Friday, September 27, 2019
As a business leader, you wear many hats. (Probably even more so if you work in the hat business.) It’s on your long list of job responsibilities to be well versed in multiple areas, and to know at least a little about a whole lot. And whether you’re more old-school or new, today’s business world all but requires you to have a basic understanding of technology—especially the technology designed to keep your company safe. But in order to make important security decisions, it helps to know the lingo. And even for those who regularly wade in the information technology waters, some buzzwords reference concepts that require too “deep a dive” and easily leave non-security experts in over their heads. That’s why we’re throwing you a lifeline with a short glossary of common security buzzwords to help you better talk shop when the occasions arise.
Let’s start with probably the buzziest buzzword of them all, the cloud. The cloud is simply used as a metaphor for “the internet,” so when we talk about the cloud, we’re referring to the types of internet-based services, such as applications or storage, that are delivered to your organization via the internet instead of a server that you own and manage in-house. Like most technologies, the cloud trend started in the enterprise world, then shifted to small businesses, and today is just as frequent in our lives as actual vapor-filled clouds. Now, when talking about cloud security, the conversation moves away from the overall architecture and delivery of services, and concentrates on the policies, technologies, and controls put in place to protect your company resources. These resources can include private data, proprietary applications, and any and all infrastructure you have connected to the cloud. Cloud security refers to the software-based security tools used to monitor and protect the flow of information into and out of all your cloud-connected resources.
Not to be confused with the enjoyable pastime of fishing, phishing is a digital practice by malevolent anglers looking to catch and hook you. In phishing attacks, online thieves use fraudulent emails and websites as the bait in order to steal information such as your company data, passwords, and customers’ credit card numbers. And just like that shiny new popper fly in your tacklebox, phishing schemes use very convincing bait. Emails and websites that look almost identical to, say, your bank, vendor, or favorite social network are designed to fool you into clicking a link or revealing personal information. And once you click, it’s already too late. Even when you’re being vigilant at all times, it can be extremely difficult to bat 1.000 in spotting every phishing attack. That’s why companies utilize internet security software equipped with two-factor authentication and spam and phishing filters to keep them from being hung out to dry.
There’s never a shortage of acronyms when it comes to internet technology, but VPN is certainly one of the more common ones relevant to your business. A VPN is what enables you to create a secure connection to your corporate network over the internet. VPNs are often used to access your company network while you’re traveling or working remotely, encrypting your data so it is hidden from the local network used to establish the connection (especially important when on a public or unverified Wi-Fi network). Once authenticated, a VPN allows you the same level of access to business applications—it’s just as though you were sitting in the corporate office.
Like a physical wall, a firewall is designed to restrict access to unauthorized visitors. But instead of bricks and mortar, a firewall is made up of software that provides a set of rules about which data packets can come and go from your network. Firewall architecture is changing due to new network technologies and traffic patterns and becoming more sophisticated. Today’s firewall is an entire platform for not only securing traffic flow but also for analyzing and reporting it. Additionally, firewalls today enable a whole host of different security features and functionality to stand guard over your company’s data.
As we’ve only briefly touched upon here, the digital realm has no shortage of sophisticated threats and complex solutions. To ensure they are keeping up with optimal security strategies, many companies outsource their digital security to Managed Security Service Providers (MSSPs). Managed Security refers to comprehensive IT security services delivered by a trusted third party on remotely managed appliances or devices that are simple to install and run in the background of company computers and servers. Managed Security is a popular service model for non-enterprise companies that do not employ full-time IT security experts but still wish to benefit from vital services, including intrusion detection and prevention, content filtering, and anti-virus.
As we warned at the outset, diving into the information security waters is oftentimes closer to wading through a sinkhole than a swimming hole. But hopefully we’ve provided enough context to help keep your next security convo on track and allow you to follow up with the appropriate actions versus just blank stares. When in doubt, it’s always wise to consult a security professional for assistance or services to help you protect your email, internet, data, devices, and/or entire network.