In the last post of this series, we described the value proposition of the Cyberus Secure Virtualization Platform (SVP). This post goes into more technical details.

In this post we will talk about:

• SVP as a fast, flexible and secure virtualization platform.
• How the open-source Hedron Hypervisor enables uniquely flexible virtualization solutions
• How our microkernel-based virtualization stack enables a small Trusted Compute Base for high-security use-cases
• Enabling great performance through pass-through virtualization

At Cyberus Technology we have built our virtualization platform from scratch. We have chosen a microkernel-based architecture for SVP. This allows us to meet customer demands and still provide a system that is easily certifiable.

Security Through Simplicity

Traditional operating system kernels, such as the Windows and the Linux kernel, are huge and come with millions of lines of code. A lot of functionality is provided within these kernels and all code providing this functionality runs in a privileged CPU mode. For security this creates two problems: First it is hard to reason about the code and second the amount of bugs and security issues tends to scale with the amount of code in a linear fashion.

All of this code needs to be trusted to be correct by any application running on top. It is also called the Trusted Compute Base (TCB) and reducing this has been a hot topic in operating systems research.

Our open-source microkernel Hedron ² comes in at roughly 10 thousand lines of code, thus reducing the TCB by two orders of magnitude compared to traditional operating system kernels. Hedron is at a size that can still be understood by a single person. Most of the functionality is implemented in isolated components running in a less privileged mode, called user-space. This is important because you only need to understand a single component to be able to understand what it does and which role it plays. This is important for security, but it also provides the nice benefit that it is far easier to track bugs. In general this kind of component- based system is easier to understand. This in turn makes it easier for developers to create correct code and easier for reviewers to certify a system’s safety, security and correctness.

Radically Flexible

Having lots of small components also provides flexibility. While the Hedron and Supernova components provide basic virtualization primitives, we have developed a number of other components that can be combined to provide value.

Existing virtualization solutions usually emulate a number of devices in order to be able to run multiple virtual machines at the same time. This is necessary, for example when you want to run two VMs with network access, but only have one networking card in your system. While modern technologies like SR-IOV¹ make this easier this design still creates a lot of performance overhead and is not always necessary. Sometimes it is preferable to pass-through the actual hardware.

In SVP we are able to run a special kind of VM, that has access to the real hardware. Within this VM, which we call Control VM, we can run a deprivileged Linux system and Virtualbox in order to provide a full virtualization solution, or we can run Windows and malware samples as an analysis system.

Usually Virtualbox talks to its own kernel module to provide virtual machines. In the case of SVP Virtualbox talks to our own SLVM kernel module, which is a shim that forwards all calls to the SVP API, running in user-mode on the host system. This allows for a much smaller Linux system in the Control VM.

This design also allows us to move functionality from Virtualbox to SVP, either for performance reasons, or for security reasons. In the case of Graphics Virtualization we have moved the graphics stack from Virtualbox to SVP.

The Road Ahead

The flexible nature of SVP will allow us to provide more modules in the future. Think of a micro-VMM that allows special purpose VMs, running library operating systems ³ ⁴, just for networking. Or a specialized VMM to run cloud native applications directly on top of SVP.

We are also working on our own SDK, that will allow developers to easily build secure systems with their own components using the SVP platform, using the same libraries and languages they already are familiar with.

Read More

1. SR-IOV
2. Hedron Github Repository
3. Unikernels: Rise of the Virtual Library Operating System
4. Exokernel An Operating System Architecture for Application-Level Resource Management

The solution:

Standardization and reusability

The successful integration of acquisitions into a group is an important prerequisite for its growth. Cloud services offer the opportunity to use the innovative power of startups for corporations as well. This is not without its challenges. In addition to adhering to the Group’s compliance guidelines, stricter security standards often have to be met.

In this project, peripheral systems such as automated rollouts, monitoring and logging were designed for reusability and standardization. They form the stable framework for the successful migration of future projects and products.

AWS Elastic Beanstalk, AWS Lambda, AWS S3 & Cloudfront and AWS RDS were used for the application-specific components.

security and sustainability

In the rapidly developing cloud industry in particular, it is essential to regularly update applications and infrastructures. If this does not happen, technical debt arises, which leads to high additional costs for updates and changes in the long term. As part of the migration, we adapted the application and the infrastructure in accordance with the current AWS requirements and the group guidelines. The measures carried out by PROTOS guarantee not only increased security but also the future viability of the application.

