<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1490657597953240&amp;ev=PageView&amp;noscript=1">
BACK
All Solutions
Contract Negotiations
Digital
Enterprise Program Management
Fintech Advisory
Mergers and Acquisitions
Performance
Strategic Planning
Transformation
Vendor Management
Executive Education
Podcasts
GonzoBanker Blog
Events and Webinars
Research Reports
Speakers
Analytics Vault
Contract Vault
Performance Vault
Vendor Vault
Case Studies
Testimonials
Careers
In The News
Media Inquiries
Our Purpose & Values
Our Story
Our Team
Press Releases

Manage the Information, Not the Infrastructure

Bill McFarland
November 15, 2006

No one would disagree that the events of September 11, 2001, have brought about many changes in customer expectations and regulatory concerns regarding contingency planning. Other headline-making events such as Hurricane Katrina, bomb scares and other terrorist attempts at headline gathering, have added to the urgency of business continuity planning (BCP) and the need for “preparedness” in general. The following six factors are considered critical to effective bank management with respect to BCP:

  1. Business continuity planning is more than the recovery of the technology; it is the recovery of the business.
  2. Business continuity planning should be conducted on an enterprise-wide basis.
  3. A comprehensive business impact analysis and risk assessment forms the foundation of an effective BCP.
  4. The effectiveness of a BCP can only be validated through thorough testing.
  5. The BCP and test results should be subjected to independent audit.
  6. A BCP should be periodically updated to reflect and respond to changes in the institution.

In particular, step #1 above is increasingly important in a post-9/11 and post-Katrina world: the recovery of the business is paramount. Simply ensuring that the technology can be recovered is only the first step in a multi-step process. Are there ways to focus more management attention on business recovery and less on the technological aspects of BCP? If so, what other benefits might such an approach offer?

Banks have long seen the advantages of outsourcing functions that are not “core competencies” such as item processing and statement rendering. Larger banks, however, have for the most part historically retained key functions such as core processing and network management in-house, due to the superior cost profile of in-house processing coupled with their desire to retain control over key strategic resources. Along with in-house processing came the “necessary evil” responsibility for managing a technological infrastructure, both on a day-to-day basis and with respect to contingency planning.

Recently, a shortage of qualified human resources, budget pressures regarding staff expense and a renewed focus on business resumption planning industry-wide has had CIOs re-evaluating which activities must be performed in-house and which can be delegated to service providers (who typically operate in centralized and standardized environments that create operational efficiencies in addition to leveraging human resources in terms of skill sets and staff sizes).

Some progressive in-house banks have adopted a modified approach to in-house processing: outsource the physical infrastructure, while retaining in-house those key strategic functions that are unique to the bank such as data management, project management, integration of technology and business processes, and the marriage of I.T. project priorities with business priorities. At the end of the day, infrastructure elements such as physical security, backup power and communication arrangements, “hot site” preparation and testing, etc. are hard to classify as strategic advantages. Certainly they must be present and they must work well when/if necessary, but they do little to differentiate a bank strategically, financially or operationally.

In the words of Nelson Tkatch, Vice President and CIO of Community Savings, a $2 billion credit union in Alberta, Canada, “It’s about managing the information, not the infrastructure.” Scarce management and technological resources are better utilized when focused on elements that are difficult or impossible to outsource, leaving those aspects of I.T. that do not provide a clear and compelling strategic advantage to be provided by others.

Known as “remote hosting” or “collocation,” infrastructure services are typically provided by firms that specialize in them, although on occasion they are also provided as part of a larger relationship (such as with a telco or communication services provider). As part of the analytical process when contemplating outsourcing this aspect of a bank’s technology, look for the following general characteristics:

  1. Proven history of co-locating large server and Web sites. This provider will be a key business partner, and this is not the time for a bank to be a pioneer!

  2. Connectivity to a robust, high-performance Internet backbone

  3. Strong physical security: cameras, robust access controls, and secured cages, which isolate each customer’s servers, switches, etc. from other client’s hardware
  4. Robust building and environmental systems such as fire-suppression systems, buildings engineered to withstand natural disasters (tornadoes, earthquakes, floods, etc.) and redundant utility feeds (telephone, power, water, etc.)
  5. Billing based on floor space, power consumption and the communications bandwidth consumed
  6. Multiple data centers with 24 x 7 x 365 network monitoring and redundant infrastructure characteristics, typically housed in multiple strategic locations
  7. Availability of an extensive Professional Services Organization focused on security consulting, systems design, implementation, etc.
  8. The ability and willingness to interface with other collocation providers in the event that multiple vendors, in addition to providing geographic diversity, best suits the bank’s needs
  9. Utilization of infrastructure products known for reliability and robustness. Products should be equipped with redundant power, cooling and logic.
  10. Networks are typically built on diverse segments in a ring format. If any portion of the ring fails, traffic automatically reroutes.
  11. User-defined specification of the communication mechanism (e-mail, pager, phone and/or fax) for any notification to bank I.T. staff
  12. Tape backup services with one-hour (maximum) response times for tape insertion and removal requests for tapes located in the collocation space. Typically, vendors also provide two-hour, four-hour and 24-hour retrieval of tapes located in secure off-site storage (at additional cost, of course).
  13. The availability of firewall protection service, using software and hardware platforms, to protect the bank’s network and network assets
  14. The vendor’s ability and willingness to share an understanding of industry “best practices” throughout the term of the relationship
  15. Keeping multiple versions of databases synchronized can require significant bandwidth. Where this is necessary, some providers allow banks to synchronize databases over a private backbone during non-peak periods at reduced bandwidth charges.
  16. Costs vary. In a comprehensive ROI analysis that evaluates all current costs compared to all future costs in the remote hosting environment, it is not uncommon to find that the centralization and standardization required for remote hosting also leads to reduced costs without sacrificing technical quality. 

Clearly, while most of the six factors critical to effective BCP can be enhanced by remote hosting, it is not appropriate for all situations nor is it supported by all systems architectures and technologies. Conversely, significant resources and management effort can be consumed dealing with “housekeeping” issues that may be better performed by specialists. Every bank should consider: Do our infrastructure support activities really provide a clear competitive advantage? Or do they consume significant resources with little payback in terms of strategic differentiation and operational excellence? Are infrastructure elements essential components of our technology, or are they components that can be provided by specialists, leaving bank staff to focus on those aspects of I.T. that cannot be outsourced?

The attention shown to infrastructure, traditionally the “ho hum” area of I.T. responsibilities, has never been greater and the need to consider “outside the box” infrastructure solutions has never been more compelling.
-BRM