I recently participated in a presentation to Australian Computer Society, where my business partner Robert Buck and I reflected back on providing IT services to small to medium sized business over the last 20 years. In preparing for the presentation, I was reminded how 20 years ago, there wasn’t really any concept of ‘Cloud’ and the vast majority of our customers adhered to a consistent IT infrastructure refresh cycle, where Servers were replaced every 3 years.
Of course with the advent of Cloud technologies and virtualisation, this cycle of infrastructure replacement is no longer consistent and our solutions today are far more complex than they used to be, often involving a hybrid of on premise and cloud technologies.
One of the other key points that I was reminded of was that 20 years ago, Server systems were – by today’s standards – really quite basic. When implementing a new Server, there was really very little need to change any of the default settings, and once implemented, it certainly wasn’t necessary to change the configuration until the next Server was implemented. Of course the system had to be maintained and monitored, but the Servers configuration was often left untouched for the whole 3 years of its operation. Security was a concern for larger organisations of course, but for most small to medium businesses, changes to industry best practices were rarely serious enough to justify the cost of making these adjustments to a Server that “isn’t giving us any problems”.
Today, taking this same mindset to IT could lead to disaster. A recent case in the US has highlighted this point, where the IT staff of a large health organisation created a new server without changing the default configuration, leading to thousands of patient records being made public – without anyone inside the organisation knowing. What’s even more alarming is that it took them a full 12 months before they noticed the poorly configured Server, ultimately leading to the health industry regulator fining them over $2 million.
At Diamond we have certainly adjusted our service delivery to better manage our customers IT systems in this new reality. In fact, we’ve created a dedicated team that we’ve coined the ‘Technology Optimisation team’. We’ve done his because industry best practices, particularly around security, are changing now at a rapid pace and it’s important that IT providers keep up. With the recent advent of ransomware, it’s more important than ever that IT providers don’t leave their customers Server environments exposed with potentially dangerous ‘default’ settings or outdated security strategies. The days of anti-virus and windows security patches being the only requirements for a safe IT environment are well and truly over!
If you haven’t already, make sure you ask your IT provider what processes they’re putting in place to continuously enhance your IT systems and mitigate against potential risks. Have they spoken to you about Unified Threat Management or gateway security? Have they mentioned web content filtering and sandboxing technologies? What about your organisations password policies? If they’re not giving you guidance in these areas, or if they give you the standard response of “we’re doing maintenance and monitoring”, it might be a signal that your IT provider is stuck in the 90’s and not thinking about today’s rapidly evolving IT challenges. IT providers that understand these challenges know that to remain relevant and competitive, they need to be providing not just support, maintenance and monitoring, but a process of continuous improvement and alignment to industry best practices.
I encourage you to take our Online Security Assessment to gauge how secure your network is…
Also be sure to keep across with our Ransomware updates including real examples are we come across them and feel free to contact us for any further information or support: 1300 307 907