USA +1 302 412 1512  |  BR +55 11 3069 3925 

High Availability and Contingency and Risk Management in Information Security

by | Jan 29, 2021 | BLOG

Risk management is a very present and important issue when it comes to Information Security. From an analysis, the main business processes of an organization and their respective risks are mapped out. By classifying these risks, the organization’s senior management can make decisions about how to deal with them.

What are these possible approaches and what does High Availability and Contingency have to do with it? What are the main differences between HA (High Availability) and DR (Disaster Recovery /Contingency) in terms of risk management? What is the real importance and application of risk management in Information Security? This is what this article aims to answer.

What is Information Security Risk Management?

Firstly, risk management in Information Security is the adoption of policies and protocols always aiming at a balance between the risks identified and the possible impacts that they may bring to an organization. In this sense, the term management is quite appropriate, as it conveys the idea that it is not an extinction of risks, but a decision-making process about them.

Dealing with risks, in general, is a costly process. First, an effort is made to identify the critical processes for the business, then the potential situations that may impair its operation are pointed out: the risks. With the critical processes and respective risks defined, these are classified by levels of the likelihood that they will happen and their impact on the business, if they occur. This entire procedure is performed so that people responsible for Information Security have good visibility to map out the situation and make the necessary decisions.

Risk Management is really necessary?

Once risk management in Information Security is understood, it is possible to realize that this practice is costly for the company – both financially and in the allocation of human resources. Thus, it is natural that some questions may arise: what is the real importance of this management? Is it really necessary? The answer is yes. In addition to being a fundamental component for the efficiency of Information Security and, consequently, for the health of a business, risk management is a requirement and core issue in several standards that companies seek to obtain in order to meet government requirements, go public and even transmit security and reliability to their clients.

ISO 27000, PCI, and SOX are some examples of standards that make risk management a key point, as these standards aim to certify the organizations complying with them properly have their information correctly secure and protected from incidents and eventualities that, in other scenarios, could violate the integrity, availability, confidentiality, authenticity, or legality of this information they keep.

Getting back to the risk management procedure, once critical processes and risks are defined, it is necessary to define approaches to deal with them. This is where HA and DR come in, whose concepts related to senhasegura have already been explained in the article “Cluster: find out what it is, where they are and why it matters to your business”, therefore, it will not be discussed further in this text.

 

How High Availability Works?

High Availability is an architecture that consists of having one or more servers operating parallel to the main one. In this scenario, the additional servers are functional and share the workload with the main server. In other words, in an HA scenario, the resources designated for business continuity are not obsolete in stand-by – ready to be used if something happens with the main resources, they are used simultaneously. If, eventually, the main one encounters problems, the others will automatically take over its workload and there will be no data loss or any unavailability. Actually, there will be a productivity gain.

 

And Contingency?

In the Contingency scenario, the DR server (or servers) continuously keep(s) a copy of the data from the main server, but without working with it, remaining only ready to take over control if any unforeseen event occurs on the main one. The advantage of this model tends to be cost, since, in general, it is expensive to maintain an HA scenario.

Thus, one of the benefits of senhasegura’s modularity is the ease of implementing these architectures at a low cost.

 

What senhasegura can do for your company?

There are several architectures approved and available for the operation of senhasegura: from the simplest, with a production server and a contingency, to more complex architectures, such as several servers in HA of hardware and software in production and contingency with HA and DR. The cost to implement the architecture that best suits the business, with senhasegura, is not high, as the system can be virtualized and has a wide range of compatibility. For those who have a greater need to keep systems uninterrupted, senhasegura provides High Availability of hardware, which consists of an appliance connected through a heartbeat with another, programmed to take over control in case any hardware defect affects the main one.

Using the ideal combination of High Availability for hardware and software, in addition to Contingencies, senhasegura becomes an even more robust and resilient system, prepared to deal with risks and vulnerabilities from our clients’ critical processes.

In addition to such resources, should the interest be in meeting any of the aforementioned standards and certifications, it is important to mention that senhasegura has other applications, such as a full audit of the entire park through the vault, which greatly facilitates the approval of internal and external audits, as well as in obtaining these standards.

$13 million growth investment drives senhasegura’s expansion in North America and the Middle East

Written by Priscilla Silva São Paulo, March 10, 2023 - senhasegura, an award-winning Privileged Access Management (PAM) solution provider that protects corporate IT environments and critical resources from cyber threats, announces a $13 million funding round from...

senhasegura wins CyberSecured 2022 award as best PAM solution in the USA

Written by Priscilla Silva SÃO PAULO, February 28 of 2023 - The 2022 edition of the CyberSecured awards, promoted by Security Today magazine, a brand of 1105 Media's Infrastructure Solutions Group, elected senhasegura as the winner in the Privileged Access Management...

How User and Entity Behavior Analytics Helps Cybersecurity

Cyberattacks are increasingly sophisticated, making traditional digital security tools insufficient to protect organizations from malicious actors. In 2015, Gartner defined a category of solutions called User and Entity Behavior Analytics (UEBA).Its big advantage is...

Best Practices for Consolidating Active Directory

This article was developed especially for you, who have questions about the best practices for consolidating Active Directory. First of all, you need to understand that directory services have the role of organizing important information for companies in a centralized...

senhasegura introduces the “Jiu-JitCISO” concept to show the power of Brazilian cybersecurity

Written by Priscilla Silva São Paulo, January 13, 2023 - "Like Jiu-Jitsu senhasegura is about self-defense. Every company must know how to protect itself and its clients". This is the aim based on the philosophy of the Japanese martial art, but made popular and...