7 Questions to Ask About IT Security
Businesses that have yet to adopt a cloud computing model cite IT security as a top concern. There is much that cloud services providers can do to assure customers that their data, and by extension their reputation, will be safeguarded through due diligence. SMB owners and managers, however, need to know what to look for in a cloud services provider, and to ask the right questions. Here are our top 7:
Important IT Security Controls
1. Client Machines
Ask how an IT services provider makes use of group policies to administer client machines. Also, inquire into how Windows Active Directory is used to enhance system and workstation security. Active Directory managed on-premise resources, and provides access and identity management for users of cloud-based applications.
2. Next-Generation Firewalls
Find out what firewall protection is in place. Ascertain whether firewall protection is used on the perimeter of the system only, or if firewalls are also used in ways that function as internal checkpoints.
Looking to secure your business with a next-generation firewall? Check out this blog.
3. Authentication and Access Controls
Determine how access control and authentication will be handled. Also, ask about reporting and data collection with regard to successful and attempted access attempts. This information can become invaluable when a business needs help tracking down the cause of issues that may develop. Tools such as Microsoft Enterprise Mobility + Security and Azure AD can help.
4. Client Data Privacy
Ask about customer file protections, including how permissions are distributed for adding, deleting, or changing such files. You want to ensure that any data on employee devices is capable of being wiped remotely, and that any co-mingling is made apparent to all parties.
5. Anti-Virus Solutions
Inquire about anti-virus protection. Find out what programs will be used to protect servers and client machines. Also, ask about provisions for updating and maintaining such programs. Will they be set to update themselves automatically, downloading new virus definition files as soon as such files become available, or will some user input be necessary?
Email is still a top source for computer viruses.
Check out this QuickTip about securing your inbox.
6. IT Risk Assessment
Ascertain what procedures are in place for the IT risk assessment process. How does the IT company evaluate its own policies and procedures and identify areas for improvement when it comes to the IT security it provides its SMB clients?
7. Network Monitoring
Determine what monitoring is in place to track device activity and system events. Is continuous monitoring provided by default? The advantages of a cloud services approach can be largely negated if the provider's attitude toward monitoring is on a ‘9 to 5’ basis. In the Information Age, security must be watched carefully 24 hours per day.
IT Security Related Topics: