Opinion

Why it’s high time to give your business an IT physical

4 min read

26 March 2015

I read an article the other day by Cisco’s director of cyber security about why security short-sightedness could spell disaster for SMBs. He argued we’ve had years to learn about human behaviour in the physical world but in the new digital one we’re still playing catch-up from a cyber-security perspective. So why don’t rational business owners and managers put as much common sense into taking precautions over the physical security of their IT systems?

You can have the most sophisticated firewalls, anti-virus and anti-hacking software but keeping computer servers and storage gear in open plan offices, cupboards, outhouses and so forth is like leaving the door open with a large ‘help yourself’ sign above it. 

All the more so from the recent survey by the government’s Cyber Streetwise business security campaign which found around one third of the 1,000 SMBs questioned had suffered security breaches during 2014. The survey also said the average cost of the disruption caused was £65,000 – 115,000 which on average is a third of a SMB’s annual turnover and could potentially put them out of action for up to ten days! That could put some out of business altogether! 

But perhaps most shocking of all from this survey was that the majority believed they were not vulnerable to security threats; almost a quarter saying taking more security measures would be cost-prohibitive; and a similar number just not knowing where to start. 

It is well worth remembering the data, web and cloud computing solutions that modern business ecosystems increasingly depend on are only as good as the quality and reliability of the servers and networks supporting them. If these breakdown, suffer a security breach (digital or physical) or a natural disaster such as from fire or flood, some or all business operations or those of your partners and customers are likely to be affected, often with serious consequences. 

Whether you realise it or not in today’s world you are effectively an ‘IT business’ – no matter what you actually make or sell. Just about every company is an IT company whether in retail, professional services, manufacturing, or whatever. 

To be fair to SMBS, and many larger firms too, lack of choice means many have had little choice other than to keep their IT and data on-site or in converted office buildings instead of purpose-built data centres offering top physical and digital security as well as optimised power and cooling. 

Fortunately things are changing with more data centre operators such as NGD now being able to build modern data centres of sufficient size and at lower cost for delivering the economies of scale needed to support all manner of business requirement – from hosting just half a server rack up to hundreds and all in highly secure and resilient environments. 

With small firms accounting for over 99 per cent of all private sector businesses in the UK (Federation of Small Businesses), this can only be good news for SMBs and the country’s continued security and future prosperity. 

Getting physical on IT

How physically secure is your building and IT equipment? Consider how its location may impact your business continuity and data availability – being well away from areas susceptible to flooding, large urban areas and flight paths reduces exposure to the potential risks

Has your data centre or computer room got access to abundant and redundant resilient power, and diverse fibre connectivity links? Are servers being sufficiently cooled and energy optimised to ensure maximum availability?

If outsourcing data directly to a colocation data centre or via a cloud provider, check all of the above Plus their security and operational industry accreditations (ISO, PCI DCI, SSAE16 etc.) and the calibre of on-site engineering personnel for handling technical support issues and Disaster Recovery situations. Tier 3 category data centres should be used as a minimum. Putting in place an escrow agreement will also ensure you have legal access to retrieving your data in the event of their going into administration.

Steve Davis is marketing director at Next Generation Data.