Fighting Cybercrime has Other Benefits

Peak10.com

If Ben Franklin were alive today, he would add cybercrime to death and taxes as the only things certain in life. This is the age we live in.

Cybercrime and other forms of malfeasance are responsible for a slew of industry and government rules and regulations that law-abiding citizens must endure… and pay for.

Acronyms abound: PCI-DSS, HIPAA/HITECH, GLBA and ISO 27001 are but a few. Not to be mistaken as offspring triplets of SOX are SOC 1, SOC 2 and SOC 3 reports defined under SSAE-16 and AT-101.

The intention behind these requirements is for the greater good, not the least of which are protecting people from exploitation and stopping crime. Besides, resistance is futile. So, you might as well look on the bright side. Here are some ways that compliance is actually good for business operations and management, whether your IT operations are on premise or cloud hosted.

IT operations are like houses with attics. Stuff collects up there over time. For the most part, it’s out of the mainstream and sometimes forgotten. You’ve had no reason to get rid of it, but you don’t really need it either. It’s time to clean house.

1. Know what you have

Not only do these assets take up space and consume resources, they also pose a threat. They’re still part of the infrastructure but probably not maintained with current upgrades and patches. Vendors may not support them anymore. The employees who used them are long gone. They may have hooks into valuable production applications that have grown over time in response to changing business requirements. They are weak links in your security.

It’s trite but true. Not all data or applications are created equal. Your business simply cannot live without some of them. Others are important but not business killers if they’re not available. None should be unimportant, but you could get by without them for a while.

2. Know what’s important

Many businesses have no idea what’s what. Compliance forces the issue by requiring you to prioritize the importance of data and applications so that adequate safeguards can be put in place. Having the correct access controls and policies, data encryption, back-up, storage and disaster recovery plans will make the business operate more efficiently, cost effectively and securely over the long run.

3. Compliance AuditsThink of audits like dental check-ups and cleanings. They’re rarely convenient or enjoyable, but they can prevent a great deal of discomfort and cost down the road.

Knowing that your IT infrastructure and procedures are under scrutiny helps you maintain focus on critical systems. Too many wait until an audit is eminent, leaving them to scramble at the last minute to put their house in order. That can be disruptive and is prone to mistakes. Instead of checking the box once a year, it’s better to be “audit ready” and maintain ongoing compliance. Make this standard operating procedure and train staff to have that mindset.

4. Need to Know

Data handling requirements and knowing what’s important (Tip #2) help to identify who within your company should have access to high-value corporate assets and business data. The “one big happy family” approach doesn’t work. A very limited few should hold keys to the kingdom, with access to your most critical and valuable data assets such as databases, financial information or intellectual property.

Keep their skills and your policies for handling data securely up to par. Implement stronger access control procedures, ensuring strong passwords that change frequently (good practice throughout the company).

With the speed of technology development and destructive creativity of cybercriminals, speed of obsolescence is increasing, too. Traditional three-to-five year technology refresh cycles no longer make sense for many aspects of IT operations.

5. Staying Technologically Current

It’s to your advantage – security-wise and competitively – to follow product and technology advancements more closely and to keep your infrastructure current with best-of-breed solutions. Remember, people don’t blame the hacker for security breaches; they blame the target for having inadequate protection.

Spade work is done for Cloud Migration

Attend to tips 1-5 and you will be miles ahead

of the vast majority of businesses moving

applications and workloads to the cloud. You

won’t be moving outdated assets. Business

continuity and disaster recovery planning can

focus on what’s most critical to your

business. You’ll know your storage hierarchy

requirements, and which data need the

greatest protection.

Spade work is done for Cloud Migration

You’ll know what audits and certifications are

most critical to your specific data

management, security and compliance

requirements. And, the field of service

providers capable of satisfying all the

conditions will be narrowed dramatically,

making your evaluation process much less of

an ordeal.

Chat with a Sales Engineer by going to www.Peak10.com

Get a FREE Consultation with one of our

Solutions Engineers right now!