Like any large and important task, creating and implementing IT infrastructure can be daunting. Not only does it have to work, but everything also needs to be safe and secure.
There’s a lot to consider when you are talking about safety and security: Failures, heat, human error, power, etc., but what are some things that are commonly overlooked?
As Mary Shacklett writes for TechRepublic, it’s not just the data breaches that companies need to look out for, but it’s also those small risks that most people don’t think of.
She outlined 10 risks from storage media to vendor support to no one knowing the black box code.
To sum up her thoughts, Shacklett advises that companies need to make sure that those who hold important information have back-ups, don’t underestimate security breaches coming from inside the organization and make sure vendor hardware and software is compatible.
Earlier this year, the Ponemon Institute identified five digital devices often overlooked that could lead to a security breach.
One of those is the fax machine — if you even still have one in your office — because it has a hard drive that stores information. Plus, we all know those co-workers who always tend to leave their fax materials behind.
Much of the others involved hard drives as well, with the lesson that those should be destroyed when you no longer use the device.
Chris Preimesberger’s article in eWeek brought forward a few more areas including the unlocked server rack and the third-party vendor.
Ian Barker, a writer for BetaNews Inc. reported earlier this year about a survey Dell Inc. did that showed IT leaders didn’t consider new technologies like bring-your-own-device and the cloud threats, or even if they did, they aren’t taking them seriously.
“Almost three-quarters of those surveyed admitted to having a security breach in the last year but only 18 percent thought predicting and detecting unknown threats was a major security concern,” the report said. “More worrying is that 83 percent said their current procedures allowed IT staff to identify a breach immediately, when actual detection took an average of seven hours.”
Barker interviewed Matt Medeiros, vice president and general manager of Dell Security Products, Dell Software Group who said traditional security solutions often aren’t going to defend against the new threats that are out there. In addition, companies don’t fully understand what these threats can do, or that they can come from both outside and inside the organization.
Many of the things overlooked are actually not new. Three years ago in a similar TechRepublic article, Bill Detwiler went over some of the same kinds of security threats you’ve just seen: Your own employees (stealing data, human error, bringing in a virus); coding mistakes (evaluate for potential holes); ancient servers (running applications that no longer have patches); legacy applications (find a migration path or another application); hidden servers within applications (make sure they are secured before you implement).
As you can see, there are so many little things that can get by even the most diligent of IT departments. The more organizations identify these risks and come up with solutions, the safer and more secure their IT infrastructure will be.
Photo credit: A Syn via Flickr