- 1 Vapor IO Brings OpenDCRE to General Availability
- 2 VMware Takes the Wraps Off vRealize Automation and vRealize Business
- 3 Microsoft Previews Hyper-V Containers for Windows Server 2016
- 4 Mirantis Led FUEL Project Gets Installed Under OpenStack Big Tent
- 5 Red Hat Enterprise Linux 7.2 Adds Security, DR Features
4 Easy Steps to Securing Your Servers in the Public Cloud Page 2
3. Security Management
Other than malware, viruses and Trojan horse programs, network breaches are the most common type of security compromises. Network security begins at your border routers and firewalls, and it ends at your server systems. Maintain a high level of vigilance with network security and intrusion detection services. Several excellent software packages are available to alert system administrators to changed files and to alert network administrators of any interesting connections to protected data stores and systems.
Some breaches and thefts come from inside the company itself. These breaches are difficult to prevent because of the number of people who support protected systems. However, access logs will provide investigators with enough information to catch the responsible culprit.
Most of the lawsuits filed against companies by individuals have failed to produce any damages or remuneration for the plaintiffs. They failed because the company responsible for the breached data demonstrated it had measures in place to prevent such occurrences and to mitigate them as they happen. In addition to showing due diligence in these matters, companies have also shown forthrightness in reporting breaches to customers and the public. Therefore, companies that have had data stolen generally are held not liable unless the circumstances are unusual.
Full disclosure and due diligence are the best defenses for companies that house or collect personal information. Your best defense is to maintain vigilance on your accounts and information in case of breached data. Contact the company immediately and change your account information.
Diligent Incident Reporting
- The type of information and number of records
- The circumstances of the loss
- Action taken to mitigate the breach
- Details of the breach investigation
- Regulatory bodies informed of the breach
- Preventative actions taken
Ken Hess is a freelance writer who writes on a variety of open source topics including Linux, databases, and virtualization. He is also the coauthor of Practical Virtualization Solutions, which was published in October 2009. You may reach him through his web site at http://www.kenhess.com.