Brent Moore, Director of Customer Support
Greetings and Happy Holidays from all of us in the NOC! As we approach the end of the year, I would like to delve into the year in retrospect and look forward to planning for the New Year. From the NOC’s perspective, I will elaborate on some technologies and trends we have seen over the past year.
1. Backup solution
First, let’s discuss file level backup solutions which from both a technology and business perspective is arguably one of the most important decisions for your financial institution. In 2010, the NOC has been alerted on more than 2,000 tickets associated with backup failure with tape, external HD, and NAS based backups. Also, it’s our experience when recovering from server failure using media based backups it typically takes at least a business day to recover. With this in mind, my first recommendation is that your financial institution should invest in a data vaulting solution such as Safe Systems’ C-Vault. Why? My first reason is C-Vault is a much more reliable solution and it is an affordable option. It is by far the most simplistic method for file level backups as it utilizes a thin agent installed on each server to backup changes across your Internet connection. Vaulting provides enhanced flexibility as it will backup changes throughout the business day and this adds more options to restore file versions. Media based backups give fewer restore options as typically the restore would take place from a previous night’s backup. With vaulting, the data is backed up to a vaulting data center and then replicated to another colocation facility. It is encrypted in transit and in storage. Keep in mind, this solution is best utilized with the addition of a local storage appliance. This appliance provides a local copy of all backups sent remotely and this component is pivotal when recovering from server failure. The local storage appliance allows the server to be recovered from a local restore versus recovering from the data vaulting center via your Internet connection. I believe it’s accurate to say that no one has a disaster and/or server failure on their roadmap, but we all agree it is pertinent to plan for the worse. Big picture, your recovery capabilities are ultimately contingent on the technology you choose for backups.
2. Internet bandwidth
In the technology industry, we are witnessing the Cloud computing movement gain more momentum. As a result, more and more of financial institution’s services are being hosted and as such, it is important to consider your Internet bandwidth. Safe Systems offers a few of these hosted services such as hosted email, data vaulting, and hosted disaster recovery. The user experience and functionality of cloud services are heavily tied to your bandwidth utilization. In the NOC, we are seeing trends of bandwidth issues and this leads me to believe this must be brought into consideration for future technology plans. In the days of de novo institutions, it was common to see customers looking for cheap alternatives for Internet and an asynchronous DSL line was the connection of choice. In the move to centralize services, your financial institution should consider dedicated Internet connections with guaranteed throughputs for download and upload speeds. Moreover, with financial institutions becoming more dependent on the Internet for financial operations, it is important to consider redundant Internet connections. It is typically not a question of whether your primary Internet connection will have an outage but when. With this in mind, I suggest a secondary Internet connection with automatic failure capabilities; so, when you have an Internet outage you will automatically fail over to your backup Internet connection. As your institution grows and plans for the future, keep your Internet bandwidth usage needs in mind.
I’m positive that each and every financial institution has been affected by malware in some way this year. We are in a stage in technology where signature based scanners are no longer enough to protect against malware. This is largely due to the nature of such scanners, as most of these are definition based. This means that if an endpoint is attacked before the attack has been recognized by definition databases, it is difficult to prevent infection. So, what is the answer? Well, there are many ways to prevent malware and most take a layered approach to prevention. An alternative that I want to explore is based upon the premise of the principal of least privilege. This involves giving employees access to only the functions that are required to do their work. I want to apply this to Internet access because without access to your network, malware can’t infect it. That is, the door that allows malware access to your network is via the Internet and if the Internet user makes the decision on what is allowed inside the network, this can prove to be a slippery slope. In most cases, the reason for an infection is the result of Internet browsing from an end user and due to the ever evolving methods of infection, educating users can prove difficult. I advocate limiting access to the Internet to only those that absolutely need it to perform their job duties. The other vehicle used by malware is email. By limiting the user’s ability to send/receive external emails, you can remove the need for Internet access. In the end, this method of preventing malware will not 100% protect your institution against malware, but let’s consider the numbers. If 20% of your employees do not require Internet access, then your institution is 20% less likely of a malware infection. This can be a daunting task because it is extremely difficult to take away something that the employee previously had access to. However, given the amount of fraud seen in the media and the risks associated with malware, I believe it worth the cause.
4. Hardware redundancy & manufacturer warranties
The last items I would like to discuss are hardware redundancy and manufacturer warranties. It is fairly common while troubleshooting in the NOC that we come across situations where customers are in need of spare equipment. With that theme in mind, I would look to make sure you have redundancy built into your technology wish list for next year. The first and most likely need is replacement workstations. Workstations are the most common item that we work on in the NOC because unlike servers, there is no hardware redundancy. Thus, it is likely that a workstation will have to be rebuilt and/or replaced. Spare equipment is especially important if you have aging hardware that is near end of life. It is not uncommon for it to take several hours to repair a workstation and if you have spare equipment this will decrease the amount of downtime for your employee tremendously. This can be extended to, but not limited to, such things as: replacement switches, network cables, Uninterruptible Power Supplies (UPS), UPS batteries, firewalls, routers, etc. In the event that equipment fails, does this directly have an effect on operations? If the answer is yes, then most likely redundant equipment is a good idea.
Additionally, manufacturer warranties go hand in hand with the hardware redundancy discussion. Most commonly, manufacturers will provide hardware replacement terms in the warranty agreements. But, not only from a hardware replacement perspective, it’s important to maintain warranty agreements with equipment vendors for troubleshooting purposes. Most hardware vendors provide technical consulting with warranty agreements and replacement of faulting hardware. It is in the best interest of your financial institution to maintain warranties and to plan for this in the future.
As your technology partner, our number one priority is to keep your best interests in mind and to inform you of the best direction for your future technology plans. I discussed some topics the NOC has encountered throughout the year and it is my hope that by sharing this information, it will empower you as plans are made for your financial institution’s future technology growth. Please contact your account manager if you would like our assistance with executing and/or developing any plans for your institution’s technology needs. We appreciate your business and value our partnership with each client. I look forward to what the future brings in technology and I hope everyone has a safe holiday season.