Security Architecture

“Security does not happen by accident.” – Author unknown

 

Some experts predict that by 2020 there will be 200 billion systems connected to the Internet. Software is everywhere, and it changes the way we live, behave and interact with the world around us. As technology becomes deeper rooted in our lives and we become more vulnerable if technology fails.

To build the most appropriate architecture in IT security, it is necessary to know the company’s risk profile. It therefore helps to ask yourself the following questions:

  • What type of data do I have and where are they?
  • Who are my enemies and what resources do they have?
  • What is my IT security level compared to what it should be?
  • Can I get more from my IT security budget by prioritizing differently?

When designing its IT security, there are many elements to be considered. Therefore, it is always about focusing on the essentials, which are even critical data. We always recommend that you classify your data according to the following model:

Since no companies are the same, one should always assess, where the company’s critical data lies, whether data moves between systems, who has access to data and how access is made.

We see that 90% of all attacks start with a phishing email, so there is a distinct trend in the market that our primary focus should be on protecting clients and training users, so they get better at detect attack.

To draw an analogy to, for example, banking world, a criminal can easily enter the bank (outermost team), they may rob the cashier, but it is very hard for the criminals to enter the banker’s (inner team), where the biggest values ​​are.

The main purpose of building the company’s IT security is to ensure critical data and business continuity. Therefore, we do not recommend using all its resources to protect the clients. In our view, companies must, to a certain extent, survive PCs, smartphones and tablets being compromised, but we must ensure that the criminals can not move unrestrictedly across systems and escalate rights.

Unfortunately, we still see in a number of companies, which have very simple measures, that can reduce one’s risks by 90% are not being done to a sufficient extent:

  • Users have admin rights on their PCs
  • The network is not segmented

Elements of IT security

When IT security professionals have been in dialogue with companies on IT security, very often there has been a focus on selling new solutions. IT security houses have been interested in licenses and consultants for the project.

We often see that, afterwards, there are no people to maintain and develop the solution and that the procedures have been inadequate.

When you think about one’s investment, it’s important that you think holistic and maximize the value you get from the solution. One thing is the acquisition value, but some solutions require very fast trim – both by the external partner and often it is also necessary for your company to allocate resources to make the project a success.

Thinking in layers of IT security, having the procedures in place and people who know how to act, we have made a big step towards securing your business.