“The only truly secure system is one that is powered off.”
Gene Spafford (professor of computer science and a leading computer security expert), 1989
Though obviously joking, that quote highlights one of the fundamental facts of modern day computers: there is no such thing as 100% secure. Not unlike our previous post on redundancy and uptime, computer security is a state of balance—balance between usability and protection. Add in government regulation and the costs associated with various layers of defense, and you can see why IT security is a unique decision for every organization.
Of course, there is a bare minimum of techniques. Endpoint anti-malware software is a necessity—as is email filtering. Firewalls at your network’s borders are also a must. But beyond those IT staples exist a plethora of defense mechanisms, all with their associated pros, cons, and costs.
- Next Gen Firewall (NGFW) – Firewall with enhanced inspection, control, and reporting capabilities.
- Full Disk Encryption – Total encryption to ensure that a lost or stolen device can’t be mined for sensitive data.
- Web-content Filtering – Security-, regulatory-, and productivity-management software that prevents access to specified websites or categories.
- Multi-factor Authentication (MFA) – Requiring an alternate or additional means of accessing systems (vs. passwords alone).
- Mobile Device Management (MDM) – Centralized management and security for cellphones, tablets, and the like.
- Data Loss Prevention (DLP) – Technology that disallows PII (personally identifiable information) from leaving your organization.
- Device Control – Technology that prevents the use of specified hardware devices (e.g., USB Drives).
- Penetration Testing – Periodically testing your layers of protection from outside the network to ensure compliance and security.
- End-user Education – Often overlooked, people are the weakest link in cybersecurity; regular education and simulations help blunt this unfortunate fact.
While not an exhaustive list, it represents those technologies with the greatest return-on-investment for your security dollar. I hope you found this primer on enhanced IT security options helpful.