Is Your Financial Organization Cyber-Resilient?

By February 16, 2023 Cyber Security

Part of the Cobalt Iron Patents blog series




 When people put their trust in a bank, brokerage, credit union, or other financial institution, they expect to be able to access their money when they need it. Most people can’t afford to lose access even for a few days, let alone the weeks or months it might take for a bank to recover from a crippling cyberattack.

Sure, the funds are insured in most cases. But that doesn’t mean accountholders can get to them. Accessibility requires being able to restore basic operations after an attack quickly, and that’s up to each institution to figure out on its own.

Are you ready?

With all the looming threats these days, you need more than just disaster recovery. You need a plan for total cyber-resilience in order to restore operations and access should the unthinkable happen. After all, we’re talking about people’s money here. If people lose their livelihoods, then it destroys their confidence in your financial institution and can decimate your bottom line. From there, it’s no exaggeration to say that it could affect the entire financial system.

Thankfully, the financial industry has long been ahead of other industries when it comes to protecting data and ensuring banks can bounce back.

One organization on the forefront of that effort is Sheltered Harbor. Established and led by the financial industry itself, Sheltered Harbor is a not-for-profit organization responsible for the development and refinement of the financial services industry’s purpose-built resilience standards. Sheltered Harbor’s No. 1 mission is to maintain public confidence in the U.S. financial system during an extreme event that causes critical systems — including backups — to fail.

Sheltered Harbor is not a vendor or a service. Rather, it’s a “standards setting and certification body” founded by 34 financial institutions, clearing houses, core processing providers, and industry associations to promote stability in the financial sector. Together, with the input of more than 1000 subject matter experts and industry professionals, they have developed a uniform method and approach for protecting consumer and financial data and inspiring trust.

Importantly, U.S. financial regulators are included in the process, publicly referencing and acknowledging Sheltered Harbor for isolated data protection and resilience – A best practice in “cyber -hygiene and cyber-resilience”.


The Sheltered Harbor protocol involves:

  1. Daily data extraction to isolate Sheltered Harbor-relevant data.
  2. Daily data vaulting according to Sheltered Harbor specifications, which ensure the data is protected and recoverable.
  3. A Resiliency Plan per Sheltered Harbor requirements, which allows you to restore and service customer accounts in the event of an extreme operational outage or data destruction event (most likely from a cyberattack).
  4. A temporary restoration platform that conforms to Sheltered Harbor’s specifications, which allows you to serve customers when the Resiliency Plan is activated.
  5. Sheltered Harbor certification, which tells customers, regulators, and fellow financial institutions that you follow industry standards and they can trust your data — so that they can support you during a crisis.

It takes a lot of know-how to develop and implement technology that meets Sheltered Harbor standards, and most organizations don’t have the in-house expertise or resources to do it properly. That’s why Sheltered Harbor endorses a select group of solution providers that have developed Sheltered Harbor-compliant solutions. Working with these Alliance Partners can help you implement the Sheltered Harbor resiliency standards efficiently and effectively and achieve certification more quickly.

Cobalt Iron is one of those elite Alliance Partners, and we’re here to help with the data vault.

Our Compass for Sheltered Harbor SaaS platform is now a turnkey, easy-to-deploy solution that meets Sheltered Harbor vaulting requirements without having to develop, manage, and maintain a proprietary data vault. Instead, you can work with Cobalt Iron to deploy Compass for Sheltered Harbor quickly and comprehensively as your data vault technology of choice.

With Compass for Sheltered Harbor, you’ll be able to back up critical customer account data each night in the Sheltered Harbor standard format. The data in the vault is encrypted, immutable, and completely separated from the institution’s infrastructure, including all backups.

Because it is available in cloud, hybrid, and on-premises deployment options, and is delivered in a SaaS model, Compass is the most flexible option for Sheltered Harbor data vaulting. That means it will be able to accommodate every financial institution’s requirements — whether you’re a large enterprise with multiple data centers and multiple data vaults in separate locations, or a small organization (such as a community bank) with a single data center and no secondary location.

In fact, Cobalt Iron is the first Sheltered Harbor solution provider delivering SaaS data protection with on-premises and cloud deployment options. And Compass delivers all of this flexibility without operational complexity or the need for extra managed services costs.

Contact us to find out how we can help your financial institution become cyber-resilient through Sheltered Harbor. You’ll find more detail about how it all works in this white paper.

< Back to Blog