Information Technology Security. Advice from Experts

Service Level Agreements (SLAs) are usually contractual documents that specify minimum levels of professional service delivery, computer and network availability time, capacity and performance levels, security access protocols and other areas of interest to customers and suppliers obligated to adhere to them.

In most situations, customers paying for the services and access expect 24 x 7, 99.999% system uptime, with the supplier hoping for less stringent performance metrics, especially if financial penalties are incurred for non-performance.

Although there are several approaches to take to support SLAs with high performance levels, most security and computer experts would agree that the simplest and least expensive approach involves aligning the computer, network and security architectures into a common infrastructure. Integrating these as a common infrastructure foundation permits significant leverage of equipment and personnel and provides greater operational control of organizations computing operations.

Other advantages of architectural alignment include:

• Standardized security processes and equipment

• Limited external access points that can be monitored for unauthorized intrusion

• Reduced costs due to fewer hardware and software components

• Reduced training levels for support staff (due to standardized equipment)

• Ability to quickly diagnosis and resolve problems, as problems often occur in the same systems, and one fix may correct other problems triggered by that one defect

• Tuning of components for maximum performance is enhanced through a common architecture that has fewer friction points (i.e., discrete software components from different suppliers, different networks with unique firewall configurations, and data sets that require constant reformatting and normalizing)

• The time to integrate new applications and technologies onto a standardized platform is greatly reduced by having a common set of software interfaces, security access points and performance monitors already in place

From the executive management perspective, service level agreements are excellent documents to have in place, as they do stipulate some level of performance. However, the expense of five nines uptime (99.999) may exceed the organization s budget. The customer cost of managing the SLA itself ” with frequent management meetings to discuss issues, continuous collection of system metrics, escalation of financial penalties perceived to be incorrect, and discussions about who or what caused problems to occur ” is often overlooked during contractual negotiations. For a large organization with a five nines SLA level, the management costs are often $250,000 per year, including executive time. Ways to reduce this cost include:

• Lowering the SLA level to 99.99% or 99.9% performance level ” moving from a 99.99% uptime level to a 99.9% uptime level is a difference of 7.7 more hours per year (to a total of 8.8 hours) on a 24 x 7 basis;

• Prioritizing on what must be 99.999% up such as network firewalls and security systems, and what can be off-line for eight to 10 hours per year for maintenance, such as storage and mainframe access; and

• Writing SLAs that can be flexed or changed depending on the needs of the business or organization. For example, retail businesses typically need 100% data processing uptime during the Christmas season , but may be able to accommodate (and pay for) a 99.9% uptime SLA the remainder of the year.

  System Availability Uptime Percentages	Hours Per Year
  100% (24 x 7)	8760
  99.999%	8759.9
  99.99%	8759.1
  99.9%	8751.2
  99.0%	8672.4