Sheltered Harbor: A New Approach to Account BackupsFS-ISAC Unit Offers a Way to Help Ensure Access to Account Data After a Massive Cyberattack
After two years of development in stealth mode, the Sheltered Harbor effort to get U.S. financial institutions to use a standard approach to account data backup is shifting into high gear, says Trey Maust, the new CEO of the initiative.
Sheltered Harbor, a not-for-profit subsidiary of the Financial Services Information Sharing and Analysis Center, offers a set of standards that banks, credit unions and broker/dealers can use for daily account data backups that can be retrieved in the event of a massive cyberattack, Maust says in an interview with Information Security Media Group.
"It is a different approach from your standard backup process," Maust notes. "The data is backed up on a daily basis in a standardized file format. The data is then put in an airgapped [vault]. ... It's immutable ... survivable and then accessible by the originating institution."
The standards are designed for backing up critical consumer and business account data needed to bring accounts back online after a security incident and enable transactions, he explains.
Although Maust declined to say how many institutions are now using the standards, he said they represent 68 percent of U.S. retail deposit accounts 56 percent of retail brokerage accounts.
In this interview, (see audio link below photo), Maust describes:
- The details of how the backup process works;
- The sliding-scale annual fee structure for using the standards; and
- How the project leverages blockchain technology.
Late in 2016, Maust became CEO of Sheltered Harbor, a not-for-profit subsidiary of FS-ISAC. This voluntary industry initiative undertaken by the U.S. financial services sector is designed to enhance the sector's resiliency and to provide additional protections for consumer account information. Its goal is to extend the industry's capabilities to securely save and restore account data in the event of a loss of operational capability. Previously, Maust served as the co-president and CEO of Lewis & Clark Bank, which he co-founded in 2006. Earlier, he was CFO at Merchants Bancorp, a Portland-area community bank and served in various roles at Deloitte.