|
|
| Locking Up Your Digital Assets |
November 10, 2005 |
SECURITY CONCERNS ARE RUNNING HIGHER THAN EVER AS CYBER-CRIMINALS FORM ONLINE GROUPS. BACKBONE MAGAZINE’S SECURITY SUPPLEMENT HELPS YOU TO BEAT THEM.
What a difference a decade makes. In the early to mid-nineties, the biggest security threat to most computer users was small, square and plastic.
Computer viruses distributed on floppy disks wiped out valuable data and launched the anti-virus software industry.
Then, suddenly, the Internet happened and the threat to business computer infrastructures broadened. Hackers, virus writers and spammers operating on the dark side of the Internet are playing a constant cat-and-mouse game with security consultants, software and hardware vendors trying to protect company networks.
These days, many PCs don’t even have floppy drives, but attackers don’t need them anymore. The threats have broadened thanks to successive new generations of attacks, including bot nets, Trojan horses and worms. Unprotected computers connected directly to the Internet can be infected by malicious software in seconds.
What’s particularly worrying about the Internet from a security perspective is precisely the thing that made it so attractive in the first place: its democratic nature. Your company’s address online is easy for your customers to find but just as easy for hackers.
Clearly, the Internet is a dangerous neighbourhood and it takes a brave or foolish company to walk around it unprotected. Just as computer criminals have evolved from disaffected individuals into organized groups, so corporate Canada’s approach to security must also mature.
Have a firewall already? That’s great, but simply fencing your network is not enough. If someone connects a compromised laptop directly to your system or if an e-mail containing a Trojan horse arrives in your inbox, you could be infected from the inside out. And let’s not forget the social engineer who extracts sensitive passwords from unwitting employees, or the disgruntled employee who gains access to your unprotected internal database.
Focusing not just the edge of your network but on the individual components inside your company’s computing infrastructure will help ensure your system is truly protected. But this requires a smarter approach to security. Everything from intrusion detection software through to endpoint enforcement systems are now available to help companies of any size secure their digital assets.
This supplement explains some of the options available in the battle against online attackers. Consider it a vital part of a security knowledge base that will help you shield your company’s resources from the shadier side of the web. The computing industry is littered with companies that assumed the worse would not happen to them. Don’t be one of them.
Weaving a security blanket that has you covered
By John Weigelt
Computer security is an ongoing endeavor that requires constant vigilance to maintain trust in systems and their data. While companies must find a solution to preserve the integrity and interests of their businesses, there is no single solution that will resolve all computer security issues.
The secured perimeter approach is an old paradigm. Security today is best approached from a holistic, end-to-end standpoint. That is, the security of the whole is greater than the sum of the parts, and each part is integral to support the security of the whole. Care must also be taken to ensure that all of these parts work well with each other, since there is the potential for parts to conflict and actually reduce security. A handy analogy is that of a metal chain, which is only as strong as its weakest link. By ensuring all the links are equally solid, the integrity of the whole chain is preserved.
For many companies, secure computing is only now becoming the No. 1 priority. Microsoft has spent billions of dollars in R&D to help advance the field of computer security. At the same time Microsoft has worked to implement these advances to help ensure software and computer networks have enhanced protection against cyber invasions. This commitment includes working with customers and their employees to advance their thinking about the elements and individual responsibilities that contribute to IT security.
A critical part of any secure solution includes the selection of comprehensive safeguards incorporating policies, processes, people, products and partnerships to address threats. These are the five “Ps” that spell out holistic security.
The book-ends to this holistic approach-policies and partnerships-help ensure the remaining elements can do their part within the security “chain”. Policy sets a solid security foundation in place. Partnerships-either with vendors, consultants or peers-enable people to share experiences and develop standards based on what works.
With policy as a strategic framework to define expectations for companies and individual users, and partnerships to encourage best practices, the other steps toward manageable security include:
- Identify those elements that are crucial to the business of the organization.
- Identify network security threats.
Select comprehensive safeguards incorporating policies, processes, people, products and partnerships to address threats.
- Measure deployed safeguards to ensure their effectiveness, and keep them up to date accordingly. Remain vigilant for new classes of exploits that may require new safeguards.
