Advent. Disaster Recovery: Options for Investment Managers. A White Paper from Advent Software and CyGem Ltd. Advent Software, Inc.



Similar documents
The Benefits of Continuous Data Protection (CDP) for IBM i and AIX Environments

How To Choose A Business Continuity Solution

Reducing Risk of Data Loss and System Downtime

Have a Plan of ATTACK. Not a panic attack. 10 September 2003 IBM Internal Use Only Jarrett Potts, Tivoli Sales Enablement

Parish National Bank. Parish National Bank increases protection with recovery management from EMC and VMware BUSINESS VALUE HIGHLIGHTS

Four Steps to Disaster Recovery and Business Continuity using iscsi

Unitrends Backup & Recovery Solutions and Disaster Recovery Best Practices

Bringing the edge to the data center a data protection strategy for small and midsize companies with remote offices. Business white paper

Business Continuity Management

The Shift Cloud Computing Brings to Disaster Recovery

Why cloud backup? Top 10 reasons

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

Eliminating End User and Application Downtime:

Maximizing Data Center Uptime with Business Continuity Planning Next to ensuring the safety of your employees, the most important business continuity

True Cost of Tape Backup

BUSINESSES NEED TO MAXIMIZE PRODUCTIVITY, LOWER COSTS AND DECREASE RISKS EVERY DAY.

Introduction to Data Protection: Backup to Tape, Disk and Beyond. Michael Fishman, EMC Corporation

The case for cloud-based disaster recovery

IBM PROTECTIER: FROM BACKUP TO RECOVERY

NSI Solutions with Microsoft VSS

Let s Build a Better Backup

Read this guide and you ll discover:

Rapid recovery from bare metal, to dissimilar hardware or to and from virtual environments.

Simplify Your Data Protection Strategies: Best Practices for Online Backup & Recovery

HP Data Protection. Business challenge: Resulting pain points: HP technology solutions:

Backup and Recovery 1

Moving beyond tape backup.

Leveraging Virtualization for Disaster Recovery in Your Growing Business

Virtual Disaster Recovery

Best Practices in Disaster Recovery Planning and Testing

SAFETY FIRST. Emerging Trends in IT Disaster Recovery. By Cindy LaChapelle, Principal Consultant.

Whitepaper: Cloud Computing for Credit Unions

Breakthrough Data Recovery for IBM AIX Environments

Improving disaster recovery with Virtual Tape Libraries in Mainframe Environments By Deni Connor Principal Analyst, Storage Strategies NOW

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke

Financial Services Need More than Just Backup... But they don t need to spend more! axcient.com

Backup Software? Article on things to consider when looking for a backup solution. 11/09/2015 Backup Appliance or

Disaster Recovery Cloud Computing Changes Everything. Mark Hadfield CEO - LegalCloud Peter Westerveld IT Director - Minter Ellison Lawyers

THE NEXT GENERATION OF DATA INSURANCE

Building a strong business continuity plan

Introduction to Data Protection: Backup to Tape, Disk and Beyond. Michael Fishman, EMC Corporation

GETTING STARTED WITH DISASTER RECOVERY PLANNING

ESG Report. Data Protection Strategies for SMBs. By Heidi Biggar Storage Analyst, Data Protection Enterprise Strategy Group.

Reducing Corporate Risk: Best-practices Data Protection Strategy. for Remote and Branch Offices (ROBOs) Best-practices Data Protection Strategy

EMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR ITALY

Preventing Downtime from Data Loss and Server Failure

With 57% of small to medium-sized businesses (SMBs) having no formal disaster

Virtualization. Disaster Recovery. A Foundation for Disaster Recovery in the Cloud

Disaster Recovery Checklist Disaster Recovery Plan for <System One>

EMC GLOBAL DATA PROTECTION INDEX GLOBAL KEY RESULTS & FINDINGS

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it

Disaster Recovery Plan and Backup Strategy for a website

Things You Need to Know About Cloud Backup

ACTUALLY TEST YOUR PLAN. Disaster Recovery using Shadow Protect. March Madness Lunch & Learn. 1 AGENDA

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud

Business Continuity Plan

The Importance of Disaster Recovery for Data Protection

How To Back Up A Virtual Machine

Effective storage management and data protection for cloud computing

BACKUP IS DEAD: Introducing the Data Protection Lifecycle, a new paradigm for data protection and recovery WHITE PAPER

The Impact Of The WAN On Disaster Recovery Capabilities A commissioned study conducted by Forrester Consulting on behalf of F5 Networks

