Top 10 risks in your IT Infrastructure
Your IT infrastructure should perform as smoothly as it was initially installed without much maintenance, just as your faucet gives you water. Unfortunately, this is often far from true.
Your business needs, the expectations of your staff, and the threats from outside never stop evolving. Let’s look at the most vulnerable assets of your infrastructure that are at risk when not maintained properly.
1. Your electrical needs
Yes, we have a UPS that keeps our critical devices running during a power outage.
But do you know how long the battery pack will survive in your current setup? When was the last time the battery packs were checked or changed? Are you sure all systems that need to be running are connected to the UPS?
It is better to know an answer to these questions than to find out when the lights go out.
2. Server room
A server room needs to be in good shape to prevent several incidents that might occur. Amongst others, consider regularly checking the cooling infrastructure, access control, fire prevention (don’t store those cardboard boxes in there), and fire mitigation solutions.
3. Redundancy where needed
Are those network cables correctly connected, and are the network cards configured to ensure maximum redundancy in your servers? Do you have or need redundant core infrastructure services? The sky is the limit when talking about redundancy, everything can be made redundant, but that also comes with a hefty price tag.
You’ll need to find a sweet spot between costs and acceptable risks. To make an informed decision, you’ll need to know exactly which redundancies can be added, combined with the risk factor it eliminates.
4. Server Hardware
Are you checking the firmware version of your servers to see if there is an update that resolves bugs and tightens the security? Are you logging on to your out-of-band management interface to check the health of your server’s internals, or do you receive automated messages when a server part isn’t functioning correctly?
5. Network and security devices
When was the last time you updated the software of your switch or your security devices? Which security risks are you protected against for your infrastructure? If a security breach happens, do you have a validated protocol in place to get your company up and running again?
6. Virtual environment
Can you handle one or two host failures in your environment after adding all those new virtual machines? Or none at all? Which version of the hypervisor are you running? Is it protected against the latest threats? Are virtual CD/DVD Drives connected to virtual machines that might prevent them from migrating when needed?
7. Server and client OS
Do you have a monthly update schedule for your Microsoft server’s OS?
Did you ever verify that all your client devices are up to date? An unpatched system could be an attacker’s entry point into your network.
Furthermore, your OSes should be configured to prevent using outdated and unsecured protocols. Most of them can be used when you don’t make any changes.
8. Backup environment
Sure, we do backups.
But do you also test restores? For example, do you know how long it takes to recover your ERP system after a disaster (RTO) and how much data you lost before the disaster (RPO)? Is this in line with your business needs?
Where is your backup repository located? Do you have something to restore when the entire building is lost?
These are all crucial questions that deserve an answer and, ideally, are tested regularly.
Have you checked if the cloud is something for you? Some or all of your services can benefit from a shift to the cloud (Azure, AWS, Google) and can bring you more advantages than you think.
A few of these advantages are more reliant uptime and disaster recovery.
And if you need some more ‘oomph’ in your application server at certain times, you can easily upscale the hardware for those periods.
10. And last but not least: Your employees
Do your employees know about all the latest threats, and can they successfully identify them in real life? Phishing, spoofing, and other cyber threats are all around us and, sadly, won’t go away soon.
Educating your staff is a crucial factor in fighting these attacks.
Audit your infrastructure!
Do you want to discover the weak spots in your infrastructure? Then, contact Steven Pauwels for an audit!