Greater business continuity and disaster recovery capabilities in the cloud
- What implications will new technologies have on business continuity/disaster recovery for financial services firms?
BC/DR will become even more of a priority for firms in 2015, considering the rise in new technologies that have decreased firms’ tolerance of downtime.
Customers are accustomed to banking at their fingertips through online banking and mobile banking applications. The next rising trend is real-time payments (RTP) infrastructure, which enables customers to make transactions such as bank-to-bank transfers in as little as a few minutes, as opposed to waiting for the next batch of transactions to be run.
The implication for financial firms is that they’ll have rapidly increasing data volumes to manage expectations. On a broader scale, financial market infrastructures will exhibit a higher degree of interoperability. To provide customers with the option for lightning-fast service, banks on both ends of a transaction need to be available. As a result, financial organisations will have to think about how they’re going to maintain 24/7 uptime. With higher consumer expectations and new services rolling out at a rapid pace, downtime isn’t an option.
- Do financial institutions really have to move to the cloud for backup?
As legacy software and equipment become more cumbersome to manage, firms can benefit from implementing cloud-based data backup and recovery solutions that are not only more user friendly but more effective at meeting aggressive recovery time objectives (RTOs) driven by compliance requirements and customer demands. Although historically meeting tougher RTOs was a fairly cost-intensive exercise, an enormous influx of new solutions to the market has made costs drop significantly.
A new approach is the combination of cloud backup and vaulting to meet RTOs. Technologies meeting this need include BlackVault, an on-site managed solution that securely stores critical data in an on-site platform. For additional off-site recovery, data can be vaulted in BlackCloud, a private cloud environment. These solutions have the ability to meet RTOs as short as 0-2 hours.
- Why are financial firms shifting to DRaaS?
By 2018, Gartner estimates that the size of the DRaaS market will exceed that of the market for more traditional subscription-based DR services1. For large financial firms with secondary sites for disaster recovery and dedicated staff for business continuity, the move to a cloud-based DR Service used to be expensive and complex. However, innovation and flexible DRaaS solutions have changed this. Both more cost-effective and simpler to implement than traditional DR solutions, managed services providers can set up DRaaS quickly with minimal downtime.
The transition to cloud-based backup and DR is driven by the need to recover key IT systems and data quickly. Data sprawl is becoming more of an issue, and no business wants to keep expanding their physical infrastructure to manage growing volumes of data. Additionally, financial organisations need to consider the geographical dispersion of data to mitigate the threat of regional disasters such as floods. One potential drawback of a cloud service is that if the provider has data centres located too far outside an organisation’s locale, the firm might experience latency when recovering data. The firm also needs to consider its compliance obligations – whether explicit or implicit – that might restrict the flow of data across EU borders.
- What sort of impact will DRaaS have on recovery times?
As I mentioned earlier, one of the advantages of cloud DR is that it reduces operational complexity, which allows businesses to meet more aggressive RTOs. But even so, self-managing a service makes it more difficult to recover quickly. DRaaS providers have a much better handle on how to meet customers’ individual needs. Some firms are wary of depending on a third party to recover key infrastructure components and applications, but that issue can be addressed by tying RTOs for each piece to service level agreements (SLAs). If the service provider doesn’t meet the requirements of an SLA, the client organisation would have a predetermined remedial process to fall back on.
- What should a modern backup and disaster recovery plan include for a financial organisation?
Financial organisations are held to a higher standard than most other types of organisations in terms of data protection and availability of service, so there’s a rising concern in the financial sector about DR planning. In fact, the CCP12’s Emergency Default Information Sharing Procedure specifically called for more knowledge about DR to be shared.
The concern is in turn driving increased adoption rates for cloud solutions. DRaaS is a great example of where the technology is leading us. Being able to restore the organisation’s entire environment ‒ not just the data ‒ from the cloud is extremely attractive for firms with minimal tolerance for downtime, or those in high-risk geographical areas, for example. However, it’s still critical for companies in the financial sector to ensure they don’t fall foul of compliance – the chosen DRaaS provider has to meet operational regulations and standards such as PCI-DSS, Basel III and ISO.
A comprehensive risk assessment and business impact analysis can aid a financial firm in selecting a DRaaS solution that fits within the scope of the business’s unique requirements. Using a private cloud vaulting service in conjunction with an on-site data storage platform can help address the need for geographical diversity and on-site backups while providing resilience benefits. Ultimately, the cloud’s scalability and centralised management reduce operational complexity to allow for better DR, security and testing.
About Brandon Tanner
Brandon Tanner is a successful entrepreneur with a technology background that spans software, hardware and service solutions for financial institutions and other regulated industries. He is the senior manager for ITS and their sister organisation, Rentsys in the US and is the key, driving force behind the company’s business continuity and disaster recovery products and services, including the next generation of cloud and recovery products, BlackCloud and BlackVault. The combination of Brandon’s technology and regulatory expertise has led to several innovative cloud strategies that have helped customers maintain compliance more cost-effectively. For more information, visit www.itspecialists.uk.com
1 Gartner, Magic Quadrant for Disaster Recovery as a Service, 2015, April 21, 2015.