Our goal is to achieve the same result whether your business is building from the ground up or already has IT systems in place. The final product is an IT infrastructure that will be defined by the following characteristics:
Robust – this is the ability of your IT systems to remain operational when users of those systems make mistakes. For example – a user (accidentally or willfully) visiting a harmful website should not be able to compromise the computer operating system or those of other computers on the network. Robustness is one of the most important attributes, and it’s tough to accomplish. It’s quite easy to get a computer network up and running, but then be operationally fragile. Unfortunately, it’s no simple task for a business management team to know the difference.
Scalable – this is the ability of your IT systems to be able to quickly and easily expand and contract to accommodate corresponding growth or contraction of your business. For example, if your email system is scalable, it should be no problem to add 100 new employees to the system in a matter of hours, with all users having appropriate access to shared resources like contacts, documents, and company calendars.
Secure – security can only be achieved by adhering to the principle of least privilege. The principle of least privilege (also known as the principle of minimal privilege or the principle of least authority) requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user or a program) must be able to access only the information and resources that are necessary for its legitimate purpose. The military security rule of “need-to-know” is an example of this principle. Sounds complicated, but the most common violation of this principle is a very simple example that exists in a great number of business networks – when user accounts have administrator-level rights. More information on the the principle of least privilege can be found here in the Reference Papers section. Only after this core concept is implemented should additional more well-known layers of security like anti-malware/anti-virus be considered. Many times these higher level items are the only layer of security found in a business, the result being a fundamentally flawed configuration that lends a false sense of security.