By Eric Flick
Pros and Cons of Taking Disaster Recovery
into Your Own Hands
Some banks attempt to provide their own business continuity and disaster recovery by purchasing redundant hardware and installing it in a branch or remote location other than where the bank’s main system is housed. This do-it-yourself (DIY) disaster recovery methodology has some perceived advantages and realities that bankers should consider before taking disaster recovery into their own hands or contracting with a professional disaster recovery service provider.
Perceived Advantage #1: Cost Containment
The single biggest advantage of an in-house or internal recovery solution is the perceived lower cost, which appears to be a fixed cost spread over multiple years versus annual fees and ongoing testing expenses.
Reality #1: Despite the perceived up-front savings, significant investments must be made in hardware, software, item processing equipment, networking and communications. Banks must also ensure they can access internal recovery centers, branches, third-party systems, ATM switches, etc. Main and backup systems require duplicate operating systems, application software and testing utilities, which means duplicate license fees. Hardware and software must always be upgraded to compatible levels, so every main system upgrade must be duplicated on the backup system. And monthly and/or annual maintenance fees must be paid on both the main and backup equipment.
To accurately analyze in-house disaster recovery, compile an itemized list of equipment, software, communications gear and peripheral devices and consider the purchase price, maintenance costs and required personnel. Also list the main system upgrades purchased in the last three to five years and double those costs to determine what you can expect to pay in the next three to five years. This exercise will help you compare the total cost of an in-house recovery center to the cost of a professional recovery provider.
Perceived Advantage #2: A More Convenient Location
A common perception is that DIY disaster recovery is more convenient because the back-up system is typically nearby and requires minimal travel time and expense.
Reality #2: If a major disaster like Hurricane Katrina were to strike your geographic area, there is a strong possibility that your internal back-up solution would also be affected. In fact, as a result of this historic hurricane, the FFIEC revised its guidance regarding the distance between primary data centers and backup facilities.
Professional disaster recovery services do not rely on a single-thread recovery solution. They ensure compliance with this guidance through multiple regional recovery sites that are prepared with the necessary equipment, resources, technical support, and qualified personnel that know your business, hardware and software.
Perceived Advantage #3: Overall Control
A common perception is that having your own recovery equipment means your bank is self-sufficient and can test your recovery plan based on your staff’s schedule.
Reality #3: Disasters can significantly impact your bank’s employees, their families, their homes and their communities. These personal burdens typically and understandably take precedence over work responsibilities, and effectively responding to disasters without appropriate staffing is virtually impossible. Professional disaster recovery services ensure access to a qualified support staff that is not personally affected by disasters and can exclusively focus on restoring your bank’s operations.
DIY disaster recovery also means your staff is responsible for the highly technical tasks of reconfiguring your bank’s networks to communicate with the internal recovery system, switching over your ATM operations, and maintaining the primary banking applications your customers depend on like ATM authorization and Internet, mobile and telephone banking.
Professional disaster recovery services also ensure that enterprise-wide business continuity and recovery plans are fully and systematically tested based on industry best practices. All too often, banks only test the core system and neglect mission-critical ancillary applications like item processing, teller solutions and ATMs.
Weigh the Risk
When considering operational alternatives, there are often perceived and actual realities that should be carefully and objectively evaluated. DIY disaster recovery versus a professional disaster recovery service has strong proponents on both sides of the argument, but there are several undeniable realities today. Regulatory oversight is expected to continually increase, and in the post-Katrina environment, bank officers and directors can be held legally liable if their bank does not properly respond to a disaster. Re-establishing customer, market and stockholder confidence if your bank fails to appropriately respond to a business interruption or catastrophic disaster is a long and expensive process at best – if it’s even possible.
As you consider your bank’s disaster recovery solution, ask yourself three simple questions: What are the biggest benefits and the biggest deficiencies of our current disaster recovery solution? How high is the probability that our current disaster recovery solution or specific components could actually fail if an unexpected disaster strikes? Can I prove to my bank’s officers and directors and the regulators that we’re ready to respond? Based on your honest answers to these elementary questions, you might discover it’s in your bank’s best interest to take another look at your disaster preparedness and recovery plans.
Eric Flick is director of disaster recovery for Jack Henry & Associates, Inc.