How important are your computers, servers, and internet access to your business? What kind of damage could ransomware, a zero day exploit, or a virus do to your business?
Unfortunately, most small and medium businesses can’t directly answer that question until it happens. Companies of all sizes have traditionally treated IT as a cost center for their business and not an investment that needs to be maintained to yield results. They typically install anti-virus on their PC’s and perform tape backups thinking they are safe.
So what can a business do to minimize their risk and maintain an efficient operation? Understand that any successful initiative will consider a multilayered approach to security and resiliency. I will put forth a typical small business recommendation that will look at how to build for both desired outcomes.
Let’s start off with what our end goals for this design are:
1. Cost efficiency
2. High level of protection from viruses and other malware
3. Ease of ongoing maintenance
For this solution I have chosen products from Meraki, Microsoft, Sophos, and Veeam. This article doesn’t portray that these are the only solutions, but that they were chosen with the criteria mentioned above.
Meraki was chosen from the network infrastructure standpoint for several reasons. First of they offer an easy to navigate cloud based management system that includes metrics, reporting, and excellent resiliency features. In addition, their solution can be expanded to include IP Security cameras, IP Phones, and advanced Security features with their MX line of gateways that include Cisco’s AMP and Threatgrid services.
Microsoft is pretty much ubiquitous among a majority of small businesses with their server and desktop operating systems. Both Windows Server 2016 and Microsoft Windows 10 offer a litany of security features and tools that can be configured to protect your investment.
I really had a difficult time in recommending a single hypervisor for use since both Microsoft and VMWare offer their base hypervisors for free of charge. Both are mature platforms for any type of virtualization.
In an upcoming post I will dive deep into configuring 802.1x authentication using either Microsoft Window Server with the NPS role, Cisco’s ISE, or Meraki’s hosted authentication.
I will also detail how to setup secure wireless including guest access and BYOD.