Targeted zero-day attacks are proliferating — and focusing more and more on smaller businesses because these tend to have weaker defenses. Some security experts say that if your security posture can be bypassed with custom malware, you’re probably already compromised.
Over the last few weeks, I’ve taken a look at what you can do to boost your organization’s IT security. But it occurs to me that maybe I’ve put the cart before the horse.
So I’m going to spend the next few weeks delving into the sort of threats your business’s IT infrastructure faces. And I’m going to start with data breaches and the most recent big-headline example: Zappos (parent company is Amazon.com), which last month admitted it suffered a data breach that compromised 24 million customer accounts.
When it comes to keeping your IT network performing optimally, finding and fixing network faults certainly is crucial. But it’s just as crucial to sustain network operations while the issue gets resolved.
Which means that the first order of business is to ensure that your network has entered one of the failure modes you’ve designed for it so that remaining network resources are allocated according to your organization’s business priorities.
Categories: Cloud Computing | Managed Services | Managing Risk | Monitoring | Network Performance | Networking
Cyber-attacks tend to take the path of least resistance. So what are some of those paths? What vulnerabilities do hackers look for first?
According to a survey conducted at the Def Con 18 hackers’ convention, poorly configured networks tops hackers’ lists. They like to exploit inadequate security audits and IT staffers who don’t know what to look for when they’re monitoring and testing networks.
Hackers also prefer threats that change too fast to be properly addressed. And they look for insiders who can be persuaded — or forced — to aid their attack.
Thanksgiving is a time for giving thanks, eating turkey, and enjoying the fellowship of family and friends. And no one wants the holiday ruined by a call like this...
“All our customer files have evaporated. As have everyone’s email messages, all pending customer orders, and the accounts receivables database.”
Would you be able to reconstruct that data from scratch? Or, worse, try to move on without it?
Categories: Business Resumption | CEO to CEO | Disaster Recovery | Information Security | Managing Risk
A service-level agreement works best when it’s the result of a collaborative effort between you and a service provider you can trust. This kind of trusted collaboration will uncover the most cost-effective ways your provider’s IT capabilities can be put to work for your business.
Part of that trust involves the fifth and last Essential SLA Element on my list: Procedures for the safe and prompt return of your data upon service termination.
Categories: CEO to CEO | General Business | Managed Services | Managing Risk | Technology Management
A good service-level agreement looks simple — but that’s because it’s been conscientiously negotiated to meet the buyer’s needs. Of the five essential SLA elements that every managed and cloud services customer should focus on, I’ve described two — specifying service functionality and describing the infrastructure and standards to be maintained by the provider.
Essential SLA Elements #3 concerns SLA changes. Your SLA should include a mechanism by which you can regularly tune it in response to changing business conditions or new technologies. You’ll benefit from building in a formal review of your SLA (at least annually) in order to use experience and new information to revise it.
Categories: CEO to CEO | General Business | Managed Services | Managing Risk | Technology Management
I’ve already blogged about the importance of negotiating a service-level agreement that specifies the functionality of the managed and cloud services you engage.
Now I’m going to focus on Essential SLA Element #2: Including details about the system, network, and security infrastructure and standards to be maintained for your services by the provider.
In addition to the functional description of the services you’re using, your SLA should describe the infrastructure on which they’re based in detail so you know and can rely on what supports the services you’re buying. This description should include — and commit your service provider to maintain — system, network, and security infrastructure and standards.
Categories: CEO to CEO | General Business | Managed Services | Managing Risk | Technology Management
Quest © 2012. Quest® is a registered trademark of Quest Media & Supplies, Inc.
Subscribe