The problem: Manual cyber recovery plans and increasing regulatory risk
A top five American bank needed to meet the demands of regulations with their current cyber recovery toolset. Any downtime could have a catastrophic impact on the business and brand reputation, and they were searching for technology to mitigate that risk.
The bank needed a better way to build, execute and orchestrate their bare metal cyber recovery plans in the event of a cyber attack. The bank’s existing spreadsheets and static word documents were not efficient to handle the unpredictability and complexity of bare metal recovery plans for incidents. Those static plans introduced too much risk, lack of accountability and auditability as well as real time visibility for business stakeholders.
Cyber recovery brings an increased complexity above IT disaster recovery because you cannot easily know the extent or blast radius of the attack. Also, in the case of ransomware, access to the infected application and data are encrypted which compounds this further, making it very difficult to bring the business back to a minimum viable functioning state. For example, when recovering from a ransomware attack, the business must pull data back from a last known good source of data and recover to a bare metal platform in a clean data center or cloud region.
The solution: Collaborative Automation platform with dynamic, automated runbooks
As a SaaS platform, Cutover exists outside the bank’s network and infrastructure enabling the bank’s teams to access, execute and orchestrate their cyber recovery runbooks and communicate in real-time.
The bank currently has built over 1,000 automated and executable runbooks in Cutover to support their comprehensive IT disaster recovery strategies. Building upon this success, they then created cyber focused automated runbooks for bare metal recoveries, capturing the complex dependencies between manual and automated tasks, last known good data sources and clean infrastructure to ensure recoveries would run smoothly.
Cutover’s cyber recovery solution enables the bank to:
- Manage a repository of recovery runbooks to enable rapid mobilization spanning hundreds or thousands of applications.
- Execute automated runbooks to orchestrate the sequence of tasks and communications across human and machine activities in real time.
- Enable efficient control, visibility and stakeholder engagement at scale with real-time reporting and analytics.
- Automate repetitive, manual recovery tasks with automation and integration to any application across your recovery technology stack using the Cutover Integration Suite and open API.
- Drive continuous improvement and ensure lessons learned are incorporated into updated recovery plans through the post-execution analytics.
- Ensure regulatory compliance and support audit requests with the immutable audit trail and auto-generated compliance logs and reports.
- Standardize the approach to cyber recovery with the template workflow and creation and approval of recovery templates.
The outcome: Cyber confidence with 30+ successful cyber recovery exercises
While the bank has not experienced a business impacting cyber incident, they have executed exercises for cyber recovery across multiple applications, by product lines. To date, they have executed more than 30 individual cyber recovery exercises providing benefits such as:
- Reducing the unpredictability and gaining confidence of their cyber recovery capability with a repository of automated runbooks outlining the sequence of tasks.
- Increasing the visibility and communications of recovery progress across the CIO, security operations, IT and business teams, and all stakeholders can drive more informed decision making.
- Enabling the orchestration of hundreds of complex recovery tasks.
- Meeting regulatory requirements with a comprehensive cyber recovery plan, and demonstrating recovery execution with the real time dashboards and an auto-generated immutable audit trail.