11 Oct 2021

Banks, Compliance, Credit Unions, Security, Technology Jamie Davis 0 comment

What Financial Institutions Should Budget for in 2022

Many of us thought 2021 was going to be the downhill side of the pandemic. I recall working on a webinar presentation that we hosted last summer and including the words, “Now that the pandemic is behind us…” Obviously, I was overly optimistic. As we look ahead to 2022, we must acknowledge that the COVID-19 pandemic will continue to affect us to one degree or another. With that said, these budgeting ideas for 2022 may look somewhat similar to those for 2021, but there are slight variations based on current banking technology, compliance, and security issues.

1. Multifactor Authentication

Implement multifactor authentication (MFA) on all your email accounts wherever it is possible and appropriate. MFA can reduce the risk of having account credentials compromised by as much as 99.9%, making it one of the most effective measures you can use to protect your institution. There is typically a small cost for licensing and implementing MFA software. So, you can add MFA to your email accounts for a nominal cost and with minimal effort in most cases. If you are using Microsoft’s cloud email solution, for instance, implementing MFA can be as easy as changing a few minor settings. Another area to consider for MFA is logging into the domain account. There can be a cost associated with this as you will probably want to use a tool to help you manage the process. You can apply MFA only on accounts with administrator rights or on all users. But since many cybersecurity insurance companies are requiring MFA for accounts with administrator rights, using this stronger type of authentication might be your only option.

2. Laptops

With different variants of COVID-19 or other viruses popping up, remote work may still be an option for certain employees. Remote capabilities may even be necessary to keep the institution operating smoothly at times. Be sure you have the infrastructure in place for a partial remote workforce because the need could develop at any point. For this reason, you should consider providing laptops for all employees who could conceivably work from home. Start with those who need new devices. Then prioritize based on those doing the highest-level work necessary to keep the institution running. Laptops and encryption software, required for mobile devices, may cost slightly more but should not cause a huge increase in expenditures. In some cases, you may be able to reuse a desktop computer to replace an older workstation for an employee whose duties cannot be performed remotely.

And don’t forget… There is a chip shortage and high demand for laptops, which means it can take months to secure computers and other hardware. So, order any equipment you need well in advance to ensure you have the appropriate infrastructure in place to support staff that may need to work from home.

3. Moving to the Cloud

Having infrastructure in the cloud can be extremely beneficial, so slowly start moving your infrastructure to the cloud. Cloud infrastructure decreases the need for an employee to be onsite with the hardware, and cloud computing increases uptime. In addition, disaster recovery becomes easier and faster with cloud infrastructure. More than 90% of Fortune 500 companies are running at least some infrastructure in the cloud, primarily through Microsoft’s cloud computing platform: Azure. The cloud is the future of IT and infrastructure, and it makes sense for institutions that need reliable and resilient infrastructures. So, if you need to purchase a server next year, consider getting a quote for moving the server to the cloud instead.

4. Cloud Security

While the cloud offers plenty of advantages, it comes with settings, management tools, and security options that must be effectively configured and managed to ensure the highest level of security in the cloud. Cloud security is a concern for not only institutions with infrastructure in the cloud, but also for M365 Windows/Office licensees with OneDrive enabled, email in the cloud, or using Microsoft as an authentication mechanism with a third-party application. Earlier this year, the FDIC released a letter outlining the need to secure cloud configurations. Their cloud-security concerns are warranted. Safe Systems has worked with several institutions ranging from a hundred million in assets up to multibillion dollars in assets and found that almost every institution had gaps in their cloud security. Some institutions had indications of their email or user accounts being compromised; others had settings that could open the door to future compromises. Safe Systems worked closely with these institutions to develop an innovative M365 Security solution to address these issues with reports, alerts, and reviews. This unique product is specifically designed to help financial institutions manage their cloud setup now and in the future. In addition, it is a reasonably priced option for the substantial amount of value that it delivers. Institutions should reach out for a quote to determine if M365 Security could fit into their budget next year.

5. Virtual ISO

Another item to consider for your budget is virtual Information Security Officer or VISO services, which we also mentioned last year. These services have become increasingly popular as the landscape of information security has grown more extensive and complex. In many cases, institutions are finding it harder to keep up with the latest information security expectations, regulations, and trends. Safe Systems’ ISOversight service addresses this problem by combining applications for self-management with assistance from compliance experts to offer a VISO service at a competitive price. This type of service can be beneficial in many ways as it can provide structure, automation, accountability, assistance, and consistency throughout your information security program. It can also enable your institution to stay engaged, which is critical when an exam or audit occurs. VISO services, which vary in price depending on the work being performed by the third-party provider, are ideal for any institution with limited access to security expertise in-house.

6. Cybersecurity

You cannot have a conversation about budgets for next year without addressing the issue of cybersecurity. Consider this: Cyber-attacks are 300 times more likely to hit financial services firms than other companies, a recent Boston Consulting Group report indicates. Cyber-attacks continue to climb each year, with the global cybersecurity market expected to eclipse $300 billion by 2024, according to Global Insights. And cybersecurity has become even more precarious during the COVID-19 pandemic. The pandemic has created new opportunities for security breaches as the increase in remote work makes information security more challenging to manage. Unfortunately, institutions will need to increase their security layers and annual spending to address this issue. According to Computer Services Inc. (CSI), 59% of financial institutions will increase spending for cybersecurity this year.

In Conclusion

The threat to your institution’s data is as real today as it ever has been. Therefore, make sure you are applying these measures to strengthen your security:

Employee training to ensure adequate, effective, and safe practices
Perimeter protection to ensure the appropriate layers are enabled and all traffic is being handled correctly, including encrypted traffic
Advanced threat protection and logging to be able to identify how, if at all, malware or an intrusion created an incident
Backup and data redundancy to ensure ransomware cannot wipe out your data

Have a conversation with a security company you trust to ensure that, if you are the target of a ransomware attack, your business won’t sustain long-term damage. In other words, invest in cybersecurity now, so your institution won’t end up paying more later.

