The Role of Cyber Vaulting in Operational Resilience

In simple terms, a cyber vault is a highly secure storage system designed to protect an organisation's most critical data from cyber threats. Think of it as a super-safe, digital vault where you lock away your most valuable information, ensuring it remains intact and untampered with, even if other parts of your network are compromised. A cyber vault retention policy is defined at vault creation and can never be changed, making it impossible to damage the data stored.
 

It is important to note that cyber vaults and traditional backups are not mutually exclusive. They complement each other and can be used together to create a comprehensive data protection strategy. Here’s how they can work together:

• Daily operations and routine backups. Traditional backups are used for regular, routine data protection, covering the broader range of data generated and modified daily. 
• Lasting critical data protection. Cyber vaults are used to store the most critical data that needs enhanced protection and lasting preservation, such as critical, unique, infrastructure components and customer and log databases. 

The FS industry is leading the charge globally, with various regulatory bodies waking up to the threat of serious market and consumer harm from growing cyber threats in an increasingly polarised and dangerous world and the necessity to protect data for normal business operations.

In the UK alone, gov.uk statistics for businesses reported a 47% increase in successful account takeovers, 145% increase in successful ransomware and a 178% increase in successful virus, spyware or malware infiltrations between 2022 and 2024. ¹

Regulatory bodies do not go as far as prescribing the technology solution, rather, the requirement for firms to maintain operations in the most severe but plausible disruption events, of which Cyber Vaults provide a critical component of an organisation’s overall resilience posture. 

Links to supervisory statements:
UK: Financial Conduct Authority – PS21/3 Operational Resilience Supervisory Statement
European Union: Digital Operations Resilience Act (DORA)
Hong Kong: Hong Kong Monetary Authority - Operational Resilience

In addition, a number of cross-market groups have established guidelines for vaulting in technology resilience:
USA: Sheltered Harbor
UK: Cross Market Operational Resilience Group 
 

While both cyber vaults and traditional backups are essential components of the overall data protection strategy, they serve different purposes and are used in different scenarios. The scenarios below outline some typical events where a cyber vault would be used instead of backup:

1. Protection Against Ransomware and Advanced Cyber Threats

Scenario: Particularly in current geopolitical standings, organisations face a high risk of sophisticated cyber attacks, such as ransomware from state and proxy threat actors. 

Rationale: Cyber vaults provide an extra layer of protection by isolating critical data and making it immutable (unchangeable). This means even if your primary backup or production systems are compromised, the data in the cyber vault remains safe and untouched due to the core Principles of Vaulting (air gapped, different credential management systems, etc.). 

2. Erroneous Critical Data Deletion

Scenario: You require data storage that cannot be altered or deleted erroneously by anyone in normal operations, including administrators. 

Rationale: Cyber vaults offer immutable, isolated storage, ensuring that data remains in its original state and can be reliably restored by only a select number of administrators and personnel. This is crucial for maintaining the integrity of your most sensitive and critical information.

3. Regulatory Compliance and Audit Readiness

Scenario: UK, US, EU and Hong Kong markets have already, or are planning to, introduce stringent regulatory requirements for data protection and quick, verifiable recovery which will become a mandatory requirement for regulated firms in these markets to operate. 

Rationale: Cyber vaults are designed to meet high compliance standards, providing secure, auditable, and easily retrievable records. This ensures you can demonstrate compliance and quickly respond to audits to cater for the most severe customer disruption events. 

4. High-Value Intellectual Property Protection

Scenario: Your organisation owns and handles valuable intellectual property or highly sensitive information that needs maximum protection. 

Rationale: A cyber vault provides the highest level of security for storing and protecting intellectual property from theft, tampering, or loss. 

5. Insider Threat Mitigation

Scenario: There is a risk of malicious actions by insiders (employees or contractors) who have access to your data. 

Reason: Cyber vaults protect data from internal threats by ensuring it cannot be altered or deleted by insiders, preserving data integrity and security. 
 

Trust and Reputation: Demonstrating a commitment to protecting sensitive data enhances your company’s reputation with customers, partners, and stakeholders, building trust and loyalty. 

Unparalleled Security: A cyber vault uses advanced encryption and access controls to protect data, making it almost impervious to hacking attempts. This ensures your most sensitive information is shielded from cybercriminals.

Business Continuity: In the event of a cyberattack or disaster, the ability to quickly restore critical data means your business operations can continue with minimal disruption, safeguarding revenue and reputation.

Cost Efficiency: While the initial investment in a cyber vault might seem significant, it pales in comparison to the potential costs of a data breach, ransomware payment, or regulatory fines. Investing in a vault is a proactive measure to avoid these hefty expenses.

Compliance Assurance: Many industries have strict data protection regulations, with global FS markets leading the way in regulating technology and data resilience. A cyber vault helps ensure compliance, avoiding costly legal penalties and maintaining your company's standing with regulators.

The most common challenge arises when legacy platforms to be migrated are not designed to operate in the cloud. One of several approaches could apply and would be something that requires evaluation on a case-by-case basis. These approaches are listed below in ascending order of complexity and future supportability:

1. Rehost    – typically referred to as ‘lift-and-shift’
2. Refactor – Modify the application to fit the cloud
3. Rebuild  – Rewrite the application
4. Replace  – Retire the application and replace it with a cloud-native equivalent