Layered Security – Enterprise Practice for the SMB (and Home!)
- Joseph Gusmeri
- Feb 1, 2024
- 6 min read
Updated: Mar 19, 2024
To Start: What does good security look like?
To obtain a “good-looking” secure environment, employing several layers of security and protection is foundational. For an analogy, I’d like you to think about automobile safety and security layers for a moment. Of course, there’s the seatbelt safety layer with a shoulder strap. Then you have an airbag layer to cushion passengers in case of serious impact. To reduce the destructive forces on the passengers, the vehicle chassis is built with crumple zone layers, including a collapsible steering column. Add technology layers such as collision warning and automatic and/or antilock braking to reduce the need for impact protection, then add in a skilled driver. Now you have a very safe and secure operating environment for the passengers inside the vehicle and for those outside of the vehicle as well.
Layered features like those listed above, all working together, make any environment much safer to operate, as well as safer in the event of an incident or during the occasional mistake. Your CIO at The CIO 4 All will approach your security as a cohesively deployed, “layered” security model.
Let’s briefly examine the primary security layers that can be deployed.
What are the Typical Layers?
PHYSICAL SECURITY
Traditional Approach - Really, we should call this “Access Control”, but Physical Security is far easier to remember and relate to. How do we let people into our office/warehouse/etc. and, how do we know who was here, and when? Conventionally, you’d give everyone a key for access and maybe have a camera pointed at the entry(s). That’s pretty okay, if you only have one point of access and you don’t care where they go once they are inside. (You see where I’m going with this, right?) Perhaps you have a locked office, or supply room, or other internal locations, and you give the appropriate individuals a key to these locations. What happens if you let someone go, they quit, or lose their key(s)? Yep, you’re changing locks, rekeying doors. Oh, and do you even know if your camera is online and working? Maybe it was disconnected?
Contemporary Approach - Well, you know I’m going to “tech” this up but, it’s very simple really. A really good first step is network enabled entry control devices (WiFi door locks). The best solution for this would be to use Biometric authentication. Using fingerprint technology alleviates the problem with keys, key-cards, and pass codes. They can’t get lost, they can’t get “loaned” or “borrowed”, and they certainly can’t be forgotten. If someone has to depart the company, you simply remove the authenticator (fingerprint or code, if assigned) from the device. All good bio-locks have backup keys for “bearer” access. This is not just an elegant and simple solution, it is also an highly available solution with attractive price points and easy management, depending on your business/personal needs.
ENDPOINT SECURITY (Virus/Malware Protection and More for End User Devices and Servers)
Traditional Approach - Install free Norton or MacAfee (or whatever came with your device upon purchase) virus scanner and feel safe. We don’t live in that world anymore. Yes, viruses and malware are real and continue to be a threat, but they’re not lucrative. There’s little or no way to monetize a traditional virus, so why would threat developers do it? Malware is still very much alive and you’re probably a target every day and hardly even recognize it.
Contemporary Approach - What if I told you that you could easily afford endpoint security that features not only real-time virus scanning, but also includes adaptive protection against malware and ransomware, and also includes device rollback and active reporting on endpoint compliance. What if I also told you that, you could also get fully managed threat investigation and remediation and still think, “Wow! that’s really inexpensive.” It’s true, it’s real, and this type of enterprise class protection should be the norm for home and office. (We can get you one of the best!)
EDGE Protection (Network Perimeter)
"Adaptive Learning and Scanning" firewalls provide the highest levels of border protection and at a crucial security boundary. Moreover, top tier data encryption standards, real-time alerts, and notifications prove the commitment to data protection.
Traditional Approach - Spend several hundred (or thousand) dollars on a firewall to prevent outside access to your internal network. Soon, you realize that you have no idea what you’re doing and then hire a security engineer to install and configure your device. Call this security engineer every time you need to have a change made. Since you’re not a big customer or the person you hired is your sister-in-law and they’re on vacation now so they can’t help you make changes right now.
Subsequently, you realize that you need to prevent people from playing games, searching for their next date, or viewing NSFW information on your network. Now you need to install and configure a content filter, and that is going to cost you BIG, plus you have to pay someone else to configure it and you have no idea if it’s actually working.
Contemporary Approach - Top tier network companies provide firewalls and integrated network access devices (WiFi access points and switches) that are configurable via web interfaces and sometimes, mobile applications for quick changes. These devices are easily installed and configured and have optional security and content filters that are easily affordable.
Our recommendation is that you have the selection and installation overseen or performed by Your CIO to make sure that it is done properly and that you understand all the features you need, and that you are receiving them. The CIO 4 All does offer the installation and/or management as a very cost-effective solution set. Plus, you can be sure that you’re not “stuck” or at the mercy of your sister-in-law.
Security Awareness - The Human Factor
The weakest and most easily strengthened security layer is the greatest asset any business has, their people. Training your people to recognize threats is your single best tool. If all employees, contractors, etc. know what to look for and what to do in the event of "Phish" or scam, know how to make strong passwords, recognize the importance of, and know how to use multi-factor authentication, you have all but won the battle. Most successful threats are invited into your environment by someone that "just didn't know."
Traditional Approach - Tell people to be aware of links in emails. Honestly, that's pretty much the approach that many small and medium sized businesses take. I spoke to a gentleman that is the head of a small business IT group and his approach was, "We have a call once a month and I tell them what to be aware of. It's been working pretty well so far."
Contemporary Approach - A managed hosted training program is the best plan of action. Even the most basic programs contain an automated and tracked "Security Awareness Program". Included in some are "Phishing Alert" buttons for email, user assessments, "test" emails, recommended training, and reporting of "at risk" employees. These programs are so good and so easily managed that you'd expect to spend thousands of dollars on them. Depending on the size of your business, how does $20/year per person sound? Maybe a little more, maybe a little less but that is a highly attractive solution to strengthen your most vulnerable targets.
Our recommendation is to have your CIO manage the system and provide you with the results. If you are already subscribed to our "Your CIO" service, this management is included in your engagement. Now the cost of the program through our selected partners is additional, but we manage it for you "start-to-finish" and you keep focusing on your passion: your business.
Enterprise Security from Your CIO