An IT Team of One
When understaffed, corners will be cut, and security is usually one of those corners. However, the situation isn't as hopeless as many believe. Here are four tips for delivering strong security in a one-person IT shop.
Remember, This is the Hospitality Industry
If you've ever responded to a user who can't boot up his PC because, say, the monitor was turned off, you know condescension and sarcasm are tempting. Remember, though, this is the hospitality industry, and it's our mission - yes even us IT workers - to be hospitable.
It might also help your sanity to realize that you're not alone. Security vendor Astaro (www.astaro.com) recently released its Global Security Survey 2007. The results are eye-opening. Of the 2,800 SMB companies surveyed (having between 1 and 4,999 employees), nearly every company regardless of size had between zero and three IT security professionals on staff. The only category that actually employs an average of more than four security professionals is organizations with 5,000+ employees.
Look for Unified Solutions
A good way to cope with a lack of resources is to simplify the management of those solutions you do deploy. According to the Astaro survey, while most organizations already have a firewall (100% of respondents), antivirus software (91.5%), anti-spam scanners (90%) and VPN products (74%), they still intend to beef up their security within the next year.
This is a clear indication that traditional security devices aren't keeping up. The trouble is that you're probably already behind on the logs generated by existing devices, and when was the last time you patched? Will adding more security layers help or just create more complexity and chaos?
In the Astaro survey, one of the solutions a majority of respondents intend to invest in is vulnerability scanning/automated penetration testing. What that tells me is that most of us don't really know how secure our networks are, and we only learn of vulnerabilities after they have been exploited.
When you add these new features to what you already have deployed, security isn't the problem; control is. Fortunately, unified solutions are available in the security market. Find a unified security suite that offers the core set of features you can't live without, while providing a platform that allows you to turn on additional security applications as needed.
The key to unified security is centralized management. You don't want to add features that require different platforms or management consoles. With a consistent management console, the learning curve for new security features will be minimal.
The next time someone asks about remote access, wireless connectivity, collaboration tools or some other new technology, it's probably a good time to investigate outsourcing.
At the Crowne Plaza Hotel Colorado Springs, managing access, connectivity issues, authentication and more for 504 rooms and several common areas - in addition to the hotel staff - is simply impossible for one person. Fortunately with the rise of IT service providers and Software as a Service (SaaS) vendors, it's easy and affordable to outsource cumbersome IT tasks. Not only can you outsource Internet access for your customer base, but you can also look for service-based versions of vulnerability testing, web application security, data backup and recovery and more.
Finally, it's important to recognize that you can't stay current on every technology trend. That doesn't mean you need to be in the dark, though. You already have a relationship with security vendors. You've vetted their products. You know their strengths and weaknesses. If you've chosen wisely and you trust these vendors, then let them be your experts.