Skip to content

Publication Date

Information security and data availability

The biggest dilemma companies face in securing their information is determining what’s truly necessary to safeguard their data. Without a solid understanding of the ins and outs of data protection, and an actual procedure to protect their information, businesses often choose to invest as little as possible and hope it’s enough. This is an arbitrary decision that can have disastrous consequences for your company.

In a previous article, we discussed the four key goals of information security where we outlined the main factors for protecting your data: ensuring availability, integrity, confidentiality and traceability. Today, we’re launching a series of four articles that delve into each of these concepts.

Data availability

Data availability is the process of ensuring that data is available without interruption, delay or degradation when requested. It is essential to data security, involving four functions and their respective processes:

  1. monitor
  2. prevent
  3. react
  4. recover

Monitoring your systems and maintaining your data flow is crucial to detect potential issues quickly and, above all, respond to them.

Whether it’s a network failure, performance issue or potential security breach, your team needs to understand what’s going on in order to react quickly and ensure your data remains available, or to at least minimize service interruption.

Photo of Sébastien Paquette

Sébastien Paquette

Team leader, network architecture & security

Prevention includes everything from backups and data replication to the redundancy of your systems. It’s like a carbon copy that can partially or completely take over your IT systems, upon request, in a transparent manner for your users.

If you need to recover your company data, it means you’re up against a wall. But even if you monitor the anomalies and respond as adequately as possible, nobody is immune from a major failure or disaster. This is when you need to react and put your recovery plan into action.

How to determine the necessary level of protection

Unless you possess a limitless budget, you’ll need to make choices and strike a balance between the amount you’re willing to spend, your data availability needs, the risks involved, the applicable regulations, and above all the impacts that both minor and major system failures would have on your business.

Follow these steps to make an informed decision:

Numéro 1

Identify your requirements

First, determine your company’s needs and expectations in terms of data availability. For example:

  • What critical processes depend on the data?
  • Does the data need to be always available, or do you have a certain grace period? If yes, how much?
  • How would an extended period of data unavailability affect you?

Paying wages a day late is one thing; paying them an entire week late is something else. What would be an acceptable delay? Your decisions should be based on these types of situations because your answers to these questions will allow you to establish your targets for availability.

Numéro 2

Analyze risks

Identify the threats that could cause your data and computer systems to become unavailable, such as outages, disasters, human errors, cyber attacks, etc. Assess the likelihood of each risk and the impact it would have on your data and operations. This will allow you to better determine the measures to take based on their significance.

Be sure to also take into consideration the applicable regulations for your area and industry regarding data protection and your obligations in terms of privacy, as penalties are becoming increasingly severe. It’s important to take these into account in your protection assessment and plan. The European Union recently fined Meta (Facebook) a record 1.2 billion euros for violating certain provisions of the General Data Protection Regulation (GDPR).

Numéro 3

Evaluate the costs related to a disaster

At this stage, you should evaluate the financial and operational costs that could result from an interruption to your IT services or your data being compromised. This can include loss of income, regulatory penalties, decreased productivity, deterioration in customer relationships, etc., not to mention the damage to your reputation. It may be difficult to measure the impact in monetary terms, but it’s major. Evaluating these costs will help you to determine the level of availability and recovery necessary to lessen the impacts of a disruption or disaster.

Numéro 4

Determine your technical capacities and available resources

Lastly, analyze your current ability to keep your data available and continue running your business. You should assess if you have the technical and human resources necessary to implement and maintain the required systems and processes.

Once this exercise is completed with your team, you’ll have a complete picture of your current position. You’ll have determined your level of risk and what means you have at your disposal, but above all you’ll know what you need to eliminate potential impacts as much as possible, or at least minimize them, since there’s no such thing as zero risk. It is much easier to make an informed decision and justify an investment when you clearly understand the potential risks and what your company stands to lose.

You may also want to consult an expert in data security and management for specific recommendations for your situation. They’ll help you find the right technological solutions to achieve your objects while maximizing your budget.

Remember

  • In terms of information security, don’t overestimate your current position. Be critical and take the time to establish a full and accurate picture of your company’s key operations. This exercise will help you prioritize your actions to ensure your data is protected.
  • Be conscious of the risks, and especially the impacts. Avoid making decisions based solely on levels of risk you consider low, because we all tend to underestimate them. The consequences they could pose are more measurable and are the best indicator in your decision-making process.
  • Follow the steps and your investments will be justified. Information security, like any other element of IT governance, proves its worth when part of a systematic and rigorous process. There are no shortcuts.

In our next article, we’ll look at data integrity and how to protect it. We’ll break down the main concepts and explain their overall importance, as well as their place within Quebec’s Law 25 on the protection of personal information.

pop up newsletter

Newsletter

Subscribe and get an e-book on technological challenges and IT solutions.