Banking on business resilience in 2022

Drawing on years of experience deploying technology for some of the world’s leading financial firms, Creative ITC MD Keith Ali advises how a new approach to disaster recovery (DR) is needed to protect banking and financial services organizations from the additional challenges of hybrid working.

Traditional DR Plans Exposed

An effective DR strategy forms the backbone of successful banking and an always-on customer experience. Yet the reality is that IT managers are struggling with a growing wave of security threats, outdated systems, a lack of investment, growing infrastructure complexity, and growing reliance on cloud offerings. public.

Hybrid work models compound the challenge of managing ever-changing IT infrastructures and an ever-changing threat landscape. More than half of security managers (52%) are struggling to protect their employees’ mobile devices from the rise in cybercrime. Others have reported security backdoors left open in seemingly innocent legacy network connections and end-user devices.

The pandemic has exposed cracks in many disaster recovery plans. Disturbingly, 71% of CIOs lack confidence in their ability to recover from a DR incident. The lack of regular testing and growing IT complexity are largely to blame. Nearly half (46%) of financial firms haven’t tested their DR solutions for six months or more, while 87% struggle to orchestrate alerts from multi-vendor security products.

There are growing fears that a service outage could severely disrupt the country’s increasingly cloud-dependent banking system, leading the UK’s Prudential Regulation Authority to tighten its scrutiny of major cloud providers. public AWS, Microsoft Azure and Google Cloud.

Traditional replication solutions were not designed to cope with today’s IT complexity or to accommodate the scalability, mobility and flexibility requirements of applications running on virtualized cloud infrastructures. With long-term hybrid operation, the demand for availability and data protection is greater than ever. In short, DR plans need to evolve.

Why DRaaS is such a hot topic

Escaping the burden of managing business continuity in an ever-growing cloud infrastructure, financial organizations are increasingly turning to disaster recovery as a service (DRaaS). Outsourcing disaster recovery to a specialist provider offers a fully managed, hassle-free service tailored to the needs of the organization. A DRaaS provider typically does all the heavy lifting, such as planning, design, implementation, and optimization. Premium protection and recovery speed can only be applied to critical infrastructure and data services that really need it, with a slower recovery SLA for items where the business impact would be less .

One of the most common reasons financial firms struggle to implement and test resilient disaster recovery plans is the cost and resources involved. With no significant Capex investment or running costs of a secondary DR site, DRaaS quickly replaces the cost of hardware, software and people with predictable monthly expenses and peak capacity. DR is the sole focus of the outsourced vendor, rather than an unwanted addition to already overstretched in-house IT teams. The vendor has the time, skills, and resources to devote full-time to disaster recovery.

Golden rules for DR

The classic (and still the best) way to measure performance is to focus on reducing the impact of downtime by optimizing two key metrics:

  • Recovery Point Objective The latest point in time at which computer systems and applications can be recovered, the RPO indicates the amount of data that will be lost. The cost of an hour of lost data can easily run into six figures, so it’s worth considering if nightly backups (with a 24-hour RPO) are still enough.
  • Recovery Time Goal RTO measures the time it takes for applications and data to recover and for business operations to return to normal. Downtime can result in a significant loss of revenue and productivity.

Always aim for the lowest possible RPO and make sure your solution includes alerts to warn you if you are at risk of exceeding your defined SLA and allows prioritization of individual applications.

To assess RTO and adjust your disaster recovery plan to minimize downtime, regular testing is essential. This is where a DRaaS provider adds particular value. Because getting users back online quickly and maintaining uninterrupted customer service is imperative, some DRaaS vendors will offer a temporary VDI solution. By deploying state-of-the-art DR technology to avoid production downtime or replication interruptions, they can also perform testing during working hours without impacting business operations. The provider will repeat this several times to optimize your RTO so you know you will always be able to fully recover, as quickly as possible.

Choose the right partner

McKinsey reports that operational resilience has become a key strategic issue in banking and finance. It has never been more important for business leaders to ensure that their organizations are robust and flexible enough to face a multitude of operational threats. The nature of disaster planning is changing. As the cloud and virtualization take hold, the risk of downtime due to software issues, cybersecurity vulnerabilities, and increasing infrastructure complexity also increases. Add to that natural disasters, power outages, hardware failures and human error and it becomes clear that finance organizations need more robust DR resources in place – and be absolutely certain that they will work.

A replication-based DRaaS solution based on hypervisor and CDP provides a much higher and more comprehensive level of protection and preparedness than the traditional DR approaches still in place in many organizations. A scalable, fully managed DRaaS solution from a specialist vendor offers banks and financial firms the added benefit of saving time and costs, improving DR performance and peace of mind, bringing the certainty of business continuity in an uncertain world.