As you contemplate your budget for 2022, don’t just think about the items that others have put on your plate. Be sure to consider the changes that may have occurred at your institution—and the ones that may be coming—and have a plan to address these. All these changes can be exciting and make a major difference for your institution. But they can often be hard to get implemented if they are not budgeted for ahead of time.

22 Apr 2021

Banks, Compliance, Credit Unions Marshall Jones 0 comment

Why a Comprehensive Disaster Recovery Service is Critical to Any Financial Institution’s BCM

As part of business continuity management (BCM), banks and credit unions must ensure they can maintain and recover their operations after a catastrophic event happens. Their BCM strategy should outline all the significant actions they intend to take after a natural disaster, technological failure, human error, terrorism, or cyber attack. The goal is to lessen the disaster’s impact on business operations, so the financial institution can continue running with minimal loss and downtime.

Disaster recovery (DR) is essentially the IT part of the business continuity plan. It should address the recovery of data centers, networks, servers, storage, service monitoring, user support, and related software needed to get operations back to normal, based on the Federal Financial Institution Examination Council (FFIEC) IT Handbook’s Business Continuity Management booklet.

The Need for a Comprehensive DR Solution

Financial institutions must have effective DR measures in place to ensure they can deliver the resources their employees need to continue serving customers after a disaster. That’s why having a comprehensive DR service is so critical. The simplest and most cost-effective way to accomplish this is with a cloud-based solution.

With DR in the Cloud, institutions are always prepared to respond to natural and man-made disasters as well as infrastructure and technology failures. The Cloud allows institutions to access their data—no matter what kind of disaster strikes. This could be crucial if a severe storm does damage to an entire city and multiple locations of a community financial institution. The institution would not be able to handle DR on-site, making the Cloud the most viable option. The March 25th outbreak of tornados in central Alabama is a good example of the potential need for cloud DR. The tornadoes tore into hundreds of miles of Alabama forest and neighborhoods, causing significant damage, according to the National Weather Service.

The Cloud provides major benefits in any DR situation, including ease, expediency, and efficiency. If institutions have been doing ongoing backups, they can leverage the Cloud to initiate DR right away. The process is quick; recovery can take minutes instead of hours or days as it did for older DR solutions. However, it’s important to set up DR processes so that they are not subject to issues that can impact the institution’s main system. Take, for instance, the rapidly increasing problem of ransomware. It’s important to have cloud DR services structured so that the DR backups cannot also be infected with the same ransomware.

Essential Aspects of a DR Service

Another essential element for a cloud DR service is testing. The test results should be documented and available for Management and the Board of Directors to scrutinize. This can help institutions ensure their expectations are being met by the DR service. Institutions that are not using a comprehensive DR service are more likely to delay the testing and validation steps that are critical to business continuity planning (BCP). It’s basic human nature: IT admins tend to prioritize addressing urgent day-to-day issues over doing routine testing.

So, either testing doesn’t get done regularly or it doesn’t happen at all. A third-party DR service with a team of experts available can make sure testing gets done at the proper time. Another important issue for institutions is having IT staff available with the appropriate knowledge when a disaster strikes. With an external service provider, someone with the right expertise will always be there to execute the disaster recovery. So, the success of the institution’s DR plan will not depend on the availability of just a few employees.

A comprehensive cloud DR service offers substantial redundancy, reliability, uptime, speed, and value. It can give financial institutions the best bang for their buck. Not using cloud DR can be cost-prohibitive for many institutions, considering the hardware and software requirements, maintenance, ongoing testing, and documentation required. Ultimately, a cloud DR solution from an external service provider can give institutions the comfort of knowing their DR plan is being adequately tested and will work during a real disaster.

18 Feb 2021

Is Your FI Ready to Move to the Cloud? | Webinar Recap

Banks, Credit Unions, Technology Marshall Jones 0 comment

Webinar Recap: Is Your FI Ready to Move to the Cloud?

Is Your FI Ready to Move to the Cloud? | Webinar Recap

With organizations in virtually every industry employing cloud computing to enhance their infrastructure, cloud adoption is becoming mainstream. But is your bank or credit union ready to make the move to the Cloud?

Before you attempt to answer this question, start with why you should be considering the Cloud. There are significant benefits to using cloud-based solutions: guaranteed uptime; rapid scalability for expanding or reducing resources; flexibility for reprovisioning; and improved redundancy. Another important—but often undervalued—reason for moving to the Cloud is ease of use. The Cloud simply makes it easier for IT administrators to do their jobs and easier for financial institutions to manage infrastructure costs. Instead of buying, owning, and maintaining physical data centers and servers, institutions can procure IT resources over the Internet on an “as-needed” basis with true “pay-as-you-go” pricing. This kind of arrangement can be especially appealing to a de novo, a growing bank, or any institution wanting a more efficient, cost-effective way to manage IT-related expenses.

In addition, cloud systems offer the key advantage that they’re built from the ground up to cater to remote users. Bank and credit union employees can access the same tools, applications, and resources using the Internet whether they’re working on-site, from home, or in another location, making the Cloud the ideal tool for both remote work and collaboration.

Determining When to Make the Move

So how do you know if your financial institution is ready to move to the Cloud? The main indicator is whether management is supportive of the idea or feels implementation would be too burdensome. If your institution can’t manage the research, preparation, and challenges involved with cloud migration, it may not be the best time to make the transition.

