By Exceed Group on Jan 1, 2019 8:00:00 AM
With the increased usage of mobile devices, the reliance on remote workers and an ever increasing desire for data-driven insights, IT departments are faced with the challenge of continuously modernizing their infrastructures. As the move towards digital business grows, so does the complex security environment that supports it.
According to a 2017 KPMG survey of 4,498 CIO's and technology leaders, only 1 in 5 felt they were well prepared to respond to a cyber attack. Yet at the same time, only 5.9% of IT budgets are allocated to security.
Servers are the foundation of a modern IT infrastructure and play an essential role in processing, storing and centralizing business data and critical applications. Yet, server security is often overlooked or neglected by businesses. As a result, they are a prime target for malicious attacks.
The most common vulnerabilities include:
• Unprotected local data
• Sensitive data left behind in temporary and cache files
• Unprotected or weakly protected data transmissions
• Weak authentication protocols
Most IT leaders have learned to recognize and take preventative measures to protect their network, data, operating systems and applications. However, there is a lack of attention paid to underlying server infrastructures such as hardware and firmware.
Take for example, the recent cyber scandal surrounding CCleaner. Millions of users downloaded the latest version of the disk clean-up program and with it, a malicious virus. It turns out the malware came bundled with servers belonging to Piriform, the software development company that sold CCleaner hardware to Avast.
A similar situation happened early last year to Apple, which had to remove all Super Micro servers from their SIRI development stack after a firmware update came filled with malware.
So what can IT leaders do to protect their infrastructure from hardware and firmware security threats? Unfortunately, very little. Antivirus products do not scan firmware for malicious code. The only real protection is investing in a server with solid end-to-end security from a reputable manufacturer.
So what does that mean exactly? Our whitepaper "End-to-End Security: The IT Leader's Guide" offers best practices, a framework on how to properly source a secure server, and key security criteria for a modern IT infrastructure. Download it below.