You are on page 1of 7

HP Tech Dossier

Strategy
Guide to
Business
Risk
Mitigation
for Financial
Services
2 // HP Tech Dossier: business risk mitigation for financial services

In an increasingly competitive market for financial services, community


banks and credit unions have a unique advantage: the ability to
offer personalized, hometown service. As strong as that
advantage is, however, it can evaporate in an instant if the
organizations technology is unreliable. How long do you think
members would stick with their local credit union if, for
example, its online payment system was unavailable
even oncewhen they want to transfer funds or check
their credit card balance?

?
an Unplanned interruption can have a riddled with security problems, expensive to operate
Is Your significant impact on operations, revenue and reputa- and vulnerable to disruption. Without realizing it, these
Business tion. And it doesnt have to be a fire, flood or hurricane organizations are operating in a house of cards. The
at Risk? to be a disaster. In fact, whats more likely are events crash of a single server may create a domino effect
that are less dramatic but still have the potential to that brings the entire network down. The failure of a
To determine seriously disrupt your business. An accidentally storage unit that was overlooked in a backup could
whether you cut cable. A security breach. A crashed server. Any of mean the loss of business-critical data.
are at risk and these might shut down your core processing system,
find out what bringing business to a standstill. Customers cant It doesnt have to be this way. You can significantly
mitigation make deposits or withdrawals. Tellers cant access improve your disaster recovery capability without a
measures to account information. Loans cant get processed. huge investment in a full-blown 24x7 hot site or even
consider, take additional IT staff. In fact, using the right technology
the Online And yet, regional banks and credit unions may and best practices can significantly reduce the labor
Risk Assessment not realize just how easily such events can happen. of preparing for and recovering from a disruption or a
Survey. Although most have a disaster recovery and business disaster (see IDC article, How Midsize Businesses Can
continuity plan in place, vulnerabilities tend to creep Simplifyand Saveon Disaster Recovery, page 6).
in over time. Many of these institutions operate with These two approaches can reduce IT staff time spent
lean IT staffs with limited experience, and the focus backing up an environment by up to 90 percent
is on keeping the systems running day to day. As the and time spent recovering from an outage by up to
bank grows, IT systems are changed and expanded 87 percent.
ad hoc, based more on operational needs than along
the lines of a strategic plan. Acquisitions and mergers HPs business risk mitigation solutions built on
can add even more nonstandard technology to the converged infrastructure offer you the tools
g mix. This results in an accumulation of equipment and to do this. The solutions are integrated, validated,
ss:
ithw technologies that is hard to manage, prone to failures, preconfigured platforms comprising servers, storage,
st
3 // HP Tech Dossier: business risk mitigation for financial services

Every business around here had a disaster HPs converged infrastructure addresses these
problems by standardizing systems across the
recovery plan in place before Katrina. But board and extending management technologies that
automate asset management, system configuration,
when disaster struck, most of them did software distribution and backup. It enables you to
not work. virtualize servers and consolidate on new hardware,
which can save time and money. HPs ProLiant
Jason Savage, IT Director, American Gateway Bank
G6/G7servers with Intel Xeon 5500/5600 series
Learn how a virtualized storage project was key to this processors, for example, offer greater performance
regional banks robust disaster recovery plan. Click here. and use less power than previous-generation serv-
ers, so you can get more done with less hardware
and lower operating costs. And HPs management
software, HP Insight Manager and HP Insight Control,
networking, management software, PCs and print-
equips your IT staff members to track and manage
ers that help provide high availability, data protection,
equipment in less time and from any location. That
network security and offsite disaster recovery. The
frees them to concentrate on more-strategic issues
solutions are modular, so you can start with your most
that have an impact on customer service or revenue,
important prioritiessuch as ensuring that you meet
such as devising innovative mobile banking solutions.
regulatory requirementsand build the infrastructure
over time. Once the entire solution is in place, the com-
prehensive infrastructure can help you better manage,
The Power of protect and grow your operations.
Critical Issues
Convergence
(video)
// Manage Although credit unions and regional
Part of the challenge in maintaining an effective banks dont have deep IT resources,
disaster recovery strategy is the proliferation of old, they are still bound by the same security,
nonstandard equipment. Whether through organic compliance and regulatory standards
growth such as opening a new branch or through as the largest financial institutions.
merging with or acquiring another institution, financial Among the most critical issues in
organizations often end up with a variety of different financial services IT:
brands of equipment and IT processes. In fact, the IT n Compliance with changing audit, compliance
department may not even be aware of all the different and regulatory standards. Just in the last
equipment. Obviously, you cant maintain and protect year, two new major financial regulations
systems and data if you dont even know they are have hit the industry: the Dodd-Frank Wall
there. And even when you do know, the mix of differ- Street Reform and Consumer Protection
ent systems from different vendors makes support, Act and the newly amended Regulation E,
maintenance, upgrades, security and backup much requiring banks to notify customers when
more complex, time-consuming and costly. an ATM or debit card transaction will result
in an overdraft or insufficient funds fee.
n Integration of new equipment and applica-
tions with legacy systems due to organic
growth as well as mergers and acquisitions,
which can change backup needs and disas-
ter recovery procedures.
n Maintaining consistent data backup and
network security across different systems,
applications and remote branches.

To learn more about Insight Control,


watch this video
4 // HP Tech Dossier: business risk mitigation for financial services

It was always hanging over my head that our


While being easy to implement, converged
RTO was measured in days. Now with our HP infrastructure provides a strong platform that can
increase reliability and uptime. With the HP Storage-
VSA software and VMware vSphere, our RTO Works P4000 SAN, for example, you can stripe and
is down from three days to three minutes. protect multiple copies of your data across a cluster
of storage nodes, cost-effectively eliminating single
Michael Lee, IT manager, First National Bank of Darlington points of failure in your storage environment. The plat-
form can decrease disaster recovery time and often
Learn how First National Bank of Darlington
achieved high availability, reducing RTO and reduce costs as well. HP StoreOnce software, next-
RPO by 99 percent. Click here for the full story. generation deduplication based on technology from HP
Labs, deduplicates data only one time. With the P4000
virtualization bundle, HP is the only vendor that
offers a low-cost, high-availability solution that does not
require an external storage area network (SAN), making
it extremely cost-effective.
// Protect
In addition to corralling your systems and processes,
When Baton Rouge, La.-based American Gateway
HPs converged infrastructure enables you to take
Bank implemented a virtualized storage solution using
advantage of many data storage, backup, disaster
HP StorageWorks P4000 SANs with network RAID and
recovery and security products previously available
HP Remote Copy, it decreased its recovery time from
only to large enterprises. These technologies make it
72 hours to one hour while saving $100,000 to boot.
easier for your staff to keep up with growing amounts
Subsequently, when a freak ice storm hit Louisiana
of data, comply with existing audit and regulatory
Convergered in early 2010, American Gateway was one of only a
requirements and move quickly to meet new rules
Infrastructure as they are formulated.
handful of local financial institutions to remain open

Transforms!
Hear how HP customers
streamlined their
businesses by
Solution Snapshot +
moving forward with a
converged data center. Wisconsins First National Bank of Objective:
Darlington is smallabout 20 employees managing Survive a system failure without service
$75 million in assetsyet it has to meet the same disruption to customers
regulatory requirements as huge financial institutions.
Approach:
Fulfilling those responsibilities depends on technol-
Create a highly available banking environment
ogy, which is managed by Michael Lee, who is also
leveraging HP servers, VMware, and HP Virtual
a loan officer.
SAN Appliance Software to virtualize applications
When you have national bank examiners asking and storage
you specific questions, youd better have the IT IT improvements:
solutions in place to give them the answers they
n 99% reduction in recovery time objective (RTO),
need, Lee says. Im looking for simple, complete from three days to three minutes
solutions for managing our business and keeping
n 99% reduction in recovery point objective (RPO),
regulators happy.
from one business day to near zero
The bank ran on a variety of older-generation n 75% faster patch management
hardware platforms that didnt work well together. n Reduced infrastructure complexity; a single
It took Lee 10 hours a week just to manage system solution for servers, storage and networking
performance. After a server failure brought down
Business benefits:
operations, the bank decided to update, consolidate
n Offering customers uninterrupted 24x7 banking
and virtualize with an HP Virtualization Smart Bundle.
services even in a disaster
It replaced its six old servers with two HP ProLiant
DL180 G6 Servers and implemented a virtualization n Meeting federal audit requirements with confidence

solution using VMware vSphere and HP StorageWorks n Reclaiming productivity for loan officer/IT manager
P4000 with HPs Virtual SAN Appliance Software. n Leveraging storage virtualization
5 // HP Tech Dossier: business risk mitigation for financial services
for business uninterrupted.

Our biggest concern was the expandability


// Grow
factor. We didnt want to get locked into a As your customer base grows, its easy for your
fixed amount of storage without the future disaster recovery strategy to become outdated.
One of the biggest benefits of HPs converged
ability to expand it in a fiscally responsible infrastructure is that it helps an organization improve
manner as needed. holistically as it grows, protecting its investments while
ensauring effective disaster recovery. Not only can
Paul Morris, CIO, Bay Federal Credit Union you easily add storage as you need it (and not before)
but you can also add backup and replication features
Click here to read about the solutions that provided gradually, working your way toward full remote recov-
a framework for the credit unions growing data
ery. The technology enables an organization to expand
and saved it money on upfront costs.
gradually as its facilities grow, upgrading to more-
sophisticated technology as needed. Regardless of a
companys size or growth trajectory, HP has scalable
solutions based on industry standards to fit the need.

Investing in new technology is a big step, but in


most cases, it pays off quickly in substantial opera-
tional savings. The most important payoff, however,
is the assurance over the long term that unplanned
interruptionswhether they are major acts of nature
or minor day-to-day disruptionswont have an
impact on your services and damage your hard-
earned reputation. n

// Suggested Reading Maximizing Server Uptime:


Best Practices
These additional resources include business white papers
and previously published articles from IDG Enterprise. HP upgrades SANs, management
software

Ten Best Practices for Creating and Banks May Soon Require New Online
Maintaining Effective Business Authentication Steps
Continuity Management Plans
The Power of IT Drives Businesses
The Forrester Wave: Disaster Forward
Recovery Service Providers Q2 2010
HP Puts On Data Center Hard Hat
HP Business Continuity Recovery
Services Web Site
Business Risk Mitigation
Solution Brief
6 // HP Tech Dossier: business risk mitigation for financial services

How Midsize Businesses Can Simplify


and Save on Disaster Recovery
Adapted from Business Risk and the Midsize Firm: What Can Be Done to Minimize
Disruptions?, by Raymond Boggs, Jean S. Bozman and Randy Perry, IDC #223794
Sponsored by HP

Disaster recovery (DR) is a business-critical Effective disaster recovery implementations those


consideration for all companies, but it may be even that ensure multiple sites can run key applications
more important for midsize businesses. Interruptions and production data not only reduce the likelihood
in operations can be more disruptive, and hence of long business outages in a disaster but also can
more dangerous, for smaller companies. A problem help midsize firms save money through workload
that might be a hiccup in a big companys business consolidation throughout the organization.
could be devastating to a small or midsized company.
Tuned, pretested disaster recovery support
Business interruptions can come from many sources capabilities and services are now helping midsize
not just floods, storms and other natural disasters. A businesses reduce the risk of an extended business
construction worker accidentally cuts your power line, outage due to disaster and at more reasonable costs
or a possible security breach causes you to lock down than ever before. Today its possible to put in place
your network. IDC calls this IT risk the probability DR technology and practices that may cost less per
that applications, systems, networks or data essential user supported than older technology that did not
to business operations will fail. The most important and support DR.
critical dimension of IT risk relates to the reliability and
continuity of the infrastructure itself the dial tone These new DR implementations have provided
resilience of your information technology. some midsize companies with the means to avoid
shutdowns when and if their networks go offline
Why is IT risk particularly challenging for midsize reducing expected disaster-induced outage hours
businesses? Many firms have few IT employees, (downtime) per year. Importantly, research shows
and if they have any at all they have little specialized these implementations can reduce costs by more
experience. Yet midsize companies cannot afford than 35% compared with older technology.
to experience IT outages. Moreover, many midsize
companies have a hodge-podge of computer sys- For example, advanced processes and technolo-
tems, old technology and no standardization. They gies can ease the backup process, introduce more
may have multiple sites, but these often are heavily automation into the data replication process and en-
location-dependent i.e., if one location goes down, able IT staff to protect more applications with restart
it can impact the entire company. and recovery capabilities. IDC research found that
IT staff time associated with backup and recovery
procedures could be reduced by 85% to 90% when
// Preparedness Pays Off automation and new technologies were applied.
The good news is IDC research indicates that a
combination of technology and best practices (includ-
ing planning for potential disruptions throughout the // Midsize-Business Priorities:
organization) can help midsize companies boost their Save, Simplify, Sustain
preparedness. For example, the application of best IDC research with midsize firms shows that DR is one
practices across a company can reduce unplanned of many goals. Midsize companies consistently strive
downtime by up to 85%. Best practices include the for three primary goals:
consistent use of management software, which can Reduce IT costs (save)
reduce network and system downtime by 65%. Simplify operations
Upgrading servers/storage/network equipment Sustain operations (high availability and DR)
reduces downtime by 50%.
7 // HP Tech Dossier: business risk mitigation for financial services

