Infrastructure Best Practices and Security
(Student’s Name)
(Institutional Affiliation)
Introduction
In general, the IT infrastructure is characterized by a collection of IT components that are the founding elements of an IT service, usually physical components, but also various complementary software and networks. IT best practice is the collection of activities that optimize efficiency (cost and risk) or utility (service level) in the area or system to which it applies. IT best practices must be adaptable, practical, and replicable across the industries. IT security is a series of cybersecurity strategies that prevent non-registered organizational access, including computers, networks, and data. It maintains the integrity and confidentiality of sensitive data and blocks access for advanced hackers. After reviewing Gail Industries’ security features from what I see, it has a lot of excellent safety, but I would change a few things. One thing I found is that there are 4 to 5 different targets when it comes to security and not just security measures for the data center and one for each facility.
Background
- Any access to the physical data center must have granted permission, which is revocable.
- Gail industries have implemented a two-factor authentication procedure
- a request is submitted to receive a badge from having access to the data center.
- Nametags are only issued to IT officers only.
- Termination access to the data center to employs who no longer works for Gail industries.
- A periodic audit is conducted to check those who have access to the data center.
- The data center is continuously monitored using CCTV and recording kept for at least 45 days.
- Grant to control is be implemented to monitor and revoke access to the data center.
- A request is submitted before the badge is granted.
- Gail industries have an established procedure of how it complies with industry standards.
- Authorized personnel in the Gail industries premises escort all visitors.
- CCTV monitors all the facility server rooms, and the footages kept for at least 45 days.
- Change requests are documented through a change request form, which completed with details.
- The detailed type CAB meets regularly to review and prioritize demands for change.
- The CAB signs application form on approval of change requests.
- Before implementation, testing is completed in a test environment that is separate from the production environment.
- CAB must support all changes before implementation.
- Logical security helps to assist in modifying privileges of access control.
- They guide data, information assets, and infrastructure security.
- They authenticate user account and passwords before they allow device access.
- They are in charge of the password policy.
- IT Policies and Procedures Manual
- Policy and procedure used to build, manage, and preserve password apply to all workers, contractors, and affiliates in reach of Gail industries.
- The policy governs the appropriate use of passwords on all Gail systems networks and data.
- Smallville City clients provide guidelines on the development of passwords (minimum length, complexity), age of the account (expiry periods), account security, and the invalid login threshold.
Analysis of Security Practices
Best practices, in a particular business circumstance, are a collection of rules, principles, or concepts that describe the most successful or prudent plan of action (Kenton, 2019). Officials, such as managers or regulatory, may create industry standards. The organization’s management team may decree them internally. Organizations must follow a holistic approach to enforcing IT organizational security (Patterson, 2017). The Standard procedures and best practices can be used as a guide for Gail Industries and reach within the IT department. Gail Industries has some excellent methods in place, in terms of network security. Some industry best practices currently associated with Gail Industries are data retention, transparent security protocols, network visibility and control, device permissions, third-party user access, and user education.
Although the company embraces and aligns with best practices, they are not enforcing a few IT policies. One of such is network segregating. Gail should divide the networks into sections of usable areas known as zones. For areas such as payment and invoicing, analysis, distribution, and technical support, various zones may exist. Both of these would have different technological requirements, and routers, switches, or VLANs could accomplish this (Patterson, 2017). Network segregation restricts potential harm within a single region. It is also useful for data sorting and safety, since different rules can be applied to each location, for different security levels, and adequately monitored (Kenton, 2019). Centralized logging is another best practice that could benefit both Gail and SCOPE. They will report incidents and suspicious logins that will help reconstruct the events that happened during an attack so that further measures can be taken to enhance the identification of threats and to prevent future attacks quickly.
Recommendations and Ways to Maintain a New System
For Gail Industries, one suggestion will be to use cloud computing for most of their applications and data. Although they currently use cloud-based AWS servers for internet-accessible applications, much of their data is stored on local servers. If an attack happens, or the server goes down, they may lose data. Cloud computing advantages include continuous replication, consistency in access data, and knowledge can be exchanged in real-time, increasing collaboration, and is less expensive.
Another security best practice for the company to adopt will be a contingency plan for security incidents. There has been a lot of emphasis on preventing security breaches, but they should also take the time to develop and establish a comprehensive response plan for incidents. They will be able to respond quickly and aggressively to the attack in case of an attack, an outage, or natural disaster, reducing damage and implementing mitigation against future attacks.
Conclusion
In conclusion, Gail Industries has some proper security procedures in place alongside Smallville clients. They have policies and procedures that cover physical asset safety, data security, passwords, and firewalls and align themselves with industry guidelines and best practices. Controls are in place to protect them; conversely, there are a couple of suggestions that can be acknowledged to improve security, such as network segmentation, cloud computing implementation, and the creation of an incident response plan to address attacks quickly. Some steps can be taken to protect the company from threats to security, and Gail Industries is well on its way to improving its network security.
References
KENTON, W. (2019, May 29). What you should know about best practices. Retrieved from https://www.investopedia.com/terms/b/best_practices.asp
PATTERSON, J. (2017, November 20). Best practices to secure IT servers and infrastructure [Infographic]. Retrieved from https://transcosmos.co.uk/blog/best-practices-secure-servers-it-infrastructure-infographic/