An often overlooked part of IT network infrastructure management is network security. The majority of business networks, even for small businesses, have a large variety of heterogeneous devices that are working together to provide the services for the various departments including product development and product lifecycle management (PLM). This diverse range of devices can pose a security risk as each operating system and product suite needs to be updated regularly.
Even non-specialist software from companies like Microsoft or Adobe are updated monthly to fix security issues which affect their respective products. Frequently, Internet Explorer is updated to resolve issues where malware can be downloaded onto a PC just by visiting a website. Similarly, Adobe Reader is often updated to fix vulnerabilities where malware can infect a PC just by opening a malicious PDF file.
Beyond Windows and well-known tools like Adobe Reader, enterprise and server software is also frequently updated. In February 2013, Microsoft issued a critical patch for Microsoft Exchange which fixed an issue where the server could be infected with malware when certain files are converted by the mail server. Windows Server 2003, 2008 and 2012 are also often patched. Linux isn’t immune to these problems and Red Hat Linux, CentOS and Ubuntu are frequently updated to fix security related issues.
Besides traditional servers there are often other types of servers or appliances on the network including firewalls and VPN servers. As well as being updated frequently, they also need to be configured correctly — a firewall with a bad configuration is the same as no firewall at all!
If a business is hosting its own website then this offers a public point of access which attackers can try to use to circumvent security. An out-of-date or misconfigured web server can pose a significant security risk, both in terms of allowing intruders into the internal network and in exposing confidential customer data.
It is an unpleasant reality that security is often neglected by system administrators, not through incompetence but due to workload. Maintaining a complex IT network infrastructure can be time consuming and if security has become a low-priority task then a business becomes vulnerable and even customer data is put at risk.
By outsourcing different IT services, these pressures can be alleviated. First, the companies web hosting could be moved to managed hosting or to the cloud. Second, different parts of the IT infrastructure can be managed by a third party or even moved to SaaS. Or simply having a security expert on hand to manage the security related aspects of the network can reduce the pressure on the existing IT staff.
Whatever solution is chosen, being proactive is always the best course of action.