- Security TWENTY
- Women in Security Awards
Small businesses need technical excellence, writes Klaus Gheri, vice president of product management, Europe, Barracuda Networks.
SMEs are exposed to exactly the same IT threats as large corporations; the Internet makes no distinctions. However, where international corporations employ large teams dedicated specifically to IT security, an SME must do what it can with much smaller budgets. An attack would also have much more serious consequences, as theft of intellectual property or downtime could spell the end for a smaller business.
It is important to bear in mind that technology is not the problem here. Security has become a great deal cheaper over the past few years and professional solutions have become affordable for smaller-sized businesses. The financial difficulty lies in the staff training required to effectively operate many security solutions, especially as the business would have to cope without important members of staff for several days whilst the training took place. The alternative could end up as an incorrectly configured firewall, which could cause more harm than good.
Lone IT warriors need the VW Golf of security
One potential solution to this problem lies in security products that offer comprehensive protection whilst requiring the bare minimum of configuration and is also pretty intuitive. In other words, SMEs need the VW Golf of firewalls – easy to drive, technical excellence and engineering that’s second to none. These products rely on the powerful infrastructures of security manufacturers with a global presence. They are capable of checking and verifying URLs and IP addresses much quicker than individual businesses can.
This type of security is frequently based on cloud technologies. This technology acts like a castle drawbridge, protecting a company’s network whilst preserving full bandwidth for legitimate traffic. This means that the firewall will not only offer data and network protection; it will also ensure that all applications are available and all devices on the network have access.
No two clouds are alike
Cloud security works because of its physical independence from the network. Unfortunately, this makes many people feel uneasy, as they feel that cloud-supported data could easily be tapped into and that data protection requirements will not be met.
However, this is because many people confuse the principles of the cloud with the principles of the global Internet. It is perfectly possible to design cloud solutions for very narrow boundaries. A private cloud design running via an encrypted WAN will allow an enterprise to connect its servers in different locations without losing track of a single byte of data. Alternatively, one might opt to use the cloud offerings of an IT service partner in the same country. This means that the company would adhere to all data protection and control provisions while benefitting from the advantages offered by the cloud.
Control in the Cloud
As well as protecting from external attacks, next-generation firewalls provide internal security. These firewalls can permit role-based access rights for employees, stipulating which employees or departments are authorised to access certain online content. For example, only the marketing or customer support departments may be authorised to access social networks at work. This could even be extended so that other employees can only access social networks during their lunch-breaks. These rules would have to be stored locally on company computers to ensure there are no issues with employee privacy.
Backup in the cloud
Although it is not usually thought of as an IT security concern, back-up is an important safeguard in ensuring business can be resumed quickly after an attack or IT failure. When it comes to the fail-safe storage of data copies, the physically flexible cloud is nothing short of perfect. There is not a single accident I can think of that could possibly render it inoperative, and there is no way company data could be dumped into the abyss.
The simplest backup solution is a box-to-box system consisting of two or more servers communicating with each other and providing mirror images of the latest data at any given time.
Hybrid backup solutions guarantee data security by saving a copy of the locally provided company data in the cloud. This may be either the company’s private cloud, the cloud provided by an IT service partner, or a manufacturer’s private cloud. This gives the company the benefits of cloud storage while ensuring compliance with data protection provisions. Although this does require a little extra effort.
So, to conclude…
Security is more than just IT security; it also encompasses a company’s permanent access to its data and the internet. There’s no need to despair over this challenge, as long as a business is aware of the wealth of options available to them. Pressure can be taken off of an infrastructure using cloud-based security and backup solutions. By selecting a solution that is compliant with data-protection and designed specifically for uncomplicated operation, a small business can be safely protected against any form of attack or data loss.