Redundancy and Diversity

Since all organizations must create solid backup and recovery procedures, the concept of using backups of data, software, and operating systems is common to provide redundancy for systems in case they are lost due to a compromise or natural disasters. The cost of offline storage is relatively low, so redundancy can be easily achieved.

However, the cost of redundancy can increase significantly depending on a company’s need for speed of recovery, access to data, and currency of restored data (hot sites, cold sites, warm sites, etc.). Redundancy needs are usually determined by a company’s risk management and assessment.

The concept of diversity comes into play when organizations make plans for their redundant systems. In order to reduce vulnerabilities, it is wise for redundant systems to have some diversity so that they are not targets of the same attack on the original system.

This may be counterintuitive—traditionally it was thought to be safer with exact copies of systems for backup purposes. However, "recent peer-reviewed research demonstrates that even minimal diversity has immediate benefits, benefits that outweigh the inconvenience of having to manage multiple operating systems or other software. It turns out that diversification in information systems actually reverses the expected risk" (Quarterman, 2006).

References

Quarterman, J. (2006). Risk management solutions for Sarbanes-Oxley section 404 IT compliance.  http://common.books24x7.com.content.umgc.edu/toc.aspx?bookid=12456

Check Your Knowledge

Choose the best answer to each question:
Question 1
Redundancy and backup needs are outlined in a company's risk management profile. Which of the following type of recovery would be the most costly for the company's need for speed of recovery, access to data, and currency of restored data?
hot site
warm site
cold site
white site