Why Sheltered Harbor Should Be the New Standard for Cybersecurity
No matter their vertical, your customers live under the constant shadow of cybercrime. From Mirai to WannaCry, global cyberattacks are growing more complex, more damaging and increasingly frequent. The chance that a business could be targeted and knocked offline has never been greater.
The consequences of this downtime go beyond unproductive employees and frustrated customers. A single hour of downtime could cost millions of dollars, put a tremendous black mark on a business’s reputation, even result in permanent loss of crucial data. And if the business that experiences that downtime provides a critical service like banking, well … that’s a sure way to lose customers.
That’s why a group of industry experts from the American banking and financial services industry decided it was time to find a solution. After some deliberation, they came up with an interesting initiative, which came out of stealth a few months ago. It’s called Sheltered Harbor, and it’s been billed as “the best-kept secret in cybersecurity.”
There’s a reason for that, according to the group’s website.
“Sheltered Harbor’s goal is to enhance the protection of the retail cybersecurity industry,” they explain. “Until recently, we have been operating quietly to get our standards complete and get early adopters testing the process.”
How that process works is quite simple: Each participating institution regularly makes a copy of customer account data, which is then archived in a secure vault that’s protected from alteration or deletion. The data will stay intact and accessible, but it cannot be modified in any way. This vault is accessible to all participating institutions, each of which regularly submits an adherence review to ensure they’re acting in accordance with the initiative’s standards.
So what’s the big deal? So far, this just seems like a fancy way of saying these banks are using a shared backup solution. Where’s the innovation?
First, because the backup data is stored in an air-gapped, distributed system – not a central repository – it’s virtually impossible for the data protected under the Sheltered Harbor initiative to be targeted by something like ransomware. This data is also fully encrypted and accessible only to members of the initiative.
Finally and most importantly, if a bank’s critical systems are knocked out after an attack and it can’t get itself up and running in a timely fashion, another bank can step in and offer its processors to host the institution’s information. Essentially, Sheltered Harbor creates a resilient, redundant network of banks and financial-services firms, all working together toward a safer industry. It’s a fascinating initiative, one that is strikingly unusual for an industry as competitive as financial services.
Still, I would argue that it is a necessary step — and that every industry should follow suit. After all, we might fight to outdo our competitors in sales and innovation, but we’re all on the same side when it comes to cybercrime.
MSPs working with financial-services companies should ensure they’re familiar with Sheltered Harbor. That’s an excellent first step. But as trusted advisers to a wide range of industries, partners have the reach and influence to spread the word and encourage other sectors, especially those under constant attack – such as health care and government – to follow suit.