Security and the Cloud
Let’s take a quick trip back to medieval times. You’ve got your castle, complete with surrounding moat. You’ve got a thick, strong drawbridge that opens over the mote and closes, a completely encircling outer wall, and an army surrounding that outer wall to protect against any invasion. Plus, knights are close at hand to guard you personally. You are safe and fully protected, right?
No, you are not fully protected; it takes more than an army and walls and moats to safeguard the castle from threats. It’s the same with your software system and data---full protection requires a lot more than infrastructure alone; it requires constant testing of the security system and processes until they break.
Consider the following scenarios:
- Attackers hurl large objects at your castle walls until eventually a hole develops allowing access
- Attackers find your secret escape route (there’s always one, isn’t there?) and gain access
- Attackers adopt “Trojan horse” tactics and are inadvertently permitted to come in
- Under the guise of friendship, one of your sentries invites in a mercenary, only to be deceived
- An attacker gains access, takes a hostage, and demands a ransom for safe return
Now instead of picturing a castle, imagine that it’s your data that’s being attacked. In addition to a constant barrage of malware, viruses, and trojans, ransomware and even human error (we’ve all been fooled at least once, right?) leave data vulnerable.
Look at the following statistics:
- In 2017, cyber-attacks cost small and medium-sized businesses an average of $2,235,0001
- 60% of small businesses say that attacks are becoming more severe and more sophisticated1
- 43% of cyber-attacks target small business2
- 92% of malware is delivered via email3
- 58% of malware attack victims are categorized as small businesses3
- During 2017, 61% of small businesses reported that they had experienced a cyber-attack1
Security requires vigilance
Security is a constant battle and it’s no different for small businesses. Every time you forget to update virus protection, your employee clicks on a phishing email, or your employees use their personal devices for work purposes, you could be open to attack.
Where do you keep your data backup? How often do you back data up? An even better question is, how often do you test your back-up system? Have you tested your back-up system, or do you simply trust that in the event of a breach, you’ll be able to plug in your back-up system and it’ll upload everything in one quick, smooth step?
Here at ECi, we go beyond our infrastructure that includes multiple datacenters and our redundant and resilient approach; we protect ourselves and our customers in the following ways:
- Network intrusion detection and prevention: catch and eliminate attacks as they happen
- Data encryption (in transit and at rest): hide the true data even if it were to be seen
- End-point protection: proactively prevent viruses and malware from doing damage
- Vulnerability management and patching: security vulnerabilities are evaluated and operating systems(OS) and applications are patched on a regular basis
- Security incident and event management: consolidation of security and system data allows us to identify potential security issues
- Threat assessment: evaluation of security events against a global threat database
- Backup and recovery: protection of data and systems just in case of compromise
- Penetration testing and security scanning: proactively identify and remediate flaws
You benefit from ECi’s ability to provide increased data and system protection
One of the key benefits of ECi's cloud, is that we're not just one business trying to protect itself. We bring the demand of all our customers to bear and that gives us the leverage and buying power to get the best security possible and the most attention from security providers in the event of an issue.
ECi has the layers of security, resiliency, economies of scale, and leverage to bring the solutions you need to your doorstep without an on-premise investment. This frees you up to focus on your core business.
In my next post, we’ll explore penetration testing and threat analysis, and how ECi proactively eliminates data vulnerabilities.