Prevention, Detection and Remediation – Three Pillars of Security… and Life in General

Share:

I have four children, all grown (or at least they appear grown and they think they are grown).  As a parent I learned that while I may have felt inspired at times to engage in long lectures, it became very apparent that lecture length did not predict effectiveness.  Verbosity can indeed be the enemy of good communication.  Therefore, in searching for the means to articulate a message about security, redundancy,  and best practices, these three simple words or principles come to mind: prevention, detection and remediation.  If you can get your operations and IT personnel to understand and always consider these three simple concepts, you will achieve great improvements in your business continuity and services.

Prevention:

Before you begin a project, make a change, write a new script, build a new data center, do you engage your mind and consider ‘What could go wrong?’ It is essential to understand the threats and determine what controls should be put in place to prevent loss as a result of those threats.  Prevention controls include items such as fault tolerant designs and equipment selection, site location, access controls,  training, automation,  script design, call flow design,  secure coding practices, quality assurance testing and change control.

Detection:

Murphy’s Law– if anything can go wrong, it will.  I have seen great plans go up in smoke and huge problems result from the smallest of omissions and mistakes.  One of the key elements to preventing something bad becoming something worse is early and accurate detection.  In a network environment, tools such as SolarWinds can provide an essential monitoring of network devices and services.  Routines, processes and checklists can also be effective detect methods.  In a physical environment, sensors and cameras are important and in scripts and programs, logic can be built that validates proper behavior and can then send alerts when deviations are found.  One key element of detection is that there needs to be someone available to respond.  Just saying that you are going to be 7/24 does not make it happen.  It takes a concerted effort, planning and an attitude of 'being available all the time’.

Remediation:

Despite your efforts to prevent and detect, things will happen, and now you have to get things back to normal.  Typically in a High Availability environment  you have at least two of everything and the systems are designed to fail from a primary to a secondary system or they are shared and one system simply begins doing all the work instead of a portion.   So you did not go down, but you are not Remediated!  You still need to replace that failed device, and do so without loss of services.   Preparation is key.  Do you have to parts on hand?  Do you have a maintenance agreement?  Is your staff trained?  What is the proper window to perform the needed work?   If services were lost, do you have a communications plan?  What were the financial and regulatory impacts?  If you only just begin to determine how to put things back together AFTER a problem, you are too late!

inContact knows that you are only making money when you are connecting with your customers.  We help you achieve this with products and services that enable and facilitate that connection.  We keep those products and services working by remembering and applying these three principles to everything we do.  Three simple words: Prevention, Detection, Remediation. Learning their application is critical.  They are important in the call center and they might even help you the next time you need to have ‘a talk’ with your kids.