Risk management is a very present and important issue when it comes to Information Security. From an analysis, the main business processes of an organization and their respective risks are mapped out. By classifying these risks, the organization’s senior management can make decisions about how to deal with them.
What are these possible approaches and what does High Availability and Contingency have to do with it? What are the main differences between HA (High Availability) and DR (Disaster Recovery /Contingency) in terms of risk management? What is the real importance and application of risk management in Information Security? This is what this article aims to answer.
What is Information Security Risk Management?
Firstly, risk management in Information Security is the adoption of policies and protocols always aiming at a balance between the risks identified and the possible impacts that they may bring to an organization. In this sense, the term management is quite appropriate, as it conveys the idea that it is not an extinction of risks, but a decision-making process about them.
Dealing with risks, in general, is a costly process. First, an effort is made to identify the critical processes for the business, then the potential situations that may impair its operation are pointed out: the risks. With the critical processes and respective risks defined, these are classified by levels of the likelihood that they will happen and their impact on the business, if they occur. This entire procedure is performed so that people responsible for Information Security have good visibility to map out the situation and make the necessary decisions.
Risk Management is really necessary?
Once risk management in Information Security is understood, it is possible to realize that this practice is costly for the company – both financially and in the allocation of human resources. Thus, it is natural that some questions may arise: what is the real importance of this management? Is it really necessary? The answer is yes. In addition to being a fundamental component for the efficiency of Information Security and, consequently, for the health of a business, risk management is a requirement and core issue in several standards that companies seek to obtain in order to meet government requirements, go public and even transmit security and reliability to their clients.
ISO 27000, PCI, and SOX are some examples of standards that make risk management a key point, as these standards aim to certify the organizations complying with them properly have their information correctly secure and protected from incidents and eventualities that, in other scenarios, could violate the integrity, availability, confidentiality, authenticity, or legality of this information they keep.
Getting back to the risk management procedure, once critical processes and risks are defined, it is necessary to define approaches to deal with them. This is where HA and DR come in, whose concepts related to senhasegura have already been explained in the article “Cluster: find out what it is, where they are and why it matters to your business”, therefore, it will not be discussed further in this text.
How High Availability Works?
High Availability is an architecture that consists of having one or more servers operating parallel to the main one. In this scenario, the additional servers are functional and share the workload with the main server. In other words, in an HA scenario, the resources designated for business continuity are not obsolete in stand-by – ready to be used if something happens with the main resources, they are used simultaneously. If, eventually, the main one encounters problems, the others will automatically take over its workload and there will be no data loss or any unavailability. Actually, there will be a productivity gain.
In the Contingency scenario, the DR server (or servers) continuously keep(s) a copy of the data from the main server, but without working with it, remaining only ready to take over control if any unforeseen event occurs on the main one. The advantage of this model tends to be cost, since, in general, it is expensive to maintain an HA scenario.
Thus, one of the benefits of senhasegura’s modularity is the ease of implementing these architectures at a low cost.
What senhasegura can do for your company?
There are several architectures approved and available for the operation of senhasegura: from the simplest, with a production server and a contingency, to more complex architectures, such as several servers in HA of hardware and software in production and contingency with HA and DR. The cost to implement the architecture that best suits the business, with senhasegura, is not high, as the system can be virtualized and has a wide range of compatibility. For those who have a greater need to keep systems uninterrupted, senhasegura provides High Availability of hardware, which consists of an appliance connected through a heartbeat with another, programmed to take over control in case any hardware defect affects the main one.
Using the ideal combination of High Availability for hardware and software, in addition to Contingencies, senhasegura becomes an even more robust and resilient system, prepared to deal with risks and vulnerabilities from our clients’ critical processes.
In addition to such resources, should the interest be in meeting any of the aforementioned standards and certifications, it is important to mention that senhasegura has other applications, such as a full audit of the entire park through the vault, which greatly facilitates the approval of internal and external audits, as well as in obtaining these standards.