During the project, PROTOS Technologie GmbH provided advisory and implementation support for the migration of the application and for the conversion of the infrastructure. In order to ensure a high rate of innovation, the project was carried out using an agile methodology. We worked together with an external development team.

The implementation

The first step of the migration involved rebuilding the infrastructure. The second step was to optimize the application and infrastructure. In addition, a separate test system was set up in order to be able to test any changes to the infrastructure and the application.

As part of the rebuild, the infrastructure was built using Terraform as infrastructure-as-code. Combined with the software versioning technology GIT, reproducibility, testability and automatic rollbacks could be guaranteed. Changes to the infrastructure code were rolled out automatically using a CI/CD pipeline (Continuous Integration / Continuous Deployment). The AWS developer tools AWS CodeCommit and AWS CodeBuild were used for this. The reproducibility could be used to provide an exactly the same image of the infrastructure as a productive system within a few minutes.

The application itself uses AWS Elastic Beanstalk, a Platform-as-a-Service service. Elastic Beanstalk handles everything from capacity provisioning, load balancing, and auto-scaling to application health monitoring. In addition, an SQL database is connected and in-memory storage is connected (with AWS Relational Database Service (RDS) and AWS Redis).

To enable CI/CD, frontend and backend changes were automated analogous to the infrastructure and for both environments using AWS CodeCommit, AWS CodeBuild, AWS CodeDeploy and AWS Pipeline. Unit and integration tests of the application artifact within the CI/CD pipeline are also automated.

In the second step of the migration, the application and the underlying infrastructure were optimized. Superfluous infrastructure components were removed and safety-critical parts were redesigned.

Various technologies exist around Fiori

There are a variety of software versions that can be used. Terms like “frontend” and “backend” appear. We speak of hub or embedded deployment.

But which of these terms should be classified where? What should be considered when setting up? All questions where Fiori is slightly different than the “classic” SAP. This blog post gives an overview of the technical aspects of Fiori.

Front end and back end

When setting up, Fiori distinguishes between frontend and backend. Both components together form the infrastructure for Fiori Apps, but should be considered separately, as they have different tasks. The front end is used to provide the Fiori app interfaces. It is comparable to a special type of web server to optimally visualize the business data in the form of apps for the user. In the backend, on the other hand, all data storage and data processing takes place. Since the backend is usually the SAP Business Suite that is already in use, the introduction of Fiori does not change anything in existing processes.

The SAP Gateway – The basis for Fiori

Whenever Fiori is used, a so-called SAP gateway is required as a front end. This raises the question of whether a separate new server is always required for the “new” SAP Gateway?

No, even though having your own server is highly recommended! The SAP Gateway is already integrated in SAP NetWeaver ABAP 7.40 and can be installed on SAP NetWeaver ABAP 7.31. This means that any existing business suite system based on NetWeaver ABAP 7.40 / 7.31 can also be used as a SAP gateway. Frontend and backend are then on the same system. This scenario is also called embedded deployment.

Nevertheless, it makes sense to operate the gateway separately. How so?

• Several backend systems can be connected to a centrally used SAP gateway. The separate gateway then forms the central access point for Fiori, even with several backend systems.
• When Fiori is accessed via mobile devices, communication usually takes place via the Internet. However, the Business Suite itself should never be accessible directly from the Internet. For the SAP Gateway, without business data, it is less critical.
• Frontend and backend can have different maintenance cycles. During system maintenance, there are no dependencies between the systems.
• The impact on the existing business suite is minimal.

If the gateway is set up separately from the Business Suite, this is also called hub deployment. While hub deployment alone is a security benefit, security and access control can be further enhanced by using an optional reverse proxy.

Figure 2: Hub Deployment with Proxy

The SAP Gateway is installed, what needs to be done when setting it up?

Setting up the Fiori environment essentially consists of five to six steps:

1. Set up SAP gateway-specific web services: Various web services must be activated in the SAP system for the gateway. This includes, among other things, the service for providing the SAPUI5 environment.
2. Connection of existing Business Suite systems: The communication channels between frontend and backend must be set up. This is done, among other things, by setting up a trusted RFC connection.
3. Set up Fiori app-specific web services: Apps communicate with the backend via so-called OData services. These access data in the backend and make it available to the app. The main web services are those of the Fiori Launchpad. The launchpad is the central access point and all later apps are integrated.
4. Importing the Fiori interfaces into the gateway: The interfaces for Fiori are delivered by SAP in separate add-ons. These interfaces are delivered in separate packages for each area of ​​application. The correct packages must therefore be determined and imported.
5. Importing a current SAPUI5 library: SAP Fiori uses the SAPUI5 library. This is regularly updated and improved. It is integrated into the SAP Gateway and can be updated separately.
6. Import components in the backend (depending on the app used): Depending on the version of the Business Suite used and which apps are used, add-ons must also be imported into the backend. Similar to the interfaces, these are also app-specific.

