Risk Register
Risk Register
Risk Register
Below are a list of potential failures that could impact the running of Privilege Secure. The mitigations suggested are approaches to resolve Privilege Secure utilization if the primary failure point is not able to be resolved in a timely manner.
| Risk description | Impact description | Mitigation |
|---|---|---|
| Hardware failure on appliance node (cluster environment) | Failure of hardware within a single node would not directly impact Privilege Secure functionality | Privilege Secure functionality would not be impacted. Dell support is available |
| Hardware failure on appliance node (single node environment) | Failure of hardware within a single node would impact Privilege Secure functionality | Failover over to DR instance following predetermined procedure. |
| Load balancer failure | Users unable to access Privilege Secure through load balancer VIP | Access can be obtained by directly connecting to a node. The DNS entry could be re-routed if necessary |
| DNS failure | Privilege Secure URL would not work and some scans would fail if IP addresses change before resolution of DNS | Direct access to Privilege Secure via IP. Privilege Secure would fail to connect to the end points via DNS resolution, but would fall back to the last known IP address |
| Failure on VM node (cluster environment) | Failure of a single VM node would not directly impact Privilege Securefunctionality | Privilege Secure functionality would not be impacted. |
| Failure on VM node (single node environment) | Failure of a single VM node would affect Privilege Secure access | Utilize a snapshot or failover to a DR instance. Starting services on a DR instace would take only a few minutes along with a DNS change |
| Network issue to Privilege Secure | All access to Privilege Secure impacted | Break glass scenario, use a service account if the network outage is unable to be resolved timely. Rotate the credentials of the service account once access is restored |
| Network issue connecting to end point | No JITA to the endpoint | Use OAM. If OAM is not available, check network line of sight to end point using ping of IP address and DNS name |
| MFA Issue - single user | User is unable to log in to Privilege Secure | Reset MFA for user |
| MFA Issue - multiple users | Users is unable to log in to Privilege Secure | Ensure NTP is used across the organization to avoid issues with time token. |
| MFA not available | MFA failure stopping access to Privilege Secure | Turn off SAML and revert to time based token. |
| LDAP server failure | LDAP server referenced by Privilege Secure fails. Users wouldn't be able to access Privilege Secure. | Move to different LDAP server and reflatten groups. Contact Privilege Secure support for assistance |
| LDAP Credential Failure | LDAP updates would not be captured by Privilege Secure. | Update the credential in Active Directory and update within Privilege Secure. Ensure the account is non-interactive. |
| Protect Credential Failure | JITA would not be able to be obtained for endpoints | Update the credential in Active Directory and update within Privilege Secure. Ensure the account is non-interactive. |
| Scan Credential Failure | Endpoints would not be able to be scanned and the inventory policy would not be applied | Update the credential in Active Directory and update within Privilege Secure. Ensure the account is non-interactive. |
| Docker failure (single node) | Failure of a single node docker instance would affect Privilege Secure access | Failover to a DR instance. Starting services on a DR instace would take only a few minutes along with a DNS change |
| Docker failure (single node on cluster) | Failure of a single node docker instance would causes Privilege Secure to fail on that node. | The other nodes would continue to run uninterupted |
| Service failure API | Users unable to access Privilege Secure | Restart service via command line |
| Service failure LDAP | LDAP updates would not be captured by Privilege Secure. | Restart service |
| Service failure Worker | Rescan and JITA would not function | Restart service |
| Service failure Scan | Update of policy to end points would not function | Restart service |