The digital transformation of finance is an important factor in the development of the digital economy and the promotion of the transformation of new and old kinetic energy. The deep integration of finance and technology has made financial technology an important engine for driving social and economic development. According to relevant data, the proportion of financial technology in China will increase from 20.5% (in 2019) to 23.5% (in 2023), mainly focusing on the construction of digital platforms, distributed systems, and the innovative application of single-category technologies such as intelligent technology and blockchain.
With the continuous improvement of informatization in the financial industry, information systems are playing an increasingly important role in key businesses and have become the 'nerve center' of their production and operation. However, the risks and threats to financial institutions' information systems and data from cyber attacks, ransomware, natural disasters, and other factors are also continuously escalating. Any unplanned downtime may lead to significant economic losses and social impacts.
Image source: internet, please delete if copied
Legal and regulatory laws and regulations of financial industry information security
In order to ensure the safe and stable operation of information systems in the financial industry, standardize the disaster recovery work of information systems in the financial field, the People's Bank of China, the China Banking Regulatory Commission, the China Securities Regulatory Commission, the China Insurance Regulatory Commission, and relevant industry associations have formulated many management specifications and guidelines in the formulation of information system disaster recovery standards. From the initial requirement for operational safety to the requirement for formulating information system disaster recovery plans, emergency drills, and then to establishing a perfect emergency guarantee and business continuity management system, the requirements formulated are gradually becoming clear and specific from vague to specific.
Here are some important current laws and regulations listed:
- 'Opinions on Further Strengthening the Security Guarantee Work of Banking Financial Institutions': National-level large commercial banks should generally adopt local and off-site disaster backup and recovery strategies; regional banks can adopt local or off-site disaster backup and recovery strategies.
- 'Guidelines for Information System Risk Management of Banking Financial Institutions': Financial institutions at or below the provincial level should at least achieve off-site data backup, provincial-level data centers should at least achieve real-time off-site data backup, and national-level data centers should achieve off-site disaster recovery.
- 'Disaster Recovery Management Specifications for Banking Information Systems (JR/T 0044-2008)';
- 'Opinions on Further Strengthening the Safety of Data Concentration in Commercial Banks';
- 'Guidelines for Business Continuity Management of Commercial Banks';
- 'Regulatory Guidelines for Data Centers of Commercial Banks';
- 'Guidelines for Information Technology Risk Management of Commercial Banks';
- 'Emergency Management Specifications for Major Information Systems in Banking (Trial Implementation)';
- 'General Specifications for Information Security of Online Banking Systems';
- 'Standard for Information System Backup Capability of Securities and Futures Management Institutions': Defines the levels of backup capability and the design standards for the construction of backup capability, which are used to guide the construction of information system backup capability.
- 'Guidelines for Classification and Grading of Data in Securities and Futures Industry';
- 'Management Measures for Information Security Guarantee in Securities and Futures Industry';
- 'Method for Reporting and Investigating Security Incidents in Securities and Futures Industry';
Other security-related policies and regulations involving financial information:
- CIRC 'Notice on Doing a Good Job in the Backup of Insurance Information Systems';
- China Insurance Regulatory Commission (CIRC) 'Guidelines for Disaster Recovery Management of Insurance Information Systems';
Application scenarios and solutions
Financial institutions play an important role in facilitating capital, serving the real economy, preventing financial risks, and serving the public. It is an important industry field related to the national economy and people's livelihood. Ensuring data security and business continuity is of paramount importance. However, the requirements for RPO and RTO of financial institutions in different细分 industries and different types of business systems are not the same.
For example, bank channel systems, transfer settlement systems, and othersFlow system, there is a high requirement for real-time performance of the system. For example,Accounting systemThere is a high requirement for consistency of critical data, and it is necessary to achieve business availability under the premise of achieving consistency of critical data when disasters or failures occur. For example,Query-type systemIt is necessary to focus on ensuring the availability of query applications, as well as the multi-replica storage of query data and the consistency between the multi-replicas of the queried data.
Especially the distributed architecture as the technical support for the new cycle of financial institutions, together with the national strategic guidance of the information creation industry, is driving the transformation and upgrading of financial digitalization, bringing diversification of scene and technical needs of financial institutions. The disaster recovery application scenarios extend from local disaster recovery backup to larger scenarios such as the same city, different cities, and cloud.
Different application scenarios and business needs of financial institutions are also driving the continuous innovation of disaster recovery technical solutions. When financial institutions choose a disaster recovery solution, they need to select a suitable technical solution according to the actual situation such as architecture environment and production system, ensuring the safety of various information systems and data to the maximum extent while meeting the requirements of level protection.
1.数据实时备份
Backup key data in the same city or in different cities. Traditional data disaster recovery usually sets backup replication rules with units of days/weeks. When a disaster occurs, it usually causes a large amount of data loss. However, the financial industry has high requirements for business continuity and a low tolerance for data loss. Therefore, the demand for real-time disaster recovery is increasing, in order to better respond to hardware failures, logical errors, virus encryption, and other safety accidents. The Shudeng disaster recovery solution can provide integrated real-time synchronization backup protection for operating systems, database data, file data, and application environments. It carries out granular snapshot protection according to the backup strategy, ensuring data integrity, and when recovering data, there is no need to consider the compatibility of operating systems and application components. When business data appears abnormal, it can quickly verify whether the backup data is complete and available, and directly mount the backup data to any recovery host to instantly recover the backup data, making it immediately available.
