Overcoming IT infrastructure complexity

A recent study of attitudes toward information risk shows that one in four (24%) IT specialists are concerned about the growing complexity of IT infrastructures and see this trend as a threat to security.

Do you believe that simplicity, efficiency and security should be the main goals when developing information systems? If so, then according to several surveys, most corporate users agree with you. In fact, a recent study of attitudes toward information risk shows that one in four (24%) IT specialists are concerned about the growing complexity of IT infrastructures and see this trend as a threat to security. In their opinion, the more complex the infrastructure, the more difficult it is to manage, and the more opportunities there are for cybercriminals to breach the perimeter of the corporate network.

The growing complexity of IT infrastructure

As a company grows, its corporate IT infrastructure expands accordingly as new elements are incorporated.  For example, mobile technologies that enable employees to work remotely make a business more flexible, but place a significant additional burden on the infrastructure. If a new employee brings her own device to work, the company has to include that mobile device in its corporate network and take care of its security. The list of necessary measures includes device encryption and a professional e-mail application with a security certificate insight. In addition, the business should have a security agent in place to provide remote access for regular security software updates, security policy enforcement, and the ability to block devices or wipe confidential data in case devices are lost or stolen.

Security must also be considered if the business uses a virtual system. Having employee workspaces independent from physical computers gives numerous advantages, including additional protection against hardware failures, fast updates, and simplified management. However, cyberattacks are increasing and virtual environments are just as vulnerable to malware, including malicious email attachments (such as ‘spear-phishing’ attacks), drive-by-downloads, botnet Trojans and worms as physical machines. Virtual infrastructure, therefore, also needs to be secured.

As a result of new implementations, the more elements there are in an information system, the more vulnerabilities there will be. Therefore, as business processes become more complex, the management of the IT infrastructure must adapt to include security tools. Kaspersky Lab estimates that an IT specialist at a small or medium-sized business is typically so busy with routine tasks and requests that they can dedicate no more than 15 minutes a week to managing information security. Needless to say, in the absence of a systematic approach to security, it is only a matter of time before an incident occurs that can take days to mitigate.

So how do you stop going round in circles and start to work systematically? First, you need to choose a reliable and comprehensive security solution that will make it easier to protect your IT infrastructure. A wide range of security solutions is available so you will be able to find one that meets the needs of your business. The right security solution will offer tools that include device security for different operating systems, traffic filtration, and software updates. Secondly, once the solution is in place, you can start to work with specialists. The more complex the infrastructure, the higher the degree of expertise required to manage the security.  You will need appropriately-skilled specialists on the team to service your information system or a third-party partner with deep IT expertise who will be able to help in an emergency. And, importantly, you should always have a plan in place to react to emergencies.

Managing IT Infrastructure

There are two options when it comes to managing IT infrastructure. The first is to manage everything in-house – some IT professionals believe that this is the only way business processes can be fully automated, and security properly ensured. But it’s important to stress here that if you decide to manage your IT by yourself, there will always be hired costs involved – many businesses end up employing of a team of highly specialized IT experts to manage their infrastructure on a daily basis and carry out risk and modification management.

The other option is to delegate the work to a contractor. External IT management professionals can often perform the task much better, and employing them directly may be expensive.

Both options can be equally effective, depending on the nature of the business. For example, a private car dealership may prefer to outsource most of its IT infrastructure to a third party and maintain a small set-up for day-to-day operations. In this case, it would be too expensive to manage the entire infrastructure in house, while third-party management party could offer advantageous commercial terms and high quality expertise.

On the other hand, a commercial bank with a network of branches might be better off maintaining its own infrastructure, either through an in house team of experts, or through an external organization specializing in IT outsourcing. Direct management of the infrastructure could help the bank to tighten control of the perimeter and reduce the risk of cyber-incidents. Outsourcing its management to external professionals could, however, help to save money on the servicing of a large IT infrastructure distributed over the bank’s entire network of branches.

It should be noted that in case you decided to manage your IT by yourself you should remember about hired cost – employing of a team of highly specialized IT experts who will manage your infrastructure not only on a daily basis but will carry out risk and changes management.

In both cases, the decision should not be limited to IT management needs. Both companies may become the target of cyber- attacks, since they have value as businesses and as the holders of customer databases. Cybersecurity considerations are just as important as management ones.

Information security for proprietary IT infrastructure

If you choose to own your IT infrastructure, make sure you have a team of specialists capable of maintaining smooth operations. This can be either your own staff or an outsourced team assigned to the task. Ensure that they develop an infrastructure security plan that includes answers to the following questions:

Once you know the answers to these questions, you can be certain that your corporate IT system is securely protected from all sides.

Information security for outsourced IT infrastructure

Before you decide which company to outsource your infrastructure to, check its security protocols and the results of previous projects. Then, just like above, ask the potential contractor several questions concerning IT security:

  • What IT security tools does the contractor use to protect infrastructure?
  • Is it possible to remotely monitor the status of the network?
  • How will the protection of communication channels be arranged?
  • How are data backup procedures arranged?
  • How is data restored from backup copies?
  • How is storage protected – for both basic and backup data?
  • How will IT security training be provided to your company’s employees? This point is especially important to prevent cyberattacks that use social engineering as a method of intrusion.

In addition, if you have at least one position for an IT consultant on your staff, this consultant will be able to speak the same technical language as the contactor, and help address technical issues much faster. The potential contractor’s answers to these questions will help you understand whether the contractor is ready to ensure both the effective performance of your infrastructure and the protection of your data from cybercriminals.

Your IT infrastructure powers your organization, and trends such as mobility, big data, BYOD, the cloud and customer-focus will place increasing pressure on your systems. Many companies will respond by converging the different aspects of computing, networks and data storage, moving the infrastructure to the cloud or outsourcing it. Each new development will introduce new security vulnerabilities that need to be addressed. If you take control of your IT infrastructure security today, you will be ready for tomorrow.