One obvious sign that you are ready for the Cloud is if your organization is steadily growing and needing to augment resources. Perhaps you’re looking at expanding to new servers or rethinking your current architecture. Maybe it’s a situation where you’re tired of being stuck in a cycle of dealing with replacement projects for new servers. If you’re looking at replacing multiple servers that are running out of warranty, it could be the opportune time to move some of that workload up to the Cloud.

Transitioning Slowly

Moving to the Cloud can be a complex undertaking, but the good news is that your institution doesn’t have to make the leap all at once. In general, it’s best to be slow and methodical. This strategy can involve transferring one aspect at a time over several years. We are seeing a number of institutions start with moving their disaster recovery solution to the Cloud or using a “brick-by-brick” approach by migrating one or two servers at a time.

Don’t forget, the Cloud isn’t just a new tool, it’s a whole new world. Once your institution makes the jump to the Cloud, you need to monitor and manage the systems in the Cloud going forward. As with everything in IT, some adjustments may be needed over time. If you engage with a trusted partner for cloud services, they may be able to assist with your ongoing monitoring and management of your resources in the Cloud.

For more insights about cloud migration, watch our webinar on “Are You Ready to Move to the Cloud.”

28 Jan 2021

Banks, Technology Mike Bell 0 comment

Why De Novo Banks Should Choose the Cloud

De novo banks have enough to be concerned about as they struggle to get established: raising capital, selecting a core system and products, getting enough personnel in place—and keeping everything afloat until they begin to thrive. Opting for the Cloud is one of the most prudent decisions a de novo bank can make.

Ease and Speed

A key benefit of employing the Cloud is the ease and speed of implementation, which is especially advantageous for a de novo with a tight timeline to get up and running. The Cloud also affords a de novo the ability to choose technology solutions based on its unique specifications. Rather than trying to estimate and make provisions for future growth, the bank can select cloud services according to its current requirements and as the de novo grows or reduces its operation over years, it can make the necessary adjustments to fit. In a real-world scenario, if a bank needs the capacity to process more loans, a cloud provider can instantly ramp up to meet that demand.

Cloud services also provide de novos with the cost-saving flexibility to forgo extensive infrastructure investments upfront and help avoid the expense of maintaining and replacing outdated hardware over time. Working with a major cloud provider means de novos will always be using the latest and best technology. This supports more predictable technology costs, especially when working in tandem with a managed cloud provider that can minimize the need for retaining a larger IT staff.

Disaster Recovery

Financial institutions—no matter how new they are—must have a strategy in place for restoring their IT infrastructure, data, and systems following adverse events, such as natural disasters, infrastructure failures, technology failures, the unavailability of staff, or cyber attacks, according to the Federal Financial Institutions Examination Council (FFIEC) IT Handbook’s Business Continuity Management booklet.

When a de novo chooses the Cloud to support its banking system, it simplifies many of the typical aspects of disaster recovery (DR). Cloud-based DR allows institutions to replicate the data in their main offices and transmit it to a safe location that staff can access during a catastrophic event. Having continuous replication means there’s minimal lag time when switching from live to DR mode. Plus, the Cloud makes it easier for IT staff to go live, run tests, and complete tests more thoroughly. Ultimately, cloud services can help de novos go beyond merely addressing disaster recovery, to instituting steps for disaster avoidance.

Here are some other compelling reasons for de novos to embrace the Cloud:

Security: A de novo bank has access to more security resources with the Cloud, making it easier to incorporate the best practices that regulators expect. Major cloud providers like Microsoft, Google, and Amazon maintain an army of security experts; they simply can offer more robust security than small de novos can build on their own.
Compliance: Leading cloud vendors are well versed in regulatory compliance issues, and de novos that use managed cloud providers receive a comprehensive solution that can further enhance compliance and vendor management.
Flexibility: With cloud services, de novos not only gain the advantage of being able to manage their IT infrastructure from anywhere, but they also gain the capability to easily turn on/off cloud services allowing them to quickly explore new ideas or diagnose problems within their environment.

The simple truth is that a de novo bank could never build an IT infrastructure on par with what it can accomplish through the Cloud. And working with a managed cloud service provider like Safe Systems can make using the Cloud even easier, leaving bankers free to focus on banking.

14 May 2020

Banks, Credit Unions, Technology Brendan McGowan 0 comment

Key Benefits of Cloud Infrastructure for Banking IT Operations

Cloud technology has been driving efficiency and innovation across many industries for years and today, many community banks and credit unions are adopting cloud services for their IT operations.

In a recent webinar, Safe Systems presented an overview of cloud infrastructure and the key benefits to financial institutions. Here are a few points to keep in mind if you’re thinking about implementing cloud services:

Data Centers

Cloud service providers, like Microsoft Azure or Amazon Web Services, have some of the best data centers in the world, providing space, power, cooling, and physical security. You no longer have to worry about the management burdens of an on-premise solution or co-location when your servers and applications are hosted in a secure cloud environment.

Lifecycle Management

The cost of server hardware does not end with its purchase. There are hidden costs of tracking which assets are still healthy, supported, and under warranty. Replacing aging equipment every few years often requires a complex project that impacts availability and takes time away from meeting more important objectives. With cloud services, you can eliminate lifecycle management of your server equipment, enabling you to focus your effort on higher-value projects that drive your business.

Availability

When you adopt cloud services, the availability of your critical application infrastructure and data is the responsibility of the cloud provider. The major cloud providers are able to attract and retain the best talent in the world to keep systems healthy and secure. They deliver your services from a highly resilient network of multiple data centers, vastly reducing your dependency on any single datacenter.

Flexibility

Experimentation

If your goal is to develop a specialized project for your institution, a platform like Microsoft Azure has many different services to make it easy for you to test scenarios or try new ideas without investing in hardware or navigating the justification and purchase order process. You simply visit the website, turn on a resource, and experiment. Later, you’re able to turn it off with no further commitment.

