How to meet regulatory expectations for cyber resilience

In its recent cyber resilience oversight expectations publication, the European Central Bank (ECB) defines that “Financial stability may depend on an FMI’s (financial market infrastructures) ability to settle obligations when they are due. Therefore, an FMI’s arrangements should be designed to enable it to resume critical operations rapidly, safely and with accurate data in order to mitigate the potentially systemic risks of failure to meet such obligations”. It goes further into details and identifies that “The FMI should store backup copies in an alternate storage site which is not co-located with the operational system, with transfer rate consistent with actual recovery point objectives”.

Europe is not alone. Chairman Jay Clayton from SEC (U.S. Securities and Exchange Commission) stated not long ago that “Cybersecurity efforts must include, in addition to assessment, prevention and mitigation, resilience and recovery” while National Cybersecurity Center of Excellence (NCCoE) says “It is imperative for organizations to recover quickly from a data integrity attack and trust the accuracy and precision of the recovered data” in its Recovering from Ransomware and Other Destructive Events publication.

Meeting such expectation is not trivial for a large Financial Firm; Commonly such firms have dozens of datacenters in different locations hosting thousands of file servers and database servers that need to meet the recovery point objective (RPO) – at any given time.

Continuity Software helps the world’s leading organizations, including 6 of the top 10 US banks, to achieve resilience for their hybrid IT environments. One of the tools we provide them with is the Data Protection Status report (powered by AvailabilityGuard™). This report will automatically map out how data is being protected (see samples 1-2); this include showing:

  • Solutions used to protect the data.

First, it allows you to know whether the data is protected at all – does it have any remote copies?

Then for protected data the report will show what solutions are used to maintain a remote copy – for instance it will show that EMC VPLEX active-active storage mirroring or Hitachi TrueCopy replication is in place or that Database Log Shipping is used to maintain a remote copy.

 

  • Actual available recovery points.

One of the great things about AvailabilityGuard in general and specifically this report is the ability to measure the actual currently available recovery points. As noted by ECB, it’s not enough to protect the data, FMIs must also ensure recovery point objectives are met. AvailabilityGuard calculates the actual age of each copy, local and remote, whether the copy is produced at the storage host, database or virtual machine level. This feature allows IT organizations to review on an ongoing basis the actual recovery points and automatically identify when recovery point objectives are violated – and remediate it before a cyber scenario occurs.

 

  • Location of the active system versus the location of the copy.

As indicated by ECB, it is utterly important to ensure that the data copy is stored on a separate storage system located remotely in a different facility. This ensures data will remain available and secured under various cyber scenarios. Thus, the report will present the location of the source active data versus the location of the data copy.

 

Sample 1: High level Protection Status Summary for E-Payments business service

LabelProtection methodSolutions usedCopy lag / best recovery point*Percentage
AStorage mirroring ;and;

Asynchronous Storage Replication

VPLEX (Local), EMC SRDF0 – 5 minutes43%
BDatabase Log Shipping; and;

Local point-in-time copies

Oracle DataGuard, NetApp snapshots45 – 60 minutes35%
CLVM MirroringNative AIX LVM mirroringNo lag (in sync)11%
DVM replicationZerto30 – 45 minutes2%
EUnprotected11%

 

 

 

Sample 2: Detailed Protection Status for E-Payments business service

Operational SiteProtection methodSolutions usedCopy lag / best recovery pointStorage site for data copyServer RoleProtected Systems
AustinStorage mirroring ;and;

Asynchronous Storage Replication

VPLEX (Local), EMC SRDF

 

0 – 5 minutes

 

San AntonioDatabase, Application, Webcsdmvi001-58

esxprd01-128

ntsrv2lr*

aixdbprd1-12

AustinAsynchronous Storage ReplicationEMC SRDF

 

17 hours and 50 minutes

 

San AntonioDatabase, Application, Webepdbprd3
AustinDatabase Log Shipping; and;

Local point-in-time copies

Oracle DataGuard, NetApp snapshots45 – 60 minutesKansas CityDatabaseorat2if73-89

exora*

 

PragueLVM MirroringNative AIX LVM mirroringNo lag (in sync)PragueApplicationwasprd*

AustinVM replicationZerto30 – 45 minutesSan AntonioWebsqlprdw*

AustinUnprotected11%wlprd3ty

sqlpaypp4

 

We use cookies to enable website functionality, understand the performance of our site, provide social media features, and serve more relevant content to you.
We may also place cookies on our and our partners’ behalf to help us deliver more targeted ads and assess the performance of these campaigns. You may review our
Privacy Policy I Agree