You have a significant role in security if you have servers in the public cloud. Do you know what that role is? It’s the role of security manager, and it’s a big job. What the job entails might be more than you’re ready for — particularly when you know that you have certain legal obligations and liabilities to maintain security on those systems. Yes, you read correctly. Your company has liability for security breaches that result in loss or damage to consumers or users of your systems.
When it comes to security in the public cloud, you’re on your own. Your cloud provider will not help protect your systems from hackers and other attacks beyond protecting its own infrastructure. However, with due diligence you can minimize your risks.
Due diligence is your best defense. By complying with all computer data and security legislation, plus providing your dated documentation, you’ll reduce your risk to near zero. While historically many such cases against companies haven’t proven successful, new precedents and laws are in flux in these matters.
So what is due diligence when it comes to computer security, and how can you minimize your risks? The following guidelines will help you toward that end.
When it comes down to legal defense, your best defense is a strong offense. He who has the best documentation wins in courts of law. Draft written policies and procedures that define best practices, schedules, frequencies, and sources of security patches, updates, service packs and hot fixes. Implement those procedures with adequate documentation (i.e., dates, times, personnel, phone records and written summaries), and keep them readily available for easy shipping to your attorney’s office.
Your personnel should perform maintenance patching on at least a quarterly basis. However, you should apply security patches as soon as vendors release them to you. A vendor-supplied security patch means they’ve uncovered a security flaw, and it’s worth the time to notify you about it. You should practice the same amount of diligence with your server system’s security patching as you do with your personal antivirus updating. In other words, assume all security patches are critical.
Ken Hess is an Enable SysAdmin Community Manager and an Enable SysAdmin contributor. Ken has used Red Hat Linux since 1996 and has written ebooks, whitepapers, actual books, thousands of exam review questions, and hundreds of articles on open source and other topics. Ken also has 20+ years of experience as an enterprise sysadmin with Unix, Linux, Windows, and Virtualization.
ServerWatch is a top resource on servers. Explore the latest news, reviews and guides for server administrators now.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
