Keeping a customer's data private and providing them with secure networks is paramount to success as a solution provider. But, with identity theft on the rise and hacking attacks mounting, the battle against the "black hats" is becoming more difficult. Bowes, the Director of Operations for NuWave Technology Partners and co-host of Technically Speaking on the Michigan Business Network offers advice on locking up customers' business. (Follow him on Twitter, @JeffreyBowes.)—Jennifer D. Bosavage, editor
Keeping a business network secure is a constant struggle for today’s IT staff. Protecting your company’s valuable information against constantly evolving malware, identity theft, hacktivism, state sponsored hacking, etc. is a full time job. In fact, the Identity Theft Resource Center received reports of 419 security breaches in 2011 that exposed more than 22 million records. Symantec’s 2011 Internet Security Threat Report estimates a 93 percent increase in Web attacks from 2010. Recently, LinkedIn.com and eHarmony.com made news when they both reported that user passwords had been leaked and decrypted.
It can be difficult for a managed service or IT solutions provider to keep track of network security for all of their customers. It is not enough to simply install a firewall at the network edge and make sure anti-virus software is uploaded on every computer. PCs, tablets, switches, routers and firewalls all need to be constantly updated and monitored to guard against network threats. Solution providers that excel at keeping up with threats can set themselves apart from the competition and also (and perhaps more importantly) keep a customer’s trust.
But updating PCs, tablets, servers, etc. with security updates and service packs from the manufacturer is only a piece of the puzzle. Third-party software such as Java, Adobe products and browsers are often gateways for malware. The manufacturers of those products publish updates and patches regularly, though users seldom install those updates on their own. Using a remote monitoring and management (RMM) tool that includes the ability for both operating system and third-party patching makes this process easy for a solution provider to update all software on an endpoint for its entire customer base. RMM tools can also monitor and update anti-malware programs.
It is important to have the most up-to-date version of your chosen anti-malware solution. Not just the latest signature files or service pack, but the latest full release, fully updated. Having this latest version could mean the difference between staying in front of network security threats and spending time clearing viruses, rootkits or malware and explaining downtime to customers.
Firewalls, routers, managed switches and wireless access points need management as well. Just as RMM tools are available to manage PCs, servers, etc. at multiple sites, companies that make network infrastructure devices also have programs to monitor and manage their devices at multiple sites. Juniper’s Care Plus and Cisco’s Smart Care are two examples. Those initiatives help solution providers ensure all of their customer networks are healthy, offer access to vendor technical support and also provide reporting on a scheduled basis.
Managing and monitoring customer networks through a set of tools that let solution providers see all networks at once is a good start. The next step should be to test the theory that the customer network is secure. Such testing would come in the form of penetration testing and, if the customer takes payments via credit card, PCI Compliance testing. Plenty of tools are available so solution providers can do the testing on their own.
However, in this case, it may benefit the solutions provider and their customer more to outsource this testing to a third party. That allows the solutions provider to ensure their customer that others have certified that the network is secure. The third party penetration testing and PCI compliance testing can be scheduled at regular intervals, and the solution provider can then use the reports generated to remediate security issues and ensure that all of their work has been fruitful.
Operating system and software patching, using the most up-to-date anti-malware programs, keeping the network infrastructure healthy and current, and performing regular security testing will go a long way toward ensuring a solutions provider’s customer networks are secure against evolving network threats. And keeping the customer network healthy and secure can help keep that customer’s trust and business.