The first apps

The infrastructure is in place, the environment is set up, the packages are installed and the Fiori Launchpad, the central entry point for Fiori, is accessible. Congratulations, you have laid the foundations for Fiori and the first functional app is not far away. Which app should it be? There are a variety of apps that should be optimally adapted for your company. We would be happy to support you individually and adapt Fiori Apps and the technical environment to your company.

From QR code scanners to prayer apps: millions of Google users have unwittingly loaded spy apps onto their smartphones. Some security researchers have come to this conclusion. For example, the applications sent location data without being asked and without permission.

Spy apps instead of QR scanners: Security researchers discover dangerous Google apps

If an app has more than five or even ten million downloads in the Google Play Store, it definitely has a relevant reach. This applies, for example, to several Muslim prayer applications, a QR and barcode scanner or a remote app for computer mice.

The problem with this: The list of applications that the security researchers from App Census published at the end of a blog post is by no means harmless. On the contrary: every listed app from the Google Play Store is de facto a spy app.

Software company in Panama collects personal data from Google users

And it doesn’t stop there. All apps found rely on a programming interface and software modules (SDK, Software Development Kit) from the Panama-based company Measurement Systems.

These built-in technical structures have ensured that millions of Google users have been unknowingly monitored.

Because although the apps mentioned actually had no access, the applications forwarded personal information such as location data, telephone numbers and even e-mail addresses to Measurement Systems without the consent of those affected.

Mysterious connections to the US government

But the US cybersecurity experts from App Census have discovered even more details. For example, reports this Wall Street Journal of strange company constructs.

According to the analysis, the code from Measurement Systems allows a direct link to be established with a security company in the US state of Virginia, which in turn works closely with several US federal agencies and secret services.

It is an open secret that those US authorities buy personal information from users from service providers. After all, the Ministry of Defense, among other things, had admitted such interns.

spy apps? Google only partially protects users

In total, the affected apps with the dangerous software modules were downloaded from the Google Play Store more than 60 million times.

However, the researchers had already shared their results with Google some time ago, so the affected applications were removed from the Google Play Store on March 25, 2022.

However, this does not solve the problem of spy apps. After all, the developers only have to remove the controversial software modules from their apps – and the way back to the Google Play Store is open to them again.

Ultimately, this means that millions of Google users cannot be sure in the medium term that they will literally be taken in by a spy app.

Also interesting:

Slow downloads and dead spots could soon be a thing of the past. In this country, the expansion of mobile phone networks is progressing steadily. Nevertheless, operators in some federal states are more successful than in others.

Large projects for the expansion of mobile communications

In order to meet their coverage obligations in good time, a great deal of initiative is required from German network operators in connection with the expansion of mobile communications. Current information from the Federal Network Agency refers to this.

The documents relate to conditions that network operators such as Deutsche Telekom, Telefonica and Vodafone agreed to in the 2019 frequency auction and which are to be met by the end of 2022.

Ambitious goals

A commitment states that by this time at least 98 percent of all households in every federal state will have access to a mobile phone network with a download rate of at least 100 megabits per second. As the paper makes clear, by January 2022 this requirement had only been met by all network operators in four federal states.
In the city states of Hamburg, Bremen and Berlin, 100 Mbit/s coverage is already 100 percent of all households. With a share of 99 percent, the expansion in North Rhine-Westphalia has largely been achieved.

Different developments in German federal states

In the document, the regulator refers to a cellular coverage in a range that refers to the best and worst coverage. For the state of Bavaria, mobile phone coverage ranges from 88 to 98 percent.
Accordingly, the slowest telecommunications company covers the expansion with 88 percent and the fastest service provider up to 98 percent of the households in the state.

However, the document does not provide any information about which network provider is the fastest and which is the slowest.

In the recent past, however, Telefonica had the greatest difficulties in meeting the requirements for network expansion.

