Indonesian Political, Business & Finance News

Was your savings account data burned?

| Source: JP

Was your savings account data burned?

By Zatni Arbi

JAKARTA (JP): "What happens to my savings accounts now? Do the
banks still have the data, or have I lost all the money that I
entrusted to them?"

As the riots raged out of control last month and we all felt
helpless because of the lack of a reliable national leadership,
that must have been among the many questions on peoples'
minds.

It was a fair question to raise as we watched looters ripping
computers off tables and carrying them out of burning buildings.
Banks rely heavily on information technology and if their
computers get damaged there is a risk that vital data may be
lost.

All big companies, particularly financial institutions,
collect massive amounts of data. Banks hold information on every
single customer, and large banks with a scattered bank of
automated teller machines (ATMs) transfer funds electronically.
Every single transaction is recorded by binary numbers, a series
of 1s and 0s, which are called data. If they ever lose this data
they will be out of business. And you will be too.

Luckily most large banks and financial institutions cannot
lose their data so easily because it is regularly backed up.
Different banks have different policies on how often backups are
made, but they are invariably made fairly frequently.

The backup tapes are stored in a protected, fireproof vault at
the data center or at a different location. Storing the tapes
"off-site" offers more protection than on-site storage.

The data center itself is usually very well protected. To
minimize the risk of flooding it is usually located on the upper
floors of a multistory building. Normally it is camouflaged in
such a way that you won't be able to find it easily unless you've
been an employee of the company for quite some time. In a well-
managed security environment, visitors won't see any sign
pointing to the Data Center. Even when you know where it is
located you may not be able to get in because it is supposed to
be a highly restricted area.

However, just like in any other walk of life, disaster can
strike at any time.

If a calamity destroyed the data center business activities
would be interrupted. This would mean a lot of angry bank
customers because ATMs would stop dispensing money. Does this
sound familiar to you?

ATM users are by no means the only people who would be
affected by the destruction of the data center. A bank is a
service institution and when its activities are suspended, even
for just for one hour, it loses revenue on services that cannot
be rendered.

To avoid a prolonged suspension of operations, many reputable
banks and other organizations have prepared themselves against
such an event with something called a Disaster Recovery Plan
(DRP). With the help of a reliable DRP, the bank can resume
business activities in a very short time after a serious
disaster.

"A good DRP has a number of elements," said Ronnie A. Dumaguin
of PT Pratesis, a company which has been providing disaster
recovery services to various companies in Indonesia. "First, it
has to assign several Disaster Recovery Teams, each of which is
responsible for a different set of tasks. Once a disaster has
been declared, the teams will then follow the procedures detailed
in the Plan."

DRC

Within 15 minutes of the disaster a damage assessment should
be carried out to determine whether it is necessary to move the
data center to a different location. If the damage is not serious
this may not be necessary. But if, for example, the data center
building is no longer safe operations will have to be relocated
to a Disaster Recovery Center, or DRC.

A DRC should be equipped with enough hardware, software,
network facilities and communication links to set the entire
operation in motion again with the minimum disruption to
services.

"Preferably a DRC should be quite a distance away from the
location of the primary data center," Ronnie explained. "Last
month's riots showed why this should be so. If the data center
was destroyed outright during riot it would not help much if the
recovery center was very close by."

Another very important element of the DRP is the holding of
regular training and simulation exercises to ensure that staff
now how to react. For example, data center staff should know
where they have to meet after evacuating the building, and
members of the recovery team should know where the command center
has to be set up.

The exercises also help to uncover pitfalls in the Plan. If
any mistakes have been made or responsibilities left unallocated
this will become evident during the exercises.

Organizations do not normally organize their own contingency
plans for the simple reason that no one knows when disaster will
strike. Waiting for an uncertain event is one of the most boring
tasks that an employee can be paid to do. In most cases disaster
management is subcontracted to companies that specialize in
providing the service such as PT Pratesis and Gateway Group Inc.

According to a survey conducted by the UK National Computing
Center (NCC), a lot of disasters have ended as just that because
of a lack of funds allocated to ensure business continuity.

Luckily, according to analysts at Gartner Group, banks are
among the institutions that allocate the highest percentage (6 to
8 percent) of their information technology budget to disaster
recovery services.

We can only hope that large Indonesian banks with advanced
information technology, including the ubiquitous BCA, will have
some level of protection and disaster recovery plan in place. At
least then it is not so easy for such banks to lose their data
and purge your savings account!

View JSON | Print