The BBC has reported in the past few days in their Technology of Business section, that cybersecurity will be the main issue concerning global businesses this year, and that the Internet of Things will only increase this growing threat to security.
It’s obvious really, as more devices and systems become connected, the threat of security attacks will inevitably increase as hackers find more inventive ways to penetrate data. The BBC suggests the cause is the ‘development of the hyper-connected world’. As more devices are created, and more ‘things’ become connected, we are then able to interact more digitally and the opportunity to hack/attack increases. More data is digitised, and more actions are taken on a digital platform rather than in person, by phone or on paper.
Internet of Things
The Internet of Things has seen its share of attacks over the past year. A report from TrendMicro highlighted that 2015 saw baby monitors, smart TVs and connected cars as the focus of cyber attacks.
Security isn’t just about averting attacks as they occur, it’s about proactively attaining high standards to ensure you can stave off attacks before they cause issues for your technology environment, and consequently, your business. The EU is also introducing new data protection laws which will come into effect in 2018; further increasing the responsibility on the shoulders of business owners for how they manage their data and systems in the future.
This is partly due to the change in nature of attacks, as industry experts forecast that 2016 will see a dramatic increase in ransomware attacks – where hackers break into systems, encrypt the data and then demand ransoms to decrypt the information.
How we keep our customers safe
At C24, we take security very seriously. It has changed how we run our business, how we build our systems and the choices we make about infrastructure and software solutions.
For instance, we elected not to build our own datacentres and instead rent space out of Six Degrees Group (who recently joined with C24) who have state of the art datacentres, designed for mission critical systems. Alone, we would have been able to build a datacentre that was leading edge today. However would it still be leading edge in a years’ time, and then in three years’ time and so on? Partnering with a specialist datacentre provider was a way for us to ensure we were housing our hosting infrastructure within the most current, enterprise-grade datacentres possible.
We split security considerations into three levels: datacentre, network and data.
We house our hosting infrastructure within the Six Degrees Group datacentre facility in the Midlands. We initially chose 6DG due to the high level of security externally around the datacentre facility, as very often hosters think about security within their IT systems but don’t extend their thinking to the external datacentre. Putting your systems within your office leaves you open to potential attacks from disgruntled staff onsite, or the potential for a vehicle to ‘ram’ a building and break into the facility. This may sound farfetched but many resellers have fallen prey to attacks in which warehouses have been broken into using vehicles to gain entry.
Our datacentres have anti-ram bollards to prevent unauthorised vehicles entering the site, and there is 24/7 CCTV monitoring all around the site to control access. Perimeter fencing and guards ensure that only people permitted to enter the wider site (not just the building) do so, while all visitors have to prebook access requests and bring along government issued identification otherwise they will not be permitted access inside the datacentre or surrounding offices. Unfortunately, we sometimes have to turn away customers who have come to visit the site but haven’t brought the necessary ID with them.
Within our datacentre ‘pod’, we ensure the security extends across all of the network layers. We have intrusion detection and prevention software in place to continually monitor the network for unusual activity. We perform routine tests to interrogate the network in order to check for potential holes where attackers could gain entry; this ensures we proactively manage network security before issues occur. Our technical team also monitor the network around the clock to ensure systems are operating as they should and no unusual activity is being reported.
When setting up a client’s hosted infrastructure, we split our network into VLANs so that each client has their own private network that cannot be accessed by other customers. This separates everything out to add increased security to our hosted infrastructure delivery. We also use VRF (Virtual routing and forwarding) technology to segment network paths.
To reduce the possibility of malicious attacks on clients’ websites, we employ Webscreen Technology to guard against flood and applications layer distributed denial of service (DDoS) attacks. Hackers sometimes use bots to ‘flood’ websites to bring them down or slow down the service, making it unusable for real users. Our DDoS security technology averts these attacks by having the system ‘learn’ which IP addresses to trust and which to drop in the event of an attack.
Whilst we deliver hosting to the infrastructure level, we do not directly handle clients’ data, however we do have a number of processes internally to ensure that, as a company, we adhere to data protection guidelines and keep our customer data safe.
We have data protection policies in place that govern how we consume, process, collect and store customer data and our utilisation across the firm of Citrix desktop technology means we are able to take data away from the individual PC or laptop in the event of the device being stolen or lost, and keep information at the datacentre level where it can be managed and monitored centrally.
You can’t always be prepared for every type of attack, but it’s important when you speak with a hoster or Software-as-a-service provider that you ensure they have covered off the issue of security across a range of areas, not just within the systems itself but the physical infrastructure that prevents the outside world getting into your data.
Security is often only important after you’ve been through an attack and resolve to never let it happen again, but with the Internet of Things increasing the array of devices that can be accessed by hackers, from within your home to the datacentre, IT Managers will need to be looking at how this new trend could affect their day to day operations and how to control the devices and appliances across the workplace that IT may not have visibility of.