Emerging Enterprise: Security
Just because your business is small, doesn't mean you don't need big-time data protection. Here's how to keep your most valuable asset safe.
November 18, 2005
Security Policies Click to enlarge in another window |
If you don't have a security policy, no matter how small your shop, you need one. Period. And it must have teeth--even the best-designed security system is useless if employees circumvent it with impunity.
data encryption. We've been barraged with horror stories: A box of backup tapes goes missing; tapes disappear in transit; a group of tapes is logged and listed as on the shelf, but that space is empty. People get fired, the press gets wind of it, and all hell breaks loose.
The good news is, you can be proactive. A stolen tape is less of a ticking bomb if the data on it is encrypted, and encryption is available from several affordable sources.
» Data-encrypting tape drives. The first tape drives to encrypt in hardware, such as Sun's T10000, were announced recently, and more are on the way. Encryption becomes a no-brainer because these tapes encrypt as they write. If the data is compressed by your backup software before encryption occurs, they may not lengthen your backup window, either.
» Data-encrypting backup software. High-end backup software has had encryption built in or available through third parties for years. Now this functionality is more affordable. If your backup software can compress and encrypt data, you'll use fewer tapes, and they'll be more secure. Check with your backup software provider about its plans in this market. Legato Networker and Symantec include this functionality today.
» Encryption appliances. If you don't want the expense of buying all new tape drives, consider an encryption appliance. These devices sit on your network and encrypt data on its way to tape, either alone or in concert with your backup software. Although initially more expensive than the first two options, these products pay for themselves if you have a large volume of backups, by negating the need to upgrade your backup server or tape drives to support encryption. Appliance vendors include NeoScale Systems, Decru and DISUK.
usb security. USB disks and other tiny portable media are a growing security problem. They're easy to conceal, so an employee can carry a lot of data out of the building without your knowledge, and they're more likely to be lost or stolen than a laptop or PDA.If your security policy allows employees to transport data on USB devices, consider one of the software- or driver-based products that encrypt data on these devices. The most affordable method in Windows is to use the convert command-line tool to change the file system on the USB device to NTFS using EFS. We also like RedCannon's affordable Fireball KeyPoint secure USB device.
If you decide to outlaw these devices, good luck. This is a difficult proposition, and there's no foolproof method. Your best bet is to lock down USB ports with a product such as Centennial Software's DeviceWall and require authorization to open them. Of course, once you open the ports on a given machine, you'll have problems ensuring proper usage. Vendors are aware of this pain, and we hope to see viable products in a year or two.
--Don MacVittie
Like many financial institutions, Equitable Bank of Wauwatosa, Wis., is considering implementing a system of keychain tokens to help protect customers' online accounts. The bank is relatively small, with 10 branches and about 150 employees, and has a limited IT budget, but it can't afford to cut corners when it comes to security, according to assistant vice president and IT officer Mike Block. Indeed, 25 percent to 30 percent of the bank's IT budget is spent securing its systems, Block says.
Banks, of course, are under pressure to ramp up security. In July, the Federal Deposit Insurance Corp. (FDIC) issued guidelines for financial services firms on protecting against spyware. Equitable has already implemented security measures that provide a safe environment for the bank's systems, Block says, but the two-factor system would help draw more customers. "I see an evolving intelligence amongst customers, especially those interested in online banking," he says. "It behooves us to be proactive and present this to customers as an enhancement to their banking experience that will make them feel more secure."Equitable's service provider, Fiserv, is working on the new system, which Block hopes the company will find cost-effective. Outsourcing the bulk of its systems, including security, affords the firm the benefits of the service provider's expertise without the expense of salaried workers. To improve security and further reduce costs, Equitable recently implemented Check Point Software Technologies' VPN-1 Edge, a security appliance that adds an integrated firewall and VPN security to the bank's branch sites' existing Check Point Express firewall and VPN software. The devices let Fiserv centrally manage the VPN gateways, eliminating the need for dedicated servers and IT personnel at each site, and yielding a 35 percent to 40 percent savings, Block says.
The bank also has issued a set of technology policies for use of its systems. "We've made a point of educating our staff as to why security is important and what suspicious activity they should watch for," Block says. The company also educates its customers on common scams like phishing, and encourages them to contact the bank if they receive suspicious e-mail. In addition, it does twice monthly manual searches to identify suspicious sites posing as Equitable Bank.
--Jennifer Maselli
Read more about:
2005You May Also Like