Fast Turnup and Fast Turndown

Cloud services enable you to get up and running fairly quickly in this new environment. Instead of having to order hardware and wait for it to be shipped or spend time setting up the solution, you can go from having an idea to having the solution turned on literally within a few minutes. Fast turndown is equally important. When you no longer need the solution, you can simply turn it off, and more importantly, the billing ends as well.

Elasticity

The elasticity of cloud service means that you can add capacity when you need it and remove expense when you don’t. For periodic computing tasks, like month-end processes, extra computing power can be added to your cloud services and then removed after the job is complete. This is more cost-effective than building an infrastructure that is sized for the busiest day of the year.

Serverless Functions

Lastly, large cloud providers have many advanced functions that can provide community banks and credit unions with new capabilities like serverless computing. Some workloads that traditionally required a dedicated server, like a Microsoft SQL database, may be able to move into a serverless alternative like Azure SQL. This creates the opportunity to start reducing the quantity of Windows Server instances that need to be patched and maintained.

Cloud infrastructure allows community banks and credit unions to reduce servers, internal infrastructure, and applications that would typically have to be hosted on-premises, in addition to the associated support each one requires. It also enables you to experiment and find the right services that fit your institution’s corporate strategy and IT objectives.

To learn more about cloud services, including cloud-based disaster recovery, watch our webinar recording, “The Cloud: Recovery and Resiliency is Just a Click Away.”

07 May 2020

Banks, Credit Unions Jamie Davis 0 comment

How the Cloud Revolutionizes Disaster Recovery for Financial Institutions

Disaster recovery is a concern for all financial institutions, regardless of size or location, and is essential to protecting data, infrastructure, and overall business operations. In addition to having a thorough disaster recovery (DR) plan, community banks and credit unions need to have a solid site recovery environment to facilitate a quick return to normal business operations, in the event of a natural disaster or other disruption.

Cloud disaster recovery solutions are growing in popularity among many community banks and credit unions. However, it is important to understand the key differences in site recovery models to determine the best fit for your institution.

In a recent webinar, Brendan McGowan, Chief Technology Officer at Safe Systems, outlined the three most common site recovery models available to community banks and credit unions today and discussed key considerations when implementing each.

In-House Site Recovery

When using an in-house site recovery model, financial institutions commonly have a virtualized server environment. These machines often run in a VMware vSphere environment which sits on top of a storage array. On the DR side, there is essentially a clone of the production environment to receive the replicated data. This works well for many financial institutions, however, there are a few considerations to keep in mind.

House Site Recovery

With in-house site recovery, you’ll need to:

Have redundant hardware in the DR environment at an additional cost.
Purchase an additional facility like a co-location or branch for DR.
Oversee hardware and software lifecycle management for both production and DR environments.
Set up dedicated connectivity like multi-protocol label switching (MPLS) to point replication to the DR environment.
Conduct regular maintenance to ensure all replications are healthy and perform periodic testing.
Have significant expertise and talent to make sure the system works correctly and consistently.

Cloud Site Recovery

In this model, the production environment remains the same, but the hardware and software used in the DR environment are replaced with a cloud-based solution. With cloud site recovery, financial institutions don’t have to pay for servers and computing time until the day they need to turn on the disaster recovery solution. Until then, the institution will only be billed for the amount of storage it consumes.

Cloud Site Recovery

When you use a cloud site recovery solution like Microsoft Azure Site Recovery, you create a storage pool to receive replication from a small server on-premise, which is the cloud site recovery replication server. The replication server works by having each of your production servers send its data changes in real-time to the cloud application server. This server is compressing, encrypting, and deduplicating all of the incoming data and continuously shipping it securely to your cloud site recovery storage pool.

With the cloud site recovery model, you no longer have to:

Deal with redundant hardware on the DR side since everything is stored in the cloud.
Manage hardware and lifecycle management on the DR-side.
Pay for separate facilities since the data is in the cloud, and you can store your data anywhere in the world.
Worry about dedicated connectivity because you can send all of the replication over the internet with a simple virtual private network (VPN).
Handle all of the maintenance or have the expertise required to run the system.

Cloud-Native Resilience

In the cloud-native site recovery model, both the production and disaster recovery environments are in the Cloud. To set up the cloud environment, using Microsoft Azure, for example, you can sign up for Azure Virtual Machines, which would correlate to VMware vSphere in your environment. After that, you can set up your production virtual machines.

Cloud-Native Site Recovery

At this point, you can register for cloud site recovery for your institution’s individual virtual machines. Once you’ve selected your machines for replication, the system automatically moves that data to whichever Azure zone you select so you get to choose some zone disparity.

In the cloud-native resilience model:

There is no Azure site replication server as there was in the cloud site recovery model.
Since both environments are cloud-native, all the data is in the cloud and you need not worry about a replication server. Simply check a box to turn it on.
In addition, file backup is also a simple checkbox for each server, providing you the option to choose the location to store the data.

Migrating to cloud-based services is a great option to reduce maintenance; significantly speed up the disaster recovery process; and improve overall operations for your institution. If you are interested in implementing a cloud-based disaster recovery solution, Safe Systems can help you determine the right environment for your institution.

To learn more about disaster recovery and moving to the Cloud, watch our recorded webinar, “The Cloud: Recovery and Resiliency is Just a Click Away.”

10 Oct 2019

Banks, Compliance, Credit Unions, Security, Technology Jamie Davis 0 comment

5 Things Community Banks and Credit Unions Should Budget for in 2020

The final months of the year signal the beginning of many traditions. For community banks and credit unions, the Fall marks the start of budget season. Financial institutions use this time to assess the year’s performance, make necessary adjustments—or full upgrades—for 2020 and beyond.

