Let’s talk about one of my biggest concerns regarding cybersecurity and supply chain safety. It is the concept of a single point of failure. It’s a linchpin in a system, a resource that is required for most, if not all, tasks to be completed. If it disappears or ceases to function properly, the entire system suffers or fails.
Let’s use a day spa as an example. Customers can make reservations online or call the spa and the receptionist will enter the appointment for the custom who called in. The computer at the reception desk houses the reservations. When customers arrive for an appointment, they check-in and the receptionist pulls up their appointment information on this computer. When a customer has finished their visit, they return to the receptionist to be checked out and pay for their services. Now, disaster strikes! A customer's ultra grande mocha latte spills and pours right onto the computer’s CPU. It dies. The spa is, essentially, brought to its knees. No one knows what appointments are incoming or which personnel have been assigned to them. Yes, it can all be talked out, but that takes time and tries everyone’s patience. By having only one computer to handle all the scheduling and sales, a single point of failure has been created.
There are many ways our little day spa could have prevented this catastrophe, other than prohibiting drinks in the spa. We’ll look at two. To begin with, let’s eliminate the single point of failure problem by having more than one computer that handles the receptionist desk workload. If there isn’t space for a second computer at the reception desk, this second device could live in the back office or on a dedicated desk in the breakroom. That way, if a problem does occur with the computer at the reception desk, it can be replaced within minutes. Another solution is separation of duties with regard to computers. If two computers are in use, one for scheduling and one for sales, this would prevent the entire spa from being out of service. Also, they could each serve as back-ups for each other. Then if one goes down, the spa is still fully operational.
Both of these options deploy redundancy, another vital concept in cybersecurity.
Redundancy is the condition of having multiple facsimiles of a resource so that if the primary becomes inoperable, a replacement can take over. In the world of cybersecurity, if a resource like a server or database is attacked and becomes unavailable, redundancy is what saves the day. By having a back-up or a duplicate, the targeted device can be removed from service and the redundant device made active.
The practice of redundancy and banishment of single points of failure creates resilience. Resilience should be a goal of all organizations and individuals in their cybersecurity posture.
Comments