When it comes to security, today's businesses tend to focus on mobile devices and the data they contain. Unfortunately, that's one of the biggest mistakes a business can make; small businesses still need to protect their servers.
The idea that business data security truly begins at the server level mayseem a bit old fashioned. But in the age of mobile devices inthe workplace, anycomprehensive security system for your data must include servers.
Dmitriy Ayrapetov, director of product management at Dell SonicWALL, believes effective security must provide multiple layers of defense at strategic points in order to reduce the organization's overall risk.
“Having solid client-side security is a good barrier, but cannot be fully relied upon for the security of the enterprise,” he said. “Security around servers that is designed for servers acts as an additional barrier. Mobile devices at this point should be thought of as powerful computers that are permanently connected to the Internet.”
Those sentiments were echoed by Jerry Irvine, CIO of Prescient Solutions and member of the National Cyber Security Task Force, who said server-level security is more important than ever.
“Traditional, perimeter-security solutions like infrastructure firewalls and IDS/IPS are for all intents and purposes being bypassed, opening direct access to servers and their data directly from the publicly accessible Internet,” he said.
Companies need to implement several server-security solutions, he said, including improved authentication processes (such as multiform factor authentication), increased access controls with least-privilege principles, and application firewalls.
Ignoring or neglecting server-level security could come with dire consequences, said Neelum Khan, senior product marketing manager at Symantec Corp.
“Poor server security leaves a company vulnerable to attacks from simple hackers, to innovative hacktivists, and even foreign industrial espionage,” she said. “A data breach could result in destruction of brand, economic implications, compliance and privacy violations, and potentially the destruction of the company itself."
Breaches can affect both "customers and partners, including the loss of their identity and control of their personal data,” he said.
Solid organizational security should not focus on only one area of a network, but rather take a balanced, comprehensive approach.
Joseph Steinberg, the CEO of Green Armor Solutions, suggests you to look not just at the technology, but also at the employees who will work with it every day.
“Because security is complex, and improperly designed defenses can lead to disaster … experts should be hired when designing, implementing and reviewing security plans,” he said.
“Organizations that attempt to save money by using inexperienced people to do a security analysis, or who do not properly analyze and instead just choose to implement ‘popular technologies’ or ‘big brand products’ because they are well known may end up paying huge costs down the road.”