Financial entities are naturally highly regulated. In addition to being difficult technically, compliance creates enormous overhead. For one of the largest financial groups in one of the world’s leading economies, compliance sustainability felt difficult to achieve, and would otherwise be forced to rely on heroics from teams on nights and weekends preparing for audits or following attacks. That wouldn’t necessarily mean that the system would survive into the next time, either.
The next option is even worse, whereby a CIO can opt to sign a waiver indicating they were unable to meet such requirements, which can have massive trust and security ramifications. Avoiding the need to sign such waivers and developing agile procedures for compliance and testing is paramount for an organization of this size and scope.
A common problem in cyber resilience goes beyond unknown unknowns of risk into unknown unknowns of solutions. That is, without knowing what is possible, clients don’t know they can request it and design around such options. CyberVR’s key value-add goes beyond solution application into overhead simplicity: our proof of concept showed that our platform in their environment was feasible without creating any additional burdens for the operations team. No heroics needed, just realistic practice in a cooperative environment.
A major part of CyberVR’s value proposition is interdisciplinary practice: improving trust, skills, and processes leads to more predictable results and less improvisation. We worked directly with both IT operations and Security Operations separately to co-sponsor a solution while building confidence across both teams for a proof of concept.
Our results were presented to other key teams in other functional areas, which led to the joint team taking advantage of breakthrough features and setting more ambitious KPIs. This iterative development across cross-functional expertise is the ideal state for operational resilience process and outcome refinement.
CyberVR and Hitachi Ops Center Protector allows them to leverage immutable snapshots on a much larger environment than originally contemplated, along with our joint development work to get this functionality to be most scalable and efficient. They are now replicating primary data centers to a disaster recovery site where CyberVR makes use of the immutable snapshots, without adding any additional overhead in the core disaster recovery site.
CyberVR is now protecting bank workloads relying on 400 VMs and 1 Petabyte of storage, which can be recovered in under 30 minutes. To safeguard over $800 billion dollars in assets, this institution refined the cooperation of 5 separate operational teams (IT, security, networking, infrastructure, and compliance) and is facilitating the work of nearly 300 critical employees.
This partnership demonstrates that while DORA compliance is required for regulatory reasons, achieving that compliance can also reduce costs and increase efficiency. Solving a business problem and solving a compliance problem should be two sides of the same coin and help conserve resources, rather than sap them.