Companies store their information locally on their servers or in the cloud (cloud computing). Today, most companies have chosen to purchase cloud services due to their storage capacity, low probability of a system crash, ease of access to information, and reduced infrastructure costs.
However, one of the main concerns of cloud computing users is information security. Users depend directly on the security and privacy policies managed by the service provider. Therefore, organizations are constantly looking for tools that prevent information leaks and third parties malicious intrusions.
What is computer security?
According to Gomez, A. (2011), computer security is any measure that prevents the execution of unauthorized operations on a computer system or network.
This is based on three fundamental pillars: confidentiality, integrity, and availability.
Confidentiality: The information transmitted or stored in a computer system is only accessible to personnel authorized by the issuer within the organization. When information falls into the hands of third parties, it must be ensured that there is a set of policies that prohibit access.
Integrity: The guarantee that the information of the organization has not been modified from the moment of its creation, maintaining its completeness and validity.
Availability: It implies that a system is sufficiently robust to guarantee its correct operation, that is, access to information by users and authorized persons. Likewise, the recovery of data stored in the system when it is subject to computer attacks.
The UNE within its standard UNE-EN ISO / IEC 27002: 2017 on information security management, sets out the controls to face the risks inherent in computer systems. These controls include the company's policies, organizational structure, and procedures.
On the other hand, there are the ITIL (Information Technology Infrastructure Library) standards, based on the ISO 20000 standard, which are oriented to the management of information technology services.
To understand from an expert what are the main practices that an organization should follow in this matter, Boardgent advises:
- Keep the hard drive of computers encrypted.
- Have an updated antivirus license.
- Keep the firewall of the computers turned on.
- Have the operating system and software of the company's computers always up-to-date.
Acquire a tool that allows you to locate computers in real-time to act effectively in the event of theft or loss of hardware.
Taking a passive role in companies' computer security can have irreversible consequences in their operation. It puts at risk their financial assets, the privacy of both employees and users and highlights the organization's internal processes that can affect its position against the competition. Likewise, decrease the performance of the devices or block the access of authorized users to the system.