Canadian Security Magazine

Supporting your mission critical IT environment

By Michael Murphy   

News Data Security

The widespread proliferation of handheld devices, instant messaging, IP telephony and e-mail as legitimate business tools is putting increasing pressure on organizations’ IT resources. Faced with this growing responsibility for managing these, and other, business-critical applications, organizations need to reassess their operating procedures in order to effectively safeguard critical information.

A critical system is a software application that is core to the most
important processes of an organization, which can directly impact the
company’s cost, revenue and risk structures. Examples of critical
systems include applications that:

”¢    Generate revenue
”¢    Contribute to operational control
”¢    Foster customer and partner loyalty
”¢    Help satisfy regulatory pressure
”¢    Enable competitive advantage
”¢    Reduce product or service delivery time

With the appropriate business-critical support services, organizations
can manage the increased complexity within their IT environments,
increase return on their IT investments, respond to stringent
regulations and compliance requirements, and defend against
increasingly sophisticated and targeted security threats.

But, just as one product or technology varies from another,
business-critical support services also vary in size, scope, and depth
of expertise, which can leave organizations perplexed about what type
of service is best for their business.


Mission Critical Business Operations
The key to determining the right business-critical service offering is
to first understand the overall business impact of unplanned downtime
of an organization’s mission critical system. The way an enterprise
develops, deploys and maintains critical systems correlates directly to
the overall success of the business. An organization’s bottom line
suffers when these critical systems have the following issues:

”¢    Cannot be deployed on time
”¢    Suffer from availability, performance, reliability or scalability shortcomings
”¢    Cannot be maintained or upgraded to meet dynamic business requirements
”¢    Require excessive IT labour or system resource cost

Companies that have implemented multiple technologies and rely on a
combination of hardware and software to deliver critical business
solutions cannot afford unplanned downtime. Most businesses in the
financial, manufacturing, telecommunications, healthcare, and
government sectors need to successfully manage several platforms and
devices with minimal disruption.

Sophisticated and targeted security attacks further increase the strain
on the IT environment. Another layer of complexity comes into play when
organizations need to comply with government and industry regulations,
such as C-SOX.

Business Risk Management
Today’s complex IT environment requires organizations to build
appropriate threat-management and vulnerability-management programs to
manage risks and monitor the systems deployed to support critical
business processes.

Enterprises that successfully implement business-critical support
services incorporate technology risks into a more encompassing process
of business risk management. A complete technology-management and
risk-management program incorporates the following principles:

”¢    Understand the requirements of the business process being
assessed, including concerns over financial loss, damage to reputation,
loss of intellectual property and regulation requirements, among other
business-specific risks.

”¢    Understand failure modes, including knowledge of how specific
system compromises or failures can affect a business process and its
relative risk.

”¢    Map failure modes to a specific response which is critical to
managing risks that require a response, such as disclosure of data that
may have reporting requirements.

”¢    Put in place detective controls and operational monitoring so
that, when a failure mode occurs, it is detected without delay and the
appropriate response is enacted.

With advanced multi-vendor expertise, flexible support plans, and
innovative support technologies, mission critical support programs are
an important component of a balanced and effective IT risk management
program.  An advanced support service will offer a unique blend of both
proactive and reactive services, including a designated account
manager, onsite visits, and accelerated response and time to

Common Best Practices for Vendor Management
There are several best practices to follow that can help ensure the
best experience when working with a vendor’s business-critical support

”¢    Communicate with the vendor frequently and leverage their
knowledge and expertise to gain a better understanding of the process
and technology needed to mitigate IT risks and maintain a secure IT

”¢    Develop an ongoing relationship with the support account manager
by scheduling onsite meetings to enhance his or her knowledge of the IT
environment and to develop a customized plan for proactive support.

”¢    Implement proper controls and policies to ensure certified configurations. 

”¢    Demand rapid response and time to resolution for high severity
incidents.  Since most organizations cannot afford unplanned downtime,
it is critical that the support team accelerate their response to
quickly resolve issues within their customer’s IT environment.

The Difference Maker
In addition to working with a support team for fast and reliable
reactive services, organizations should also work with a vendor for
predictive, prescriptive, and proactive support services, which are
critical for preventing and mitigating issues within the IT
environment. Best in class vendors offer the following proactive
support services to ensure the complete security and availability of
the data within their IT environment, as well as to ensure the
protection of technology investments. 

”¢    Configuration assessment: Configuration assessment is a proactive
service for documenting and analyzing an IT environment, which can be
useful in identifying problem areas before a critical issue arises. An
annual configuration assessment is recommended and will pinpoint
configuration errors, provide a high-level “point-in-time” picture of
the environment, mitigate data loss and service disruptions, and
contribute to ongoing stability.

”¢    Network assessment: A network assessment uses network-sampling
techniques to send and monitor predefined packets of data along the
same path travelled by an application, and measures the end-to-end
performance of a network. The assessment can help identify causes and
pinpoint potential network problems that may impact the performance and
overall operation of software, or business operations. 

”¢    Disaster recovery testing service: A disaster recovery testing
service offers a review of the organization’s disaster recovery plan
and onsite technical support during the testing period. With most
mission critical support offerings, organizations can request an onsite
engineer for a predetermined number of days to help test the disaster
recovery strategy. More importantly, this will help prepare for a more
timely and successful recovery of operations in the event of an actual

The Bottom Line
An effective business-critical service ensures that an organization’s
complex, multi-vendor, heterogeneous IT environment has a greater
ability to operate in the face of unplanned downtime. In the emerging
threat landscape and with business’ increased reliance on digital
communications, enterprises face security risks that are increasing in
complexity, frequency and malicious intent. For their mission critical
systems, organizations need to demand comprehensive proactive services
as well as world-class reactive support. Vendors should not simply be
an IT provider, but an integral part of an organization’s IT framework.

Michael Murphy is Vice-President and General Manager, Symantec (Canada) Corp.


Print this page


Stories continue below


Leave a Reply

Your email address will not be published. Required fields are marked *