Can Financial Services Trust the Cloud for Disaster Recovery?

Looking to the cloud could help banks and other financial institutions improve their DR testing practices while maintaining regulatory compliance.

Whether because of natural disasters, cyberattacks or simple human error, downtime can severely disrupt banking operations, and financial institutions take that threat seriously.

According to a study from Peak 10, 96 percent of banks and insurance companies have a documented disaster recovery (DR) plan in place. Of those, 86 percent rely on data replication, 85 percent perform backups and 68 percent build active infrastructure designs for high availability.

What’s missing from most of those DR strategies? Cloud-based backup. Peak 10 reports that 57 percent of respondents choose to keep DR on-premises. That approach leaves financial institutions in charge of deploying, maintaining, patching and testing their own infrastructure, but according to the study, IT teams are falling behind on one of those important tasks.

“When asked how often DR plans are tested, 63 percent of respondents said once per year or less, which is startlingly infrequent given the criticality of the data and systems in question,” the Peak 10 report states. “Disturbingly, 21 percent of those who do test typically find problems or gaps — which does not account for all of the problems and gaps which exist in environments that are operating without testing,” it continues later.

SIGN UP: Get more news from the BizTech newsletter in your inbox every two weeks!

Banks Can Create a Better DR Solution in the Cloud

Improving DR in the financial industry could boil down to outsourcing management tasks to the cloud. Disaster Recovery as a Service (DRaaS) provides near-real-time redundancy for critical operations while shifting the responsibility for testing and failover to the cloud provider.

According to a Forrester report from 2016, that change offers several benefits to financial institutions. “With DRaaS, testing is generally automated and nondisruptive, meaning that you can test more often,” it states. “And unlike traditional DR providers, some DRaaS providers don’t charge a fee for additional self-service tests. The provider can bundle DRaaS contracts with testing services and failover assistance if you require additional help.”

Beyond increasing the frequency and ease of testing, DRaaS providers offer financial institutions the peace of mind of knowing that the provider has the power, cooling and physical security features necessary to maintain their data, and is well equipped to handle server failures and other unforeseen events.

Cloud-based DR also reduces the costs associated with data recovery. By leveraging on-demand pricing, financial institutions can support geographic redundancy but avoid paying for compute charges until the site is activated.

Barriers to Cloud Adoption Within Financial Services Remain

Despite the benefits of DRaaS, many financial institutions hesitate to move their data to the cloud. According to Peak 10, 82 percent of IT decision-makers cite security and data privacy as a top concern, while 61 percent say they worry about meeting compliance standards.

Those fears may not be as daunting as they appear. Writing for Data Center Knowledge, cloud expert Sean Finnerty suggests that adopting the cloud can actually improve banks’ compliance efforts by “ensuring key requirements like logging, data control and classification, redundancy and maintenance are achieved.”

An article in The Wall Street Journal draws similar conclusions:

In the past few years, most modern cloud vendors have matured considerably, establishing better security, privacy and compliance controls for cloud applications. Vendors may also employ automation to prevent manual errors that can put companies at risk. These factors can ease [financial services industry] concerns, as many companies now find it easier to meet cybersecurity and compliance objectives in the cloud than in their own data centers.

Financial institutions that are still on the fence can work with an aggregation partner to identify which DRaaS providers meet the industry’s strict regulatory demands.

By performing due diligence up front, such a partner can help clear the way for banks and other financial institutions to leverage the reliable security, rapid recovery and improved continuity the cloud provides.

DrAfter123/Getty Images
May 07 2018