IT leaders in financial services must adopt an intelligent data management strategy, to incorporate: backup and recovery of all application and workloads, protection and management of data across multi-cloud environments, orchestration and optimal use of resources, and automated backup, migration, security and recovery capabilities. Financial services firms will lose customers if there are any doubts about the security or reliability of account information. Enabling the Hyper-Available Enterprise is critical.
The threat landscape
Customers increasingly require non-stop access to account information, and financial services are natural targets for cybercriminals. In one of the most eye-opening examples, Bangladesh Bank in 2016 suffered an $81 million bank heist when hackers used Society for Worldwide Interbank Financial Telecommunication (SWIFT) credentials to request that more than three dozen criminal money transfers be sent to bank accounts set up in the Philippines, Sri Lanka and in other locations throughout Asia. This theft not only caused serious threats to Bangladesh Bank’s reputation, it also raised integrity issues worldwide about the SWIFT network, which had previously been considered totally reliable.
“Banks are attacked daily, sometimes hundreds or thousands of times,” said James Chessen, executive vice president of the American Bankers Association’s Center for Payments and Cybersecurity, in a Nov. 7, 2017 story in American Banker. “There’s this constant battle, with hactivists, hostile nations or whomever trying to get access to information or work their way into a bank.”
The 2017 Cost of Cyber Crime Study by Accenture and Ponemon Institute reports that, on average, a company suffers 130 breaches per year. The study found that the financial services industry pays the highest annualized cost of cyber crime: $18 million.
Hyper-Availability in the age of compliance
Financial services firms also need to comply with national and, in some cases, international standards. For example, publicly traded banks and insurance companies must adhere to Sarbanes-Oxley requirements for protecting, securing and retaining information. In addition, the Basel Accords include strict rules on how to protect bank IT departments through proper disaster recovery (DR) solutions, and they require DR tests at least annually.
Regulatory compliance requires clear visibility into data availability processes and procedures, with automated auditing and reporting. The impact of noncompliance is untenable, because financial services firms would be exposed to the possibilities of major fines and damage to brand reputation.
Reduced downtime and data retention
Hyper-Availability of enterprise data and long-term data retention are essential elements of business success for financial services organizations. Customer account information is now accessible at any time, from any device, and no customer will tolerate slow performance or network downtime. Partners throughout the financial services ecosystem will similarly refuse to conduct business regularly with banks and insurance companies that do not reliably deliver uninterrupted access to shared data.
Guidelines for data protection, backup and availability
Technical requirements for financial institutions and insurance companies are changing rapidly, and ensuring the continuous availability of mission-critical data is essential for profitable operations. IT leaders in these environments must assess their data availability solution options and enable intelligent data management, using these critical factors as guidelines:
- DATA PRIVACY MUST BE MAINTAINED: As customer information becomes accessible through any device, encrypting secure traffic flows is required to secure customer information.
- BACKUP AND RECOVERY OF ALL WORKLOADS MUST BE GUARANTEED: Customers and business partners expect 24.7.365 availability for all applications and data with complete visibility, and financial services firms should embrace zero-downtime tolerance policies.
- DATA RECOVERY SHOULD BE STREAMLINED AND SECURED: Exposure of confidential data can result in business-crippling fines and a disastrous impact to the brand. Financial services organizations must be able to implement granular data recovery, have the ability to search data resources, and focus on immediately recovering mission-critical data. Banks and insurance companies must also develop and implement low recovery point and time objectives. Ideally, data recovery should be implemented within less than 15 minutes for recovering all applications and data, with complete visibility into recovery processes and end-to-end encryption to protect the data.
- CONSIDER AN AVAILABILITY SOLUTION THAT ENSURES PROTECTION AND MANAGEMENT OF DATA ACROSS MULTI-CLOUD ENVIRONMENTS: Every comprehensive availability strategy must include an off-site infrastructure, whether managed internally or by a trusted service provider. IT should evaluate whether to extend availability to the cloud to avoid the cost and complexity of building and maintaining off-site infrastructure for backing up data and enabling secure and timely disaster recovery.
- IMPROVE MANAGEMENT OF DATA WITH CLEAR, UNIFIED VISIBILITY AND CONTROL INTO USAGE, PERFORMANCE ISSUES, AND OPERATIONS: Aggressive retention standards, growing customer demands and increasing IT-infrastructure complexity make it challenging for financial services firms to adequately safeguard the growing amount of sensitive information they’re required to store and protect. It is important to deploy resource optimization and configuration tracking to evaluate the performance of the infrastructure, ensure best practices for data management are implemented and enable around-the-clock real-time monitoring and alerting
- SAVE MONEY BY SIMPLIFYING AND AUTOMATING DR: Banks and insurance companies are required to comply with demanding standards and regulations. One of the most challenging requirements is to consistently execute annual DR testing, which can be both expensive and labor-intensive. DR should be simplified to guarantee recovery point and time objectives of less than 15 minutes for recovering all applications and data, and to provide proof of compliance through automated reporting
- MANAGE BRANCH FACILITIES THROUGH A SINGLE PANE OF GLASS: The centralization of data from remote and branch office locations consumes significant bandwidth and resources for financial services organizations. It is crucial to centralize server management for multiple locations into a single view and empower IT administrators to manage assigned VMs without allowing multitenant reporting to compromise the remainder of the data