In this blog post we will target explaining the importance of server and environment maintenance from security point of view. In our industry security is proven to be a key element and as is, needs continuous attention, instead of assuming that with a one time action proper security level can be achieved. This latest statement can be odd, you can think about why is that? How it can be ruined if once it is made great? Software components can contain bugs, security leaks, which are already there, but has not been discovered yet - when such a vulnerability has been identified and made public, servers or software components with this vulnerability can be easy target.
Therefore Nebu decided to perform more frequent server maintenance: it always has been important to keep servers up-to-date, but we clearly realized that updates have to be frequent enough to increase security and to decrease downtime.
Maintenance has multiple benefits:
Improved security: Any server can be a target of an attack and leaving servers unpatched with high security risks can be a much easier target than servers with the proper fixes applied. It is worth eliminating as many risks as possible, doing it regularly and frequently enough decreases the chance of successful attacks. Patches have to be applied on different levels: operating system, additional server and service components, drivers, virtualisation tools. High security patches preferably have to be applied within 24 hours.
Optimal performance: Over time, software components are not only made more secure but of course more efficient. This type of improvement can be a clear performance increment, but can also eliminate a bottleneck that can occur in complex situations: in both cases the gained extra small resources can add up, that can prevent blocking situations which results in a more stable environment.
New or enhanced features: On a relatively static environment this does not necessarily mean a clear benefit from security point of view, but any extra step that can allow a system administrator to optimize an environment can be converted to a direct advantage. Eliminated operating system or software component level bugs reduce the chance of breakdowns, increases the overall reliability of the system which helps higher level service towards our clients - best to approach problems proactive, before those risk production work - that can be translated to business efficiency at the end.
Cover all areas
Apart from servers level in most cases other components has to be checked, need to consider firewalls, switches, SANs and any other active network devices - very important from security point of view. In case you have physical servers, keeping firmwares, BIOSes, drivers, controller software up-to-date is another level of challenge, as usually these tasks require expert level knowledge and risk of a potential failure is usually immediately high, with high business impact then.
Is that all?
Would be too simple. To have a system which is running on optimal level, you have to perform some regular tasks, not to have a complete list but giving some ideas about the complexity (even if most of these tasks can be highly automated):
keep virus scanner up to date,
keep system clean from temporary/junk/cache files,
keep monitoring system up to date (that performs network, application and system healthiness checks),
apply regular database performance tuning,
if applicable keep disks defragmented.
Use the maintenance window efficiently
A planned server maintenance can be a good opportunity for checking backups, adjusting server resources, especially if the servers are virtualized and changing the virtual machine configuration is a matter of few minutes work. During a maintenance, there are usually changes that require a reboot of a server, but even if it is not specifically required, when it does not have clear disadvantages, doing a reboot can keep server fresh.
Each maintenance action has to be followed by reviewing the alerting and monitoring system and necessary application level tests has to be executed.
For all organisations it is worth regularly reviewing, if the necessary steps for providing the necessary security level relevant to that organisation are done and if those steps are possible to be done within that organisation. Answering this question will end up in discussing expertise, resources and where you would like to shift your focus.
There is a lot, that happens during a maintenance and one of the great part of our hosted system is that of course these actions are all done by our experts and the experts of our hosting partner!
Considering that both Nebu and its hosting partner does regular checks with external security experts, how to harden the security of our systems, in most cases this is something harder to solve in an in-house system, just with the own staff of a company.
If you would like to learn more about security and how to protect your data, download our white paper (yu can find the form on the right).
It helps to understand who should comply with regulations, who is the data controller, issues around Cloud Computing and geographical regulations and much more.