Planning and Deploying a Disaster Recovery Solution

Disaster Recovery. Hendry Taylor Tayori Limited

Protecting Your Business

WHITE PAPER. The 5 Critical Steps for an Effective Disaster Recovery Plan

PRODUCT SCENARIOS BEST-IN-CLASS DISASTER RECOVERY FOR WINDOWS SERVERS

WHY CLOUD BACKUP: TOP 10 REASONS

Disaster Recovery Strategy for Microsoft Environment

AVLOR SERVER CLOUD RECOVERY

Enabling Disaster Recovery Through Data Replication Technology June 7, 2010

Tivoli Continuous Data Protection for Files

A Study on Cloud Computing Disaster Recovery

MEDITECH Disaster Recovery

Five Secrets to SQL Server Availability

Protecting Microsoft Hyper-V 3.0 Environments with CA ARCserve

Top 10 Reasons for Using Disk-based Online Server Backup and Recovery

July 30, Internal Audit Report Information Technology Business Continuity Plan Information Technology Department

WHAT WOULD HAPPEN TO YOUR BUSINESS IF YOU EXPERIENCED DATA LOSS?

Publication Date: April 2007

How to Design and Implement a Successful Disaster Recovery Plan

The Secret to Affordably Protecting Critical Data

W H I T E P A P E R. Disaster Recovery Virtualization Protecting Production Systems Using VMware Virtual Infrastructure and Double-Take

EMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR SINGAPORE

WHY DO I NEED DATA PROTECTION SERVICES?

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them

Lunch and Learn: Modernize Your Data Protection Architecture with Multiple Tiers of Storage Session 17174, 12:30pm, Cedar

Archiving, Backup, and Recovery for Complete the Promise of Virtualization

Manufacturers Need More Than Just Backup... But they don t need to spend more! axcient.com

10 everyday things your data backup system should do. Data backup that is reliable, easy and fast is only the beginning

SOLUTION BRIEF: CA ARCserve R16. Leveraging the Cloud for Business Continuity and Disaster Recovery

Storage Backup and Disaster Recovery: Using New Technology to Develop Best Practices

9/23/2013. Disaster Recovery Planning Best Practices. Over the Next Decade. 75X growth in files. 50X growth in data. 10X growth in servers

Whitepaper - Disaster Recovery with StepWise

HP StorageWorks Data Protection Strategy brief

Don't Wait Until It's Too Late: Choose Next-Generation Backup to Protect Your Business from Disaster

Implementing Disaster Recovery? At What Cost?

Learn About SQL Server Disaster Recovery from Vas Srinivasan of Sonasoft.com

Effective Storage Management for Cloud Computing

DEFINING THE RIGH DATA PROTECTION STRATEGY

White Paper FASTFILE / Page 1

Transcription:

Advent Disaster Recovery: Options for Investment Managers A White Paper from Advent Software and CyGem Ltd. Advent Software, Inc. This communication is provided by Advent Software, Inc. for informational purposes only and should not be construed as, and does not constitute, legal advice on any matter whatsoever discussed herein.

Table of Contents Overview................................................3 How Would a Disaster Affect Your Business?..................4 Know Your Risks..........................................4 The Two Key Factors: RTO and RPO.........................5 Options and Tradeoffs: The Seven Tiers of Disaster Recovery....6

From terror attacks to hurricanes, events in recent years have brought the issues of disaster recovery and business continuity into sharp focus for asset managers and broker-dealers not to mention regulatory bodies, institutional investors and even savvy retail investors. With rule 206(4) 7, the SEC now requires every investment advisor to adopt and implement written disaster recovery policies and procedures. In their words, the SEC considers it an adviser s obligation to take steps to protect the clients interests from being placed at risk as a result of the adviser s inability to provide advisory services after, for example, a natural disaster... While the SEC recognizes that compliance plans and procedures vary, they have specifically listed business continuity as an area firms must address. In recent audits, examiners have asked firms to provide copies of their disaster recovery plans. Institutional investment boards and consultants are also asking firms that manage their money or aspire to about their disaster recovery capabilities. Managed account program sponsors are making it part of their due diligence process when evaluating potential firms to enter their programs. Individual investors are increasingly aware of and concerned about these issues. With the increased attention on disaster recovery, asset managers are being compelled to answer tough questions and are often uncertain of where to begin or what is appropriate for them. This document is intended to help asset management firms understand their options. Ultimately the choice of a solution will be based on a firm s size, the nature of its business and how long it can go without client account and transaction data and, of course, how much the firm is prepared to spend. The information presented here will enable you to have a productive conversation with a disaster recovery consultant or solution vendor, and help you understand the range of options available based on differing needs and budgets. Overview 2006 Advent Software, Inc. 3

How Would a Disaster Affect Your Business? Disaster recovery is an easy issue to push to the side, especially for smaller firms. Often, they barely have enough time to service their clients, research markets and make investment decisions. Why would they take the time or go to the expense to plan for a major site loss when some estimates indicate that it has a less than 2% chance of occurring? In determining your best course of action, the key factor is not the probability of a disaster, but the impact that a disaster can have if it does happen. The impact depends largely on your specific business. It may not be as important for a buy-and-hold money manager to return to operations as quickly as a hedge fund that trades many times over the course of the day. Fortunately, the Internet and the decreasing cost of disk drives have made it more affordable for firms of any size to get their data offsite. Once the means of getting data offsite is determined, you then need to determine your restore strategy. Here, too, many options are available for smaller firms, including quick ship programs that deliver new hardware in emergencies or agreements with off-site facilities to use their equipment. If a firm has more than one office, it might make sense to house old equipment at a branch office to use in the event of a disaster at headquarters. Know Your Risks It does not take an unusually violent act or cataclysm to constitute a disaster. Broken water pipes, a waste-basket fire, electrical surges, computer viruses, office theft and vandalism these are just some of the everyday threats that can have just as big an impact on an unprepared operation. A basic step in mitigating the impact of a disaster is to identify the vulnerabilities in your office environment. Most discussions about disaster recovery assume that everything needed to continue operations is already in a digital format. Many organizations, however, still rely on paper such as trade-confirms, brokerage statements and physical checks to run their business. If your firm is relying on non-digital information, you will need to think through ways to either have alternate access or digitize this information. Besides the potential loss of business-critical data, there are unquantifiable factors, such as adverse publicity or loss of client confidence if you don t have adequate procedures in place or if you are caught unprepared by a disaster. There s also the matter of publicizing performance. In order to make a performance number claim, you have to have the back-up transaction and account data on file to support it. If you lose that information, you cannot make the claim. Risk assessment determining your vulnerabilities and the impact a disaster could have on your business is the first step in disaster recovery planning. While the likelihood of a disaster may be low, the impact on your business could be large, making some kind of plan preferable to none. 4 2006 Advent Software, Inc.

Before you begin to evaluate technology solutions for disaster recovery, you need to consider two key factors: your recovery time objective (RTO) and recovery point objective (RPO). RTO is how quickly you need to get your business back in order. If you are a broker dealer and make money by placing trades, you want to get up and running as soon as possible. Every minute that you are not up is costing you. If you are an asset manager and bill on the amount of assets you manage quarterly, a longer RTO may be acceptable. The shorter your RTO, the more your solution is going to cost RPO is the point in time to which you need to be able to restore. For example, do you want to recover from one week ago, one day ago or fifteen minutes ago? The further back the RPO is from the present, the less your solution is going to cost. The ability to restore your infrastructure from one week ago will cost less than trying to restore your systems from fifteen minutes ago. A firm that does a lot of trading would probably have a more recent RPO than a firm that trades infrequently. It would take the firm with more trades more time to manually reenter all of their transactions. The more transactions you have, the lower your RPO needs to be in order to minimize the number of transactions that would need to be recreated. For organizations with fewer transactions a higher RPO might be acceptable. So what are your RTO and RPO? Broker-dealers may have an easier time figuring out the answer. They know the approximate number of trades they are likely to place on any given day. They can then calculate the dollars lost for every day they cannot trade, and determine what they are willing to spend on disaster recovery to ensure that they can keep trading and making money. A buy-and-hold asset manager may have a more difficult time reaching a conclusion as to how much disaster recovery is worth. They typically get paid in terms of a percentage of the assets they manage and bill quarterly. If they don t trade on a certain day it doesn t necessarily cost them an exact dollar amount. The greater risk is that they may lose clients or be subject to legal or regulatory action if they cannot restore account and transaction data in a timely manner. Another factor affecting recovery time is the restoration of the system state, namely the part of the computer that contains items like the Operating System and custom settings. If your backup solution addresses only the storage of data, it will take you longer to recover. Many backup systems can back up your system state, which will decrease your recovery time objective, but most require you to have identical hardware to which you would restore. You need to make sure your disaster recovery vendor carries your hardware or provides an alternate means for restoring your system state. Your alternative would be to load new operating system instances on the hardware and then restore your data on top of the new installations. Often, the system state can take significantly longer to restore than the data itself. Two Key Factors: RTO and RPO 2006 Advent Software, Inc. 5

