Nimble Logo Professional I.T. Services HoustonBusiness.com
about nimble  •  services  •  case studies  •  Cost Effective IT  •  careers  •  investors  •  Home Pagehome
Cost-Effective IT: Security Part II

Cost-Effective IT: Security Part II, by Richard Sonnier

Houston Business Show "Advisor" Richard Sonnier, of the Information Technology Services firm Nimble Services, Inc., provides weekly information on our show about business technology issues. He can be reached at 281-445-4800 x250 or rsonnier@nimbleservices.com.

Last week, I began reviewing IT security by providing a practical definition of this complex subject and discussing the key concept of Authorized Access focusing on passwords. Passwords provide the who side of Authorized Access. This week I move on to the what side of the concept: protecting the information stored on the IT system.

Access Controls

The basic idea is that someone owns all the information in the computer system. Commonly, businesses are organized into functional areas like accounting and sales. The manager of each area is typically the owner of the information stored in the computers for his area. The manager is responsible to the company for the integrity of the information and he defines who can read or change what information. This is called access controls. Therefore, a business establishes access controls as follows:
  1. Classify all the information in the company. Although I am focusing on IT, this classification usually includes non-electronic information as well.
  2. Assign a data owner to all the information.
  3. The data owner assigns the allowable access to his information for other company staff.
  4. Review the access controls periodically perhaps once a quarter or at least once a year.

Access Control Lists

In many computer systems, the business can use Access Control Lists or ACLs to implement the their security rules. ACLs are exactly what they sound like a list of users or groups of users and the access they are allowed to have. ACLs are assigned to objects in the IT system like files, directories or databases. Software is available or built into the systems that make it easy to set ACLs on many objects with just a few clicks so that creating and managing access controls can be fast and efficient.  However, be careful it is entirely possible to lock yourself out of the system until you get the hang of access controls. I recommend you make a copy of some directories and files. Now, try out ACLs on these objects before applying them to the entire system. Be careful not to change the ACLs on the operating system files as that can causes problems. If you need any assistance with IT security, contact me at Nimble Services.

Proceed With Caution

It is really pretty simple but it can be hard to implement at first. If the company staff has wide-open access to all information, then when you first turn on the security everyone will complain. I recommend proceeding slowly but steadily. Try and keep it simple. In the end the benefits are really valuable to the business.

Next week, I will discuss the benefits of IT security.
©2005 Nimble Services Inc. About UsContact Us
 Home PageHomeServicesCase StudiesWhitepapersForum