Businesses and other organizations rely on servers for a wide variety of critical services, including file sharing, email, database and infrastructure management services. As stories of high-profile hacks (as with "Game Off: Passwords and the PlayStation Network Hack"), DDoS attacks, SQL injections and personally identifiable information theft proliferate, it's more than clear that server security should be a top priority, and security measures should be considered well ahead of putting new servers into commission in a "live" production environment.
Helping organizations implement, configure and maintain secure servers is the goal of the National Institute of Standards and Technology's "Keeping Information Technology System Servers Secure" guidelines document. Beginning with an outline of the most common server security threats, the document advises that organizations adopt a server strategy that puts security at the top of the priorities list, from making sure underlying operating systems and server software are secure to maintaining that security through the regular application of appropriate patches, upgrades, log monitoring and data and OS backups. The most important takeaway, at least to me, is that these guidelines stress proactive planning and research before a new server is ever deployed.
Your business' data and services are worth too much to relegate proper security measures to the back burner. As we've seen with too many others, anything less than following best practices and keeping on your toes could result in damage to reputation, hardware and software offerings and the bottom line.