Cmgt400 Week 3 Securing and Protecting Information
In:
Submitted By deadeyeduckie Words 1513 Pages 7
Securing and Protecting Information
CMGT400
Securing and Protecting Information The internet is a worldwide phenomenon, reaching across the globe and connecting virtually every person together. The internet is essentially comprised of one thing, information. It is information entered into code that produces the websites, emails, and advertisements people see displayed every day. As a result, there are numerous products available which provide connectivity and internet service. Businesses, companies, and banks use the internet to conduct business with customers and other associates. The internet allows companies to potentially recruit customers from around the world, who they normally would not have any interaction with otherwise. With this added advantage of being able to reach across the world, also comes the add threat of becoming a target of malicious hackers. The hackers attention becomes drawn to these companies and their systems and clients' information becomes at risk. The cloud is an offsite storage technology which was originally only available to businesses, but is now easily available to the public. Companies and users are able to store their files on servers instead of local machines, often paying a fee to do so. It is often a useful way to reduce overhead and maintenance costs while paying a company to secure your data and back it up in a virtual environment. Companies that provide this service utilize advanced security software and protocols to do their best at prevent malicious hackers from gaining access to the stored information.
Security Considerations and Design When creating a new information systems database, a very important thing to consider is whether or not the data is safely secure from unauthorized access. The entire system needs to be properly configured in order to deny access form any random outside user. Firewalls, antivirus, rootkit scanners, and other security software are recommended to help provide a "shield" around the company's data. Designers must also consider and accept the fact security patches and updates will need to be regularly installed. There is no perfect one-time solution that will last forever. New threats and weapons are always being developed, so the acceptance of protection being an ongoing and evolving battle needs to happen. This helps ensure company data remains internal. In regards to internal access, a strong security consideration should be granting employees different levels of security clearance. By doing this it is easy to ensure only the proper employees are able to access specific files or folders. A good example of this is the government where some employees have clearance for top secret data and others have clearance for classified data. Ideally internal theft would never occur, but in today's world it is a very real possibility sabotage or espionage within a company can occur. Creating different levels of security clearance helps prevent it and also helps investigate/pinpoint who is guilty should it happen. Another aspect to consider when creating a new information systems database is the possibility of hardware failure and what protocols/policies will be in place should it occur. all data stored on servers should have a backup service established from the initial design/creation of the system. In the event of a storage or server crash, the data will have been preserved and backed up all along. Always performing full backups may take time if the system begins to grow to a large capacity, so perhaps differential backups could be considered with only the occasional complete backup being done. Whichever method is ultimately chosen, it should always be scheduled to run automatically as a specific time of day of week. Most backup services offer the automatic feature in their software. This also provides the client company with the comfort of knowing their backup provider is willing to take responsibility should be automated process not occur for some reason. A great way to backup data is with a redundant storage system such as RAID (Redundant Array of Independent Disks). The great purpose to RAID is being able to duplicate data into another disk as soon as it is created and saved to a disk. It happens as a background process, not disturbing the actual user. Because of this, if there is ever a failure the faulty disk can simply be replaced and the RAID should replicate itself onto the new one. A big design factor when creating a new information systems database is to make sure all data is encrypted hence ensuring proper/easy disposal if the storage disk becomes non functional. The common misconception is if a hard drive or storage disk fails the data is lost, and no longer accessible. People will simply throw away the hard drive thinking it is "garbage". A malicious hacker could very possibly recover the data from the hard drive still, depending on what is faulty. A company called DriveSavers once specialized in recovering data from hard drives which has actually been water damaged in Hurricane Katrina. Components within a hard drive such as the needle which provides reading might actually be replaced and data accessed once again. Because data is recoverable from storage devices, encryption is a must and full disposal after usage should occur. Full disposal means such as melting should be considered in the design plan. The company must have a plan in place regarding what it will do with hardware after its usage is complete.
Cloud Storage Storing data in a cloud server has become a very commonplace practice in the past few years. Originally it was a service only heard of among companies requiring large storage capacity. Cloud storage companies were able to profit greatly by offering the "spaceless" storage and security benefits to companies in need of such. It is a very simple yet beneficial concept. Data is stored in a cloud drive on a server which is offsite. Access is granted to this drive from any device such as a laptop, desktop, smartphone, or tablet. Any changes made the data being accessed is automatically updated in the cloud server. This means companies could not only store data offsite, but also share/collaborate on projects around the world with other locations. At the time, the cost was quite expensive and the bandwidth for access was not nearly as big as today. Today with cloud companies expanding their storage capacity, servers, creating more locations, and getting more bandwidth, it is a service affordable to the general public. With many people and businesses making use of cloud technology, companies providing the service must take into account all the considerations and designs mentioned earlier. Encrypted file access and username/password login protocols are part of the foundation to ensure the cloud is built and functions correctly. If the servers were not configured correctly, a user logging in could be routed to someone else's data storage. Firewalls are a necessity to help prevent Denial of Service (DoS) attacks. Cloud companies not only pride themselves on storage and easy of access, they also pride themselves on constant availability. A physical consideration that must be considered, whether when designing a new information system database or running a cloud company, is the actual storage, location, and security of the actual servers and drives. Obviously it cannot be stored in a location with no security fences, cameras, locks, or guards. A hacker looking to steal information could enter the actual storage room and have access to everything. Many companies choose not to openly disclose the location of their storage servers because of this. While many companies and public users subscribe to cloud storage services or companies, it is possible to create a custom home cloud storage system. A person with some computer knowledge could purchase their own hard disks and configure it with a network attached storage box. If configured properly it will function like a cloud. The costs of purchasing the equipment and software will cost more than subscribing to a cloud provider but the user has the peace of mind knowing where the physical location of his/her data actually is. Cloud computing is clearly becoming commonplace and easy to use, providing the possible future storage solution for every single machine. Apple was innovative with its iCloud technology and since then many companies have entered the cloud industry. Competitors such as DropBox and Microsoft OneDrive offer offsite cloud storage to computer users. As mentioned previously, as these companies become more well known and successful, the attention drawn also makes them targets for malicious hackers. Therefore, not only is the future of cloud technology based on storage capacity and speed/ease of access but also data security and unauthorized access prevention. Whichever company can manage to stay ahead of emerging threats the quickest will most likely always hold the advantage in the market.
References
Backup types. (2015). Retrieved from http://www.backup4all.com/kb/backup-types-115.html
Conklin, W.A., White, G., & Williams, D. (2011). CompTIA Security+™ All-in-One Exam Guide (Exam SY0-301) (3rd ed.). Retrieved from the University of Phoenix eBook Collection database.
Griffith, E. (2015). What is Cloud Computing?. Retrieved from http://www.pcmag.com/article2/0,2817,2372163,00.asp