Data protection isn't just about keeping unauthorized people out. It's also about keeping systems running and data available when needed. How do TOMs (Technische und Organisatorische Massnahmen) address availability and network security?
Availability relies on redundancy and failover systems, while network security uses detection, segmentation, and zero-trust architectures.
Availability and Resilience.
- Redundant hardware so no single component is a point of failure.
- Failover clusters that automatically switch to backup systems.
- RAID storage arrays that survive disk failures.
- UPS systems, called USV in German, for uninterrupted power supply.
- Tested disaster recovery plans with documented recovery time objectives.
Network Security.
- IDS/IPS systems like Snort and Suricata detect and prevent intrusions in real time.
- Zero-trust network architecture treats every connection as potentially hostile, even internal ones.
- Network segmentation limits the blast radius of any breach by isolating systems into separate zones.
Privacy by Design and Default integration. Even availability and network security measures should incorporate privacy principles from the start. Data minimization, pseudonymization, and anonymization should be built into the architecture... not added as an afterthought.
Monitoring and Response. Continuous monitoring with automated alerting ensures that security incidents are detected and addressed quickly, not discovered weeks later in an audit.