Verticalscope NetworkFind a Merchant Provider - Merchantselect.comInternet Marketing - MarketingFind.comFind a HostAustraliaCanadaDeutschlandFranceUnited KingdomUSA
MerchantSelect Visitor Login
 
Print

Securing Your Web Presence

Last year, more than 4800 sites around the world were defaced. While this may not seem like a large amount when contrasted with the sheer volume of sites on the Internet today, it still works out to 13 per day. Surprisingly however, many companies continue to be ignorant of the true state of the security of their site, or view the purchase of quality security software as a secondary concern. Many have even been lulled into thinking that the Internet is more secure now than it was a year ago, and consider their site to be secure simply because they themselves have not been the victim of an attack. However, defacements of high profile sites such as MSN.com, have demonstrated that anyone is vulnerable, and should take measure to ensure that their Web presence is as secure as possible.

The fact of the matter, is that you are ultimately responsible for you own security, as even the most perfect hardware and software in the world can be compromised by human error or human malice. It should be noted from the outset however, that there is no such thing as a completely secure system, and the while many companies claim to provide "silver bullet" solutions, there is in reality no such thing. In general however, there are two basic types of attacks that you should guard against.

  • Direct: A knowledgeable and targeted attack on your specific systems, whether from outside hackers of disgruntled insiders.
  • Indirect: General random attacks, usually in the form of computer viruses, worms, and Trojan horses.

While the knee-jerk reaction is to run out and purchase as much hardware and software as your budget can allow, it should be noted that it is possible to be "too secure." Security measures inevitably extract a price, and will typically have an impact on how easy it is to use your servers. Having to continually change and retype complex passwords for every operation, or use biometric measures such as retina, fingerprint, and voice scans can quickly bring production to a grinding halt if overdone. The key is to find the proper balance between security, price, and ease of implementation.

Plan before you purchase

It's impossible to effectively secure a Web server, without first evaluating the entire architecture of the network, as well as the hardware and software components that reside on it. Furthermore, the day-to-day operations of your business should also be considered, as the implementation of "soft" security measures, such as eliminating "god" users etc, can be extremely effective in securing your site. Bottom line, there's more to securing one's Web presence than simply throwing up a firewall, and there are some questions one should keep in mind when formulating your security architecture and policies.

Why do you need security?

While this may sound like an obvious question, different security measures are designed to protect different aspects of your site:

  • To prevent loss of data: You don't want someone hacking into your system and destroying your customer records or intellectual property. Even if you have excellent back-up measures in place, you will still need to identify that the data has been damaged.
  • To prevent corruption of data: Even if an attack doesn't wipe out all your data, if the data is partially corrupted, this can be even harder to identify, and can lead to equally disastrous results, such as a cascade failure, where a failure on one system takes down and adjoining system and so on.
  • To prevent compromise of data: Sometimes the consequences can be more dire if your data is merely revealed instead of destroyed. Imagine the consequences if your financial data or other sensitive data ended up in the hands of competitors.

What do you need to protect?

It's easy to spend a lot of money securing less-than-critical aspects of your Web presence, while mission-critical areas are left wide open to attack. Is the core of your business it's intellectual property? Is your Web site a portal to your back-office servers, or merely a static archive of general data? Deciding which of your servers and competencies need securing in order of priority is the best way of clarifying your needs.

Top 7 Management Errors When Creating a Security Plan

  1. Assuming the problem will go away if ignored.
  2. Failure to realize the worth of one's information and organizational reputation.
  3. Failure to follow through on security repairs to ensure that any resolved problems stay fixed.
  4. Focusing on physical security only, without considering the vulnerabilities of one's business operations.
  5. Relying primarily on a firewall.
  6. Authorizing rapid, reactive, and short-terms fixes that fail to address the security of the organization as a whole - so problems re-emerge in the future.
  7. Assigning untrained people to manage security, providing them with neither the training nor the time to make it possible to do the job.

What are you protecting your site from?

All Web sites are potential targets, but it's fairly easy to gauge the group who would be most interested in damaging yours. Are random "pedestrian" attacks from script kiddies and the like your greatest danger, or is there reason to fear a well-funded and sophisticated attack? Hackers who don't care in the least about the nature of your business will generally just "rattle the doors" of your site and move on at the first sign of resistance, while a direct, targeted assault is launched for the purpose of tampering with your data. The answers to these questions will have an impact on the nature of the security you need.

What's the worst that could happen?

Obviously, any successful attack could result in the loss of data, but for some businesses, losing data is the least of their worries (and they all generally have back-ups anyway). Recent data from Intel indicates that the company currently makes around $275,000 per hour through their Web site, which in the event of downtime would quickly cost them millions of dollars in lost sales. Forrester Research estimates that the average cost of site downtime in the E-commerce industry is $8,000 per hour - but large sites like eBay and Amazon would lose a lot more.

What's the best you can afford?

While having security for your site that's virtually bulletproof makes good business sense, not every business will have the budget for a high-end solution. While it's difficult to calculate the ROI of security measures as it's impossible to quantify an attack that never happened, you can prioritize which of your competencies is the most as risk, and direct your financial resources at them first.

  
Home
Contact
Advertising Info
Vendor Login
Select 5
SPONSOR LINKS


 
About Us | Contact Us | Work for Us | Submit Article | Business Development | Advertising Info | Privacy Policy | Terms of Use