2.同城异地灾备
Deploy disaster recovery systems in the same city or in different cities, and establish data synchronization between the production and disaster recovery centers. The production system provides services on a daily basis, and when a disaster occurs in the production system, the disaster recovery system takes over the service. Some financial institutions, in order to improve resource utilization, fully utilize the disaster recovery system on a daily basis and provide query services simultaneously on the basis of the above methods. The Shudeng disaster recovery solution supports the automatic generation of a graphical recovery timeline by the disaster recovery platform. When a business system encounters a disaster, any snapshot time point can be selected to start disaster recovery takeover. If not taken over, it does not occupy computing resources and can achieve the effect of hot backup with cold backup resources. The Shudeng disaster recovery solution has the characteristics of taking over at any time point, application-level replica management, and can generate real-time replicas of user business according to the synchronization snapshot strategy. When business data is lost, massive data can be recovered in minutes through mounted recovery, meeting the group's requirements for RPO & RTO. When attacked by ransomware, the business system can be restored to the business state before the virus infection, with a system recovery time of 2-3 minutes. Compared with traditional backup technologies, the lost data is less (second-level) and the recovery speed is faster (minute-level).
3. Two-local and Three-center
The two-local and three-center scenario consists of one production center, one同城 disaster recovery center, and one异地 disaster recovery center, which has higher standards for resource intensive use, RTO and RPO core indicators. It can not only achieve zero data loss and automatic fault switching, but also respond to major regional disasters (such as natural disasters, wars, and city backbone line interruptions). Deploying the Shudeng disaster recovery product in the local disaster recovery center, forming a combination of local disaster recovery backup and off-site disaster recovery, to cope with the risk of business interruption caused by local power, network, and other disasters. When a local disaster occurs, the data saved off-site can be used for post-disaster recovery, and even play an emergency role during the disaster, reducing the time and data loss during business interruption when risks occur.
4. Heterogeneous Cloud Disaster Recovery
In the financial field, especially in the banking industry, the strategy of moving mainframes down and core systems to the cloud was proposed first. In the cloud environment, disaster recovery essentially involves the process of data flowing between different clouds. In a hybrid cloud environment, through cloud disaster recovery, business handover can be performed on any cloud, reducing the risk of being locked in by vendors and providing strong guarantees for the full migration of businesses to the cloud. The Shudeng disaster recovery solution integrates backup for all business systems that need to be protected through production end proxies, including the integration of operating systems, applications, and real-time synchronization of data to the target platform, and offline preservation in the form of virtual machine images. When a production end fails, the Shudeng disaster recovery solution achieves handover by calling the target platform API, creating and loading the corresponding business virtual machine based on the offline image. This enables users to be free from the restrictions of the original platform vendors, easily achieve platform disaster recovery and migration, and realize unified cloud platform disaster recovery management, truly giving full play to the elasticity of the cloud.
The rapid development of mobile internet and electronic payments has brought new challenges to the financial industry, and the traditional centralized architecture centered on foreign large mainframes and databases can no longer meet the needs of increasingly large-scale transactions and data processing. The
6. Domestic disaster recovery
China's financial informatization has long relied on imported equipment and systems, which not only requires a huge amount of foreign exchange, but also involves the security and controllability of China's financial industry. Relevant departments and industry organizations, associations, etc. have successively issued documents many times to emphasize the importance of independent controllability, and explicitly propose that domesticization is the inevitable path of national strategic development. Shutong summarizes a systematic solution for domesticization, which meets various needs such as backup recovery, handover exercises, and homogeneous migration with a set of solutions. For more information on domestic disaster recovery construction scenarios, please refer to 'How to carry out disaster recovery construction under the background of domesticization?'
https://www.freebuf.com/news/326562.html
Typical user case
(1) A certain state-owned holding large commercial bank
It has multiple business systems such as Zhongping front-end, bank-enterprise direct connection, internal management, crown number, video monitoring, etc., deployed on different physical machines and virtualization platforms such as Huawei, HP,浪潮, H3C,曙光, etc., and the complexity of the environment and the concentration of a large amount of data put forward extremely high requirements for the backup system. Through Shutong's hybrid IT cloud backup solution, support for Windows, Linux and other operating systems is provided, effectively reducing the cost pressure and management complexity brought by hybrid IT environments.
(2) A certain state-owned holding insurance company
The existing Oracle DG, EMC Network and other backup software cannot achieve disaster recovery protection for the newly launched cloud and innovation architecture, and through Shutong's domestic disaster recovery products, unified disaster recovery protection across architectures such as VMware/Nutanix virtual machines, x86 physical machines, and Alibaba Cloud platform is realized, meeting the requirements of domestic supervision.
(3) A certain commodity exchange
Comprehensively implement and implement the country's requirements for information security and independent controllability, take the lead in promoting domestic substitution, and choose Shutong's domestic solution. Through MoveSure, the business system is migrated from the VMware environment to the domestic cloud platform EasyStack, and at the same time, data backup protection for the domestic cloud environment is realized through Shutong's domestic disaster recovery products, achieving disaster recovery protection for multiple business systems.For related articles, please click to read:
《Shutong aids bank同城异地disaster recovery construction》
https://www.freebuf.com/company-information/337112.html
《Shutong aids financial regulatory agencies in achieving domestic disaster recovery construction》
评论已关闭