Here are five ways financial institutions can better protect their data.
- Time is of the essence in recovering data. Setting
Requires Free Membership to View
When you register for SearchDataBackup.com, you’ll also receive targeted emails from my team of award-winning editorial writers. Because your job never seems to get any easier, it’s our goal to keep you up-to-date on the latest backup tips, trends and technologies that will help you get the job done.
Rich Castagna, Editorial Director
- recovery point objectives (RPOs) and recovery time objectives (RTOs) for data and applications will help determine the types of backups required. If, for instance, you're backing up transactional data, you might consider using continuous data protection (CDP) software such as CA's XOSoft CDP Solo, which lets you roll back protection to the time right before the data loss. If you are protecting file-based data, you might consider CDP software such as Double-Take Software TimeData, which protects files on NTFS volumes, SQL Server databases and Exchange Server mailbox stores.
- Manage your tapes properly. If you're still backing up to tape (like many of us) make sure you have a scheme for storing the tapes both onsite and for transporting them offsite. Again, here is where time is of the essence. If you're relying on tape backup as your sole means of data protection, recovering data from tape is a slow and often arduous process. Bringing tape back from offsite storage can take days.
- Replicate data to another location. Protect your business-critical data from disaster by replicating it to a location that is physically separate from the source of the data. You can choose from a variety of products that vary widely in cost: EMC Corp.'s
- Encrypt data in flight and at rest. Financial institutions have the responsibility to protect their data from exposure. A number of government mandates specify encryption. Among them are Fedwire, the Federal Information Processing Standard 1402-2 and the Payment Card Industry Data Security Standard. Fedwire, the Federal Reserve's electronic funds transfer system, mandates that data be encrypted when in transit between financial entities. The Federal Information Processing Standard (FIPS) 140-2 encryption standard is intended for data at rest on tape or disk media. The Payment Card Industry Data Security Standard also requires end-to-end encryption of credit and debit card payments.
- Retain data for appropriate periods of time. Regulations such as the U.S. Securities and Exchange Commission (SEC) 17-a 3 and 4 require brokers and dealers to preserve records for a period of not less than six years that have to do with trades and account data. The Basel Capital Accord, or Basel II, an international banking standard, requires that data be retained based on its type. Finally, the Graham-Leach-Bliley Act requires that personal financial information be retained for six years or according to best practices.
Deni Connor is principal analyst with Storage Strategies NOW in Austin, TX.
Do you have comments on this tip? Let us know.
Please let others know how useful this tip was via the rating scale below. Do you know a helpful backup tip, timesaver or workaround? Email the editors to talk about writing for SearchDataBackup.com.
This was first published in September 2008