Specifications for federal roads and motorways

In January 2022, no telecommunications company had yet achieved the target of 98 percent in three federal states – in Baden-Württemberg, Rhineland-Palatinate and Thuringia. In ten federal states, at least one in three network operators has not yet reached the 98 percent mark. The requirements include that the download of 100 Mbit/s through mobile networks is also possible on all important federal roads and motorways as well as frequently traveled rail routes.

According to information from the Federal Network Agency, the range achieved on the German trunk road network is currently 93 to 99 percent. So far, a level of 90 to 96 percent has been reached on the most important federal highways and 92 to 97 percent on railways.

In the farewell year, the fashion mail order company Ritter brought in 89 million euros. Also: Warren Buffett helps HP shine again and at the same time receives a broadside from Peter Thiel.

Good Morning! While you slept, work continued elsewhere in the digital scene.

The top topics:

The former Zalando co-boss Rubin Ritter received 89 million euros as a farewell. The fashion mail-order business listed in the Dax “goldened” him last year. Rubin Ritter has not been with the company since June. He first announced his departure in December 2020. At the time, Ritter said he wanted to take more care of his family. From now on, his wife’s career should have priority. Gründerszene already reported last year how he was building a future as an investor in the background.

The Zalando annual report now showed Ritter’s generous remuneration in his last year of work. The lion’s share of the 89 million euros was attributable to stock options that Ritter received in 2011, 2013 and 2014, in part before the Zalando IPO in 2014. Ritter still exercised some of the options worth 42.5 million euros before he left Zalando, he later earned a further 46.6 million from it. [Mehr bei Handelsblatt]

on Founder scene: Flixbus is one of the best-known companies in the German tech industry. The Founders Daniel Krauss, André Schwämmlein and Jochen Engert have also become rich themselves with the bus company. With their money, the people of Munich have financed an amazing portfolio of startups over the years. Your strategy is simple. [Mehr bei Gründerszene+]

And here are the other headlines of the night:

the HPstock had just seen its best day in more than two years, and Warren Buffetts Berkshire Hathaway has become almost 650 million dollars richer as a result. After Berkshire announced its ownership of 121 million shares in the PC and printer manufacturer on Wednesday, identifying itself as HP’s largest shareholder, the stock exploded. HP’s shares rose 15 percent Thursday, taking the value of Berkshire’s stake to $4.85 billion from $4.2 billion. [Mehr bei CNBC und Reuters]

Cryptocurrencies: Although the HP message shows the importance Warren Buffett still has in the financial scene, the German-born US investor Peter Thiel allowed himself a broadside against the 91-year-old. For example, Thiel said at a Bitcoin conference on Thursday that Warren Buffett is one of the crypto movement’s biggest opponents: “Enemy number one,” Thiel told a booing crowd in Miami, is “the sociopathic grandpa from Omaha.” Buffett’s Berkshire Hathaway is located in Omaha. Thiel also named JPMorgan CEO Jamie Dimon and Blackrock CEO Larry Fink as opponents of digital currencies. [Mehr bei Bloomberg und CNBC]

eToro has unveiled a $20 million fund to buy NFTs and support producers. The trading platform announced the launch Thursday at The Bass, a contemporary art museum in Miami. The trading platform’s fund is part of a new initiative called eToro.art that aims to support NFT creators and brands. NFTs, or non-fungible tokens, are digital assets that represent real-world objects — like art, music, real estate, and more — and cannot be replicated. [Mehr bei CNBC]

JD.com-Founder Richard Liu has resigned as CEO of the Chinese e-commerce company. Xu Lei, President of JD.com, will assume the CEO position effective immediately and join the company’s Board of Directors. It is JD.com’s second management change in the past seven months. In September, Xu Lei was appointed president after stepping down as head of JD.com’s retail operations. Liu has kept a low profile on JD.com in recent years since he was accused of rape in 2018, an allegation he has denied. [Mehr bei Bloomberg und CNBC]

Bolta US company that provides checkout software, announced on Thursday that it has launched the startup Wyre will buy up. With the acquisition, Bolt aims to enable its customers to make crypto payments via its checkout technology in the future. Bolt is set to pay $1.5 billion for the firm, which offers blockchain software that allows traders to accept cryptocurrency in the form of a cash and stock deal. The deal, which is expected to close in the third or fourth quarter of this year, comes five months after Bolt acquired Swedish company Tipser. [Mehr bei The Information]

Our reading tip on Gründerszene: Serial investor and Amorelie founder Lea-Sophie Cramer has seen many pitch decks in her life. Cramer is one of the most active business angels in Germany. In the Gründerszene interview, she reveals her Top tips for the pitch deck. [Mehr bei Gründerszene]

Don’t want to miss anything? Then subscribe to our Gründerszene newsletter! It appears every morning at 8:30 a.m. and brings you all the important news straight to your inbox.

