Bank ensures compliance and cyber resilience with fast Active Directory disaster recovery

Benefits

• Ensured compliance with strict regulations mandating reliable recovery of Active Directory
• Slashed AD recovery time from several days to a few hours
• Improved efficiency by eliminating the need to rely on a separate backup team during recovery

The Story

Quick AD recovery is vital for both cyber resilience and compliance.

If your Active Directory is down, your business is down. That can get very expensive very quickly — from the immediate lost productivity and lost revenue to the potential long-term damage to your brand. But for organizations in highly regulated industries like the financial sector, not being able to quickly recover Active Directory poses another threat: increasingly steep penalties for failing to ensure compliance.

A major bank recognized these serious risks and took action. “Regulations require us to prove the disaster recovery capabilities of every critical system once every two years,” explains the Microsoft system team lead at the bank. “Like many large financial institutions, we have a special team tasked with evaluating technical risks. Since Active Directory is a critical part of the IT infrastructure, quick AD recovery time is essential. Accordingly, that team asked me to assess how long it would take to recover AD in case of a disaster.”

The results of that assessment were alarming. “We were using a traditional backup and recovery strategy that relied on a variety of software solutions,” explains the Microsoft system team lead. “Fortunately, we had never had a disaster that required a full AD recovery operation, but my analysis found that the process would have taken several days: It required reinstalling a single server’s operating system and recovering Active Directory databases from the last valid backup, followed by a lot of manual repairs and adjustments by the sysadmins. As a result, the risk associated with AD recovery was labeled as ‘very high.’ Let’s say it was colored red in the risk team’s spreadsheet.”

RMAD DRE enables fast and flexible recovery of your entire AD.

Senior management and technical leadership were in full agreement that reducing the risk from an AD disaster was a top priority, and quickly determined that Recovery Manager for Active Directory Disaster Recovery Edition from Quest was the right solution for the bank.

RMAD DRE automates, coordinates and synchronizes the manual AD recovery procedures documented by Microsoft, dramatically simplifying and accelerating the AD recovery process. Equally important, it delivers the flexibility that modern organizations need. Unlike competitor tools that limit your recovery options, RMAD DRE enables you to choose the best method for your situation, including restoring AD to a clean operating system, bare metal recovery (BMR) and phased recovery.

After a successful proof of concept (POC) with Quest, the bank needed to have an external company perform penetration testing and other analysis. “With RMAD DRE, we easily passed the penetration testing,” recalls the Microsoft system team lead. “Then my team was able to complete the implementation of the solution into our production environment.”

The bank slashed AD recovery time from several days to just a few hours.

Independent testing confirms that RMAD DRE can recover an AD forest more than five times faster than manual processes. But the bank experienced an even more dramatic drop in recovery time. “Before we had RMAD DRE, the time required to recover Active Directory was measured in days,” reports the Microsoft system team lead. “Now it's measured in hours — even though our infrastructure includes 10 forests and around 50 DCs. As a result, we are now able to satisfy compliance requirements.”

In addition, RMAD DRE enables the IT team to perform the AD recovery operation independently. “Previously, we relied on a traditional backup system that required help from teams that I do not control,” the Microsoft system team lead explains. “Now, we don't need them — we can perform any backup and recovery operations that are required quite fast, without the problems that can arise when external teams have to be involved.”

The IT team would readily recommend RMAD DRE to their peers.

The bank is delighted with the value that RMAD DRE has delivered. “Although we have not had an incident that caused Active Directory downtime, we understood the high risk if it were to happen,” the Microsoft system team lead explains. “For a large bank like ours, going without Active Directory services for any length of time would be very costly. If we could have reduced AD downtime by just one hour, the investment would have been worth it — and with RMAD DRE, we reduced it by a lot more than that.”

Moreover, the solution enables the bank to ensure regulatory compliance. “RMAD DRE enables us to quickly perform a full forest recovery, including the entire forest in our primary LAN as well as the rest of the forests in the DMZ,” says the Microsoft system team lead. “Before, we didn't have that ability. It's mandatory, and now we have it.”