In our opinion, the most challenging aspect of security not only rests in its requirement for a multi-layered technical approach, but the awareness and involvement needed from everyone in the organization. To get the obvious out the way, we highly recommend every organization has endpoint security, anti-spam, message archiving, and firewall and perimeter defense (such as intrusion detection and prevention, single sign-on, and mobile device management) implemented into their security strategy. Also, with the cloud IaaS model, scaling and managing resources can be as simple as a few clicks. Make sure you are properly organizing your user and group accounts so access and control rights are only granted to specific people. Otherwise, you might wake up one day and realize someone accidentally deleted your environment, or added a plethora of resources – mishaps that happen regularly, but can be easily avoided.
One could also make the argument how imperative a sound backup and business continuity strategy can play into your security posture as well. Consider the Cryptolocker virus, for example. If by chance it made it by your traditional layers of security listed above, there is nothing from a security solution standpoint that could be done. The best defense was having reliable and recent backups. While some found this out the hard way, others were relatively unaffected by Cryptolocker – even if it did hit their systems – due to the sound backup strategy they had in place.
Prevent Security Breaches
Regarding our point about awareness and having everyone involved… what do many high-profile Fortune 500 companies have in common? Users frequently fall victim to social engineering traps, inadvertently disclosing confidential information and credentials. If this is the case, all of your firewalls and other layers of perimeter defense are essentially useless. It’s for this reason that MSPs are starting to incorporate Security Awareness training into their offerings for their customers, focusing on education and prevention of common security ploys, such as phishing emails to help limit risk.
One final point to note is the amount of small business owners who see the headlines for major security attacks and say to themselves, “Those are Fortune 500 companies, I don’t need to be worried about my business.” Unfortunately, SMBs are just as susceptible. What’s worse is they may not even know if their vulnerabilities have been exposed because they lack the multi-million dollar budgets of Fortune 500s that have been invested in security strategies and solutions to detect these threats.
Ensure Backup and BC/DR
Regardless of your company’s size, security measures should be implemented across your organization to protect your most valuable data assets. To ensure these measures are effective, keep well-informed on the latest strategies available, especially in the realms of backup and business continuity and disaster recovery (BC/DR).
Jason Bystrak, Executive Director the Americas, Ingram Micro Cloud
Erik Walczak, Field Technical Consultant, Management and Security Solutions at Ingram Micro