An Emerging Trend: Separating Your IT Infrastructure by Primary Usage
A Rising Threat
Cyber-attacks are one of the greatest threats facing global businesses today. Hardly a day goes by that there is not a report of hackers breaching company networks and stealing sensitive customer or personal data.
Data Breaches Are on the Rise
According to Identity Theft Resource Center (ITRC), there were 783 known data breaches in 2014, an increase of more than 27% over 2013. Furthermore, the FBI estimates that more than 1,000 retailers may be under assault from the same or similar malware that attacked Target and The Home Depot a couple of years ago.
Retailers are not the only at-risk sector for data breaches and cyber-attacks. The risk is real for all types of public and private organizations. As reported in a recent Forbes article, some of the more recent companies and organizations to feel the pain from these breaches include Neiman Marcus, White Lodging Hotel Management, Affinity Gaming, Community Health Systems, UPS, PF Chang’s, JP Morgan Chase, Sony, and even the citizens of New York City to name just a few on the extensive list, proving that these new types of criminals have a wide and non-discriminating reach.
A National Problem
To emphasize just how serious the threat of cyber-attacks are becoming, President Obama signed an executive order urging companies to share cyber-security threat information with one another and the federal government. Industry trade associations are also joining the fight against cybercrime, with the Retail Industry Leaders Association (RILA) Board of Directors recently approving a comprehensive, collaborative and sustainable plan. This effort will address challenges which include enhancing existing cyber-security and privacy efforts, as well as opening a dialogue with the general public to build and maintain consumer trust.
Emerging Trend: Separate Networks
In response to the threats presented by cyber-criminals, many organizations are physically separating their IT infrastructure for their networks based on their primary usage to limit exposure. A prime example is creating a separate network to run physical security applications— a network apart from those used for other critical business processes. A physical security-only network is typically used to host a company’s security devices such as intrusion detection, video, access control devices and related infrastructure.
Benefits of a Separate Security-Only Network
The benefits of a dedicated security-only network are multi-faceted: a security-only network delivers a higher level of protection and offers faster speeds, more bandwidth with easier access for loss prevention and security teams—while not impacting business critical systems. Deploying a standardized implementation across multiple locations can also provide for a lower cost alternative to traditional networks.
Further benefits to a security-only network include nearly unlimited access for applications, such as the remote monitoring of video or conducting remote investigations. This provides investigators with immediate access to video and supporting data to reduce travel, associated expenses and the overall time it takes to conduct the investigations.
When the security-only network is monitored by a certified third-party provider, added benefits include advanced alerts of potential system failure or attempted breach of the network. The monitoring company can also ensure that the network has the latest network security protocols and anti-virus software at all times.
Should You Consider a Security-Only Network?
Any type of organization looking to provide a safer and more secure physical environment for its employees, guests and assets while maintaining a higher level of security is a candidate for a dedicated security-only network. When determining if this type of network is a viable option, it is important to include a company’s internal IT resources in the evaluation and assessment of needs and requirements including security.
Selecting a Third-Party Provider
When considering a third-party provider for security-only networks, traditional IT companies that design and implement standard networks may not be your best option. Selecting a company that has the proper certifications for designing networks as well as deep industry knowledge of the security devices running on the network and how they need to work together will greatly enhance the overall end result.
Certifications such as Cisco Cloud and Managed Services Express Partner Certification, Meraki Certified, Sonicwall Certified and security product-specific certifications will ensure successful system integration. Cisco Cloud and Managed Services Express Partner certification recognizes companies that have attained the expertise in the planning, designing, implementing and supporting of cloud or managed services based on Cisco platforms.
Steps to Consider When Designing a Security-Only Network
One of the first steps is to identify the circuit requirements for the security-only network. Understanding what type of applications are going to be running on the network and how much bandwidth and speed are necessary to support the applications is key. Security-only networks are often based on commodity broadband, so it is important to ensure that the carrier can deliver reliable service and speed at any given location. It can be a challenging task trying to determine which carrier provides the best and most cost-effective solution. Your third-party provider can help identify the best solution among the available options in your area as well as procure and provision the circuit for optimum throughput.
