Disaster Recovery in the Banking Arena
Following a general move by Asian FSI Industries, Malaysia’s national bank- Bank Negara (BN) is encouraging more online transactions by reducing the fee per online transfer transaction from RM2.00 (USD0.61) to RM0.10 (USD0.03) while increasing the transaction fee for cheques.
This will add to the increase of data and add to the challenge for banking CIOs of how to handle this data, said carrier neutral data centre operator AIMS Group’s Vice President, Enterprise Sales- Mulia Binti Mohamed Onn, during an interview.
This means banks need to ensure their data is secured. BN guidelines include the responsibility for financial services (FSI) organizations to have a secondary Disaster Recovery (DR) site, said Mulia.
What are the top challenges you believe in the financial services industry is facing this year?
With more users opting to bank online, some of the main challenges FSIs will face in the short term is the need to accommodate massive data expansion (both infra and systems), tighter/ stricter policies transaction control i.e. implement two factor validation, longer bank account numbers as such.
The initiative by BN is commendable but banks need to ensure their online transaction system is ready to securely protect customer’s data and the increase in user numbers. Otherwise we will have a case of customers being unhappy at a constantly down site or inaccessible services or worse missing money. Where is your data stored at, is there a secondary site, are both sites managed reliably – will probably be the questions banks will frequently have to answer in the near future as customers become more aware about data online transactions.
You mentioned that Bank Negara’s guidelines require FSIs to have a secondary Disaster Recovery site. What does this mean to customers and why is this important to consumers and FSIs?
Bank Negara guidelines for financial service providers requires them to have good business continuity management and disaster recovery plans. Basically it means FSIs need to be able to implement a backup plan and have the right infrastructure in place to avert any possible problems that may arise from natural disasters such as flood, tsunami, nationwide electrical outages to system failure that will affect their business continuity.
If a bank only had one data centre to host all their information, all their customers information from transaction history to sensitive information could be lost and banks may not be able to recover the information in time. Imagine opening your online account and to find an alarming 0 balance in your savings/ current account due to the main site being down or affected by a disaster. When a bank has a secondary DR site, it provides customers the assurance that in the event of a failure at the main site, their data can still be safely accessed through a secondary site. Best of all customers are likely not to even notice the downtime and will continue using the services as normal.
Companies need to realise that downtime means a mark on their business reputation. The failure to access an account, or worse missing financial records, will create uncertainty amongst customers who are more than likely to take their money to another bank where they feel more safe to do transactions.
Customers would not want to leave their money in a bank that is unprepared to handle eventual disasters. So banks must place a priority in ensuring they have a business continuity plan in place which is supported by a well managed secondary DR site.
What sort of other steps do financial organizations need to go through to ensure they achieve compliance and ensure full business continuity?
Customers need to house their data in a well equipped and monitored data centre. Look at how the centre is being managed and how often health checks are done on their infrastructure. In order to ensure their data is safe and sound, financial organisations should conduct regular health checks on their network infrastructure, system and applications.
There also need to get properly certified with ITSM, ISMS and PCI DDS.
The governing principle behind an ISMS (Information Security Management System) is that an organization should design, implement and maintain a coherent set of policies, processes and systems to manage risks to its information assets, thus ensuring acceptable levels of information security risk
IT Service Management (ITSM) is a process-based practice intended to align the delivery of information technology (IT) services with needs of the enterprise, emphasizing benefits to customers compliance with the Payment Card Industry Data Security Standard (PCI DSS) means that our systems are secure, and customers can trust us with their sensitive payment card information.
On annual basis they need to bring in independent auditors to perform pen test on their network and systems.
When managing large volumes of data, what are the best ways to get beneficial balance between privacy and security concerns?
Policy makers need to constantly review the security and privacy standards based on market trends, consumer appetites and geological condition. The world is moving at a fast pace and data is growing at break neck speed, we need to constantly evolve with the times to ensure we remain up-to-date to the business requirements of enterprises.
Could you give more details of how your ˜carrier neutral approach’ better serves your customers?
Technology regularly breaks down, whether it’s well maintained or not but the good thing about a well maintained tech infrastructure is, you have a higher chance of predicting when it will malfunction. Similarly your services can face downtime if your carrier is down. Which is why data intensive organisations like banks, must ensure that they have more than one choice of carrier provider to fall back on in the event of a downtime. A datacentre that limits you to one carrier is a risky choice as you lack the flexibility of choosing the right one to match your business needs.
Carrier neutral datacentres offer an added plus point to a business as organisations can choose to have more than one carrier as their back up in the event of a network failure or fibre cut. Flexibility is the key here as, by being carrier neutral, you have the choice to pick the package that best suits your business needs.
Every time an organisation wants to change their telco/ service provider package, all they have to do is switch over without having to physically move any of their infrastructure to another data centre. Carrier-neutrality gives customers the flexibily to take advantage of competitive telco rates and choose the telco or ISP connectivity network provider that fits their business module.
By being carrier-neutral, AIMS is connected to all domestic service providers, as well as more than 80% of international service providers, making their data centres among the most interconnected in the country. At the same time, AIMS also hosts one of the three nodes of the Malaysian Internet Exchange (MyIX) at MENARA AIMS.
AIMS offers a high level of uptime availability, stability, 24-7 technical support and realibility that is supported by a large choice of connectivity vendors and data security at competitive rates.
We always advise customers that they must know what they want. For those who nees more information, we provide technical expertise right from the point of pre-sales to set up and 24 x 7 technical monitoring support. We advise them on what they need to look into before deciding on a data centre, the infrastructure and system that is needed to support their business and walk them through a customized plan that fits their business module. With more than 200 number of customers, we are able to share with them our best practice guidelines to ensure set up and implementation runs smoothly.
Customers also need to look at the power resource capabilities of a data centre as data centres operate 24 hours a day and needs to be constantly powered. Find out if there is a backup energy source and how their power is being managed as data centres consume high amount of energy and through proper best practices, they should be able to minimize heat with proper cooling systems in place to ensure power consumption is maintained.
AIMS is designed to take into account a customer’s scalability and is ISO 27001 and ISO 9001 certified and spans 50,500 square feet with data centres located in central Kuala Lumpur, Cyberjaya, Johor Bahru and Penang.
How do you serve your customers in territories outside of Malaysia?
AIMS is currently only based in Malaysia. However we are part of the regional Asia Data Centre Alliance (ADCA) and are able to offer our customers multicity connectivity through our partner datacentres in different countries in Asia.
AIMS continues to collaborate with partners that can bring value to our customers. We work with regional partners through ADCA to ensure our customers can easily set up a presence in countries such as Thailand, Singapore, Cambodia, Vietnam, Hong Kong and more. For example, we have collaborated with China Telecom to roll out IPVPN services to enterprises in Malaysia who want to establish business in China. Besides that we are constantly on the lookout for ways to provide our customers with value added managed services that fits different business sector needs. AIMS’ diverse client portfolio ranges from large local corporations and multinational companies to SME businesses, across industries as diverse as aviation, hotel, telecommunication, financial services, online businesses, oil and gas, retail and content providers.
Asia is a growing market but Malaysia is taking centre stage in the outsourcing sphere as it provides investors geographical stability, ease of doing business, infrastructure readiness, a lower cost of doing business that is relatively cheaper than in Singapore and Indonesia.
In 2013, AIMS achieved double digit revenue growth, ahead of the industry average and we are confident that 2014 will be another great year for AIMS.
~ Interview by AvantiKumar. Published in CIO Asia. March 18, 2014 ~