As you know, technology and security are constantly evolving, and compliance continues to be a moving target, so it’s time to consider important areas your institution needs to budget for in the next year. To ensure that your institution heads into 2020 on an upward trajectory, here are five key items to include on your list.

Hardware

Every year hardware should be evaluated to see if it is under warranty; in good working condition; and that the operating system hasn’t reached end of life.

Two dates to be aware of:

SQL Server 2008 R2 reached end of life on 7/9/2019
Windows Server 2008 and 2008 R2 reach end of life on January 14, 2020

These items will need to be upgraded or replaced as soon as possible with supported software. If the decision is to replace a server based on these products being end of life, there are options to consider as covered in number 2 in this article.

Cloud vs. In-house Infrastructure

Everything You Need to Know About the Cloud Get a Copy

Moving internal infrastructure out of the office is the new trend. This move feels similar to the move to virtualization, in that everyone agrees this is the next logical step in the evolution of computing. You should be asking the same question about cloud infrastructure as you did about virtualization—when is the right time for your institution to make the move and what are the pros and cons of this move? When the time comes to replace pieces of your infrastructure, start to gather information about the benefits of moving to the cloud and the costs associated with it. Remember, each server has both direct and indirect costs.

Direct:

Server Hardware
Warranty
Software

Indirect:

Electricity
Cooling
Storage/physical space
Maintenance
Backup
Disaster Recovery

Each year as hardware becomes outdated and needs to be replaced, evaluate whether moving that server to the Cloud makes sense. Be sure that the functions of the server can be accomplished in a cloud environment. Once a presence in the cloud is established, future growth and changes become much easier and quicker.

Firewalls

Moving Beyond Traditional Firewall Protection to Develop an Integrated Security Ecosystem Get a Copy

Firewalls continue to evolve as network and cybersecurity threats evolve and change. Ten years ago, adding intrusion prevention systems (IPS) to firewalls became commonplace in the industry. Now there are a host of new features that can be added to your firewall to improve your institution’s security posture. Many of these fall under products using the term next-gen firewalls. A few key features to consider include:

Secure Sockets Layer, or SSL, is the industry standard for transmitting secure data over the internet. The good news is most websites on the internet now use SSL to secure the traffic between the PC and the website. The bad news is, your firewall may be protecting your institution from fewer sites than ever before. Google researchers found that 85% of the websites visited by people using the Chrome browser are sites encrypted with SSL. This means that for many firewalls, 85% of web traffic cannot be inspected by the firewall. Many firewalls can perform SSL inspection but may require a model with more capacity; a new license to activate the feature; and configuration changes to enable this feature to work.
Sandbox analysis is a security mechanism used to analyze suspect data and execute it in a sandbox environment to evaluate its behavior. This is a great feature to introduce to your infrastructure because it provides more testing and insight into the data coming into your institution.
Threat intelligence feeds (like FS ISAC), built-in network automation, and correlation alerting are also important features that can help you keep track of emerging security threats; automate key processes; and improve your institution’s cybersecurity posture.

Consider enhancing your firewall features or upgrading to a next-gen firewall to ensure the traffic traversing your firewall is truly being evaluated and inspected.

Virtual Information Security Officer (VISO)

A newer service that has grown in popularity over the last year is the Virtual ISO or VISO role. While services like this have been available for a while, this is the first year we have heard so much talk from community financial institutions. As the job of Information Security Officer (ISO) has become more involved the expertise needed has grown as well. These VISO services offer a way to supplement the internal staff with external expertise to accomplish the tasks of the ISO. Budgeting for a service like this becomes critical if one of the following is true:

No one else in the institution has the needed knowledge base and finding this knowledge set in your area is difficult or expensive;
Your current ISO does not have a background in the field or is wearing too many hats to do it well;
Your current ISO is likely to retire or leave due to predictable life change events; or
The role of ISO and Network Administrator or other IT personnel do not provide adequate separation of duties at the institution.

Disaster Recovery (DR)

Many institutions do not have a fully actionable or testable disaster recovery process. A verified DR process is a critical element of meeting business continuity planning (BCP) requirements. Therefore, this can be a significant reputational risk for the financial institution, if not done correctly. If your institution hasn’t completed a thorough and successful DR test in the last 12 months, it is time to evaluate your current DR process. Using a managed site recovery service can ensure you have the proper technology and support to thoroughly test your DR plan and recover quickly in the event of a disaster.

Budget season is a time to address needs and wants, but also a time to seek improvement or evaluate key changes for the new year and beyond. For example, moving your infrastructure to the cloud may not make sense for the coming year, but the insight gained by evaluating it this budget season improves your knowledge-base for when it is time to make that decision. As we conclude 2019, we hope these insights position your institution for a productive budget season and a successful 2020.

29 Aug 2019

Banks, Credit Unions, Technology Marshall Jones 0 comment

Capitalizing on Cloud Infrastructure: Everything Financial Institutions Need to Know About Moving to the Cloud

Capitalizing on Cloud Infrastructure

SKIP AHEAD:

Three Questions to Ask Before Moving to the Cloud
Financial Implications of Migrating to the Cloud
Four Steps for Moving Server Workloads to the Cloud
Misconceptions About Cloud Security
Final Thoughts

Capitalizing on Cloud Infrastructure: Everything Financial Institutions Need to Know About Moving to the Cloud

As financial institutions refine their digital strategy to keep up with market and regulatory demands, cloud computing is emerging as the future of banking technology. There are a myriad of reasons institutions should capitalize on cloud computing, including enhanced scalability, efficiency, reliability, risk management and regulatory compliance. Despite these and other appealing benefits, it can be intimidating for community banks and credit unions to move to the Cloud.

