Hosting
Comments and opinions about the world of Hosting and IT in general
Tuesday 29 July 2008, 2:13 PM
Let's get Physical ! (sorry couldn't resist...)
IT Security consultants scare me. But I guess that’s their job isn’t it?
I have a very good appreciation for security. Belonging to a company that specialise in Data Centre Hosting, security is an important benefit of our service and we have a lot of both logical and physical systems in place to protect our customers and allow them to sleep soundly.
We were at Infosec in April, my first visit, and found ourselves surrounded by companies selling Firewall, IPS, IDS, Token authenticators or software to protect your data from the nasty, evil people out there. It made me feel a bit uneasy if I’m honest. You see, it’s easier to sell your wares to people who are feeling a little paranoid and generating this paranoia is the bit I’m uneasy about.
Because security isn’t always about having multiple little devices that check each packet in lightning speed before deciding what to do with them. We all know what a complete waste a Firewall is if not properly configured and managed yes?
But when purchasing all these devices to keep the nasties at bay do you ever consider physical security?
The reason I ask is that I’ve recently visited 2 companies that who haven’t really considered the very real need for physical security. You see for every successful hacking attempt, masterminded by evil teenagers from the other side of the world, there’s at least a few computers being stolen – don’t you think?
The first customer really scared me (even more than IT Security consultants). This business holds very sensitive user data and has been doing so for years. This data isn’t part of some nice encrypted SQL database, no, it’s Word Doc’s mostly. Feeling uneasy yet? The worse part of this is that the backup for this data is kept on an external USB harddrive and all this is located in an a Large Garden Shed/Office. My only recommendation to this customer was to get this data somewhere secure and encrypt it that day. I’ve a good feeling it’s still there.....
The other customer, far less scary, just optimistic or uninformed. Wanted to run an online casino platform from his own premises. Fine, no problems. It was a lovely building too. Glass fronted with a nice tint to block out those UV rays. The comms room was at the end of the large open plan office. I asked about physical security.... ‘The comms room is always locked’. Good. Good strong door I noted. Now, I’m not a professional burglar but as I said, I do have an appreciation for security. I looked at the door for a while – good strong door that one. Nice big windows next to it too.
Realistically, if someone was after a server for eBay then it wouldn’t take them long. The upshot of this is that the customer might be very unlucky and they take the database server along with all the customer data.
Do me a favour today, have a think about how long it would take you from the outside of the building to get inside and potentially take away your businesses crown jewels...
Oh my Gosh! Spreading paranoia, scaring people, I've become a Security Consultant !
I have a very good appreciation for security. Belonging to a company that specialise in Data Centre Hosting, security is an important benefit of our service and we have a lot of both logical and physical systems in place to protect our customers and allow them to sleep soundly.
We were at Infosec in April, my first visit, and found ourselves surrounded by companies selling Firewall, IPS, IDS, Token authenticators or software to protect your data from the nasty, evil people out there. It made me feel a bit uneasy if I’m honest. You see, it’s easier to sell your wares to people who are feeling a little paranoid and generating this paranoia is the bit I’m uneasy about.
Because security isn’t always about having multiple little devices that check each packet in lightning speed before deciding what to do with them. We all know what a complete waste a Firewall is if not properly configured and managed yes?
But when purchasing all these devices to keep the nasties at bay do you ever consider physical security?
The reason I ask is that I’ve recently visited 2 companies that who haven’t really considered the very real need for physical security. You see for every successful hacking attempt, masterminded by evil teenagers from the other side of the world, there’s at least a few computers being stolen – don’t you think?
The first customer really scared me (even more than IT Security consultants). This business holds very sensitive user data and has been doing so for years. This data isn’t part of some nice encrypted SQL database, no, it’s Word Doc’s mostly. Feeling uneasy yet? The worse part of this is that the backup for this data is kept on an external USB harddrive and all this is located in an a Large Garden Shed/Office. My only recommendation to this customer was to get this data somewhere secure and encrypt it that day. I’ve a good feeling it’s still there.....
The other customer, far less scary, just optimistic or uninformed. Wanted to run an online casino platform from his own premises. Fine, no problems. It was a lovely building too. Glass fronted with a nice tint to block out those UV rays. The comms room was at the end of the large open plan office. I asked about physical security.... ‘The comms room is always locked’. Good. Good strong door I noted. Now, I’m not a professional burglar but as I said, I do have an appreciation for security. I looked at the door for a while – good strong door that one. Nice big windows next to it too.
Realistically, if someone was after a server for eBay then it wouldn’t take them long. The upshot of this is that the customer might be very unlucky and they take the database server along with all the customer data.
Do me a favour today, have a think about how long it would take you from the outside of the building to get inside and potentially take away your businesses crown jewels...
Oh my Gosh! Spreading paranoia, scaring people, I've become a Security Consultant !
Previous
