Pinacl Solutions



Layering Security

Security has been a bit of a big thing this month with the impact of the WannaCrypt outbreak affecting a large majority of key IT systems across the world. So, what better topic to discuss in our Infrastructure blog this month.

Blog prepared by Chris Styles, Solution Architect. 

We all know that there is no such thing as an absolute secure system right? Even that most secure air-gapped Non-Official Cover (NOC) list held by the CIA in Virginia was infiltrated by social engineering and physical security failures. OK that was a fictional plot from the original 1996 Mission Impossible film, but for me it serves as a visual mnemonic reminding me that even when we think we have all the bases covered, if someone wants to get into our systems they will find a way.

What can we do to protect ourselves in these times where IT crime is becoming a real threat to all businesses and is no longer confined to Government agencies and large enterprises? From a criminal’s perspective, why try to hit a large well-funded organisation with the power to fight back? Why not just attack a greater number of less well funded organisations? If they can use automation to select and attack targets, the pay-out is greater and the risk is dramatically reduced.

We layer our Security, we test our security and we proactively monitor our systems for early warnings.

I've talked before about layering security and considering the security impact of every system and change, often we have our customers and clients coming to us for a point solution to cover one aspect, one application or one infiltration point. When we talk to those customers about their security strategy in the wider sense, it is often hard to give a visual picture of the security layers and processes needed to protect todays systems. 

So, for your visual delight, I have listed and layered the mechanisms and processes available to you today. Whilst I am sure the list is not exhaustive, and I really do appreciate any feedback from areas I may have missed, I hope it goes some way to trigger your thinking. "Have I done and am I doing everything possible to protect myself and my systems?"

If you would like to talk in further detail about what you should be doing to protect yourself or would like help formulating your security strategy, please feel free to contact Pinacl on 01745 535 300.

Blog prepared by Chris Styles, Solution Architect