00:00 AM
Connect Directly

U.S. Bancorp Streamlines Business Continuity Process

Disaster recovery planning has been made more orderly using Comdisco's Revolution software product.

When U.S. Bancorp and Firstar Bank announced plans to merge, Ken Donovan's eyes must have widened like a baseball batter's at the sight of a hanging curve.

The merger, which will create the nation's eighth-largest bank holding company, gives Donovan, the manager of business continuity at U.S. Bancorp, a chance to belt one out of the park with his specialty-squeezing redundancies out of the disaster recovery, or business continuity, planning process.

The banks plan to slash combined expenses by $266 million a year, or 5%, primarily through elimination of redundancies in administration and corporate support functions. Based on Donovan's performance, a good chunk of those savings could come through the efforts of his department.

When he joined the Minneapolis-based institution a few years ago, Donovan encountered a disaster recovery planning process that was itself a disaster, devouring thousands of man-hours.

Back then, the bank was focused on the minutiae of disaster recovery, down to the loss of janitorial services.

"We had been planning to recover every workstation in the department rather than planning for what you're going to need in a disaster," Donovan said.

As a result, plans grew like weeds across the company. One glaring example involved retail branches. Although the recovery process was identical for each branch, the bank maintained a separate plan for each.

What's more, the internal, client/server-based planning system was ill-suited to an organization undergoing rapid expansion. "We needed a tool that was going to be easy to use and very accessible around the country," said Donovan.

He decided to replace it with Revolution, a product from Comdisco, Rosemont, Ill., that centralizes planning through a company's intranet. He had been familiar with it since his days as a disaster recovery expert at Bank One.

"Intranet planning is really where the industry is going. It truly does make it a lot easier."

Revolution employs scenario-based planning, taking into consideration various types and lengths of outages. It applies a thin-client approach to disaster planning; no icons are stored or loaded on the client computer. Instead, clients use Internet browsers to access and build plans.

A continuity plan "shell" supports planning by U.S. Bancorp's business lines, from retail banking to payment systems. The plans are then stored in a central repository, which can be accessed via the intranet.

The product has shifted planning responsibility back to the business units where it belongs, said Donovan. "A lot of the redundancy is already built into the plan. It's cut the amount of time we need to build a plan dramatically."

In the space of a few years, the number of plans has been reduced from 1,500 to about 350. Instead of a separate plan for each branch, the bank now has two: one for rural branches and one for urban. The number of people devoted to continuity planning has dropped from 900 to about 125. And the number of man-hours spent by each department every quarter on planning has dropped from 40 to between 18 and 22.

Most importantly, the bank has been able to focus its energies on keeping mission-critical services up and running in the event of disaster. "We no longer plan to recover the janitor," Donovan said.

The Comdisco implementation is scheduled for completion by mid-2001, he added.

The toughest thing so far, Donovan said, has been selling people on one system, especially those who used a different planing tool. IT planning has proved to be a bigger challenge because of its complexity, he noted.

Still, the change has been worth it. "Planners no longer have to sit with 400 pages on our night stand. The ease of use and ability to find information at a moment's notice is really, really good."



ASSETS: $86 billion

BUSINESS CHALLENGE: Restore order to the bank's disaster recovery planning process.

SOLUTION: Comdisco's Revolution

KEY QUOTE: "Intranet planning is really where the industry is going. It truly does make it a lot easier." - Ken Donovan

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.