enterprisesecuritymag

Devising Effective Disaster Recovery Strategies

By David Nichols, Chief Risk Officer, Xinja

David Nichols, Chief Risk Officer, Xinja

Every organization requires a comprehensive disaster recovery strategy in response to natural as well as human-induced disasters, which eliminates the element of surprise and facilitates an all-round recovery of systems. Oftentimes, even the most well-defined and well-executed disaster recovery plans fail to protect businesses adequately either because organizations fail to keep abreast of evolutions in technology or their inability to test strategies for all scenarios. To help organizations devise all-encompassing disaster recovery strategies, David Nichols, the Chief Risk Officer of Xinja, shares his valuable insights in a detailed interview.

Being the chief risk officer (CRO) at Xinja and a key decision-maker, what is your perspective about disaster recovery services and how have they evolved over the years?

In my opinion, disaster recovery services must focus equally on both the business of an organization and the customers. At Xinja, we are building a digital bag that brings together the best of disaster recovery solutions across the world, thus preparing organizations for a wide variety of adverse scenarios.

What if there arises a situation that doesn’t go according to the plan for both the customer as well as an organization’s business? As a result, businesses must prepare for all kinds of circumstances, because what matters the most with regard to disaster recovery is the groundwork done before an unexpected turn of events. The advancements in disaster recovery services today revolve mainly around how organizations embrace and utilize the upcoming technologies along with understanding the human element involved in adopting them. From the people’s perspective, an extensive knowledge of what needs to be done in terms of disaster recovery, planning for various scenarios, and ownership security is critical.

What do you think are the technological trends that can be leveraged to ensure better disaster recovery in an organization?

A hybrid solution for robust security can prove to be significant for organizations. For instance, a core banking platform integrated with dynamic technology-based applications can be of great benefit. Creating a strong balance by incorporating an innovative digital layer into the proven elements of a system can certainly give disaster recovery a major boost. We, at Xinja, are leveraging core banking system implementations coupled with a microservices layout that helps us protect certain disaster situations. Most importantly, organizations must always regard a customer as their topmost priority in every situation.

There were a number of occasions when Xinja’s critical systems had collapsed along with some of the key vendors going down too. In Australia, natural disasters resulting in power shortage have affected our core banking systems, forcing them into serious disaster recovery modes.

"Creating a strong balance by incorporating an innovative digital layer into the proven elements of a system can certainly give disaster recovery a major boost"

What would you suggest to decision makers across industries for effective disaster recovery in their organizations?

According to me, there are three key elements for effective disaster recovery. First and foremost, decision makers must have a clear understanding of what the potential risks to their respective organizations are. Although planning for most likely scenarios is fairly easy, in order to identify and deal with the complex threats, organizations must have robust controls in place. Secondly, the journey toward maturity is a gradual process, resembling a kid learning to ride a bike for the first time. Organizations must learn continually by taking lessons from each and every failure, evolve one step at a time, and also adapt constantly to the changing environment. Finally, the key is to keep practicing regularly from both the systems’ as well as the people’s perspective. Implementing simulations in various controlled environments to test the failures of systems can also boost the disaster recovery capabilities of an organization. Applying these elements to the disaster recovery strategies, organizations can set up a robust framework.

Could you take us through your journey from being a risk executive to the CRO of Xinja?

Being a CRO is a huge responsibility wherein your role of safeguarding the organization is similar to that of a goalkeeper in soccer. Risk management, for me, is closely linked with the customers that are also intrinsically related to compliance. Having pursued my master’s degree in risk management at the University of South Wales where I am now a guest lecturer, I perceive risk management to be more strategic as opposed to its traditional definition. In order to manage risks efficiently, you need to act like a business consultant and be more flexible and dynamic in your decisions.

Based on your experiences, have there been any important lessons that you would bring to our readers’ notice?

If organizations don’t keep themselves abreast of advancements in technology not only from a business perspective but also from a risk management perspective, then the disaster recovery will suffer significantly. Risk management professionals must not sit back and let the business requirements entirely control the technology within their organizations. Technology must be leveraged to enhance controls and look out for new opportunities in addition to managing risks. Professionals must earn their right of holding a position at the board table by continuously delivering value to their organizations.

Entrepreneurs must equip themselves with an ability to control their emotions from the business, risk management as well as disaster recovery perspective. It’s a truly exciting space where you have to push your boundaries and also take risks rather than simply managing them.

Read Also

Creating a Culture of Security

Creating a Culture of Security

Lyle Hardy, Global CIO, Teleperformance
The ever-changing cybersecurity strategy - how to get it right?

The ever-changing cybersecurity strategy - how to get it right?

Nilesh Jain, Vice President of SEA and India, Trend Micro
Upholding the Principle of Cyber-Awareness

Upholding the Principle of Cyber-Awareness

Gabor L. Varjas, Group Chief Information Security Officer, MOL Group

Weekly Brief