ISO/IEC 27001 Control 8.14: Redundancy of information processing facilities
Control
Information processing facilities should be implemented with redundancy sufficient to meet availability requirements.
Necessity of MidPoint
MidPoint is optional for implementation of this control.
Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.
Implementation Overview
MidPoint provides synchronization functions for access control information in redundant components.
Implementation Details
The control states that the redundant components should ensure the same security level as the primary ones. MidPoint is built to synchronize information in distributed systems, therefore it can easily make sure that the user databases and access control information is synchronized acros primary and redundant components, such as standby or emergency systems. In case of "hot" standby systems, midPoint can continually synchronize the data, making sure the standby systems is always prepared for production use. In case of "cold" standby systems, midPoint can quickly set up the system before it is prepared for production use. MidPoint can synchronize access control information even in heterogeneous systems, such as back-up cloud services that are not directly compatible with primary services.
Rationale
Weak security of redundant and emergency components can be a serious problems, as suggested by this control. MidPoint can automate synchronization of access control information in such systems, lowering the risks.