Servers & Systems: The Right Compute

Guard against internal security threats with these 3 strong controls

For many businesses, the biggest cybersecurity risks don't come from hackers, but from insiders with high-level access to data.

Cybersecurity 640.jpgThe greatest cybersecurity risk to your business might not be a Russian hacker or teenage script genius. It might be a trusted employee with privileged access to your systems.

The inside threat is a common cause of business security breaches. These attacks have the potential to cause serious damage because of the high level of access that insiders have to your data. According to the 2018 Deloitte-NASCIO Cybersecurity Study, only 23 percent of chief information security officers felt very confident that their information assets were protected from internal cybersecurity threats.

Here are three concrete actions that can reduce your exposure to internal security threats and protect your business. All it takes is some consistent logging, authentication, and quality encryption.

1. Enable database logging and review.

Database administrators and other privileged users can access and modify virtually any data. The most reliable safeguard against the potential threat is to consistently log database activity and store those logs in a location that administrators can’t access. This provides a check on the power of system administrators, as they will know that any action they take will be recorded in a log for posterity.

It's not enough to simply store the logs, however. You also must have a trusted person regularly review the logs to watch for signs of nefarious activity. If you don't have the time or skills to do this yourself, find someone—or a group of someones—without database access who can understand the log entries. Setting up this cross-check system puts technologists on alert that someone their activity is being monitored; this can mitigate the likelihood of malicious insider activity.

2. Require two-step authentication.

Two-step authentication is one of the highest-return security controls available. This technology offers a user-friendly, smartphone-enabled experience that's as simple as tapping a button on a phone after logging into a system with a user name and password. Most businesses implement two-step authentication in response to phishing attacks and other external threats, but the technology can be equally effective against a malicious insider who seeks to cover his or her tracks by using a stolen password. You could adopt a full-fledged two-step authentication system, or you could build your own solution on top of a free technology like Google Authenticator.

3. Encrypt sensitive information.

Data encryption is an old standby in the cybersecurity world for good reason: it's extremely effective. Strong encryption protects files, messages, and other content with a password, rendering information inaccessible to anyone without the appropriate credentials. When implemented properly, encryption protects sensitive information against everyone—even a highly privileged system administrator. Choose encryption software that supports strong encryption algorithms such as the Advanced Encryption Standard or Triple DES. When used in combination with a strong password, either algorithm will stop snooping insiders in their tracks.

While you should always be vigilant for the signs of malicious insider activity, the use of database logging, two-step authentication, encryption, and other data security services will help you avoid internal security threats.

Learn why many small and midsize businesses delay server replacement and why that raises security risks in this Frost & Sullivan study:  Server Security Lies Deep in Hardware.

With hybrid cloud, your SMB can reduce downtime, cost and risk while increasing flexibility and scalability.

Ready to take the next step? Check out the SMB Hybrid IT for Dummies Guide. Because there are no "dumb" questions!

Learn more about HPE Solutions for small and mid-size businesses.

Or are you ready to purchase? Visit the HPE Store.

0 Kudos
About the Author


Robert has over 25+ years of IT Marketing and Product Management leadership experience spanning country, Regional and WW organizations. Robert is a marketing executive with extensive experience in field marketing, channel marketing and product marketing on a global basis and is driven to deliver SMB’s end-to-end affordable infrastructure that’s secure from the start, optimized for every workload, packaged for many consumption models, ready to scale, and easy to manage.