With Many Highways There are Many Unsolicited Arrivals
Security was always considered but in the last decade, the cyber attacks, and fact that networks carry about all the info about company, made a new and more wide focus on the need to plan security as an organic part of the initial design.
At the beginning, the focus was mainly on good practices for password, and other good individual habits, while a secure infrastructure, meaning the insert of a long list of security practices, on the full network tech stack, was still to come.
Taking care of security with best practices and embedded security design, is a must, as this channel, now, is the preferred one by info thefts , to get access to companies, without have to move from their home, office or vacation.
We address security following a checklist:
- evaluating one by one all the potential issues
- get a baseline for the current state
- list the recommended actions to get a better level of security
- Make the necessary action to move forward the security level to a reasonable one
Don’t go too far with security
One point we try to assess is the level of security that is actually valuable to implement. It is quite simple to suggest a series of things to do, that are an overload while the response should be compatible with the risk assessment.
If someone is telling you that there is a way to be 100% secure, to sell his largest packet, we would suggest you to go further for some other consultant. What can be done is to make a protection that is reasonable in relation to the risk of loosing or expose some data.
And if you cannot make any risk, the only answer is: do not put that specific thing online. Honesty first.