Once the network parameters of adequate circuit bandwidth are determined, additional considerations that must be designed into the system include remote (VPN) access, appropriate security measure and rules. At a minimum, there should be a strict password update rule for the duration of password life and passwords re-used from the past. Ideally a consolidated security identification system should be established to ensure continuous monitoring of access with biometric or other proven security solutions as part of any access to the network.
If any part of the network is wireless enabled, appropriate security for network access and ongoing traffic monitoring are essential. If they are not part of the system, monitoring to make sure that no additional devices with wireless capability are installed on the system.
Firewall protection design is essential. With the advent of IPv6 and its inclusion in networks, there is potential for a security breach when tools designed for IPv4 are faced with IPv6 calls.
Continuous monitoring should be undertaken for abnormal network traffic, behavior or attempted unauthorized access. When discovered, rules for appropriate notification and/or lockout must be determined and then enforced.
Protection 1 Security-Only Networks
Protection 1 operates a Network Operations Center (NOC) as part of its Integrated Solutions Group. The center employs a team of Cisco Certified, Meraki Certified and Sonicwall Certified professionals. This team also holds the Cisco Cloud and Managed Services Express Partner certification, making Protection 1 the only security system integrator to hold this designation.
The NOC is primarily focused on providing real-time monitoring of IT-sensitive systems, including up/down status and network performance metrics. In addition to monitoring systems for performance and potential problems, the NOC also designs, installs and commissions LAN/WAN networks for companies that either do not have the internal resources to accomplish this in-house or for those who want a dedicated security-only network. The addition of the Cisco Cloud and Managed Services Express Partner Certification introduces a new level of capabilities and expertise to the NOC in this growing outsourced services market.
“Protection 1’s ongoing investment in technology and the skillsets of our team members give us the ability to deliver more than just security integration to our customers,” said Christopher BenVau, Senior Vice President of Integrated Solutions for Protection 1. “We are seeing more of our customers implementing networks that are separate from their customer data and POS networks to ensure a higher level of security due to recent data breaches. This trend makes the services provided by the Network Operations Center even more important as our customers’ needs evolve.”
The Protection 1 NOC team can design and deploy a company’s network, implement and manage broadband connections, and design and implement VoIP systems. The Network Operation Monitoring Center can notify a customer if their IP camera is out before they even realize it. With the large storage arrays in use today, one unknown failed hard drive could bring down an entire system, potentially destroying all archived video. The NOC can monitor the health of hard drives and immediately notify customers of a failed drive while scheduling a service call to remedy the situation and minimize loss. Cloud-based services managed from the NOC include a web-based dashboard that allows the management and reporting of all IT environments, including networks, security and IP telephony, along with Cloud back-up and disaster recovery services.
The growing threat of cyber-crime and the high cost of remediating the aftermath of an attack, both in terms of hard dollars and brand reputation can be devastating to an organization. Target recently announced that the data hack affecting millions of its customers cost the retailer more than $162 million.
New and innovative approaches to elevating the protection of sensitive data has never been more pressing. Whether organizations choose to implement changes to their networks internally or through a third-party partner to make them more secure, it is a process that is worth heavy consideration.
The cost of implementing a security-only network pales in comparison to the cost of an actual breach. If an organization or company has not yet considered the possibility of implementing a higher level of security to protect their business and their customers, it is probably time to do so.
Cyber-crime rates are escalating as cyber-criminals will continue to grow more sophisticated in their approach. Now is the time to ensure your business is protected.
About Protection 1
Protection 1 can help you develop a security-only network at the enterprise level. Our Protection 1 Integrated Solutions Division will serve as a single point of contact for your IT needs and specialize in large, complex projects that require deep knowledge and advanced skill sets in both security and IT.
As a certified Cisco Authorized Technology Partner (ATP), the Protection 1 Integrated Solutions Team includes experienced security professionals with IT as a core competency and expert certifications in advanced and emerging technologies.
If you have high-end integrated needs with sophisticated IP networked system requirements—Protection 1 is a better choice for you. Our industry-leading approach will help you achieve maximum efficiencies by integrating cuttingedge technologies and customizing solutions to fit your unique needs.
Protection 1 is the nation’s largest full service security provider. Our highly trained local professionals provide innovative business security products, expert installation and an unparalleled customer service experience through 70+ company-owned branch offices across the country.