How to meet regulatory expectations for cyber resilience

There’s No Time for Downtime

How to meet regulatory expectations for cyber resilience

by Yaniv Valik on June 27, 2018

In its recent cyber resilience oversight expectations publication, the European Central Bank (ECB) defines that “Financial stability may depend on an FMI’s (financial market infrastructures) ability to settle obligations when they are due. Therefore, an FMI’s arrangements should be designed to enable it to resume critical operations rapidly, safely and with accurate data in order to mitigate the potentially systemic risks of failure to meet such obligations”. It goes further into details and identifies that “The FMI should store backup copies in an alternate storage site which is not co-located with the operational system, with transfer rate consistent with actual recovery point objectives”.

Europe is not alone. Chairman Jay Clayton from SEC (U.S. Securities and Exchange Commission) stated not long ago that “Cybersecurity efforts must include, in addition to assessment, prevention and mitigation, resilience and recovery” while National Cybersecurity Center of Excellence (NCCoE) says “It is imperative for organizations to recover quickly from a data integrity attack and trust the accuracy and precision of the recovered data” in its Recovering from Ransomware and Other Destructive Events publication.

Meeting such expectation is not trivial for a large Financial Firm; Commonly such firms have dozens of datacenters in different locations hosting thousands of file servers and database servers that need to meet the recovery point objective (RPO) – at any given time.

Continuity Software helps the world’s leading organizations, including 6 of the top 10 US banks, to achieve resilience for their hybrid IT environments. One of the tools we provide them with is the Data Protection Status report (powered by AvailabilityGuard™). This report will automatically map out how data is being protected (see samples 1-2); this include showing:

  • Solutions used to protect the data.

First, it allows you to know whether the data is protected at all – does it have any remote copies?

Then for protected data the report will show what solutions are used to maintain a remote copy – for instance it will show that EMC VPLEX active-active storage mirroring or Hitachi TrueCopy replication is in place or that Database Log Shipping is used to maintain a remote copy.

 

  • Actual available recovery points.

One of the great things about AvailabilityGuard in general and specifically this report is the ability to measure the actual currently available recovery points. As noted by ECB, it’s not enough to protect the data, FMIs must also ensure recovery point objectives are met. AvailabilityGuard calculates the actual age of each copy, local and remote, whether the copy is produced at the storage host, database or virtual machine level. This feature allows IT organizations to review on an ongoing basis the actual recovery points and automatically identify when recovery point objectives are violated – and remediate it before a cyber scenario occurs.

 

  • Location of the active system versus the location of the copy.

As indicated by ECB, it is utterly important to ensure that the data copy is stored on a separate storage system located remotely in a different facility. This ensures data will remain available and secured under various cyber scenarios. Thus, the report will present the location of the source active data versus the location of the data copy.

 

Sample 1: High level Protection Status Summary for E-Payments business service

Label Protection method Solutions used Copy lag / best recovery point* Percentage
A Storage mirroring ;and;

Asynchronous Storage Replication

VPLEX (Local), EMC SRDF 0 – 5 minutes 43%
B Database Log Shipping; and;

Local point-in-time copies

Oracle DataGuard, NetApp snapshots 45 – 60 minutes 35%
C LVM Mirroring Native AIX LVM mirroring No lag (in sync) 11%
D VM replication Zerto 30 – 45 minutes 2%
E Unprotected 11%

 

 

 

Sample 2: Detailed Protection Status for E-Payments business service

Operational Site Protection method Solutions used Copy lag / best recovery point Storage site for data copy Server Role Protected Systems
Austin Storage mirroring ;and;

Asynchronous Storage Replication

VPLEX (Local), EMC SRDF

 

0 – 5 minutes

 

San Antonio Database, Application, Web csdmvi001-58

esxprd01-128

ntsrv2lr*

aixdbprd1-12

Austin Asynchronous Storage Replication EMC SRDF

 

17 hours and 50 minutes

 

San Antonio Database, Application, Web epdbprd3
Austin Database Log Shipping; and;

Local point-in-time copies

Oracle DataGuard, NetApp snapshots 45 – 60 minutes Kansas City Database orat2if73-89

exora*

 

Prague LVM Mirroring Native AIX LVM mirroring No lag (in sync) Prague Application wasprd*

Austin VM replication Zerto 30 – 45 minutes San Antonio Web sqlprdw*

Austin Unprotected 11% wlprd3ty

sqlpaypp4

Yaniv Valik
Yaniv Valik
VP Product Management & Customer Success at Continuity Software

Comments are closed.

We use cookies to enable website functionality, understand the performance of our site, provide social media features, and serve more relevant content to you. We may also place cookies on our and our partners’ behalf to help us deliver more targeted ads and assess the performance of these campaigns. You may review our Privacy Policy here

I agree