In this post, we examine some of the most important issues related to moving to the Cloud to help institutions streamline the decision-making process, determine what can and should be moved to the Cloud, and examine the cost and security issues of cloud computing. Hopefully, this will shed light on how beneficial cloud-based solutions can be and provide the information IT managers need to make the best decision for their institution.

Three Questions to Ask Before Moving to the Cloud

Hosting applications and systems on a cloud network can be appealing to community banks and credit unions as it allows them to reduce servers, internal infrastructure, and applications that would typically have to be hosted inside the institution, as well as the associated support each one requires. It also offers the benefits of system standardization, centralization of information, and the simplification of IT management. However, here are three essential questions financial institutions should ask before moving to the Cloud:

Which applications can be moved to the Cloud? Evaluating which applications can be moved to the Cloud and which vendors offer cloud-based solutions is really the first step. This will help IT managers understand issues and elements that will be solved or created by the move to the Cloud. For example, even with cloud-based solutions, they will still need to manage user workstations, security issues, connections to applications, as well as switches and routers.
Is the institution’s internet connectivity strong enough to support cloud-based solutions? Delays in loading cloud-based applications can be frustrating as well as costly. The increased use of cloud-based computing will place added demands on internet speed and connectivity, making a strong connection critical for the success and health of the financial institution. This is a very important consideration when determining whether to move to cloud-based services. Confirming the availability of the proper connectivity—including a redundant internet connection to ensure access at all times—will help streamline this transition.
Are there additional compliance issues to consider when selecting a cloud vendor? Moving to a cloud-based application will mean giving up some controls to a cloud vendor. When selecting a vendor, institutions must evaluate their practices and strategies for user identity and access management, data protection, incident response, and SOC 2 Type II documentation. They should have a solid vendor management program in place to verify that their vendors are compliant and are following the service agreement.

Financial Implications of Migrating to the Cloud

Migrating to the Cloud commonly requires an organization to move from a capital expenditure (CAPEX) to an operating expenditure (OPEX) financial model. The difference in long-term costs can be difficult to measure as many of the internal costs of managing an IT network are not documented.

Most community banks and credit unions have a good understanding of their IT capital expenditures. The up-front, fixed costs, such as hardware and software, and the resulting amortized or depreciated costs over the life of the asset, are historically well tracked. Traditionally, an on-premise infrastructure is considered a capital expenditure since it includes the purchase of servers, computers, and networking hardware, as well as software licenses, maintenance, and upgrades.

What is not generally well documented are the internal costs involved with running the system, including the power, cooling, floor space, storage, physical security, and the time IT teams devote to the daily management and continual maintenance of these systems. In addition, the equipment and software will need to be upgraded or replaced periodically, making for on-going large capital costs in years to come.

The move to the Cloud means a move from a CAPEX financial model to an operating expenditure model, in which large capital outlays are replaced by monthly, quarterly, or annual fees an institution pays to operate the business. These periodic OPEX fees include license fees for software access, as well as all the infrastructure and maintenance costs associated with the technical environment. Hosting an application in the Cloud via a Software as a Service (SaaS) model can minimize required capital investments for the institution. It can enable them to be up to date with the latest technology which can lead to generating more profits and ROI. The OPEX model can also provide the IT staff more time to focus on strategic revenue-generating and customer-facing activities.

The evaluation of CAPEX and OPEX expenditures is not an apples-to-apples comparison. It is important for IT management to understand the differences between the CAPEX and OPEX models, perform an analysis, and be able to effectively communicate the pros and cons before presenting a proposal to leadership.

Four Steps for Moving Server Workloads to the Cloud

Today, banking services are increasingly being hosted in the Cloud. Cloud outsourcing often begins with specific IT functions or processes such as disaster recovery, backup, and supporting servers. However, a financial institution can be strongly in favor of cloud computing without moving 100 percent to the Cloud. For example, a bank could easily have its ancillary systems and lending in the Cloud and maintain its core in-house.

There is a great deal of infrastructure involved in managing all the applications needed to run an efficient and successful financial institution. While cloud technology has proven to be beneficial for community banks and credit unions by enabling their limited in-house personnel to focus on core strategic initiatives, there are four important factors institutions should carefully consider before moving their data to the Cloud. They are:

Support the financial institution’s business strategy

Some organizations consider moving to the Cloud simply because they think it is the right thing to do; however, there is no set path that all financial institutions must follow.
Each community bank or credit union has a unique strategy driven by its market situation, whether that includes business expansion, rapid disaster recovery, or replacing existing servers or hardware. An institution’s decisions about cloud computing ultimately must align with its business goals, strategies, and objectives.
Identify the application opportunities

Not all business processes and applications are suitable for the Cloud. Before moving to the Cloud, the IT team must understand the requirements of their business applications. They should evaluate the data footprint, transaction types, and frequency, as well as the IT infrastructure that is being used to host each application in order to determine which applications need to remain on-premise and which can be moved to the Cloud.
Determine the best path to the Cloud

Once the institution’s cloud and business strategies have been aligned, and its applications have been identified, it is ready to migrate supporting servers, applications and other assets to the Cloud.

There are several approaches that institutions can use to facilitate their migration to the Cloud. They can simply move the physical servers they already have to a co-location facility or data center. This can be an attractive option since it does not require extensive configuration changes to applications and servers but moves these critical assets out of their building to a highly available data center.

Or a financial institution can adopt an Infrastructure as a Service (IaaS) model. This means that instead of physically moving the servers it owns, a bank or credit union can lease the server capacity that it needs from a third-party provider. The institution can then access the servers remotely to install, run, and maintain its applications.

