Good Example Of Essay On Controlling Access Paper

McBride financial services company is a mortgage lender in Boise, Idaho. It is specialized in VA, FHA, and conventional loans for purchasing and refinancing homes. McBride Financial Services, Inc. is providing objective, independent, and unbiased tax, financial, investment and estate planning advice. This company is current in competent tax and financial issues. McBride Company is able to reduce financial anxiety of the client and one client at a time improves financial lives. The main mission of McBride Financial Services is to be the highest low cost mortgage services provider in its region and all the branches in South Dakota, North Dakota, Wyoming, Montana, and Idaho. It also intends to give mortgages to clients with credit problem and to first time buyers. The company also has an intention of making its customers enter online their mortgage applications, and receiving denials or approvals electronically. It will be able to control its costs by reducing the number of staff brokers who will sell their financial packages. The main concern of McBride Financial Services Inc. is ensuring customers online financial application services secure, and ensure the protection of online information. In order to avoid clients’’ lawsuit because of stolen identity, the organization will implement an internal security system that will ensure that every employee is capable of accessing clients’ information. The company is also concerned the computer system physical security, and other issues concerning security as the success of the company is based on the understanding of the client of how their personal critical information is secure.
The organization should have a website that can be accessed online so that the customers are able to log into it and look what is offered by the company before visiting the premises to be served by the organization employees. With this in place, the organization’s customers will be in a position to access the services offered by the company in an efficient manner. Information technology security is very crucial when operating business online. It is very important to take necessary steps to protect the online business from hackers who can steal crucial information or viruses that can bring the system and the business to its knees. If an individual is fully determined to break into the system, given enough resources, they likely can. Therefore it is very critical to put safeguards in place so that it cannot be an easier target for intruders. The following are some of the steps that the organization can take to protect its systems: make use of encryption software to protect financial information of the customers from theft when transacting. For online operations to be secure a number of steps should be considered, it includes data encryption and protecting customers who use credit cards. Encryption is very critical for protecting organization’s internal information such as financial accounts, product information, personal files, and other data. There should be limited access to sensitive information to those who need to access it. If employees require remote access to the organization system, more than just a user name and a password is required to gain access, for example a token that displays second password which changes regularly.
The manner in which corporations operate on mobile devices is shifting; employees have started using their personal devices for the purpose of business rather than devices owned by the company. Without direct control of these endpoints, responsible departments (IT) had to prohibit this in order to prevent insecure access in the firewall. Management of mobile devices has become a key initiative for IT since many of these devices appear on corporate network. In their own right, mobile devices have become computers, with large application array, high bandwidth connections capability, and significant processing capacity. McBride Financial Services Inc. should make available to employees its internal business applications from their mobile devices. Since the use personal mobile devices is very prevalent, the organization should move from corporate device ownership and allow its employees, contractors and business partners to use their personal devices for business purposes. This will be a cost saving measure but compliance and security will be a challenge. Mobile devices either personal or corporate have been a challenge to IT. Mobile device provisioning and determining which services and applications are enabled/ allowed is daunting. IT organizations have solved some of mobile devices compliance and security issues and allowed personal computers access to business resources. Providing personal mobile devices access is the next puzzle.
Technologies such as SSL VPN have made it easy for companies to inspect the host, know security posture, and also allow some level of access depending on those checks. If VPN access is permitted, IT should make sure that authorization and authentication mechanisms are properly configured. Another issue can be license compliance, usage tracking, and session persistence as the users of these mobile devices roam among many mobile networks. The company can also make use of IDS/ IPS, proxies, and portals to control access. Increased traffic in the network should be monitored, as many employees, contractors, and business partners own mobile devices, IT department should make management of these devices a key initiative. The company should take advantage of both Android and iOS devices accordingly; IT department should look for ways of allowing access without losing endpoint control or compromising security. IT admin can create and manage layer seven Access Control Lists (ACLs) in limiting access to some resources. For example, administrators can create specifically blacklists or white lists of sites that can be accessed by users. They can also specify within web application a particular path such as partners or contractors. Depending on authenticated user group and device check, the device user will be able to only navigate to assigned resource paths. If for instance a partner happens to guess partner path, access is denied and cannot navigate it. Therefore McBride Financial Services Inc. should provide remote access that is secure to its employees, contractors and business partners so as to remain competitive.
The company should make use of cloud resources such as processing and data storage. The providers of cloud services are not aware generally of organizations specific privacy and security needs. Adjustments are required on the cloud computing environment in order to meet the specific requirements of the organization. With solutions offered by the cloud, the organization can rent software and computing power rather than buying it. This will enable the organization have additional environments, servers, and applications with configurations which are available from the cloud service provider which is operating out of remote data center. The computing environment that the organization rents is accessed through internet protocol. The organization will get many benefits when using this model; the primary benefit is the agility it gives the organization to move very fast and cost saving since it will not have to buy and manage needed resources for infrequent peak demand.
McBride Financial Services Inc. should make sure that the selected cloud computing solution is managed, configured, and deployed to meet its privacy, security, and other requirements. Cloud computing involves both client and server side. Maintaining logical and physical security over clients may be troublesome mostly in embedded mobile devices like the tablets. The data stored in the cloud resides in a shared environment which is collocated with data from other companies. As organization moves regulated and sensitive data into the cloud, they should be in a position to account for the means which data access is controlled and that it is kept secure. Security is the major concern around cloud solutions. The cloud provider is serving several organizations in the same network, and therefore organizations are always concerned that their data can be by another organization that is operating in the same cloud data center area. Even when the cloud provider has separated private cloud environment for a company, behind a separate firewall, operating on a different network, always there must be a concern whether the provider is offering enough security from intruders. Cloud service provider physical security provisions can be a concern, since it is supporting security for all its customers and that security is their major concern, they are providing probably physical security which is much reliable than most individual organizations internal capabilities.