Disaster recovery in the cloud, or let’s term it “disaster resilience,” is still a relatively new concept. But it has distinct advantages for financial institutions – and some challenges as well.
To remind ourselves, cloud computing employs a network of remote servers hosted on the Internet to store, manage and process data, using a local server or a personal computer. A cloud service differs from traditional hosting in that you can use the service whenever you wish; it’s fully managed by the cloud provider and the user only requires a computer and Internet service; and its fee is based on how long you use it, typically by the minute or hour.
Cloud computing also delivers increased bandwidth, economy of scale and elasticity, on-demand access, and small- to-medium-sized institutions will benefit from lower costs by employing it. As for disaster recovery software in the cloud, it lets financial institutions share redundant resources. It also lessens typical concerns about security risks because financial institutions use a third-party cloud host that furnishes the software and handles security and other issues.
The cloud also can reduce the time to recover and restore applications should an outage occur, and this also pares costs. Further, financial institutions can actually use two clouds, one public cloud – which sells services to anyone on the Internet – for back-office and other functions where a breach wouldn’t harm as much, and a private cloud – a proprietary network or data center that supplies hosted services to a limited number of customers – for the data and information that needs stringent protection.
Compliance Issues Can Prove a Challenge
While advantages abound for financial services to employ disaster recovery services in the cloud, some challenges exist as well. The major one involves regulatory compliance issues. Regulators aren’t that keen on the cloud, fearing that any breach will have devastating consequences for bank customers.
Regulators also don’t want any third-party host operating outside the state where the bank’s cloud data is stored, again for security reasons. In addition, some cloud providers don’t always support federal, state or industry regulations to appeal to larger audiences.
Still, a cloud provider could handle compliance by linking with a bank’s multiple apps, such as Internet banking or remote access, and it could save a great deal of money by not requiring an on-premise system. Further, the cloud can reduce the speed-to-recovery time that regulators seek. A cloud provider merely needs to turn on its backup servers, and that can significantly shorten the data-retrieval time.
For financial institutions, the cloud’s enhanced bandwidth is an advantage, but it could also become a problem if it fails. So could vendor stability, so it pays to determine how likely it is that a cloud host provider will be around in five years.
Who Owns the Data?
Data ownership is another issue that could arise; a bank must be sure to determine who owns the data once it’s in the host’s data center. Interoperability with other key applications can prove a concern, especially if a bank is going to add to its cloud services, say, by moving its mail to the cloud and then also deploy a customer-relationship management software program. Can the bank integrate the two without problems from the cloud host?
A bank must review the disaster recovery cloud provider’s connectivity as part of its due diligence when evaluating cloud apps. It also must inquire about what backup facilities the provider operates should its data center become compromised or damaged in a disaster.
This brings up perhaps the biggest obstacle for financial institutions in using the cloud for disaster recovery. Many don’t want to relinquish control in the event of a disaster and let a third party be responsible for their invaluable data.
Still, after weighing the pros and cons, more financial institutions are expected to move functions to the cloud. They can easily be deployed, upgraded and managed in the cloud. In addition, because a cloud host provider oversees the hardware and software, the bank merely must be able to enter and retrieve the data it desires.
Vasu Subbiah is senior director, product management for Recovery Services at SunGard Availability Services.