Skip to content

Page315

Continuity of Operations

We will discuss some continuity concepts later in this chapter, in the “Business Continuity Planning” and “Disaster Recovery Planning” sections. This section will focus on more overtly operational concerns related to continuity. Needless to say, continuity of operations is principally concerned with the availability portion of the confidentiality, integrity, and availability triad.

Service Level Agreements (SLAs)

As organizations leverage service providers and hosted solutions to a greater extent, the continuity of operations consideration becomes critical in contract negotiation, known as service level agreements. Service level agreements have been important for some time, but they are becoming increasingly critical as organizations are increasingly choosing to have external entities perform critical services or host significant assets and applications. The goal of the service level agreement is to stipulate all expectations regarding the behavior of the department or organization that is responsible for providing services and the quality of the services provided. Often service level agreements will dictate what is considered acceptable regarding things such as bandwidth, time to delivery, and response times.

Though availability is usually the most critical security consideration of a service level agreement, the consideration of other security aspects will increase as they become easier to quantify through better metrics. Further, as organizations increasingly leverage hosting service providers for more than just commoditized connectivity, the degree to which security is emphasized will increase. One important point to realize about service level agreements is that it is paramount that organizations negotiate all security terms of a service level agreement with their service provider prior to engaging with the company. Typically, if an organization wants a service provider to agree after the fact to specific terms of a service level agreement, then the organization will be required to pay an additional premium for the service.

Note
The most obvious example of a trend toward increasingly critical information and services being hosted by a service provider is the growing popularity of cloud computing. Cloud computing allows organizations to effectively rent computing speed, storage, and bandwidth from a service provider for the hosting of some of their infrastructure. The security and quality of service constitute an extremely important point of distinction between the service offerings and their associated costs.