Layered Security: 5 Trends That Will Impact Your IT Planning in 2012


Published on

Many of the IT trends that your organization will tackle in 2012 aren't new, but that doesn't mean your IT staff can sit still while your technology continues to evolve. This executive Brief is one of five installments in this series that will examine trends you need to include in your IT planning in 2012.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Layered Security: 5 Trends That Will Impact Your IT Planning in 2012

  1. 1. 5 Trends That Will Impact Your IT Planning in 2012 Layered Security Executive Briefa QuinStreet Excutive Brief. © 2011
  2. 2. 5 Trends That Will Impact Your IT Planning in 2012 Layered Security Many of the IT trends that your organization will tackle in 2012 aren’t new, but that doesn’t mean your IT staff can sit still while technology continues to evolve. This Executive Brief is one of five installments in this series that will examine trends you need to include in your IT planning in 2012. By now the fundamentals of computer and network security are familiar to almost everyone who interacts with a PC on a regular basis: install antivirus software, choose good passwords and protect them and download and install software updates. Despite • 40 percent of SMBs have determined until something goes these measures, businesses of all sizes experienced a security breach wrong and a business hasn’t invested continue to suffer security breaches. resulting from employees in it — it’s a lot like insurance in that navigating to a site that hosted regard. Establishing solid security When large businesses like Sony and malware, according to GFI Software practices early in the life of an SMB TJX suffer data breaches, it makes is important because that security • SMBs lost 30 million man hours in international news. Partly because of strategy can grow with the business, rectifying issues that result from the publicity and partly because of which is a far better plan than finding security problems, according to GfK the size of the budgets and IT staff at a growing business without solid NOP large businesses, cybercriminals are security that’s exposed to all variety of increasingly turning their attention • The same survey found that U.S. threats. to small and medium size businesses SMBs that experienced security (SMBs), where security is more likely problems spent $5.6 million, or an The 2012 Threat Landscape to be soft, breaches are less likely to average of $1,570 per business, be discovered in a timely manner and replacing hardware. They also lost Malware has come a long way since where the rewards for criminals can be $11.3 million (average of $4,800 per the ILOVEYOU virus infected millions high. According to Verizon’s 2011 Data business) in terms of lost sales or of computers in the year 2000 with Breach Investigations Report, small to revenue opportunities a simple email with an infected medium sized businesses (SMBs) have attachment. Attachment-based viruses become hackers’ main targets. It’s easy for SMBs to overlook security. still exist, but users and email security It doesn’t directly add to the bottom products have both caught up. Other surveys come to a similar line in the same way the new products conclusion: or new clients drive revenue. The The attacks that SMBs face in 2012 are true worth of security usually isn’t far more targeted and rely on delivery© 2012, QuinStreet, Inc. 1
  3. 3. 5 Trends That Will Impact Your IT Planning in 2012 mechanisms other than email. They protecting. And while a little common that exist at even the smallest of are more likely to be the work of an sense can go a long way when it businesses. Firewalls and what some organized ring of criminals who are comes to keeping laptops out of sight technology vendors call unified threat trying to find personal information when they’re in a car or choosing solid management (UTM) help protect like account numbers and passwords. passwords, other parts of the technical small business networks from external Web-based applications, ranging from infrastructure require more diligence. attacks. Endpoint security tools like internal business apps to popular VPNs and antivirus protection help online destinations like Facebook, can Here is a partial list of computer protect from internal attacks. Access be used to introduce malware using and network security tips from the protection and encryption work to tactics like SQL injection. protect the data. SMBs that work in website: certain industries like government Phishing scams still exist, but instead might require security information • Keep operating systems patched of casting a wide net in an attempt management (SIM) systems to comply and up to date to garner sensitive information from with industry regulations. millions of users, they are more likely • Minimize the use of administrator to use social engineering, using what accounts on PCs This approach, known as layered seems to be a personal appeal, to security, is essential to protecting • Use full disk encryption for laptops build trust with potential victims. both infrastructure and information in • Use WPA2 to secure wireless 2012. Given the damage that malware Mobile devices and wireless networks can cause, layered security should be connections mean that business considered essential to protecting the • Disable remote administration machines and data aren’t restricted business. options to the office. It used to be that maintaining a secure network provided • Limit access to shared folders How to Implement Layered reasonable protection, but now data Security travels over outside networks that can Both endpoints and networks need to put SMBs at risk. be protected, which means antivirus Make no mistake; a comprehensive software and strong passwords are approach to security requires an While sophisticated criminals are only the start. You need to protect investment in terms of time and behind many of today’s attacks, the the different layers of infrastructure money. The first step to a holistic amateurs are still out there, and their work is potentially potent. Kits like the one that spawned the Zeus phishing virus are available for purchase online, “While sophisticated criminals are allowing anyone to be become a self- taught cybercriminal. behind many of today’s attacks, What Needs Protecting the amateurs are still out there, and their work is potentially potent“ When it comes to an SMB’s PCs and network resources, it all needs© 2012, QuinStreet, Inc. 2
