Wednesday, February 20

Basic IT Infrastructure Investments That Cannot Be Ignored For An Acquired New Business

by Gabriel Ng

Introduction

In order to expand, most companies either grow organically or acquire new businesses. For newly acquired business, there will be a lot of groundwork need to be done to merge the acquired companies IT System to the purchaser company IT System. In IT Infrastructure areas, there are basic requirements that cannot be ignored especially if the new business is in another location or country. These requirements will assist in mitigating the risk of possible security threats from Internet such as trojans, viruses, and worms, hackers damaging business servers or worst unauthorized intrusion retrieving valuable data.

Basic IT Infrastructure investment includes:

a)Firewall

A proper firewall should have Packet filter, Stateful level protection, IPS, Anti-Spyware, Web Anti-Virus that acts as the first line of defense against any attacks, security threat from the Internet.

A Web-based firewall with easy secured configuration menu is preferred. Further, this is suitable for offices that are lack of dedicated local IT personnel. The HQ IT Experts can remotely assist in administering this firewall for the remote office. Remote administration should be via a secured HTTPS channel. Lookout for reputable firewalls that comes with built-in VPN, Web-based Application Filter (Proxy) Anti Virus and also Intrusion Protection.

b) Anti-Virus

To implement the first layer of anti-virus to protect the servers and PCs from harmful viruses, it will be advisable to setup a central Anti-Virus server in the HQ. This meant all acquired offices require are to install the Anti-Virus clients into their local servers and PCs. Management of the latest virus pattern file, scheduled scanning, and licence management will be centrally managed by HQ IT team using the central anti-virus Server.

Note: When your IT Infrastructure grows, it is better to place your servers in a proper Tier 3 or 4 Data Centre. These Data Centres often guarantees electrical and air-condition supply with a SLA agreement of 99.99%. If the HQ servers are not in a proper Data Centre, imagine a severe electrical outage may just cripple your main servers and also all your acquired companies and subsidiaries IT Systems.

c)E-Mail

Instead of investing ground up on an Industry standard communication software such as Lotus or Exchange E-Mail system, it will be advisable that the new acquired company also take advantage of your HQ E-Mail system. The acquired company only requires to install E-Mail clients and can start utilizing the e-mail for communication and data delivery (if required). The E-Mail system will also be administered centrally.

To mitigate risk further, HQ E-Mail system should be clustered for high-availability and comes with dual layer anti-virus systems, anti-spam and anti-relay mechanisms to mitigate risk of E-Mail viruses, spam and relay attacks.

d)Tape Backup System

To reduce the risk of not been able to recover data in the event of server or database failure, a proper tape backup should be implemented. It is recommended to use enterprise Backup Systems (e.g. CA, Veritas) software that comes with Open File Agent (allows to backup files that are currently still open), SQL Backup Agent (allows to backup database without shutting down the database). It will be prudent to conduct daily, weekly, monthly and yearly backups. Monthly and yearly backups should be kept off-site.

e) Telecommunication line

Option 1)

A WAN (Wide Area Network) link will provide a stable communication line given the provider will guarantee a minimum bandwidth. E-Mail replications, Business related application connections will be more predictable on a WAN line. As you have more subsidiaries and new acquired offices, you can leverage onyour numbers with your WAN provider for a better pricing and services. WAN links are costly but are stable and critical if your business relies on fast and reliable International connectivity.

Option 2)

Cost effective Internet lease line or broadband. This meant connection between the offices to HQ is via Internet. However, please note Internet connection is "best effort" where there is no guarantees of bandwidth or uptime. This is a cheaper solution that WAN.

For secure communication between the offices, I would recommend implementing VPN (Virtual Private Network) connections between these offices. This will facilitate encrypted communication between the offices.

These are basic measures that should be in place before allowing communications between these new offices and your HQ data servers. The impact is severe if security threats were to spread to your HQ and other offices from a new business via WAN or private lease lines.

About the Author

Gabriel Ng is a professional IT Security Consultant, IT Auditor (CISSP) and author of http://www.comsectutorial.com This site is setup to provide information, recommendation on hacking prevention, controls to minimise security threats from viruses, trojans, spywares, hacking based real life experience while conducting security assessment and penetration tests onsite in Asia, Europe and Africa.

No comments: