Continuous, timely information availability underlies a number of stringent statutory requirements for the financial services industry. Yet, information is vulnerable to disasters; and if systems are unavailable for any reason, it can render the requisite data inaccessible within the time frames specified in the regulations. Further, in today’s electronic world, data represents assets; and if data is lost, assets are lost. 
For these reasons, consumers, governments, regulatory agencies and financial services organizations take the availability of financial data extremely seriously. While data protection has always been a fiduciary responsibility for financial services executives, the regulatory pressure in this area has increased over the past decade. The September 11, 2001 attack on New York City’s financial district led to new laws that require increased data protection. In addition, the accounting scandals that came to light in 2001 and 2002 provided the impetus for new laws that require all public companies, including (but not exclusively limited to) financial services firms to ensure the timely availability of corporate data.

Availability Is the Law

Among the regulations that apply to financial services firms are the Gramm-Leach-Bliley Act, the Sarbanes-Oxley Act, Basel II, the Interagency Paper on the U.S. Financial System, and the Health Insurance Portability and Accountability Act. With the exception of Basel II, which is a global agreement affecting large banks, these acts are applicable only to companies based or with operations in the United States. However, because of globalization, this typically includes many of the largest financial institutions, even if their headquarters are elsewhere.
Regulatory environments are not static. New legislation is enacted from time to time, and existing regulations are occasionally modified. Old laws may be rescinded, or “sunset clauses” may automatically terminate them. Considering recent economic conditions and the spotlight those conditions have placed on the financial services industry, it is prudent to keep abreast of and anticipate revisions and additions to financial services firms’ regulatory obligations.

Tapes, Continuous Data Protection and Data Vaulting – Are They Enough?

Because of existing regulations, protecting the availability of systems and data is more than just good business practice for financial institutions; it’s mandatory. Traditional tape backups are a necessary first step, but they are inadequate. If the primary data center is destroyed and tapes have to be retrieved from an off-site location, recovery operations may take days, which could run afoul of some regulations. Worse, organizations typically create tape-based backups only once a day, usually at night. If a disaster destroys the data center, off-site backup tapes may lack up to a full day’s worth of transactions — or more if the most recent tape is still on site when a disaster strikes.
The only way to guarantee that all data can always be made available within the time frames specified in the strictest of availability regulations is by backing up data to disk in real time. Journaling can provide this real-time, disk-based backup. However, a disaster that destroys a production database will likely also destroy the local journals. This problem can be overcome if the operating system supports remote journaling. Yet, neither local nor remote journaling solves the problem of long recovery times because, after a disaster, databases must first be recovered from tape before being brought up to date using the journal entries.
Two other technologies, CDP and data vaulting, provide functionality similar to journaling. They capture changes made to production databases and files and send them to a secondary, disk-based data store. In most cases, these technologies can also send data to a remote location.
CDP and data vaulting usually offer at least two advantages over journaling. First, most of these products provide graphical interfaces that automate the data recovery processes. Recovering data from a journal, on the other hand, can be complex and time-consuming unless a third-party tool is used to automate the process. The second advantage of CDP and data vaulting over journaling is that they typically store data changes in a simple file structure that is platform-independent while journals are normally operating system-dependent. The backup server can, therefore, be a low-cost Windows or Linux system even when the production system is a much more expensive mainframe, IBM i or UNIX server. Unfortunately, like journaling, neither CDP nor data vaulting significantly reduces disaster recovery times because data still has to be recovered from tape before it can be brought up to date using the backup data store. 

Go the Distance with High Availability

Complying with the backup completeness and recovery time requirements of the applicable regulations often necessitates the adoption of a comprehensive high availability system that goes beyond mere capturing of data changes. HA software replicates all data, including business databases, as well as application code and system values, to a secondary, fully functional system. Consequently, this backup system is always a ready-to-run full replica of the production system. In the event of a disaster, maintenance on the primary server or any other system outage, all critical data and the applications needed to access it are immediately available on the backup system. Another advantage of HA products is that they usually include features that assist in the switchover to the backup system or, possibly, fully automate a failover after the software detects that the primary system is unavailable.
Most HA technologies permit the primary and backup servers to be separated by any distance, thereby allowing a financial institution to put enough space between the two systems such that a disaster that strikes one is unlikely to affect the other. Thus, even in the event of a catastrophic disruption of the primary data center, the organization will still be able to meet its mandated availability obligations.
In the financial services sector, high data availability isn’t optional. It’s the law. Fortunately, modern data and application availability technologies provide financial service executives and IT departments with the tools they need to meet their regulatory obligations.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access