Happy Friday!

Your Gründerszene editors

Just leave the car parked whenever possible. Of course, this tip offers the most potential in terms of fuel consumption. However, millions of Germans depend on the advantages of cars.
Anyone who cannot use bicycles, public transport or carpooling as alternatives should therefore drive as fuel-efficiently as possible.

Do without unnecessary transport goods

Specialists from ADAC, TÜV Süd, TÜV Thüringen and Auto Club Europa know a few tips for reducing the car’s fuel consumption. For example, the fuel bill increases due to unnecessary ballast.

An additional weight of 100 kilograms leads to an additional consumption of 0.3 liters per 100 kilometers.

In the city, consumption is particularly high when drivers frequently have to start or accelerate.
If accessories such as beverage crates or sports equipment are not absolutely necessary, the utensils do not necessarily belong in the car. Because roof boxes, carriers for bicycles or roof racks have a high level of air resistance, the fuel consumption of the vehicle also increases as a result.

Bicycles for short distances

Drivers should also consider that the bicycle is a sensible alternative, especially for short distances. Another solution would be to combine several isolated journeys into a longer tour. During a cold start in particular, the engine is dependent on higher amounts of fuel. Gasoline engines in particular depend on a good mixture with more fuel in the warm-up phase.

After the start, rapid acceleration makes sense. But it is just as important to shift up in good time. The ADAC recommends a gear change of 2,000 rpm.
It is important to maintain the driving speed at low speeds while driving. After that, drivers should only downshift if the engine jerks. Some modern vehicles are also equipped with Eco shift recommendations in the speedometer display.

Drive with foresight

Anticipatory driving also leads to benefiting from the braking effect of the engine for as long as possible. In many vehicles, the fuel supply is automatically deactivated during overrun.

In this situation, it is important not to shift out of gear when drivers are approaching a red light or slowly entering a town.

If you prefer driving at a constant pace and without high speeds, you can also reduce consumption. In addition, air resistance affects fuel consumption from a speed of 80 km/h. With an integrated cruise control, the device contributes to a smooth ride on longer journeys.

Shut off the engine if possible

In general, as soon as the car is not driving, it is important to switch off the engine. This recommendation applies to all interruptions that exceed at least 20 seconds. When idling, a vehicle needs about half a liter to a liter per hour.
Some modern vehicles also have an automatic start-stop system. If this is not available, drivers have to turn the key themselves. When the engine is warm, however, the load on the battery and starter is minimal.

Only switch on the most necessary electronic devices in the car

A vehicle also offers savings potential if drivers only turn on the most necessary electronic devices in their vehicle. For example, it is important that convenient features such as seat heating are only in operation for as long as is actually necessary. In return, drivers are well advised to use safety features such as windscreen wipers, lights or windscreen heating as little as possible.

A well-functioning air conditioning system is an extra, the advantages of which most drivers would not want to do without.

However, depending on the vehicle and the technology, an air conditioner needs 0.3 to 1.5 liters per 100 kilometers. That’s why bargain hunters shouldn’t cool down their car too much.

Fuel-guzzling air conditioning

At higher speeds, fuel consumption increases due to turbulent air flows when drivers open the side windows or sunroofs. If the windows are even open on both sides, consumption increases by 0.2 liters per 100 kilometers. At low driving speeds, the method promises a consumption advantage over air conditioning.
In addition, too little air in the tires not only leads to increased fuel consumption. At the same time, drivers have to put up with longer braking distances and poorer driving behavior under these circumstances. Consumption increases by five percent when the tire pressure is 0.5 bar too little. That is why specialists advise checking the tire pressure at least once a month.

Refuel at the right time

Fuel is particularly expensive during rush hour. Fuel is cheapest between 6 p.m. and 7 p.m. and between 8 p.m. and 10 p.m. Price differences between individual providers are sometimes immense. Tank apps that enable price comparisons in real time are a good help.

