StorageGuard - by Continuity™ - is the ONLY Security Posture Management solution for Storage & Backups, helping to ensure these systems are securely configured, and compliant with industry & security standards.
In its recent cyber resilience oversight expectations publication, the European Central Bank (ECB) defines that “Financial stability may depend on an FMI’s (financial market infrastructures) ability to settle obligations when they are due. Therefore, an FMI’s arrangements should be designed to enable it to resume critical operations rapidly, safely and with accurate data in order to mitigate the potentially systemic risks of failure to meet such obligations”. It goes further into details and identifies that “The FMI should store backup copies in an alternate storage site which is not co-located with the operational system, with transfer rate consistent with actual recovery point objectives”.
Europe is not alone. Chairman Jay Clayton from SEC (U.S. Securities and Exchange Commission) stated not long ago that “Cybersecurity efforts must include, in addition to assessment, prevention and mitigation, resilience and recovery” while National Cybersecurity Center of Excellence (NCCoE) says “It is imperative for organizations to recover quickly from a data integrity attack and trust the accuracy and precision of the recovered data” in its Recovering from Ransomware and Other Destructive Events publication.
Meeting such expectation is not trivial for a large Financial Firm; Commonly such firms have dozens of datacenters in different locations hosting thousands of file servers and database servers that need to meet the recovery point objective (RPO) – at any given time.
Continuity Software helps the world’s leading organizations, including 6 of the top 10 US banks, to achieve resilience for their hybrid IT environments. One of the tools we provide them with is the Data Protection Status report (powered by AvailabilityGuard™). This report will automatically map out how data is being protected (see samples 1-2); this include showing:
First, it allows you to know whether the data is protected at all – does it have any remote copies?
Then for protected data the report will show what solutions are used to maintain a remote copy – for instance it will show that EMC VPLEX active-active storage mirroring or Hitachi TrueCopy replication is in place or that Database Log Shipping is used to maintain a remote copy.
One of the great things about AvailabilityGuard in general and specifically this report is the ability to measure the actual currently available recovery points. As noted by ECB, it’s not enough to protect the data, FMIs must also ensure recovery point objectives are met. AvailabilityGuard calculates the actual age of each copy, local and remote, whether the copy is produced at the storage host, database or virtual machine level. This feature allows IT organizations to review on an ongoing basis the actual recovery points and automatically identify when recovery point objectives are violated – and remediate it before a cyber scenario occurs.
As indicated by ECB, it is utterly important to ensure that the data copy is stored on a separate storage system located remotely in a different facility. This ensures data will remain available and secured under various cyber scenarios. Thus, the report will present the location of the source active data versus the location of the data copy.
Sample 1: High level Protection Status Summary for E-Payments business service
Label | Protection method | Solutions used | Copy lag / best recovery point* | Percentage |
A | Storage mirroring ;and;
Asynchronous Storage Replication |
VPLEX (Local), EMC SRDF | 0 – 5 minutes | 43% |
B | Database Log Shipping; and;
Local point-in-time copies |
Oracle DataGuard, NetApp snapshots | 45 – 60 minutes | 35% |
C | LVM Mirroring | Native AIX LVM mirroring | No lag (in sync) | 11% |
D | VM replication | Zerto | 30 – 45 minutes | 2% |
E | Unprotected | – | – | 11% |
Sample 2: Detailed Protection Status for E-Payments business service
Operational Site | Protection method | Solutions used | Copy lag / best recovery point | Storage site for data copy | Server Role | Protected Systems |
Austin | Storage mirroring ;and;
Asynchronous Storage Replication |
VPLEX (Local), EMC SRDF
|
0 – 5 minutes
|
San Antonio | Database, Application, Web | csdmvi001-58
esxprd01-128 ntsrv2lr* aixdbprd1-12 … |
Austin | Asynchronous Storage Replication | EMC SRDF
|
17 hours and 50 minutes
|
San Antonio | Database, Application, Web | epdbprd3 |
Austin | Database Log Shipping; and;
Local point-in-time copies |
Oracle DataGuard, NetApp snapshots | 45 – 60 minutes | Kansas City | Database | orat2if73-89
exora*
|
Prague | LVM Mirroring | Native AIX LVM mirroring | No lag (in sync) | Prague | Application | wasprd*
… |
Austin | VM replication | Zerto | 30 – 45 minutes | San Antonio | Web | sqlprdw*
… |
Austin | Unprotected | – | – | – | 11% | wlprd3ty
sqlpaypp4 … |
It’s time to automate the secure configuration of your storage & backup systems.
On October 29, join Dell-Continuity Webinar: 4 Fundamental Strategies To Secure Your Storage & Backup
Register