SINCE the time IT has come to existence, there has been a cause of worry to lose data anytime. With the dependence on IT increasing day by day and all businesses relying totally on applications, servers and storages, it is important to secure our business and our data and ensure we do not lose anything.

Let us understand the basics that can help avoid a disaster leading to data loss and application downtimes.

1 Password Policies: Authentication is the key for securing any IT operations but many enterprises end up with easy to hack password systems in their setup. The password policies should not be too simple but one should also ensure it is not too complex for the administrators to handle. If you ask for complex passwords, administrators fnd it diffcult to remember them and end up noting them down on pieces of paper in their drawers. Similarly, it is not a good idea to keep changing passwords very frequently.

2 Eliminating human element of security: Today’s network administrators have access to a dizzying array of security tools. As hacker Kevin Mitnick says, “The weakest link in any network is its people.”

It is very comforting for IT managers to know that a single employee understands their systems inside and out. But, it is not good for the organisation to rely on a single person for all network and security operations. An oft quoted example is the City of San Francisco employee who was eventually jailed for refusing to reveal key network passwords that only he knew.

In addition, employees who are too valuable in specific roles can also get passed up for career advancement and miss out on fresh opportunities.

3 No new tools without testing: With public beta programmes now commonplace, the temptation to rely on cutting-edge tools in production systems can be huge. Resist it. Enterprise IT should be about finding solutions, not keeping up with the Joneses.  It is also good to ensure that if there are any legacy systems, they should be upgraded to the latest to avoid easy hacking.

4 Logging in as root: One of the oldest rookie mistakes is still alive. Engineers who habitually log in to the administrator or "root" account for minor tasks risk wiping out valuable data or even entire systems by accident, and yet the habit persists. Create different logins for minor admin jobs instead of logging through root or administrator.

5 Effective backup strategies: One thing that we all must follow is to be sure that we have a good backup strategy that suits our RTO-RPO requirements. It should cover all our critical servers/desktops. We should ensure that our backup media is kept safely. Regular recovery drills should be performed, to ensure safety. These help in checking the state of media as well as testing the skills and recovery procedures.

6 Choose specialised vendors: Time has come now to change our approach. We can no more rely on a single vendor concept and should rather work on the concept of working with multiple vendors and choose the one with domain expertise.

ABOUT THE AUTHOR:

Anuj is the Founder and Director Technology for Ace Data Devices Pvt. Ltd. He has been consulting, designing & implementing data storage, backup and disaster recovery solutions for enterprises in heterogeneous environments.