First, let me define the multitude of risks out there, because we tend to overlook so many of them.
- The biggest risk is hardware failure. If your hardware fails, you lose everything in an instant.
- The simplest risk is the accidental deletion of files and folders by your staff.
Other risks include:
- Virus corruption of files.
- Physical theft of computers (even servers get stolen).
- Web-based attack by script, or by direct attack.
- Internal staff stealing or copying intellectual property, or maliciously deleting information (it does happen).
- Corruption of files during use or transfer – even during the act of backup.
- Overwriting of previous versions of files with new unwanted versions.
Clearly, with this range of threats, there are a wide variety of very technical solutions available.
It is important to first understand the value of your data, your obligations to your clients, the cost of not having data available, and the cost of a security breach to your business and your reputation. It is not possible to ignore security and be without risk. It is possible though to spend a fortune on the wrong solutions, and fail to mitigate the key risks.
So which security solution is right for your business?
Unfortunately, security is a double-edged sword. If you have no security, your risks are high – but your costs are low. If you have high security, your risk is reduced – but the cost is high.
Keep this in mind too – security implemented badly is a disruptive technology, so there is a high potential for your new security solution to impede your ability to do business. For example, connecting across the web to an open system is quick and efficient – but full of risk. Logging in via a security gateway with an encrypted connection and a security token is a little more time consuming, but considerably safer. But, if the token system is poorly implemented and doesn't work, it will either expose you to risk or impede your access.
Good security involves ongoing management of your technology resources, monitoring, patching and upgrading to ensure you get the right balance. Your backup strategy needs to create multiple versions of your data and move it off site. The more versions and the more often it goes off-site, the less you are likely to lose. If systems are monitored carefully, failures, intrusions and corruptions can be detected early to reduce impact of critical events.
Each time you limit access to a data folder or file, you add a level of security and a level of administration to ensure you are keeping the wrong people out and letting the right people in. As your business systems grow, the administrative overhead grows with it.
As you add firewalls, secure system logon, antivirus, backup systems, updates, patch management, archival and retrieval, remote access with secure tokens and more, the costs of implementing, managing and updating all of the systems grows. People like to believe that as the business grows, the cost of IT per person plateaus – but this only really applies once you have hundreds of staff.
So, how do you access the right level of protection without spending a fortune?
First, know your risks and understand the true cost of getting it wrong. Then, clearly the answer is not to spend a lot of time trialling a variety of disruptive solutions. Get good advice from people who implement these solutions all the time. Stick to tried and tested products that will scale to accommodate your business as it grows. And lastly – ensure that each system that goes in gets the appropriate level of ongoing management to ensure it provides the function it is supposed to.
After all, the only thing worse than not being protected is thinking that you are, and then discovering – after losing all your data – that you weren't.
Click here to read more IT Systems expert advice.
No comments:
Post a Comment