Behind the castle walls, people go about their daily business, but things can still go wrong; a cook could prepare bad food that leaves people unwell. Likewise, in information security, it’s important to ensure that errors or bad practices in one area are contained and do not spread to other areas of the business.
Here are some recommended practices to help ensure the overall security of your castle:
- Make sure that you have good backups. It’s an oldie but a goodie. Nowadays, with the proliferation of virtual machines, it’s really easy to take a “full image” backup of the server. That’s nice, but it’s not a complete backup solution. A complete backup solution would allow you to restore just one file from one week (or one day or one month, it depends on your retention policy) to the location of your choice, at the click of a button. If it turns out that you need to restore an entire server image to do this then your backup solution is incomplete.
- Documentation. There’s not much point in having a super secure server and website if all the secrets are inside the head of the administrator who leaves and takes those secrets with them.
- Another oldie, is the use of “role based accounts”. Most software subscriptions these days are tied back to an email account set during registration. If employees are signing up for these services with their work ID’s you can land up in a situation where an important license renewal mail is sent to an ID that no longer exists because that individual left the organisation 6 months ago. Use long-lived, role-based accounts such as “accounts” to register for products and email delegation for access to these accounts. This way, when an employee leaves you need only to disable their account.
- Use identity management. Not only is it the best way to deal with the the “disgruntled ex-employee” threat (properly implemented identity management shifts deprovisioning control directly to HR), identity management also saves money. A product that both saves money and improves security is a rare one indeed, but identity management is one such product and something I’d recommend for small fast-growing organisations and medium-sized or larger businesses.
So that’s it for this series of blogs, I hope you’ve enjoyed them. Leave your comments below or write directly to firstname.lastname@example.org if you’d like to know more.
Warren Howard is an infrastructure specialist with an interest in leveraging technology to streamline business process. He has delivered solutions for international clients such as Coca-Cola and Holeproof.