10 Part Security Course – Lesson 2

Operating Systems and applications

No security system is inflatable but to make sure you have the right protection you need to make sure that you have overlapping fields (the best analogy is the onion – the more layers the better), preferably ones that make it hard to get to the data and users that is your business

So we have discussed the Internet connection last email.   We covered firewalls, wireless, VPN, Intrusion detection and user protection.  This email we will look briefly at the technology side, namely the operating systems and the applications that you use to do business.

No matter what the connection all and every system has two main components apart from the hardware itself.   They all have an underlying operating system (BIOS) that loads up before the main operating system loads from the peripherals.   The base level BIOS is usually in machine or assembler code and is so the system knows where to find the hardware.

Just to make sure you understand, all systems have some level of BIOS and operating system.   This includes tablets, servers, workstations, cloud servers, smart phones and laptops.   Anything that has a computer chip Including GPS and cars have a BIOS environment and an operating system to make it all work.   The human race is so dependent on computers and what they can do that a minute failure is going to create problems.

The operating system is the area where we start to come into what everyone understands on their laptops, tablets and smart phones.   These operating systems are created by Microsoft, Apple, Google (android) and the many varieties of Linux and are what we see when we look at the screen of one of these devices.   Depending on the system you have purchased will also depend on the type of applications that have come Pre installed.

The applications are where your business will do most of its business.   Some cloud based systems will use browser access to enable you to perform your requirements.   Systems like CRM, Insurance assessment, hosted email and ecommerse will require security between the end points.   This can be achieved with SSL and VPN configurations encrypting all data between your office and the storage location and all information transmitted over the Internet.

Internal system like email, office documents and internal server environments can and should also be protected with encrypted traffic and end points.

Just a quick look at other components of operating systems and applications.

The proliferation of tablets and smart phone has created a phenomena called bring your own device (BYOD) which if not controlled correctly can cause havoc with your well structured security plans.

The best thing to do with BYOD is to make sure that there is no corporate data being installed on the device itself.   This protects your business from loss and damage of the device but also the possibility of loosing information through that loss.

If your business is using tablets, smart phones, laptops or sales reps on the road then you need to keep access to your business information as tight as organisationally possible.   This includes apps that access the information through RDP or desktop protocol.

This attitude also ensures that ALL intellectual property old and newly created is stored within the business and also it’s backup and recovery, disaster recovery and business continuity strategy.   Nothing is lost by accident, nothing can be stolen by a outcasted staff member and no one has access except authorised personnel.