Академический Документы
Профессиональный Документы
Культура Документы
G. Logan Gombar
The SABSA architecture dictates that the fifth layer is focused on the physical security
architecture, diving into the details of how things should be implemented. This moves beyond
the theoretical context and into the concrete reality of the implementation (Sherwood, 2005). A
key point of designing the architecture at this more tangible level is a focus on redundancy and
resilience. This report will discuss several principles dedicated to resilience, some best practice
approaches, and several methods to keep business platforms running in the event of problems.
Resilience can be achieved by following at least one of the principles in the following
section. Ideally, multiple overlapping methods would ensure the greatest redundancy possible.
One of the most obvious ideas is to avoid single points of failure as much as possible. Preventing
the reliance on a single method of delivering a business service enables the company to continue
running should something traumatic occur. The specifics of can be applied with multi-path cables
(discussed further below) and with another principle – hardware redundancy and failover
procedures. Having procedures in place to deal with the inevitable hardware failures is crucial to
business success. Having an outage is okay, so long as there is a secondary system to spin up and
take on the customer traffic. Additionally, having on-demand systems to spin up in the event of a
dramatic increase in demand on the application enables far greater revenue for the business, an
ideal solution for security as well as program management. A final principle for increasing
implementing these in hot, warm, and cold sites, the company can ensure a minimum level of
Given the above principles are vague and nebulous in nature, the application portion
comes from the approaches available. Implementing the principle of avoiding single points of
failure can easily be done with multi-path cabling to avoid a single line being the backbone of
the company. If a piece of construction equipment severs that cable, there is no recourse beyond
immediately working to repair that line. If there were multiple lines leaving the building
providing backup service, there would still be an issue but it wouldn’t put the company in such
dire straits – service can be provided to the customers still. Further applications of increased
resilience can be achieved through regular testing of all systems to determine their next possible
failure point. Maintaining logs of when the last failure of a given system occurred, and
comparing them to their mean time between failures from their manuals, and predicting the next
failure and testing those systems regularly while making the purchase requests to replace the near
end-of-life equipment can create a very reliable system and resilient network.
Platform Resilience
application resilience. The easiest way to provide application resilience is through a layered
approach, as is typical with most security and resilience efforts. For instance, a simple way to
speed is to keep multiple geographically disparate processing datacenters. This provides a myriad
of exceptional qualities to the service provided by the business – rapid application response
times, high levels of resilience due to the ability to sustain extremely damaging events at
individual datacenters without experiencing complete application losses, and a level of data
backups if the data is replicated in near real-time across the enterprise. This provides a level of
Security Architecture Development Process 4
resilience not only through availability, but also through data integrity due to the regular
propagation of the data across the network. This level of resilience is integral to the business
perspective as it provides a crucial level of financial income required to validate the expenses
associated with the security and resilience efforts. Furthering this effort is the potential for local
RAID storage efforts. This endeavor can be directly in line with the hot/warm/cold backup
efforts already in place, given the types of RAID possible. Implementing a RAID-10
Summary
Resilience is key and crucial. The business driver here is consistent income through
security and redundancy can increase the business profit of any network through more regular
customer interactions. The performance of a network directly drives the profit of a company
these days, and therefore the resiliency of a network drives the profit of company. For this
reason, it is critical for the information assurance and business personnel to work hand in hand.
Security Architecture Development Process 5
References