| | 1.2 Demand
13. Mission is Secure On-Demand | | |
|---|
| 1.2.13. Mission is Secure On-Demand: | | Customer demands for privacy and security are paramount, but largly invisible. Demands for flexibility to support any number of users doing any number of transactions is paramount, but largly undocumented. The ASP must act in a professional and responsible way to provide customers with what they need, even where some of the things they need are not explicit in any document. |
| Business Requirement: | | The number one business requirement is Privacy and Security where data cannot be lost or stolen. Where data security was breached for any reason, then the number one business requirement would become Privacy and Security. | | While security may be the single largest ASP cost, the means and mechanisms that the ASP must used to keep data private and secure are of little significance to customers - no data can ever be lost or stolen. The professional management of data storage space that is undertaken by the ASP must remain of no consequence to the customer - whatever is needed must be available. Data space must be adequate to store all the data enered without constraining what people can do each day. |
| 3. Security: | | Application services are inherently secure to military standards to eliminate the possibility of any data loss. Security is of paramount priority and while it may not be highlighted in a business requirement, a fundamental requirement that must be of the highest quality. | | Exceptional security capabilities are deployed that are of the very highest military grade because some customers data is very sensitive. By supporting many hundreds of customers data, an attack on one customers data can be detected and methods put in place to ensure that similar attacks cannot be made on all other customers data. |
| On-Demand: | | Application service capacity can increase and/or decrease as needed from time to time. Where business grows and transaction rates change, then hardware capacity must be vary as needed without any interuption to the service. |
| Resiliance and Availability: | | The primary business requirement is to keep the application services working - in the event of any hardware failure, spare hardware must be available to take over and continue the business with the minimum of delay. Hardware can be designed to have a high level of resuliance and can deliver high levels of availability. For example; in the Three Tier Architecture multiple web servers are deployed where one web server could fail with no direct interuption to the application service. |
| Physical Security: | | Fraud can be eliminated by leaving no place to hide unauthorized changes. When a change to data is applied to a form, that data is replicated to many secure remote locations. It is not practical for a criminal to cause a physical data change to be made in one location without it being detected as in conflict with the same data stored in many other remote locations. A privaledged person in one data center does not have access to all the other secure data centers that hold copies of all data. | | Data centers are those secure buildings that host the UK Internet backbone. They are known as "dark" in that lights are out and servers rarely accessed. |
|
|