Enterprise systems can include mainframes and many other interconnected systems such as peripheral hardware, hundreds or thousands of virtual machines, native applications, Help Desks, BYOD users, and Cloud servers and storage. Here are some things to watch for while designing or reviewing your security system and policies.
Mainframes must be able to maintain high availability while still providing reliable security across all endpoints. Also, security failures of any one of these endpoints should not compromise the system as a whole. Inside the mainframe, the various virtual machines should be insulated from one another. Although these various interconnected systems are still able to talk to one another, even within the mainframe strong access controls must prevent data from being read by unauthorized individuals and applications. However, a failure at any one of these security endpoints can compromise portions of the system, putting private data at risk and making the overall data security of the enterprise less trustworthy. Identifying and securing the potential weak points of a security system is an ongoing process. Here are a few potential weak points to watch out for:
Device security
Every device that is able to log on to the mainframe is potentially a device a hacker could use to steal data. With BYOD policies in place at many organizations, that means every Internet-connected device on the planet could potentially be the one used to steal data from the mainframe. This means that hardware security, while still important, will take a backseat to software security. Strong authentication factors like complex password requirements, security questions, and multi-factor authentication are all important for keeping data safe regardless of the device from which it is assessed.
Cloud partners
Increasingly, data storage and computing needs are moving to off-site cloud vendors’ hardware. Essentially, this means that the hardware that is storing mission-critical business data is no longer under the direct control of the organization that owns it. This means that organizations have to go beyond the traditional security methods of locking down data centers, and ensure that sensitive data is encrypted both while it is at rest and while it is being transferred to and from the cloud providers’ data centers.
Backup backup backup
Closing data security weak points is not just about keeping unauthorized individuals from accessing data. Preventing data loss through a comprehensive backup strategy is also a critical component of data security. This section title repeats the word backup three times, which is the minimum number of concurrent copies you need for any data set your company cannot afford to lose. Sometimes files or databases become corrupted, and the wrong time to find out that your only backup is also corrupted is when you are trying to restore it. Keeping backups up-to-date, safely off-site, and regularly tested will go a long way towards reducing the risk of data loss.
Bad guys on the inside
Unfortunately, many threats to data security also come from employees within your organization. These risks can involve disgruntled employees with malicious intent as well as honest employees who make innocent or careless mistakes in the way they handle your business’s data. Both of these scenarios present immense challenges. However, it is still possible to maintain security integrity and minimize risks. The primary way to accomplish this is by assigning security profiles that are appropriate for each employees’ job, but that do not allow access to information beyond what is needed to complete their work.
The keys to the kingdom
Organizations using encryption know that the only way to access encrypted data is by using the correct encryption key. Those encryption keys prevent the data from being accessed by any unauthorized individuals. However, if those encryption keys are stolen the data can be compromised. And if those keys are lost, it is the equivalent of a hard drive failure. The encrypted data will be inaccessible.
Closing down any existing security weak points requires proactive security teams. When they spot a weak point they must act swiftly to close it before anyone has a chance to break into the system. Applying good security policies and performing self audits on the system will help your organization maintain a culture of security, and will help prevent embarrassing and costly data breaches.