As a third option, financial institutions can implement the Software as a Service (SaaS) model. With this licensing fee and delivery model, software is licensed on a subscription basis and is centrally hosted by the application software provider. This approach enables community banks and credit unions to run their applications from a browser that is supported by the developer, so there is no additional infrastructure to maintain.
Develop a Phased Approach

Long term, financial institutions should consider using a graduated approach to moving their applications to the Cloud. The migration should be completed in multiple phases to enable a smoother transition. However, the applications that are not technically ready should not be moved as this can cause unnecessary complications and technical issues.

Misconceptions About Cloud Security

Many community banks and credit unions struggle with truly understanding the security differences of housing their sensitive data in the Cloud vs. keeping it housed on servers and hardware solutions that are located on-premise.

Having sensitive data housed in a cloud-based data center is uniquely different from maintaining on-premise resources for data storage. So, it makes sense that security-related issues and concerns would need to be addressed and considered prior to cloud migration. Understandably, some institutions might have lingering doubts about whether they can truly trust a cloud-based data center that they can’t physically see or control.

Let’s take a look at some of the common issues and misconceptions organizations have about cloud security:

Misconception #1: The Cloud is not secure

To the contrary, the Cloud can enable financial institutions to experience as much as or more security than with an on-premise environment—and without the hassle and expense of maintaining physical servers and storage devices. Major cloud service providers have the technical expertise and strict internal processes to physically secure their IT hardware against unauthorized access, theft, fires, flooding and other potential hazards. For example, Microsoft® employs thousands of cybersecurity experts and cutting-edge technology such as artificial intelligence to detect, respond to and thwart security threats.

In addition, cloud providers often give their customers access to extra security programs and resources. This can make it easier for organizations to more effectively combat threats like data loss, leaks, and hacking. Of course, no security model—even one that uses a multi-layered approach—is perfect, but a cloud solution protected by substantial security measures can ultimately enhance a financial institution’s security posture.
Misconception #2: The provider is responsible for keeping data secure in the Cloud

A common concern for many financial institutions who are considering moving to the Cloud is determining who is responsible for data security moving forward—the cloud services provider or the customer? The short answer is both parties. Data security is typically a shared responsibility and requires banks and credit unions to continue monitoring the security of their solutions to ensure the data is secure and meets all regulatory requirements.
Misconception #3: Data can be easily lost in the Cloud

Information resiliency is a key differentiator for cloud-based services. These solutions help reduce the likelihood of data loss if key security features and backups are enabled and used appropriately.

In addition, cloud services can help financial institutions recover quickly from business disruptions like equipment failure, power outages, and natural disasters. This provides financial institutions with continuous access to data and other critical applications, enabling business operations to run smoothly.
Misconception #4: Anyone can access data in the Cloud

The Cloud actually prevents unauthorized individuals from accessing data on the network because cloud providers use a variety of security processes to control points of access. Most cloud providers use data encryption to protect data while it’s being stored and during transmission as well as multi-factor authentication to require two or more forms of verification to access the system.

Moreover, cloud services providers maintain detailed activity logs that show who accessed, created and modified data. Having this type of intelligence allows cloud vendors to better understand unusual activities, detect potential threats and more effectively protect the client’s data.

Final Thoughts

Building a strategy for cloud computing can be intimidating. All community banks and credit unions have a unique business strategy that will guide how they migrate to the Cloud, what type of cloud solution is best for their environment, and what specific technology assets should be moved to the Cloud.

Working with an experienced service provider such as Safe Systems can simplify the process. Safe Systems helps institutions design and install cloud solutions while also ensuring their systems are compliant and meet examiner expectations.

07 Feb 2019

Featured Blog Image for Banking Bits and Bytes with Brendan

Banks, Credit Unions, Technology Christine Ray 0 comment

Safe Systems’ “Banking Bits and Bytes with Brendan” Video Series on Managed Cloud Services Now Available

The first course in our educational video series, “Banking Bits and Bytes with Brendan,” is now complete and available! The series, launched in December 2018, is designed to educate and inform our customers and friends in financial services on the technology trends and issues that are impacting our industry on a day-to-day basis. Our Chief Technology Officer and recognized expert in banking technology, Brendan McGowan, acts as the “professor,” taking a humorous approach to complex and challenging topics related to technology, compliance and security. We believe Brendan’s expertise, knowledge and insights ensure each video is a valuable resource.

The first video series focuses on the cloud and features six video lessons, each approximately 2-3 minutes long. In each, Brendan addresses common questions, dispels myths, and offers advice on the best way to think about — and successfully implement — a cloud strategy. Each video is hosted on YouTube as well as this website.

This series features video lessons sorted by topic that can be watched at the viewer’s own pace and convenience, and serves as a way for us to share some of our expertise gained from 25 years of serving financial institutions.

View the video below or visit the Banking Bits and Bytes with Brendan page to watch other videos.

24 Jan 2019

Banks, Credit Unions, Technology Jamie Davis 0 comment

What Community Financial Institutions Should Look for in a Managed Services Provider

The majority of banks and credit unions rely on managed services providers to help them improve efficiencies in their organization, meet mounting regulatory compliance requirements, and provide the competitive products and services their customers and members expect.

However, selecting the right managed services provider can be challenging. We have highlighted some key qualities that community banks and credit unions should look for when choosing trusted partners.

A managed services provider should have a true understanding of the following areas:

The community banking and credit union industries

Automating Your Compliance Processes with Technology Get a Copy

A managed services provider must truly understand the “ins and outs” of operating a community bank or credit union. This includes recognizing the industry trends, realizing the importance of priorities, such as customer- and/or member-service related touch points, and understanding regulatory and compliance issues. Not knowing how a community financial institution operates is a hindrance that can prohibit the provider from effectively meeting the demands of the institution and makes it unlikely that it will be in a position to offer informed recommendations on improvements and solutions to existing issues.

