The Need for Disaster Recovery Management Solutions in Indian Banks

Date:   Tuesday , April 05, 2011

An insiderís view on the state of information management in the Indian Banking sector and the need for a strong Disaster Recovery Management (SRM) strategy in the space.
We are in the 21st century, and it is not surprising that we have moved ahead in terms of economy, technology and globalization. If one could sit and analyze the radical transformation from the past to present, it is quite astonishing. There was a time where one had to manage all the personal and official data manually and undoubtedly, it took up a lot of time. This is not the case in the present scenario, where time and work are digitally driven. Globalization has been both Ė key in expanding the opportunities available to Banking sectors, and tough in the face of competition, especially with recent economic concerns.

I have my email, my photos, songs and few documents in my server for easy access, but what about the rest of the information that keeps life humming along? Banking details, passport, driving license, income tax and insurance details and other important documents which are essential for your business.

The banking industry is perhaps on the forefront of using IT enabled services; almost all listed banks and several mid-cap banks have deployed IT applications for core banking. Core banking enables the bank to offer customer services anywhere across the globe. The Reserve Bank of India, the regulatory body for banks has set up mandates to deploy disaster recovery and business continuity plan and ensure that all banks have access to the risk management solutions. Going forward, banks have to demonstrate compliance to RBIís mandate once in six months. Most of the banks have a primary location where their IT applications run and they also have an alternate site, like any other city where they have the capability to bring up their IT applications if the primary site goes down. Data which includes customer account details are replicated from the primary site to the alternate site on a regular basis.

Closely linked are the securities market, buying or selling shares will have a DMAT account. The stock exchange is sustained and driven by IT applications. The market regulator for the stock market is the Securities and Exchange Board of India (SEBI). SEBI follows regulations which would require depositories who participate in the market to demonstrate their risk management system including the disaster recovery capabilities of IT applications.

There is lot of personal data that the government holds, most of it is on paper but there are huge amount of e-governance projects moving us from the paper to the digital world. The National e-Governance website has tremendous information on ongoing e-governance initiatives. There are projects initiated by central government and some are introduced by state government. The Government has approved a Common Services Centers (CSCs) Scheme for providing support to establish 100,000 Common Services Centers in 600,000 villages of India. The objective of the CSC is to develop a platform which can enable Government, Private and Social sector organizations to align their social and commercial goals for the benefit of the rural population of the country through a combination of IT-based as well as non-IT-based services. A state wide area network (SWAN) is been assigned to network states and district head quarters. Various states are investing in State Data Centers (SDC) as a key enabler. State Data Centerís goals are to consolidate services, applications and infrastructure to provide efficient electronic delivery of G2G, G2C and G2B services. State Data Centre will provide many functionalities and some of the key functionalities are Central Repository of the State, Secure Data Storage, Online Delivery of Services, Citizen Information/Services Portal, State Intranet Portal, Disaster Recovery, Remote Management and Service Integration etc. SDCs also provides better operation & management control and minimize overall cost of Data Management, IT Resource Management, Deployment and other costs.

There are several complex projects that have the potential to change and enhance the way of getting our work done with the government. Some of the big projects are:
* National Citizen Database Ė UID project
* Passport, Immigration
* Income Tax
* E-Courts
* Land Records
While the detailed scope and requirement for each of these projects, which involve citizenís data is not available, I am eager to understand the kind of information recovery metrics each of these projects are aiming to satisfy. There are two important metrics that dictate how soon data and an IT application will be made available, if it goes down. The recovery point is a measure on how much information can be lost without adversely impacting the service. If you are transacting at a bankís ATM and if the ATM application crashes, you tend to panic and hope no information is lost; else your bank account may not be accurate. In this case the Recovery Point for the ATM application is zero. Considering the land records application, if the application becomes unavailable, as citizens we may have to wait up to two hours for the application to be available again. In this case the Recovery Time for the land records application is two hours.

Regulation in banking has gone a long way in ensuring that banks have business continuity and Disaster Recovery plan that protects integrity and security of customer information. Similarly, the need is now for regulation of e-Governance projects where citizen information and services are at stake. Such a regulation must mandate recovery metrics based on the nature of information and sensitivity of the services provided. The Right to Information act is a momentous step for citizens, in addition we need to add the right to have citizenís information protected and available in a timely manner. The regulation must require the government agency to demonstrate the ability to continue business within specified recovery metrics after a disaster strikes. As we gradually move to an e-governance model, information and process are captured and implemented using IT applications, it is imperative that we have regulations that forces government agencies to consider information protection, recovery and build appropriate technology solutions and process to ensure citizenís rights and expectations are met.

The author is Co-founder & Vice-President - Products at Sanovi Technologies.