5 Keys to an Effective Disaster Recovery Strategy
Curt Frierson, Chief Technology Officer
A guide to overcoming the traditional obstacles while cutting costs.
Current Disaster Recovery Landscape
Real-world disasters over the past few years such as Hurricanes Katrina, Ike, and Rita have created an increased focus on the issues of disaster recovery (DR) and business continuity for financial institutions and have led to increased regulatory scrutiny in these areas. Faced with this growing demand, most institutions have at least documented a disaster recovery plan. Although this is a step in the right direction, having a documented plan does not necessarily mean that your institution could recover effectively from a major disruption, much less be able to continue operations through the disaster. The simplest way to measure your current disaster preparedness is to ask the following question:
“Do you have complete confidence in your institution’s ability to recover from a disaster?”
If your financial institution falls into the majority that answers “no” to this question, what are your reasons for this uncertainty? It is definitely understandable, given the current economic climate, that disaster recovery may not have been a top priority over the past year. Unfortunately, disasters do not care about the economy. In fact, experiencing a disaster without being prepared in an already tumultuous economic climate could be the death knell for a community bank or credit union. For most institutions, however, a deficient disaster recovery plan is not due to a lack of priority. In fact, there are 5 keys to an effective DR strategy that have traditionally been difficult to address, especially for smaller organizations. Understanding how and why you fall short in these areas is critical to reaching your desired level of confidence. Once the obstacles in your path are identified, it is much easier to develop an effective disaster recovery strategy that addresses and overcomes your current deficiencies.
The 5 Keys to an Effective Disaster Recovery Strategy
- Redundant Equipment
- Appropriate DR Site(s)
- Connectivity
- Speed of Recovery
- Ease and Accuracy of Testing
Redundant Equipment
The most common forms of disasters – hurricanes, floods, fires, tornados– all involve the damage or loss of computer equipment. Under these circumstances, one of the most obvious needs is new systems to replace the damaged hardware. Traditional DR plans required either significant capital investment or the acceptance of a realistic recovery window between one week and several months. Luckily however, new options exist that provide lower costs, risks, and recovery times. These options involve utilizing a service provider partner to provide the necessary equipment for an institution to recover. Solutions now can provide customer-premise equipment in the event of a disaster and can enable an institution to leverage a service provider’s infrastructure capacity, reliability, and expertise to recover “in the cloud”. These options allow smaller businesses to reduce their risk of downtime without the burden of exorbitant upfront costs.
Appropriate DR Site(s)
The requirements for a DR site vary greatly based on an institution’s business model. Some organizations can get by with simply ensuring that their systems are online and available. Others need retail space in an accessible location to service their customers. The key is to ensure that you have the necessary facilities to continue servicing your customers after a disaster strikes. Many institutions have a branch location that can serve this role. If not, there are creative ways of accomplishing your recovery objective without sacrificing your bottom line. One of the most compelling options is a service that can deliver a banking facility on wheels to a chosen location, outfitted with a teller line, offices, CSR stations, a phone system, PC’s and laptops, generator, and satellite Internet communications.
Connectivity
Communications play a crucial role in today’s IT environment. If connectivity in various disaster scenarios is not given serious attention, it may completely halt a business continuity plan. Most institutions rely on connectivity to at least one service provider or an operations center in order to provide critical services. Traditional communication circuits can also be affected by localized disasters, creating even more complexity in DR planning. Institutions with geographically dispersed branches have an advantage in this area; however, those with no distant branch offices can utilize satellite or cellular communications as an alternative option.
Speed of Recovery
Many disaster recovery plans are not aligned with a business impact analysis (BIA), resulting in wide gaps between acceptable downtime and a realistic recovery time objective (RTO). If your institution’s acceptable downtime for teller transactions is 1 day, you need to be able to recover all of the systems required for the teller application to function within 24 hours. This recovery time is hard to meet if you do not have solutions in place to address the previous three objectives: redundant equipment, appropriate DR site, and connectivity. If you cannot recover your systems in time to meet the acceptable downtime identified in your BIA, you must find solutions to address your deficiencies. Only testing will be able to validate your true recovery time.
Ease and Accuracy of Testing
Many of the most forward-looking institutions still seem to struggle with disaster recovery testing. This is because a true disaster scenario is hard to replicate. Most testing must be done after hours in order to take production systems down or reroute communications over alternate circuits. Furthermore, in order to truly test a DR plan, some systems may require changes to be made that could affect the institution’s production environment. For these reasons, it is important that your disaster recovery strategy allows for simple testing that can be efficiently performed to minimize impact to the production environment.
About Safe Systems, Inc.
Safe Systems has been assisting financial institutions in disaster recovery planning for over 17 years. Through the years of experience working with our customers in DR testing and real-life disaster scenarios, we have developed an affordable suite of services designed to help facilitate disaster preparedness and simplify the DR testing process. From DR plan development and testing, to data vaulting, to high availability system replication and recovery (recover in hours vs. days), to workspace and voice/data communications recovery- we’ve got you covered. We can enhance your ability to meet the expectations of the Board, your customers, and the regulators. For a free quote or more information please contact Safe Systems at 877-752-0550 or info@safesystems.com.
About the Author
Curt Frierson, Chief Technology Officer, manages education, consulting, and professional services which provides network assessments and installations, technical sales consulting, and network hardening, as well as training classes and webinars in network administration, information security, and regulatory compliance. He also oversees Safe Systems’ internal infrastructure and leads research and development activities to identify and meet customers’ technology needs. With over nine years experience in information technology and security, Frierson’s areas of expertise include network design and integration, security architecture, network security consulting, and new technology. In his early years with Safe Systems, Frierson served the company as a Senior Systems Engineer and as a Security Professional. Frierson holds a Bachelor of Business Administration degree in Management Information Systems from the University of Georgia. His professional certifications include Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Microsoft Certified Systems Engineer (MCSE), and he is a member of the Technology Association of Georgia and Information Systems Audit and Control Association.