In the last 10 years, many Maryland businesses have migrated to virtual environments aka “the cloud” from strictly physical hardware servers. “The Cloud” is a marketing term that could apply to any variation of public cloud services, private cloud servers, hybrid solutions, and on-premise virtual servers.
Virtualization offers many advantages to organizations and also presents IT managers with unique security challenges around “the cloud” such as managing access controls and redefining data management protocols based on HR privacy regulations and industry compliance standards such as HIPAA healthcare regulatory guidelines. Beyond that, if your organization is considering public cloud services, make sure to ask the right questions. Who handles IT security of “the cloud”? What are the measures in place if there is a breech in cloud security? What is the backup and failover plan if the cloud goes down?
Granted, virtualization does add a layer of protection to your network systems infrastructure, however, if an individual has physical access to your IT equipment with the intent to harm and the right tools, no virtual protection will prevent tampering and potential hacking. As such, virtual network infrastructure security does not eliminate the need for a physical security assessment.
In fact, a physical assessment is necessary to consider those new data access paths in the network design that may make your new virtual network vulnerable. Along with a refreshed network assessment, a business should update their virtual security practices and corporate guidelines as well as review their physical security measures to integrate the virtual and physical security measures. This assessment would include external hardware like routers and switches, as well as servers.
A major point is that firewalls, 26 character complex password types including letters and numbers changed every month stored in KeePass, and anti-virus software is no match for someone with right tools and physical access to the DVD drive or USB port of a server. All a hacker needs is to reboot the server to a CD or flash drive to compromise the system and even prestigious Cisco routers and HP switches are exempt from this vulnerability. If a hacker attaches a console cable patched to the network device, there are methods of resetting the admin password with the configuration intact. At the least, let’s say it’s a disgruntled employee that isn’t even technically savvy or motivated to access data, if your network is left exposed, your external hardware is vulnerable to theft or vandalism.
Therefore, it’s important to have IT equipment in a locked, enclosed rack and/or behind locked doors. Also, tracking access to these areas can help mitigate risk or at least track the culprit down if an incident occurs.
If you have an IT vendor, ask them about their cloud services security assessments and see if they have a physical security process in place. We do.
IT systems are foundational to modern businesses. Too often, that foundation is unsteady. Unpredictable outages, insecure networks, and unreliable performance from mission-critical systems can jeopardize your entire business.
There’s a better way. Learn how.
Get in touch with us for a free consultation with one of our technical experts. We’ll review your current systems, assess your needs, and identify the coverage options to best meet them.
Get in touch with us by phone: