“The only truly secure system is one that is powered off.”
Gene Spafford (professor of computer science and a leading computer security expert), 1989

Though obviously joking, that quote highlights one of the fundamental facts of modern day computers: there is no such thing as 100% secure. Not unlike our previous post on redundancy and uptime, computer security is a state of balance—balance between usability and protection. Add in government regulation and the costs associated with various layers of defense, and you can see why IT security is a unique decision for every organization.

Of course, there is a bare minimum of techniques. Endpoint anti-malware software is a necessity—as is email filtering. Firewalls at your network’s borders are also a must. But beyond those IT staples exist a plethora of defense mechanisms, all with their associated pros, cons, and costs.

  • Next Gen Firewall (NGFW) – Firewall with enhanced inspection, control, and reporting capabilities.
  • Full Disk Encryption – Total encryption to ensure that a lost or stolen device can’t be mined for sensitive data.
  • Web-content Filtering – Security-, regulatory-, and productivity-management software that prevents access to specified websites or categories.
  • Multi-factor Authentication (MFA) – Requiring an alternate or additional means of accessing systems (vs. passwords alone).
  • Mobile Device Management (MDM) – Centralized management and security for cellphones, tablets, and the like.
  • Data Loss Prevention (DLP) – Technology that disallows PII (personally identifiable information) from leaving your organization.
  • Device Control – Technology that prevents the use of specified hardware devices (e.g., USB Drives).
  • Penetration Testing – Periodically testing your layers of protection from outside the network to ensure compliance and security.
  • End-user Education – Often overlooked, people are the weakest link in cybersecurity; regular education and simulations help blunt this unfortunate fact.

While not an exhaustive list, it represents those technologies with the greatest return-on-investment for your security dollar. I hope you found this primer on enhanced IT security options helpful.