IT service providers have two key roles when it comes to ongoing operations, Data Protection and Data Security. Data Protection ensures data stays available for business use across hardware, environmental, and personnel failures. I have spoken on this topic in past articles and TekTalks.
Data Security keeps the data secure and safe from those who should not have access to it. Data Security is a multi-faceted, multi-discipline, multi-layer daily endeavor. Some examples of the sub-classes of security management are:
1. Edge Security (e.g. Firewalls, Intrusion Detection/Prevention, Edge defense, DMZs)
2. Endpoint Security (e.g. Anti-Virus, Anti-Spyware, Anti-Ransomware, Anti-Phishing)
3. Internal Security (e.g. Security Groups, Read-Only access, Hierarchical vs Custom permissions)
4. Social Engineering Security (e.g. staff training on phishing, fake authorization, induced pressure)”
5. Encryption (e.g. email, whole disk, document, rest versus in-transit)
6. Controls and Process (e.g. standard procedures, approvals, incident escalation and response)
Next month we will have our quarterly TekTalk on the topic of Data Security. In this talk, I will go over the various aspects of proper security execution. I will then follow up with a series of newsletters focused on important aspects of security.
More details on the TekTalk and follow up articles are to come. Having the right level of security for your business is important to ensuring you have reasonable, cost-effective, safeguards in place for your business data.