April 5, 2011
Recently, Processor.com spoke with Bluewolf’s brain and muscle behind security, Javier Jones, Director of Architecture. Javier had some common sense things to share about security procedures that Bluewolf employs and encourages with its clients, and that all data centers should be implementing.
Excerpt from “Employees & Security: Create A Culture Of Responsibility, Awareness & Common Sense In Your Data Center”
February 25, 2011 by Dan Heilman
“Every data center strives to be 100% secure. Unfortunately, every data center is run and staffed by human beings, which means perfection is impossible: If employees aren’t sending classified information via standard email, they might be backing up work files on vulnerable external storage devices. If they’re not doing that, they could be accessing company files and data through mobile devices and remote connections. Keeping data centers completely leakproof might be impossible, but enterprises can create a culture of responsibility and knowledge that greatly increases security.
Education Is Key. The best way to raise employee awareness, experts say, is education—and follow-up. Javier Jones: “Policies are an obvious first start, but [they] are worthless unless there is a continuous process to educate the masses. Let them know about the risks out there and create an atmosphere in which they know who to go to if they have any questions or concerns regarding security.”
The Right Tools: Tools exist that can help encourage data center employees to be more responsible with their security... Employing a third party is also a viable option. Javier: “Every quarter, Bluewolf brings in an outside security firm to do a complete audit on the company, making sure that procedures are up-to-date and being followed correctly. Security issues change daily or weekly. Without a process to continuously evaluate and educate, a breach is always imminent.” Jones also advises regular software updates, firmware updates, and strong but flexible IT security practices. “Forcing users to use very complicated passwords and security tokens will equal written down passwords on sticky notes in the top drawer,” he says. “If you make security easy to use, users will be secure by default and will want to practice security.”
Be Aware Of Threats: All enterprises are susceptible to security breaches, and even small companies should be aware of the data, resources, and systems that others are trying to access. In fact, one-person data centers might be the most susceptible to a breach.
Javier: “There is an endless stream of traffic looking to gain access to anything on the other end. Botnets don’t know who you are or what device is at a certain IP address, but they hit all IP addresses in random order and look to exploit anything you have that is exploitable, whether you are a large enterprise or a home user. Once an exploit is found, they then use that as the foot in the door to get into your enterprise.
A Culture of Responsibility: With the right tools, the right people, and the right training, the risk of a security leak can be minimized, if not eliminated. Your enterprise must create its own culture of responsibility in its own way, but establishing and maintaining it is essential. Javier: “The atmosphere should also be such that if an end-user, technician, or anyone else thinks there may have been a security breach, they should immediately turn the issue over to the right party. Security is everyone’s responsibility.”
