Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    How to Bolster Data, Physical Security to Make Threats Go Elsewhere

    By
    Wayne Rash
    -
    December 8, 2015
    Share
    Facebook
    Twitter
    Linkedin
      Data-Physical Security

      “I don’t have to run faster than the bear,” one hunter said to another after spotting the animal in the woods, “I just have to run faster than you.”

      Yes, I know it’s an old joke that you’ve heard enough times that I don’t really need to quote anything except the punch line. But the fact is, this old joke is also an important lesson about your physical and data security. You don’t have to be perfect; you just have to be better than most others.

      The idea of having security that’s good enough to convince the bad guys to look elsewhere is important in terms of data security and physical security. The idea of having good security is more than just putting a lock on the door and an antivirus package on your computer. First, you need to think about the risks your organization is most likely to face, the resources you’re likely to have on hand to deal with the risk and then work from there.

      When I write about physical security, no doubt your thoughts immediately turn to a county office building and a conference room full of public employees celebrating a seasonal holiday in California, but in reality, this isn’t the kind threat you can focus on because it is so unpredictable and so inexplicable that it is extremely hard for any organization to defend against.

      Instead, you need to consider several types of threats that could impact your security on a more predictable basis, since those are far more likely than the random terrorists, despite how deadly that type of attack may be.

      The threats that are more likely to affect you on a day-to-day basis are from other sources. For example, you’re far more likely to be impacted by what’s considered petty theft in most scenarios. This might be the thief who strolls into your conference room while everyone is on lunch break and steals their laptops.

      In a retail setting, it might be low-level organized crime, such as a group of a half-dozen thugs who storm your store as a mob and steal everything in sight before running out again. Or it might be the credit card thief who enters your office through an unlocked door and takes a server while the cleaning crew is on another floor.

      The challenge for your business is determining what the threats actually are. It’s not a huge leap to figure out that unguarded laptops are ripe for stealing. But what about that server sitting on a table in an office or in a closet down the hall?

      While you know about hackers breaking into your network from some foreign country, what about someone sitting in your reception area who has quietly plugged into an Ethernet port there? Or perhaps that person in your reception area is running a man-in-the middle attack on your WiFi router?

      But the threats to your organization go beyond the obvious. Ask yourself who would benefit if your company was hampered because someone stole that server from the closet down the hall? How would you prevent a former employee from connecting to your network and downloading your trade secrets?

      How to Bolster Data, Physical Security to Make Threats Go Elsewhere

      Less obvious, but perhaps more likely are threats that have little to do with your company’s business. For example, if you have a company with 50 knowledge workers in the office, that’s 50 workers, each with a computer, perhaps two.

      That’s a tempting target for someone who might park their van outside a side door and send an accomplice in to steal every computer in sight. It won’t matter that your critical company information is on those computers because they’re not after that. The thieves just want to sell the hardware for a quick fix.

      The answer to these concerns is what security experts call “security in depth,” or “defense in depth.” Here’s an example of how that may work, according to one of the top physical security experts in the United States (who unfortunately can’t be quoted). Let’s say you have that server in a room down the hall that I mentioned previously. And let’s assume you have a side door or a loading dock for deliveries.

      First, you put a solid door on the room that holds the server. Then you install a lock on the door that requires a pass code to enter. You also include an alarm that sounds if the door is opened without the pass code. That alarm also sounds if someone enters the wrong code more than twice.

      Meanwhile, the side door or the door to the loading dock are also equipped with secure locks and they have alarms that go off if someone forces the door, enters the wrong code, or if the door is propped open longer than a set time. Those alarms connect to your security control center, but if nothing happens, then they automatically roll over to the police department.

      Out front you still need to have a sleek, trendy reception area with comfortable chairs and a receptionist. The receptionist isn’t an entry-level employee trained to smile, but rather an armed security guard who controls the locks in doors that lead farther into the building, and yes, those doors are also alarmed. Unless someone shows the right ID, or gets past the badge reader, they can’t go in.

      Here is the basic idea: While you can’t prevent someone who is truly determined from entering, what you can do is make it inconvenient. If they decide to break into your building anyway, it will take them long enough that the local law enforcement agencies can be summoned. Meanwhile, most normal criminals will go to the office down the street that didn’t take such precautions.

      Here’s what you don’t do: You don’t replace the receptionist/security guard with a phone on the desk where someone can just be buzzed in. You don’t put a phone near the loading dock or the side door, either. If people who want in can’t satisfy the security requirements, then they don’t get in.

      It pains me to say this, but a locked door and a security guard might well have prevented or discouraged the most recent terrorist attacks, and they certainly would have discouraged or prevented any number of low-level thefts that happen in every big city office building almost all the time. Yes, it’s sad to wish ill on your neighbors, but it’s also important to keep bad things from happening to yourself.

      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a freelance writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×