  4. 4. 5 Trends That Will Impact Your IT Planning in 2012 approach to security is to make the expertise to create a system of an emergency response to a security security a priority in the business. layered security on their own also incident or security training for have the option of outsourcing their employees. At many SMBs, security and other IT security to a managed security services issues are covered by the person with provider (MSSP). Like any form of outsourcing, turning the most experience working with to an MSSP takes a specific part of computers or by an IT generalist. This MSSPs can deliver all of the security an SMBs business and turns it over to approach can work at the smallest functionality that an SMB needs to experts who are trained in that area. businesses, but it’s unlikely to scale implement layered security, including This allows the employees at the SMB well as the business grows. Another security for emerging technologies to focus on the core business, building popular approach is to outsource all like cloud computing and mobile new products and increasing revenue. of some of the IT responsibilities to platforms whose security problems MSSPs offer simple, comprehensive a systems integrator or IT services might be unfamiliar to many SMBs. protection for SMBs that lack the time, firm that is a channel partner for the MSSPs can also provide services like resources and expertise to manage leading IT vendors. SMBs are more likely to get people experienced and certified in IT security when they work with such a partner. After the right people are found to manage security, the right products need to be found. Layered security, as mentioned earlier, requires everything from encryption software to access control to antivirus software, intrusion protection systems, mobile security and firewalls. SMBs can piece together their security defenses from a variety of vendors based on price and features and then integrate them into a layered security solution, but as with any IT integration project, things aren’t guaranteed to go smoothly. Finding products from a single vendor that are designed to work together, or an integrator with a proven package of solutions that work together, is an effective way of developing seamless layered security. SMBs that lack the resources to dedicate people to security and lack© 2012, QuinStreet, Inc. 3
  5. 5. 5 Trends That Will Impact Your IT Planning in 2012 the layered security they will need in security, and when combined with from attack and offers SMBs the most 2012. Windows Server, help create a secure effective approach to comprehensive network for businesses of any size. security. How Dell Can Help Dell SecureWorks delivers managed When security expertise and resources Dell and its partners provide the security services for businesses of all aren’t available, many SMBs will turn security solutions that small and sizes. SecureWorks provides the key to managed security service providers medium businesses can use to protect controls for important regulations to help them deploy layered security their machines and data in 2012. Dell like PCI, SOX, HIPAA and more. It in 2012. MSSPs allow SMBs to focus works with some of the best-known also delivers email security, cloud on their core business and put security brands in security to create simplified, security, mobile security, Web experts who otherwise wouldn’t comprehensive protection from security, Web application scanning, be available to a small business in attacks that are increasing in volume intrusion prevention and detection charge of the security infrastructure. and sophistication. and more. Customers that turn to Dell With malicious attacks increasing in SecureWorks can choose the platform frequency and volume, 2012 is the At the data security layer, Dell Data and service options that work for them time to investigate layered security. Protection provides access control so their protection fits their needs and through data encryption to keep budget. Dell and its security partners are data secure. For endpoint security, equipped to help small and medium Dell partners with Trend Micro Worry Conclusion businesses protect their machines Free to keep machines and their data and data in 2012. Dell’s layered secure. Network security comes from SMBs are finding themselves firmly security approach helps keep data Dell’s partnership with SonicWALL, in the crosshairs of malicious online safe and secure throughout the IT as well as Dell PowerConnect J-SRX attacks. To combat such attacks, infrastructure, and its SecureWorks services gateways. businesses interested in protecting managed security service can deliver their employees, infrastructure and enterprise-level security to customers Dell laptops and workstations data will increasingly turn to layered that want to concentrate on their powered by Windows 7 Professional security. A layered security approach business and let the pros handle their provide the latest in operating system defends all levels of the infrastructure IT security.© 2012, QuinStreet, Inc. 4