Megaventory Blog - Online Inventory Management Software, Order fulfillment and Control System
This is the company blog for megaventory, an online software that helps small businesses that buy, sell and manufacture physical products to manage sales, purchasing, manufacturing and inventory. We blog about new features and updates but also about enterprise software, small businesses, cloud computing and the industry in general.

Wednesday, August 14, 2013

How you can have just enough security

In the beginning of August two important security events took place in the US: DefCon and BlackHat. Although interesting in their own right at many levels, along with the recent news on government agencies being able to track and monitor individuals online, they have helped draw attention to security issues and spark that discussion from various angles.




Passwords are dangerous


So for example there's this movement to do away with passwords altogether; the argument being that passwords - or at least their (mis)management - provide an attack vector to a company's data. There's a large discussion with pros and cons about it but the fact remains that passwords have been being declared dead for about a decade now. Alternatives such as biometric, two-factor or item (e.g. watches) authentication have been implemented to some extent but none is still as ubiquitous as the password. And such a prevalent method to go away will need many years still as such changes in behaviour and habit are difficult to change. And that's without taking into account the cost of alternative authentication ways.

The cloud is dangerous too


A recent security issue widely discussed is the usual practice of employees bringing their own device (BYOD) to work. Whether that's a laptop, a tablet or simply their smartphone it's an attack vector for hacking into your business. If for example such a device from a single employee is connected to the company's Google Apps account and it's compromised, then that's enough. The BYOD practice is already under a lot of criticism but that's only the beginning as the next iteration is already here. Bring Your Own Cloud (BYOC) are yet another issue businesses have to worry about: employees bringing their data and other information to the company network by means of their personal cloud computing choice. Whether that's their Dropbox account or their Google Drive account these are all in theory means by which company assets can be compromised.

And protection is impossible - and expensive


And if this wasn't enough, analysts claim that if you want to at least offer some protection to your company you can not protect it by buying SaaS as relying on the cloud for protection is anything but foolproof. Instead you have to cough up for hardware, specialised expertise to set the hardware up and following that monitor it by spending even more money.

Or maybe not...


This may all spell doom and gloom but as we've said in the past provided you take some common sense steps to avoid the basic dangers out there you really shouldn't worry about that part of your business. All this discussion is essentially fearmongering to get you to buy the latest and greatest solution.

A simple common sense approach is enough to keep your sanity, address such issues and move on to getting things done.

  1. Rely on experts to handle security and maintain your IT overall - whether that's a cloud service or a specialised software house.
  2. Outsource everything that isn't your expertise - doing such things on your own or in-house may save you a bit of money but will result in much more lost in the long run.
  3. Take the easy solution now and when you've outgrown it, only then buy a more complete customized one.
  4. Adopt some best practices (ask an expert on what they are!) and rely on the reasonable assumption that a small or even a medium business is largely unlikely to become a hacking target.

It's as simple as that really.