- Develop partnerships to encourage information sharing including security best practices and security tools.
The City of Ottawa understands how challenging it can be to implement security at the policy level. Shortly after it amalgamated 12 separate municipalities into a single organization in 2001, the City of Ottawa charged its newly formed IT department with developing a strategic security plan.
The biggest challenge was transforming the City’s culture from an environment where departments were free to make IT decisions independently, to one where they needed consent from a centralized security team. With sponsorship from City Council and senior management, the City’s CIO mandated that threat-risk assessments must be conducted by the IT team at the early stages of every technology project.
This policy ensures that proper safeguards are incorporated into projects early on. Further, it helps save the City money in the long run because the costs of correcting security gaps after a project has been deployed are far greater than doing things correctly from the beginning.
Partnerships are another crucial element in today’s computer security environment because they encourage the sharing of threat information, best practices and security techniques within the technology community. Malicious users are adept at sharing information, and security practitioners must become equally or more adept than these cyber criminals to help safeguard against their attacks.
Vancouver City Savings Credit Union (Vancity) is an organization that is taking full advantage of a partner’s security expertise to provide prescriptive security guidance to their customers.
Vancity worked with Microsoft to develop content for a security Web page on its Web site that helps credit union customers protect themselves and their families while online. The security Web page http://www.vancity.com/MyMoney/PrivacySecurity/YourSecurity/AtHome/ includes videos, FAQs, tips and techniques on topics such as phishing scams, identity theft, viruses, spyware, spam avoidance, and online safety for children.
Security is a constant battle that requires diligence on the part of an entire organization, not just the IT team. With a comprehensive strategy in place, founded on sound policy and strengthened by solid partnerships, companies can rest easier knowing the links in their security chain are equally strong.
John Weigelt is the National Technology Officer for Microsoft Canada Co. In this role, John is responsible for advocating the technical needs of local government, education and academic agencies to key Microsoft stakeholders at a regional and corporate level.
What is spam really costing you?
By Tim Dickins, vice-president, sales, MCI Canada
Ask any Canadian company to identify its top five IT business concerns, and information security usually makes the list. Although all businesses are susceptible to security challenges, Canadian small-and mid-sized businesses, in particular, face a large-sized headache in managing their IT security.
Today, one of the most prevalent (and most irritating) security challenges is that of unsolicited commercial email, or spam. The costs associated with spam, from overburdened or infected systems to hours of lost productivity time (never mind the annoyance factor!), are having increasingly harmful effects on Canadian businesses.
For companies such as Radcliffe Systems, a Thornhill, Ont.-based provider of supply chain systems, which has an IT staff of exactly two, the costs of systematically managing e-mail security threats and spam filtering in-house were just too high. So the company looked to an outside vendor, MCI Canada, to protect its network by proactively filtering inbound e-mail and automatically preventing tainted e-mail from being delivered.
Spam, however, is more than maddening; according to an ICSA Labs Virus Prevalence Survey, more than 90 per cent of viruses enter networks through e-mail, representing a clear and present danger to a company’s technological heart. For a reasonable monthly fee, MCI Canada’s Managed Scanning service is a cost-effective way to detect and stop infected, unwanted or inappropriate e-mail messages from ever entering a customer’s network. And, because it’s a fully managed service, companies offload this labour-intensive network administration to MCI while avoiding any extra hardware or software costs.
MCI Canada offers a broad array of Managed Services that deliver the most advanced public- or private IP-based networking, security, e-mail and professional services available.
Tim Dickins, VP of Sales at MCI Canada, has over 22 years of experience in telecommunications and publishing.
|
|
|
| Top 300 Issue |
 
|
| Gadget of the Week (Canadian) |
|
Make your iPod look even better
Bowers & Wilkins Zeppelin iPod dock
It’s pricey at US$599 but if you need big sound and a great-looking home for your iPod then take a look at the Zeppelin. It’s a three-way stereo system with two tweeters, two mid-range drivers and a woofer.
more>>
|
| Gadget of the Week (Japanese) |
Sounds of Japan
Why record just the visual when you can capture the sounds as well.
more>> |
| Backblog RSS feed |
Click to subscribe  |
|
sponsored by 
