enterprisesecuritymag

Devising Effective Disaster Recovery Strategies

By David Nichols, Chief Risk Officer, Xinja

David Nichols, Chief Risk Officer, Xinja

Every organization requires a comprehensive disaster recovery strategy in response to natural as well as human-induced disasters, which eliminates the element of surprise and facilitates an all-round recovery of systems. Oftentimes, even the most well-defined and well-executed disaster recovery plans fail to protect businesses adequately either because organizations fail to keep abreast of evolutions in technology or their inability to test strategies for all scenarios. To help organizations devise all-encompassing disaster recovery strategies, David Nichols, the Chief Risk Officer of Xinja, shares his valuable insights in a detailed interview.

Being the chief risk officer (CRO) at Xinja and a key decision-maker, what is your perspective about disaster recovery services and how have they evolved over the years?

In my opinion, disaster recovery services must focus equally on both the business of an organization and the customers. At Xinja, we are building a digital bag that brings together the best of disaster recovery solutions across the world, thus preparing organizations for a wide variety of adverse scenarios.

What if there arises a situation that doesn’t go according to the plan for both the customer as well as an organization’s business? As a result, businesses must prepare for all kinds of circumstances, because what matters the most with regard to disaster recovery is the groundwork done before an unexpected turn of events. The advancements in disaster recovery services today revolve mainly around how organizations embrace and utilize the upcoming technologies along with understanding the human element involved in adopting them. From the people’s perspective, an extensive knowledge of what needs to be done in terms of disaster recovery, planning for various scenarios, and ownership security is critical.

What do you think are the technological trends that can be leveraged to ensure better disaster recovery in an organization?

A hybrid solution for robust security can prove to be significant for organizations. For instance, a core banking platform integrated with dynamic technology-based applications can be of great benefit. Creating a strong balance by incorporating an innovative digital layer into the proven elements of a system can certainly give disaster recovery a major boost. We, at Xinja, are leveraging core banking system implementations coupled with a microservices layout that helps us protect certain disaster situations. Most importantly, organizations must always regard a customer as their topmost priority in every situation.

There were a number of occasions when Xinja’s critical systems had collapsed along with some of the key vendors going down too. In Australia, natural disasters resulting in power shortage have affected our core banking systems, forcing them into serious disaster recovery modes.

"Creating a strong balance by incorporating an innovative digital layer into the proven elements of a system can certainly give disaster recovery a major boost"

What would you suggest to decision makers across industries for effective disaster recovery in their organizations?

According to me, there are three key elements for effective disaster recovery. First and foremost, decision makers must have a clear understanding of what the potential risks to their respective organizations are. Although planning for most likely scenarios is fairly easy, in order to identify and deal with the complex threats, organizations must have robust controls in place. Secondly, the journey toward maturity is a gradual process, resembling a kid learning to ride a bike for the first time. Organizations must learn continually by taking lessons from each and every failure, evolve one step at a time, and also adapt constantly to the changing environment. Finally, the key is to keep practicing regularly from both the systems’ as well as the people’s perspective. Implementing simulations in various controlled environments to test the failures of systems can also boost the disaster recovery capabilities of an organization. Applying these elements to the disaster recovery strategies, organizations can set up a robust framework.

Could you take us through your journey from being a risk executive to the CRO of Xinja?

Being a CRO is a huge responsibility wherein your role of safeguarding the organization is similar to that of a goalkeeper in soccer. Risk management, for me, is closely linked with the customers that are also intrinsically related to compliance. Having pursued my master’s degree in risk management at the University of South Wales where I am now a guest lecturer, I perceive risk management to be more strategic as opposed to its traditional definition. In order to manage risks efficiently, you need to act like a business consultant and be more flexible and dynamic in your decisions.

Based on your experiences, have there been any important lessons that you would bring to our readers’ notice?

If organizations don’t keep themselves abreast of advancements in technology not only from a business perspective but also from a risk management perspective, then the disaster recovery will suffer significantly. Risk management professionals must not sit back and let the business requirements entirely control the technology within their organizations. Technology must be leveraged to enhance controls and look out for new opportunities in addition to managing risks. Professionals must earn their right of holding a position at the board table by continuously delivering value to their organizations.

Entrepreneurs must equip themselves with an ability to control their emotions from the business, risk management as well as disaster recovery perspective. It’s a truly exciting space where you have to push your boundaries and also take risks rather than simply managing them.

Weekly Brief

Read Also

Digital identity - improving security and customer experience

Digital identity - improving security and customer experience

Margo Stephen, Head of Digital ID at Australia Post
Securing Telco Cloud for the 5G era

Securing Telco Cloud for the 5G era

Srinivas Bhattiprolu, Head of Advanced Consulting Service, Nokia Software
Risk Management in Times of Chaos. How To Survive It All?

Risk Management in Times of Chaos. How To Survive It All?

Magdalena Skorupa, Cyber Risk, Data Privacy & IT Compliance Director, Reckitt Benckiser Group
2021 - Are You Ready for the Future?

2021 - Are You Ready for the Future?

Sebastian Fuchs, Managing Director Manheim and RMS Continental Europe, Cox Automotive
How to Build A Successful Identity and Access Management (IAM) Program?

How to Build A Successful Identity and Access Management (IAM)...

Carlos Rodriguez, Director, IT Security & Risk, Citizens Property Insurance
Making Vulnerability Management Relevant to Your Organization's Needs

Making Vulnerability Management Relevant to Your Organization's Needs

Mike Holcomb, Director-Information Security, Fluor Corporation