work maintaining and monitoring these systems.
Someone once told me that securing the important stuff (your data) is like an M&M –the candy shell is important but the data is like the chocolate center. It’s the goal for most hackers to get to it, and make it well known they have. Increasingly there is a large market for the data and it can generate real profit before anyone shuts it down!
Putting together a security game plan requires due diligence, consistent monitoring and reporting. This is on top of keeping up with new technology and compliance rules and regulations that are making their way into nearly every segment of business: education, finance, healthcare, life sciences, energy.
To protect that hard “candy shell”, areas that you want to focus on include:
- Perimeter Security and Monitoring including Secure and Compliant Colocation
- Secure facilities, with video monitoring, bio-metrics, and multiple security zones
- Firewall Services
- Log Management
- Web Application Firewalls
- Dual Factor Authentication
- Penetration Testing
- Quarterly Scanning and Security Reviews
- Daily Log Reviews and Pro-active Monitoring
Now that we’ve discussed how to secure the “shell,” I’ll focus my next blog on keeping the “chocolate center” out of the wrong hands!
- Jason
