security is an oft-overlooked component of data and system
security in the technology world. While frequently forgotten,
it is no less critical than timely patches, appropriate password
policies, and proper user permissions. You can have the most
hardened servers and network but that doesnt make the
slightest difference if someone can gain direct access to
your network equipment and server racks.
can invest thousands in your server room or datacenter. You
can configure your firewalls properly and encrypt your VoIP
traffic. You can do all of this, but an attacker can circumvent
all of those measures by slipping into your company unnoticed
and approaching your hardware directly. Locks, safes, and
alarm systems provide some measure of protection... but only
if they are selected and implemented wisely. Otherwise, they
are mere speed bumps that can slow an attacker down slightly,
but not act as a significant obstacle preventing them from
accessing your sensitive data.
CORE Group is a consulting outfit dedicated to specifically
addressing the non-digital security needs of companies large
and small. While the bulk of a typical corporation's security
budget is spent on web application security and software scans,
it is a very wise decision to also direct some resources towards
the assessment of your physical facility. After all, attackers
do not confine themselves simply to the parts of your operation
with the strongest fortifications. If you spend all of your
money on firewalls and an electronic IDS system a potential
intruder isn't going to match your time and investment...
they are simply going to try another path of access!
one of our clients stated when we presented an after-action
report to his company, "You just showed me more about
our security vulnerabilities in one hour than we've learned
in the past year... and it cost us less than an entire week
of digital penetration testing!" His pleasure only increased
when we demonstrated how he could fix the problems for a fraction
of his overall security budget. "Making minor effective
changes has increased our security posture more than a million
dollar investment in new IT resources could have," was
the CFO's shocked response.