Given current economic conditions, midsize busi- organizations with the lowest failure rates) experi-
nesses are paying careful attention to IT spending enced less than half the outage hours of the average
across the board. They control large expenditures organization at 5.3 hours per year probability of
and continually seek efficiencies in server, storage, failure or better.
software, networking and services costs. They also
need to be aware, however, of the opportunity costs
associated with leaving aging technologies in place. // Baseline for DR: Simplified
Infrastructure
While carefully controlling costs, midsize- Leading firms began their move toward better DR
company managers must still keep systems by initiating some of the following key best-practice
up and running due to the potential losses to the initiatives:
business associated with downtime. Assured uptime n Extending management technologies that
for applications and production data has become automate the process of asset management,
increasingly important, not just for acknowledged system configuration and software distribution
business-critical applications but also for less-critical (This reduces the number of steps that require
IT components of the business. hands-on intervention and reduces IT staff time.)
n Constraining their environment to a finite number
For example, email messaging, desktop applications of standard processors, operating systems and
and Web sites usually not considered mission- database products making it easier to maintain
critical aspects of IT infrastructure often act as and update
critical junctions for other, remote business-critical n Consolidating servers over a long-term road
applications and servers. As a result, these seem- map, reducing the number of server footprints
ingly less-crucial IT assets potentially become single that had to be maintained and updated
points-of-failure for crucial applications if organiza- n Standardizing IT practices, especially management
tions fail to provide DR plans for them. of settings and configurations
n Providing protected storage space within the
As mentioned earlier, because midsize firms have organizations storage resources and establishing
fewer IT staff and lower IT budgets, they cannot rules for backup of mission-critical data (This en-
support as much redundancy in their DR as a larger sures adequate capacity for backup and recovery
organization would. Therefore, companies must procedures and for restart of applications.)
establish an ability to recover from disasters more
efficiently. They must combine new and already in-
stalled systems, and then incrementally build on that
infrastructure to support business continuity. // Conclusion
DR best practices, combined with selective technol-
ogy solutions and improved systems management,
// Solution: Best Practice + Technology can reduce business risk for midsize organizations.
A more simplified approach can work. IDCs research The combined efficiencies and new technologies can
with more than 25 midsize organizations in the U.S. reduce the labor of preparing for and recovering from
implementing DR over the past four years shows a disaster up to a 90% reduction in IT staff time
measurable improvements not only in disaster pre- spent backing up an environment and up to an 87%
paredness (to sustain IT operations), but also in cost reduction in time spent recovering from an outage.
reduction (save) and simplification of the systems
environment (by standardization of IT infrastructure). As a result, these combined approaches extend di-
saster preparedness to a wider range of organizations
Interviews with firms that had refreshed aspects and increase the likelihood of rapid recovery should
of their infrastructure and improved IT processes a disaster occur. In short, these approaches to DR
revealed a markedly improved readiness for disaster. solutions enable improved disaster preparedness and
Best of breed organizations (the 25% of surveyed reduced DR-associated costs across the board. n