Making IT system highly secured and resilient

Recent news – Oracle systems hacked, Delta system down, Amazon system outage are becoming very common news. We have all the technology and solution to avoid these situations.

IT security and business continuity has always been a concern for IT professionals. Worldwide political events, privacy concern, regulatory demands, external attacks, corporate financial crises, and identity theft have contributed to making security management and systems resiliency a boardroom level priority. Enterprises want to make their IT Infrastructure resilient and they also understand the need to maintain service levels to satisfy today’s dynamic business. Maintaining a secured and highly resilient system needs innovative thinking.

We will notice Business continuity of most enterprises focus upon a defensive resilience posture, it consist of three building blocks – Recovery, Hardening and Redundancy – these are widely recognized as vital ingredient for successful business continuity plans. A defensive posture is useful in protecting the organization and its revenue streams but it does not directly help the bottom line.

An offensive resilience posture also consists of three building blocks, which are focused upon improving the organization’s competitive position – Accessibility, Diversification and Autonomic computing. In practice these building blocks can be used all together or in various combinations depending upon need. For example diversifying operations might allow hardening to be limited other than at sites where critical applications and data reside. The resiliency building blocks are illustrated diagrammatically bellow.

.

I consider business resilience encompasses business as well as IT and it can be thought of as spanning six discrete layers: Strategy, Organization, Process, data/application, technology and facilities/security.

Strategy includes:

1.     Governance Strategy

2.     Financial strategy

3.     Continuity strategy

4.     Communications strategy

5.     New product/services strategy

6.     Risk management.

Organization includes:

1.     Roles

2.     Responsibilities

3.     Structures

4.     Skills

5.     Cross-organizational cooperation

Process Includes:

1.     IT Process

§  Change management

§  Problem management

§  Incident management

§  Availability management

2.     Business Process

§  Sales Order

§  Financial

§  CRM

§  Claims processing

§  Business controls and System Management Process (IT  Infrastructure Library)

3.     Cross-Functional Process

§  Business Continuity

§  Quality Management

§  R&D

§  ERP

Applications and Data include:

1.     Data security

2.     Data storage

3.     Application architecture and design

4.     Backup and recovery

Technology Includes:

1.     Hardware architectures

2.     System software

3.     Middleware

4.     Networks

5.     Delivery channel

6.     Disruptive technology

Facilities and Security include:

1.     Physical and logical security

2.     Safeguard access

3.     Power protection

4.     Environmental considerations

5.     Security Architecture of the Systems / IT Infrastructure

This model itself is scalable and can be applied to an enterprise, to an individual location, a key business process or IT system. Clearly, a number of lower level considerations embedded in each layer. For example, the Facility/Security layer should consider various aspects of physical and logical security, power protection and environmental consideration.  Business Resilience achieve by implementing continuity, availability, security, recovery and scalability spanning and supporting six discrete layers outlined above combine to deliver Business resilience.