The previous article looked at application and system integrity – let’s now look at the next level of integrity.

Introducing Operational Integrity

Let’s take the next step in integrity and look at the integrity of running systems over the life of an application service – operational integrity.

So far we have talked about applications as software. An application service is looking at using the application. Instead of thinking of it as software, we look at it from a user perspective as a set of capabilities that can be applied to business problems. An application service is the user interacting with the software, data, hardware and network infrastructure, storage, and everything required to allow a user to effectively use the application.

As an example of the difference between application and application service, consider a user of an MRP application running in a remote datacenter when a local router fails. In this case, the application is still running – however, the application service is no longer available to the user. The user doesn’t care why they can’t access the application or that other people are still running; all that matters is that the application service is not available to them!

Operational Integrity has three main components: Availability of application services, integrity of application services, and operations management.

Availability of Application Services

The first element is that the user can access the application services – that they have access to the applications and data and can use them to perform business tasks. Availibility also includes performance – a system that takes a minute to respond to user input instead of a fraction of a second will destroy productivity.

Thus, any definition of availability must include a response time metric. It is worth noting that, from a user perspective, the only truly acceptable response time is zero… Studies have shown increases in user productivity from reductions in response time, even when the response time goes below a tenth of a second.

Integrity of Application Services

Integrity of application services means that you can trust the results and that information is not compromised – either by denying access to people who should have access or by allowing access to people who shouldn’t.

Integrity of application services also includes resilience – maintaining correct operation even in the presence of attacks, system failures, or human error. Experience shows that human error tends to be the greatest challenge…

Operations Management

Operations management means maintaining the quality and integrity of application services over the life of the application. Basically, this means “install once, run for years”.

Once an application is installed, people start using it. Then more people start using it, and it slows down. Ongoing system monitoring and tuning is required. More processing power, memory and storage have to be added. The application – in fact the entire infrastructure – have to be patched for security issues and bugs. Software upgrades come out and must be installed. An enterprise application may have a life of 10-15 years – or longer! Hardware must be upgraded and replaced. New technologies must be incorporated, such as cloud computing or SSD based storage. New versions of the software come out, with new features, new requirements, and new bugs. New modules become available. The application must be integrated with other applications. Problems must be solved. Backups must be done. People must be trained.

All in all, maintaining and managing an application service over a 10-15 year lifespan is a much larger job than simply installing an application and checking initial integrity.

Next: Threats