Why in the digital world what you can see can hurt you just as much as the things you can’t
Steve Davis, Marketing Director of data centre operator Next Generation Data
I was interested to read an article the other day by the director of cyber security at Cisco UK&I, on why security short-sightedness could spell disaster for SMBs. He argues we’ve had years to learn human behaviours in the physical world, yet as a new digitised world emerges we’re still playing catch-up from a cyber-perspective.
While I agree to a large extent with this sentiment I am still amazed by the somewhat cavalier approach taken by many businesses to where and how they locate their IT systems and store their mission critical data.
As the aforementioned article asserted, we in the physical world would think twice about walking down a dark alley or letting a stranger into our home, but I am not convinced as much forethought or common sense is applied when it comes to physical IT security concerns, let alone the digital side.
One can have the most sophisticated firewalls, anti-virus and anti-hacking software but keeping servers and storage gear in open plan offices, cupboards, outhouses and so forth is like leaving the door open with a large ‘help yourself’ sign above it.
A recent survey by the government’s Cyber Streetwise business education campaign has found around one third of SMBs suffered security breaches during 2014. The survey also said the average cost of the disruption caused was £65,000 – 115,000: on average a third of a SMB’s annual turnover and potentially putting them out of action for up to 10 days!
But perhaps most shocking of all is the majority of the 1000 SMBs questioned believed they are not vulnerable to security threats with almost a quarter saying taking more security measures was too expensive and a similar number just not knowing where to start. They may do well to remember the data, web and cloud computing solutions their business ecosystems increasingly depend on are only as good as the quality and reliability of the servers and networks supporting them.
If these breakdown, suffer a security breach (digital or physical) or a natural disaster such as from fire or flood, some or all business operations or those of their partners and customers are likely to be affected, often with serious consequences. Whether they realise it or not in today’s world they are effectively ‘IT businesses’ no matter what they actually make or sell. Just about every company is an IT company whether in retail, professional services, manufacturing or whatever.
To be fair to SMBS, and many larger firms too, lack of choice means many have had little choice other than to keep their IT and data on-site or in converted office buildings instead of purpose-built data centres offering top physical and digital security as well as optimised power and cooling.
Fortunately things are changing with more operators such as NGD now being able to build modern data centres of sufficient size and at lower cost for delivering the economies of scale needed to support any size of business requirement - from hosting just one or two server racks to hundreds – all in highly secure and resilient environments.
With small firms accounting for over 99 per cent of all private sector businesses in the UK (Federation of Small Businesses), this can only be good news for their and the country’s continued security and future prosperity.
Getting physical -
1. Security - physical security measures are often overlooked in favour of the digital variety but can often be prove to be the weakest links of all.
- How physically secure is your building and IT equipment? Consider how its location may impact your business continuity and data availability - being well away from areas susceptible to flooding, large urban areas and flight paths reduces exposure to the potential risks
2. Resilience - are sufficient data back-up and replication fail-safe measures in place along with Uninterruptable Power Systems (UPS) to mitigate unplanned downtime?
- Has your data centre or computer room got access to abundant and redundant resilient power, and diverse fibre connectivity links? Are servers being sufficiently cooled and energy optimised to ensure maximum availability
3. Credentials - If outsourcing data directly to a colo data centre or via a cloud provider, check all of the above.
- Also their security and operational industry accreditations for actual proof (ISO, PCI DCI, SSAE16 etc.) and the calibre of on-site engineering personnel for handling technical support issues and Disaster Recovery situations. Tier 3 category data centres should be used as a minimum. Putting in place an escrow agreement will also ensure you have legal access to retrieving your data in the event of their going into administration