BANKS SHOULD UNDERSCORE DISASTER RECOVERY IN THE CLOUD
By Tony Craythorne, VP of Worldwide Business Development
Financial institutions are dealing with a tsunami of big data, and have a heady number of disaster recovery options available. When it comes to being prepared for disaster, backing up this mission-critical data is the minimum these institutions should be doing. Backing up isn’t enough. Financial organisations need to start thinking about a recovery strategy should something go wrong. Some organisations are still using traditional back up to tape or disk but others are looking to hybrid cloud technology for the flexibility and security they require. All are being cautious and all have to comply with strict financial regulations.
Hybrid cloud is a blend of public and private cloud. Financial institutions, like businesses have sensitive data they need to keep secure. Using a private cloud they can retain control of this data in-house, whilst gaining from the flexibility, operational efficiencies and cost advantages of cloud. For increased storage capacity of non-sensitive data and to speed up data processing, financial institutions can look to adopt the public cloud to gain greater capacity. Each solution has its pros and cons and by combining them into a hybrid cloud solution they can harness the power of both. They just need to trust the solution and do their homework carefully on choosing which one to adopt.
Hybrid cloud environments are developing rapidly. Market research company IDC estimates that by 2020, a staggering 40 per cent of data will be in the cloud in some form. Over the next couple of years, enterprise cloud strategies will be increasingly impacted by hybrid cloud. Cloud computing — particularly hybrid cloud environments — is now a business reality. Nearly 80 per cent of organizations surveyed by Gartner in 2013 said they “intend to use cloud services” within the next 12 months. As cloud becomes a default part of the IT landscape, more companies are relying on cloud computing for vital business processes, including disaster recovery (48%) and security (44%).
Banks tend to lag behind other industries in adopting new technologies, and cloud is no exception. Fears over data security and regulatory concerns have hobbled their progress. But they are learning their lessons from other industries – and also by their mistakes! Card processing and online banking have moved towards cloud services, and others will follow fast.
Motives for banks moving across to cloud differ, but the pressure to cut costs and get to market faster are the major factors and is responsible for the dramatic growth in cloud adoption in the financial sector.
Increased IT costs and under used hardware are one of the major issues facing financial institutions. Gartner believes that by 2016, budgets will drive over 60 per cent of banks globally to process many of their transactions in the cloud. Many financial institutions have large legacy systems, which they continue to run at great expense, worried about the risk of transferring operations and data. Via a hybrid cloud move they can scale up operations accordingly, without adding software, hardware or manpower costs.
Making it fit
Banks have a fundamental question they have to ask before they can join the cloud. Basically, which business functions are actually suitable to migrate to a cloud environment? Sounds simple, but this is not always easy to answer. It’s paramount to have a reliable data back up and recovery system in place that will ensure business continuity and secure data if a disaster happens.
It is true that when you put data in the cloud you are entrusting a service provider rather than just your own staff. This is a big sticking point for many financial institutions. Hybrid is one answer. But each organisation must look carefully at its disaster recovery strategy. Disaster Recovery as a Service (DRaaS) may be the best solution. This is the replication and hosting of physical or virtual services by a third party should a disaster happen, be it a hack or natural disaster. Quorum, for example, recently became the first solution of its type to be certified PCI compliant, removing yet another barrier to cloud backup adoption.
Finance is a compliance driven industry that is audited regularly so the ability to prove your disaster recovery solution is critical. In the same breath, the ability to have offsite copies of your data is also an important requirement. With a PCI compliant cloud solution, financial institutions have the security and assurance they need. So, if their site does have a disaster, they are ready and able to operate out of the cloud straight away.
When an organisation works with a cloud provider, it should always check the provider’s security protocols. In the cloud, encryption is the industry standard. Data must be encrypted when stored in the cloud and when being accessed by the user. Data is kept safe this way, and can travel between an on-site device and cloud backup securely via an SSL tunnel. This enables the IT team to focus on the organisation’s in-house system security and optimise overall performance.
It goes without saying that you should choose a provider carefully. There are so many options on the market, all vying for your business. Not everyone has the expertise, software options, or regulatory compliance background to handle your security appropriately. As the old adage goes, it is no use trying to shut the stable door when the horse has already bolted. The same goes for data security.
Regulators will start to change the goal posts as they gain a greater understanding of cloud, opening up the market rapidly. In July last year, for example, the Dutch banking regulator De Nederlandsche Bank (DNB) approved the use of the Amazon Web Services (AWS) for financial operations, including credit risk analysis, mobile apps and retail banking platforms.
There are numerous cloud models out there, and they will continue to evolve. But the hybrid model offers banks the opportunity to get on the cloud now, benefiting from scalability, flexibility and on-demand scalability, whilst at the same time addressing the compliance and regulatory issues so vital in their sector. Reducing the capital and operation expenditure on an IT infrastructure in the increasingly competitive financial world has got to be a smart move.