Problem solve Get help with specific problems with your technologies, process and projects.

Data protection for financial organizations

Protecting data is especially critical for financial institutions with large amounts of sensitive personal data. A variety of government regulations make this task especially onerous. Here are five ways storage administrators can ease their backup burden.

Protecting data is especially important for financial services institutions deluged with a large amount of sensitive personal information and imposed upon by a variety of government regulations. Storage administrators must adopt a multifaceted approach to protecting their data and the business-critical applications running on the servers in their networks.

Here are five ways financial institutions can better protect their data.

  • Time is of the essence in recovering data. Setting recovery point objectives (RPOs) and recovery time objectives (RTOs) for data and applications will help determine the types of backups required. If, for instance, you're backing up transactional data, you might consider using Continuous data protection (CDP) software such as CA's XOSoft CDP Solo, which lets you roll back protection to the time right before the data loss. If you are protecting file-based data, you might consider CDP software such as Double-Take Software TimeData, which protects files on NTFS volumes, SQL Server databases and Exchange Server mailbox stores.
  • Manage your tapes properly. If you're still backing up to tape (like many of us) make sure you have a scheme for storing the tapes both onsite and for transporting them offsite. Again, here is where time is of the essence. If you're relying on tape backup as your sole means of data protection, recovering data from tape is a slow and often arduous process. Bringing tape back from offsite storage can take days.
  • Replicate data to another location. Protect your business-critical data from disaster by replicating it to a location that is physically separate from the source of the data. You can choose from a variety of products that vary widely in cost: EMC Corp.'s Symmetrix Remote Data Facility (SRDF), IBM Corp.'s Peer-to-Peer Remote Copy are among the most expensive; Data Domain's Replicator Software and SteelEye Technology Inc.'s Data Replication software are less so. You should also decide also if you need to use synchronous, semi-synchronous or asynchronous replication.
  • Encrypt data in flight and at rest. Financial institutions have the responsibility to protect their data from exposure. A number of government mandates specify encryption. Among them are Fedwire, the Federal Information Processing Standard 1402-2 and the Payment Card Industry Data Security Standard. Fedwire, the Federal Reserve's electronic funds transfer system, mandates that data be encrypted when in transit between financial entities. The Federal Information Processing Standard (FIPS) 140-2 encryption standard is intended for data at rest on tape or disk media. The Payment Card Industry Data Security Standard also requires end-to-end encryption of credit and debit card payments.
  • Retain data for appropriate periods of time. Regulations such as the U.S. Securities and Exchange Commission (SEC) 17-a 3 and 4 require brokers and dealers to preserve records for a period of not less than six years that have to do with trades and account data. The Basel Capital Accord, or Basel II, an international banking standard, requires that data be retained based on its type. Finally, the Graham-Leach-Bliley Act requires that personal financial information be retained for six years or according to best practices.

Deni Connor is principal analyst with Storage Strategies NOW in Austin, TX.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful backup tip, timesaver or workaround? Email the editors to talk about writing for

Dig Deeper on Data backup security