The Computer Security challenge
Most solutions require an internet connection and are therein contactable through the internet – be this an internal network (such as within the office) or an external one (through the world-wide-web) such as a web-interface.
This is why since 2020 ransomware has become increasingly dangerous for the global economy, from small and medium sized businesses to government departments or critical infrastructure. Their systems are always ‘online’ and so make juicy targets.
The requirement for an organisation to run software that presumes an always-on internet connection complicates Computer Security significantly. Many anti-virus vendors (such as our favoured Panda Security) allow for local systems on your network to act as a proxy for definition updates, and this helps our clients to maintain secure air-gapped networks. This means some core systems are ‘offline’ from the perspective of an attacker trying to get in via the world-wide-web.
How do air-gapped networks improve security?
An air-gapped network works in the same way insulation does – to protect us from the ‘cold’ we have separate panes of glass in our windows, the air-gap improves the effect of the glazing.
With regard to Computer Security this very same air-gap allows for no two systems to touch each other; this can for example be separating file-servers to have an always-available but secured file-server as a live-backup.
Note that we say always-available, not always ‘online’ because the latter would suggest an external actor (e.g. a cybercriminal organisation) could still access the system through the internet.
In practice this enables our clients to have a much more flexible approach to file-storage while maintaining good security hygiene.
Our preferred vendor for providing air-gapped networks is Opswat, simply because they are the world-leader in this – 96% of U.S. Nuclear Power stations depend on Opswat’s technology in order to maintain secure networks. Opswat are vendor-neutral, meaning they themselves depend on no single Vendor to provide this world-leading security.
Such ‘network-segmentation’ means that in a one in one-hundred chance that a cyberattack against you is successful, your organisation can limit the depth of damage into your systems. This limits the real cost of a cyberattack significantly.
Having an all-in-one server that serves all of your business needs is very common for SMEs, but it reduces resilience and we strongly recommend a focus on enhanced security and hardened systems to ensure you absolutely do not lose the core of your business. Losing this type of server is like losing everything.
Never build a Tower of Babel
If the centre of learning and the core of your work as an organisation is stored in one location, if all of it is online and readily available for you – then it is readily available for threat-actors to use as ransom.
Having multiple complimentary systems, across a variety of vendors, means that no one Vendor and no one Computer System failing will undermine your operation.
IT is operational and while it isn’t nice to think about when things break it will inevitably happen regardless of the size of your organisation.
Hayachi Services works with SMEs and sole-traders and see these ‘Tower of Babel’ systems most often with them, mainly because previous suppliers would charge extortionate fees for even considering diversity in the network. We do however often see aspects of critical systems suffering the same fate even among our clients who are top-10 UK law firms.
Good enough isn't good enough
Ensuring that you structure your Computer Systems in a way that facilitates a resilient operation is key to good Computer Security. This is from the design level: facilitating online and offline backups alongside a considered disaster-recovery plan if things fail; segmenting systems so that a failure in one does not undermine the whole operation.
Even where a Vendor is contractually obliged to respond and resolve a P1 (Critical Incident) within one hour, they often don’t. We know this from experience helping award-winning Managed Service Providers retain their top-clients. Do NOT blindly believe that because you have an SLA that is equivalent to guaranteed uptime.
To put it bluntly, the idea that any one box being ticked will solve all of your organisation’s Computer Security requirements is a poisoned chalice – it may take mere weeks or months to discover this but by then the damage will have been done.
When it comes to Computer Security ‘good enough’ will never be good enough, cutting corners will raise your risk-profile and we see the significant real-costs some businesses pay before they choose to come to Hayachi Services.