While most organizations are very sensitive to their physical security, only rarely the IT systems are perceived in the same way, often because the first step was missing: a proper policy driving the security measures to be implemented!
We don’t see steel bars protecting that window on the 25th floor and yet, in many cases we see its equivalent in the IT world. Interestingly, we can see that on the very same organization who was missing the equivalent to the front door.
In our days, there are many companies able to sell and install firewalls, Intrusion Prevention, Authentication systems, Encryption devices and a myriad of other security components. However, most of these components are installed as a reaction after an incident, before a proper policy deployment resulting from a serious study on the real needs. As a consequence, when we look into the real security, we see often default passwords still being used on critical devices, static authentication, traffic separation confused with traffic security and many other practices introducing a significant risk to one of the most important assets for any organization: information!
For every physical security component such as keys, restricted areas, walls, doors, safes, desks, and more important; visual contact made by colleagues in the office, there is an equivalent in the IT world.
It is not about that company in the late 90’s who believed that a firewall would be enough, without understanding that its equivalent in the network would working in an open field with a simple fence around… In many cases, it is a similar exposure for many critical areas while having steel shielded doors in the cantina…. The reasons for that are obvious. While on the physical side we have thousands of years of evolution, on the IT world everything appears to be confusing, diffuse and using awkward names that only a few geek appear to understand… and yet, it can be so simple…
How can we help you from Cruxen?
Of course we can perform the installation for many security devices but this is not our main purpose. We can go a lot further. If we were limiting ourselves to that, we would be only one more. We prefer to start a little bit earlier, by assessing your particular situation, help you on deploying and enforcing the right policies and you know what? In many cases, you already have the devices and all you need is a bit of redesign to make sure those are protecting what is more sensitive to you.
Makes sense? Why don’t you get in touch with us?