Our Viewpoint

Our Viewpoint

Do You Have the Technology to Truly Continue Operations in Any Disaster?

October 02, 2014

We live in an age where disasters are on the rise, be it technical, human, or natural events. If you're like many financial institutions today, your disaster recovery plan consists of backing up your servers and data to a tape drive, or perhaps you've already upgraded to an online backup solution. But what would really happen in a significant disaster? Could you really continue with day-to-day operations? At many institutions, it would take well over a week to fully recover. Others are spending huge sums on a redundant disaster recovery infrastructure by investing considerable capital and resources on a backup system that is seldom used and still has multiple failure points. But new technologies are finally solving this long-standing issue, making your institution's continuity assured, straight-forward, and much more affordable than building it yourself.

In 2014, financial institutions suffered from one of the worst winters the U.S. has experienced in a long time; however those institutions using cloud computing fared considerably better than those with in-house networks by simply recovering and restoring operations at their secondary sites. Because their critical systems and applications were hosted at a secure data center, the weather event in the financial institution’s region did not prevent it from restoring operations fully at its secondary site.

Having been involved in business continuity and disaster recovery planning for more than a decade, I have had the opportunity to create and maintain recovery strategies for many financial institutions of all types and sizes. There is no “one size fits all” recovery strategy, but when it comes to facing a disaster, financial institutions are far more attuned to the threats than any other industry. With an acute need for high availability and business continuity, financial institutions cannot afford to fail in their responses to disasters, large or small.

In most cases, financial institutions are focused on providing banking solutions. Disaster recovery plans and strategies, however, become shelf-life material, as updated continuity plans are only delivered annually to the board, while omitting an answer to the critical question “Would our financial institutions truly be able to recover in the event of a disaster?”

In many cases, financial institutions tend to focus on tabletop exercises over functional exercises to make it through their annual test cycle. Tabletop exercises are discussion-based sessions of one or more scenarios that only theoretically validate plans and capabilities, whereas functional exercises allow personnel to validate plans and readiness by actually performing their duties in a simulated operational environment. This is as close to the real thing as possible. Be aware though, that although functional testing is a best practice, I have nonetheless found that organizations tend to use their alternate operating facility as a dumping ground for old technologies. They do not keep it current with operating system and software version requirements, and generally cut out testing key functions that would be essential in a major disruption. This brings me back to why financial institutions should consider operating in a cloud environment.

As you evaluate the merits of operating in the cloud, several things become clear. First, you will see how increased system availability and an instantaneous disaster recovery capability significantly improves your ability to recover from an unforeseen event with little impact on your operations. Second, you’ll understand the ability to access your work environment securely from any Internet access point at any time with any PC, laptop or even a tablet. And third, you’ll know that your operating systems and software versions are always kept up-to-date and compatible with one another and with your other critical applications, taking this risk off the table immediately. Testing critical applications from any location at any time of the day is handled with ease, as your service provider assists in setting up your scripts, test procedures, and reports for annual testing.

These three points outline how a cloud computing platform, like D+H’s Compushare C3, can support your ongoing business continuity needs. Compushare C3 allows you to take advantage of tremendous flexibility and predictable IT costs, while remaining compliant with current and future IT regulatory requirements.

Don't be fooled into hoping you are positioned for an emergency or disaster with your current on premise infrastructure. If you are like most small to mid-sized financial institutions, that hope can be dashed at the worst moment as a result of a generally untested business continuity manual that’s been sitting on the shelf for a year, and the realization that your secondary site cannot support your operations in your moment of need.

Author

Brandon O’Donoghue
Risk and Compliance Engagement Manager

Brandon O’Donoghue works closely with financial executives and board members providing guidance and direction to clients in the effective creation of business continuity and disaster recovery programs, IT policies and procedures, and IT risk assessments. Prior to joining the team, Brandon developed and managed the Business Continuity and Disaster Recovery Program at Fremont Investment and Loan.