Peer-Driven Insights

Availability

About this topic

Availability refers to an IT infrastructure's recoverability and level of protection against system failures, natural disasters or malicious attacks.

Featured One-Minute Insights

Sept 2024

How are U.S. CISOs Addressing Liability Risk?

New regulations taking effect in the U.S. mean that cybersecurity leaders could face legal liability in the event of an incident. What strategies are they using to protect themselves?
How are U.S. CISOs Addressing Liability Risk?

Active Ambassadors in This Topic

Rathik Pathak

Rathik Pathak

JM Financial Services Ltd

Travel and Hospitality, 1k - 5k

India
View All Community Ambassadors

Community Posts

Who are the best engineers to use to staff for a platform re-architecture program? Does the staffing strategy benefit from tweaks as you move from early to later stages of maturity? 

The particular program is looking to reduce duplication that exists across business lines and likely will leverage a combination of adapter patterns, data-driven configuration and lot of generalization of duplicate capability.

We're open to FTE, contract, vendors, etc., and have good systems to use all already established.

What challenges have you faced in migrating to a cloud-native solution? How are you maintaining resiliency and high availability of the system?

If anyone has successfully used Bring Your Own Key (BYOK) in the cloud:  Which Hardware Security Module (HSM) or key management method did you use, and with which cloud service provider(s) (CSP)?  Any advice to an organization considering this option?

I'm interested in learning how other large enterprises are planning and approaching data backup, recovery, data loss, ransomware protection for Data Cloud Platforms such as Snowflake.  * Are you using native capabilities? * Have you deployed additional 3rd party platforms? If so, which ones? Thanks in advance for your inputs and insights.

I was looking at a client's DNS configurations for MX records and noticed that they have just one entry: smtp.google.com At first I thought this was a mistake, but apparently after April 2023 this is now the recommended setting. One record with a "weight" of "1." I've been managing and configuring SMTP services and DNS records for 30+ years and I've always believed (and seen the belief reinforced over time) that DNS is a SPoF (Single Point of Failure) for many organizations. The most impressive outage of the last few years was in October 2021 when folks at Facebook instantly took down Facebook, Instagram and WhatsApp with one mistaken BGP configuration change. Question: Why would Google have put all of their DNS eggs in one basket? Meaning, all of their DNS services behind smtp.google.com (in IPv4 at least) seem to live within one ASN: 15169 with over 11 million IP addresses. They seem exposed to a BGP outage and/or BGP hijacking attack with this setup.

References: Google Workspace MX record values 9 & MxToolbox (asn:15169)

Read More Comments

What is your typical weekly work schedule look like?

< 40 hrs11%

40 - 55 hrs68%

56 - 65 hrs21%

66 - 75 hrs7%

76 - 85 hrs1%

> 85 hrs

View Results

What strategies do you recommend for achieving high availability and disaster recovery in the cloud? (And conversely, anything you commonly hear that isn’t as effective as you’d think)?

What is your overall experience with the Miro (Digital Whiteboard, Visualization, and Collaboration solution) application (performance, features, add-on applications)? We use it quite intensively in our company and would love to hear your experiences.

Read More Comments

Which architectural paradigm, is your organization currently embracing — or most aspires to adopt — as part of its strategic cybersecurity evolution (whether already implemented, on the roadmap, or aspirational if time and resources allowed)? Please select the one that best reflects your organization’s current or aspirational direction.

SASE (Secure Access Service Edge) – Unifying network and security controls at the edge for a cloud-first enterprise40%

DCSA (Data-Centric Security Architecture) – Prioritizing protection that travels with the data wherever it resides or moves 20%

ZTA (Zero Trust Architecture) – Operationalizing “never trust, always verify” across users, devices, and workloads40%

CSMA (Cybersecurity Mesh Architecture) – Federating security services through an integrated, composable design

View Results

What indicators would suggest to you that an architecture is too complex and not resilient enough to bounce back from a failure?

Read More Comments

I was wondering if any of you are using Lumen (previously CenturyLink) to manage your Network Infrastructure. We have been following the news recently and we are concerned after seeing their Q2 results and their market capital reduction etc. https://www.reuters.com/technology/lumen-technologies-shares-slide-after-posting-loss-nearly-9-billion-2023-08-01/ If any of you are using Lumen how are your organisations reacting to this from a risk stand-point?  Does anyone also have advice or have experience in transitioning from one Network Managed Provider to another? Its a trivial and complex task given availability and other risks.

As cyber recovery becomes more to the forefront for Disaster Recovery professionals, preparation for ransomware recovery is now starting to mature.  On-premises, and cloud-based solutions, and often with on-premises solutions comes the implementation of Secure Isolated Recovery Environments (SIRE). As your organization matures their cyber recovery solutions, is your or will your organization consider and or implement a on-premise, cloud-based, or hybrid secure isolated recovery environment? 

What is a Secure Isolated Recovery Environment (SIRE)?14%

Focus on an On-Premise SIRE.39%

Focus on a Cloud-based SIRE.54%

Focus on a hybrid SIRE.16%

Know about Secure Isolated Recovery Environments but no current plans to implement.3%

View Results