Options and Tradeoffs: The Seven Tiers of Disaster Recovery In 1992 an organization called SHARE (http://www.share.org), an independent user group providing IBM customers with services, education and professional networking, created the seven tiers of disaster recovery. As you move from the zero tier to the seventh your recovery time decreases, while your cost or value increases exponentially. Tier 0: No off-site data possibly no recovery. You don t have a backup plan so you don t have a recovery. Of course, you save money because you pay nothing for disaster recovery. A disaster, however, could cost you significantly. Tier 1: Data backup with no hot site. In this scenario, businesses backup to tape and then have someone take the tape offsite also known as PTAM or the Pick-up Truck Access Method. This approach suits organizations that can accept days or weeks of data loss knowing their backup data is secure. This tier does not address how the data will be restored in the event of a major data loss. Tier 2: Data backup with a hot site. This scenario combines tape backup with the ability to restore the data at an alternate facility referred to as a hot site. The recovery time objective is more predictable than Tier 1, but the recovery point objective is similar to Tier 1 in that you still may need to recreate several days worth of data. Tier 3: Electronic Vaulting. Instead of relying on PTAM, organizations ship their backup copies offsite electronically. This might mean sending data to a hot site via T1 line or, as is happening more and more, using an online service with no hot site. Using the Internet means you don t have to go to a specific location to run your business you can run it from virtually anywhere you have Internet access. The recovery point objective is better than that of the lower tiers as there are fewer transactions to recreate. Tier 4: Point-in-time copies. This is a plan that accounts not only for data, but also for the exact system state to reduce the amount of time necessary to recover systems. At this tier, companies begin using diskbased or online backup, which is easier than backing to tape and can be done more frequently. With an enterprise backup provider, software is installed that takes a snapshot of a firm s entire system. The data is sent off site and the firm can recover its entire system to new and different hardware. For small- to mid-size investment managers, Tier 4 is the minimum recommended level of disaster recovery readiness. In balancing dollars spent and protection gained, it allows for secure offsite vaulting without going to the expense of a full disaster recovery facility. Solutions at this level are relatively easy to use, and therefore are more likely to be used, especially in firms with minimal or no IT staff. You can be confident that your data is secure and your firm is protected without relying on someone to manage the backup and tapes that accompany it. 6 2006 Advent Software, Inc.

In comparing online services, which often have wildly differing prices, it s important to recognize the distinction between workstation backup and server backup. Workstation backup is less expensive, but if you are in a SQL environment you will need a server-based backup solution. Tier 5: Transaction integrity. Sometimes referred to as host-based replication, solutions at this level involve having identical data at two facilities, one primary and one secondary. This is achieved by installing data-mirroring software onto the operating system. The software replicates the data between the two sites, so there is no data loss in the event of a disaster at either site. Tier 6: Zero or near-zero data loss. Similar to tier 5, with the exception that replication is no longer provided by an application on the operating system at the host level. It occurs on the storage platform itself. An example is SAN (storage area network) -based replication. For enterprises using multiple operating systems, SAN-based replication simplifies the process because it is independent of operating systems. Tier 7: Highly automated, business integrated solution. In this tier replication and failover happen automatically among multiple servers at multiple locations. Solutions at Tiers 5, 6 and 7 are geared to large organizations with multiple locations, high transaction volume and tens of billions in assets under management. At 6 and 7 in particular, the cost is going to be very high with the tradeoff that not a single transaction will be lost. Deciding what RTO, RPO and tier are appropriate for your organization is not a simple task. It takes business knowledge combined with the ability to find vendors able to deliver solutions that are appropriate for your organization and budget. Whatever solution and tier you decide to use, make sure you test with your environment. No two organizations are the same. Even if a vendor claims a 100% success rate, it is important to understand exactly what that 100% means. You should also plan to re-test as your organization and systems go through changes. Geoffrey F. Moore is a managing partner with CyGem, Ltd., specializing in managed hosting and disaster recovery services. Prior to CyGem, Ltd., Mr. Moore worked for Oak Associates, a large-cap growth money manager, in operations and information technology. About Advent Software Advent Software, Inc., a multi-national company, has provided trusted solutions to the world s leading financial professionals since 1983. Firms in more than 60 countries using Advent technology manage investments totaling more than US $12 trillion. Advent s quality software, data and services enable financial professionals to improve service and communication to their customers, allowing them to grow their business while controlling costs. Advent is the only financial services software company to be awarded the Support Center Practices certificate for being a world-class support organization. 2006 Advent Software, Inc. 7

Advent Software, Inc. 600 Townsend Street, San Francisco, CA 94103 800-727-0605 415-543-7696 666 Third Avenue, New York, NY 10017 212-398-1188 www.advent.com Copyright 2006 Advent Software, Inc. All rights reserved. WPDR1206

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information