Partner Article

where to start when it comes to security

You know computer security is important, especially if you’re running a network with dozens of access points. But where do you begin? What systems and protocols do you need to have in place to protect your proprietary data and your employees’ personal information? The security landscape is vast, and for enterprise executives not educated in the IT field, it seems daunting to figure out where to start. Here are a few guidelines.

Define your security needs

You can’t develop a plan for securing your company’s proprietary data and customers’ personal information without knowing what your needs are. The differences lie in the type of information your employees are sending regularly across networks, the sensitivity of customer data (payment processing information, personal health information, social security numbers, etc.) collected and the source of your software applications. For instance, if your company sends secure information across its network regularly, such as information that could give a competitor an edge or highly valuable data, such as proprietary codes or methodology, you want to ensure that your network is secure to outside access. If you collect sensitive customer data, it’s not only your enterprise’s information that’s at risk, but the identities and personal information of your customers. Whether this is stored in an on-site database or in a cloud, you’ll need protocols and systems designed to prevent outside access. If you have dozens of employees all accessing the network from different access points, the security of each of those end points is also imperative. In this case, you’ll need a multi-layer security solution that protects both the network and each individual end point.

Protect end points and access points

The basics of security involve securing individual PCs. These end points can be vulnerable to outside access by hackers, for instance, if these end points are allowed to access any site on the Internet, users could be inadvertently downloading spyware and malicious code that can track behaviors and gain access to more secure areas of the network. It’s important to put security protocols in place and educate users on appropriate practices to maintain enterprise security. These options include antivirus software, firewall protection, script blockers, proxys and malware removal tools. An enterprise security vendor can help you determine what measures to put in place and ensure that network and end point security are well-integrated.

Evaluate cloud-based and outsourced software applications

If you’re using software applications developed by third-party vendors, you’ll need to ensure the security of these programs in protecting your company’s data that will be sent via or stored in these applications. Holes in code can allow hackers access to your networks, tracking behaviors, gaining passwords and potentially breaching the security of your entire enterprise. Some malicious codes are so advanced that once they gain access, they can replicate, disguise themselves and obtain information that is otherwise completely secure. You should have a set of standard security protocols against which to measure vendor application security, and at a minimum, request verification that the application meets these minimum standards. Another option is to utilize Vendor Application Security Testing (VAST), which conducts an independent analysis of vendor applications to ensure the privacy of both parties.

Resources for security basics

There are a number of valuable resources available online which can help enterprises understand the various security needs and what’s happening in the current security landscape. Staying informed is the foundation for securing your company’s proprietary data: If you’re not aware of new and current threats, you can’t adequately protect your information. Here are a few of the best security resources available

:• The University of California, Santa Cruz, Department of Information Technology Services provides a frequently-updated Cyber Security Information resource, covering many of the basics, including working with mobile and wireless devices, backing up your data and lists of general safe computing practices.

• Veracode’s Blog offers information on the latest security news, including resources and analysis from leading security experts to aid enterprises in obtaining the latest solutions for network and application security.

• Gartner is widely regarded as one of the leading sources of information in IT and security, conducting independent research and providing insight to help enterprises make smart decisions when it comes to information technology.

• Krebs on Security is a site to bookmark, published by Brian Krebs with daily information and updates on threats, cybercrime and security.

• Microsoft Security Response Center is a must-read for any enterprise utilizing Windows-based operating systems. Any updates and potential threats discovered making Windows-based PCs and networks will be covered here, as well as resources for fixes.

• The Microsoft Security Blog is a great resource for IT pros to stay abreast of current happenings related to Microsoft products and applications.

Enterprises which aren’t dealing in IT-related fields often consider security a secondary consideration. Yet maintaining secure data is crucial for continued success. As threats become more sophisticated, enterprises must try to digest significant amounts of information related to a field they really don’t understand. This is where enterprise security vendors come in: A third-party security resource can help you plan, configure and execute a tailored security plan that ensures the privacy of all your company’s, employees’ and customers’ data.

Fergal Glynn is the Director of Product Marketing at Veracode.com, an award-winning application security company specializing in the prevention of sql injection attacks and other security breaches with effective risk assessment tools

This was posted in Bdaily's Members' News section by Jack .