If you want to save money at the gas station and therefore want to drive abroad to fill up, you should carefully consider how sensible these detours are. Those who live near the border may make a good decision by taking the detour. But those who cover longer distances – exclusively for refueling abroad – may choose a negative deal.

A good IT infrastructure is now an important basis for companies to be able to work effectively at all. Most companies feel safe because their network servers are securely housed in corporate server rooms. However, this assumption underestimates potential dangers that exist for servers in reality.
To make matters worse, important security measures are often taken lightly and are simply not enough.

Different dangers for servers

A hardware server is a physical device that resides in a data center.

Servers are generally considered to be sensitive devices whose functionality is clearly affected by damage events.

If damage is imminent, not only a hardware failure is likely. Loss of data or revenue may also lead to restricted work.

Never underestimate natural events

Due to the steadily progressing climate change, more and more climate catastrophes are occurring, which also affect technical devices. These include strong thunderstorms, hurricanes, flash floods or storms. Avalanches and massive hail events affect technical equipment just as much as heavy rain events or floods.

These natural events can lead to either hardware failure or direct destruction. In a so-called blackout, a complete power failure extends over several hours or even days. In addition, overvoltages or a breakdown of supply lines have a negative effect on the hardware.
Other possible causes of secondary damage events are fire or fires.

Cyber ​​crime and threats of sabotage

On a human level, our world has become increasingly insecure in recent years. A good example is a study by Bitkom, according to which a total of 88 percent of all companies in Germany have been affected by virtual attacks. Cybercrime is increasing significantly.

The damage caused by this is enormous and currently amounts to 220 billion euros annually.

Hacker attacks or DDoS attacks, which are now some of the most common sources of danger, are particularly common. In addition to constantly increasing cyber crime, targeted direct attacks or acts of sabotage by one or more people are just as risky.
These attacks are now affecting organizations of all sizes and across multiple industries. The variety of attackers ranges from radical or extremist groups to dissatisfied employees.

Accidents and other accidental damage

In addition, time and again human negligence or failure leads to hardware destruction or data loss. Cases such as the unintentional installation of malware or unintentional intrusion into server rooms or company premises occur again and again. There are many sources of danger in this area.
It is therefore particularly complicated to protect oneself comprehensively and efficiently against it.

Measures to prevent hazards

Due to the diverse sources of danger, it is imperative to carry out appropriate safety measures and to reduce the risk of possible dangers to a minimum.

If a protection concept does not fulfill the hoped-for purpose, serious data losses or significant losses in sales are very likely.

Despite the extent of the damage, physical hardware destruction is only a fraction of the associated consequences.

Effective fire safety precautions

Efficient fire protection measures are useful for company buildings in order to keep personal injury and damage to property as low as possible in the event of a fire. Fire protection and fire prevention regulations that are common in Germany are very strict in this country.

In order to protect server rooms from fire or fire, these premises must meet far more than minimum requirements. Here it is important to prevent emerging fires with all your might. Therefore, efficient and individual fire protection concepts are necessary, which are developed together with specialists.

Preventive measures against power failure

Power failures are often responsible for so-called downtimes. Typical causes of power failures are lightning strikes, natural disasters or malfunctions in electrical systems.

It is therefore important to always keep an eye on the sources of danger and to protect yourself against them as effectively as possible.

An uninterruptible and powerful power supply is often an effective protective measure that protects against power failure, harmonics, frequency deviations, undervoltage and overvoltage. Depending on the respective individual risk, the use of emergency power systems also makes sense. However, a backup power system is no guarantee for an uninterrupted power supply.

Security concepts for IT security

IT security concepts require ongoing adjustments to any risks that may arise. It is therefore fundamentally important to protect yourself efficiently against software attacks or the network structure itself. This requires powerful protection that counteracts brute force attacks, among other things. Equally important is physical protection of the server room, which, for example, should be strictly monitored at all times.
Efficient access security, which is useful and a deterrent, is just as effective. Another measure is to reduce complex networks as much as possible.

Safeguards against human error

Human error and error are clear threats to servers, the network, and data integrity. Safety training helps prevent configuration errors or accidents.

An important part of the training should therefore be studying the correct behavior in the event of damage.

In this way, the risk of damage is minimized. In addition, server and network operators increase the level of security by effectively protecting server rooms from moisture, dust or temperature fluctuations.
Checking routines to ensure correct maintenance and installations are just as important as regular, efficient data backups and checks on the usability of backups.