[BreachExchange] Cybersecurity: It’s More than Just Technology

Audrey McNeil audrey at riskbasedsecurity.com
Mon May 14 20:01:59 EDT 2018


The term “cybersecurity” is commonly associated with the protection of
digital data from theft or compromise by hackers. For enterprise customers,
however, most data breaches aren’t the result of technology villains
inventing new ways to do damage. Instead, breaches are due to shortfalls in
the development and enforcement of stringent security processes and
protocols. This why a good cybersecurity plan starts with a ground-up
approach, including not only the technology and virtual security in place,
but very stringent physical security, backed by rigorously-tested
procedures and clearly-defined business protocols.

The reality is, effective cybersecurity requires more than just a secure
infrastructure and one-time installation of security processes.
Cybersecurity requires ongoing attention to, and adjustment of, operational
protocols and facilities management. The best strategy for ensuring it all:
reliance on a data center with a strong and comprehensive mission-critical
approach to business — including the support of experts whose sole focus is
to collaborate with enterprise customers to enhance security and thwart

Sound complicated? It’s really not. By relying on a top-tier data center
provider, businesses can focus on delivering the promise to their own
customers, confident that best-in-class compliance practices are being
employed in the following key areas beyond the physical infrastructure

Evergreen best practices

Times change. Cybersecurity threats are continually evolving. As a result,
what’s currently defined as
a “best practice” could be outdated in a matter of months. Continually
reviewing the details of internal operational procedures, in conjunction
with staying up to speed on new and emerging threats, is key.
More often than not, staying ahead of the bad guys requires only minor
adjustments to security measures already in place — but without an ongoing,
top-to-bottom analysis of existing processes, even a minor security
weakness or oversight could open the door to crippling damage.

24/7 monitored access

Protecting a data center with perimeter fences and gates, and controlling
employee and visitor access with monitored portals, together, represent the
most basic parameters of brick-and-mortar cybersecurity. Just as essential
are 24/7 video surveillance of all areas of the facility (with an
appropriate archive of recorded footage); multi-factor access control (like
key cards, locks or biometric authentication) of users for some areas or
activities (or the ability to add such protection incrementally); required
presentation of government-issued photo IDs for all visitors; and secure
areas within the center for employee meetings and collaborations.
Ultimately, however, the value of these protection measures hinges on the
consistent enforcement of security policies and the support of security
vendors with demonstrated cybersecurity expertise.

Access to security partners

In addition to a company’s on-site 24/7 support from operations and
facilities personnel, it’s just as important for employees to have 24/7
access to the services and technical support of their remote data center in
order to get immediate attention and early resolution of any potential

Up-to-date operational certification

Earning operational certifications, such as Uptime (M&O), PMP and ITIL
certifications, is highly important — not only to ensure optimal delivery
of service, but also to enhance a data center’s credibility to potential
customers. It’s also important to have certifications to ensure operational
consistency across a portfolio of critical facilities.

Always-current documentation

Beyond expert hands-on operations, however, it’s equally important to
maintain thorough documentation and compliance procedures, such as
drawings, OEM manuals and operating policies. Technical and facility
support should be 24/7, both on-site and remote for immediate attention and
early resolution of potential issues. Businesses can also benefit from the
documentation and follow-through on a continuing-education policy for all
personnel — not just engineers — to build and sustain a best-in-class

Full compliance

Controlling and securing data reliably, and responding successfully to
rigorous audits, can be daunting. Meeting compliance mandates, however,
will not only ensure maximum security and availability, but also enhance a
data center’s reputation for quality. Important compliance standards
include, but are not limited to:

NIST 800-53 PE and FISMA
SSAE-18 (SOC 1)/ISAE 3402

Powerful partnerships

In addition to satisfying these critical cybersecurity needs, it’s just as
important for companies to align with a data center that approaches every
account as a partnership. One in which the customer’s in-house protocols
are as equally respected as the data center’s expertise, and proactive
attention to emerging threats is a commitment made by both. Through this
combination of physical protection, quality assurance and team solidarity,
companies can confidently overcome the cyber dangers we know about today
and stay a step ahead of whatever may loom down the road.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180514/b22e2bfb/attachment.html>

More information about the BreachExchange mailing list