Financial services technology

Technology is ever-changing and it is nearly impossible for any one person to successfully keep up with all of the advancements. To provide the technological solutions and services that a community bank or credit union requires, a managed services provider should understand the technical requirements of all banking technology solutions, starting with the core platform. Since many applications have to work with — and integrate into — the core platform, it is impossible to design an efficient and comprehensive network without first an understanding of core platforms and banking technology.

Regulatory compliance requirements

The evolving world of financial regulatory compliance governs every aspect of your IT network and that includes what hardware and software you choose to deploy. In today’s banking environment, vendors must be able to make recommendations on how to manage hardware and software to meet regulatory expectations, meet regulatory expectations such as, verifying all patches, ensuring security measures are up to date, and maintaining access to critical services during a disaster.

Working with the wrong managed services provider can be time-consuming, cumbersome, and even stressful. However, working with a provider who offers the desired services and who truly understands your industry can help guide the institution in today’s challenging financial environment. A good partnership is key to ensuring your organization remains competitive and profitable for years to come.

19 Dec 2018

Banks, Compliance, Credit Unions, Security, Technology Christine Ray 0 comment

Safe Systems Launches “Banking Bits and Bytes with Brendan” Educational Video Series

Safe Systems launched a new educational video series, “Banking Bits and Bytes with Brendan,” to help educate and inform customers and the financial services industry on trends and issues the industry is dealing with on a day-to-day basis. Banking Bits and Bytes with Brendan will showcase our Chief Technology Office, Brendan McGowan, who is an expert in all things related to banking technology.

Each video is a small bite of information (approximately 2-3 minutes in duration) that teaches viewers complex technology, compliance, and security topics. The videos will be sorted by topic and can be watched at the viewer’s own pace and convenience.

This video series is a way for us to help educate our customers by leveraging the expertise gained from 25 years serving community financial institutions. As the industry continues to change and evolve at a rapid pace, our knowledgeable staff serves as a valuable asset to guide our customers and help them ensure compliance, streamline processes and provide superior service in their communities. Brendan’s expertise, knowledge, and insights in banking technology will ensure each video is a valuable resource for the industry.

Here at Safe Systems, Brendan oversees the development of strategic technology solutions that support key banking initiatives for community banks and credit unions and enhance their ability to manage IT in an effective and compliant manner. In 2016, he was named to Georgia Southern University’s 2016 40 Under 40 List, which highlights professionals who represent the best young leaders under the age of 40.

The first Banking Bits and Bytes with Brendan video series focuses on Managed Cloud Services, a broad topic where Brendan addresses common questions, dispels myths, and offers advice on the best way to think about and implement a cloud strategy. Each video is hosted on YouTube as well as this website.

The first two video lessons in the Managed Cloud Services series are now live on our website. View the video below or visit the Banking Bits and Bytes with Brendan page to watch other videos.

28 Nov 2018

Banks, Compliance, Credit Unions, Security, Technology Jamie Davis 0 comment

What Community Banks and Credit Unions Should Budget for in 2019

As 2018 winds down, banks and credit unions are thinking ahead to 2019. They are determining the new solutions, products, and enhancements needed to meet their strategic plans in 2019 and beyond. In addition, they are evaluating what needs to be updated or upgraded and the processes that can be improved upon.

There are three key areas banks and credit unions should focus on during budgeting season – technology, security and compliance. While lines that separate technology, security, and compliance are blurry at best, 2019 budgeting items for operations fall largely into these three buckets.

Compliance

Managing Risk with Truly Secure Vendor Management Program Get a Copy

While the focus of many examiners has shifted back to financial aspects of institutions, the top three findings our customers report relate to:

Vendor Management – Typically the current vendor management solution (if it exists at all) is deemed inadequate or insufficient. Often the solution doesn’t cover all vendors or provide a way to adequately assess these vendors.
Business Continuity Planning (BCP) – In the mid to late 2000’s many banks and credit unions updated their Business Continuity Plan. However, for many institutions, these plans have remained relatively unchanged for a decade now. Technology and business processes on the other hand, have changed rapidly over the last decade. The Federal Financial Institutions Examination Council (FFIEC) has also updated their guidance to address the current challenges of BCP. If the institution’s plan has not been thoroughly updated in a while, the institution may be at risk of a finding on a future exam.
With both of these findings there may be an additional finding of inadequate management or board oversight. Often these findings happen on the same exam and are followed with a concern with oversight. Many of the calls Safe Systems gets after an exam relate to these issues.

Avoid finding yourself under a Memorandum of Understanding or a Matters Require Attention by budgeting to ensure your compliance processes are up to date.

Vendor Management solutions can run from $2,500 to more than $6,000 per year. Business Continuity Plans can range more significantly from a couple of thousand to more than seven thousand dollars per year. Do some research and find some solutions that would meet your institution’s needs and identify their year one cost and annual cost thereafter.

Security

With attacks on the rise and businesses continually falling victim to cybercrime, security needs to be an institution’s priority. There are innovative solutions coming to market every day to help address security risks. These solutions can help mitigate the risks that your institution faces, but they can also cause confusion on where you should focus your attention. For the next several years, it is in the institution’s best interest to continually focus on the impending security landscape and verify that your budget reflects your strategy.

One place to start is to review your current solutions. Verify that your current investments are still applicable for your ever-changing environment. Upon investigation, you might find features that are available as an add-on to your current solution to help mitigate risk. You may also find holes in your current strategy that may need to be rectified.

As of October 2018, 90% of web traffic accessed through Chrome, the most popular web browser, was encrypted. These numbers have been increasing rapidly over the last few years. Many firewalls can only inspect unencrypted web traffic. This was a small risk when encrypted websites were less common. With the sudden rise of encrypted web traffic, many firewalls are NOT equipped to scan this data. It is possible to scan encrypted web traffic, but for many institutions this will require changes and additional investment. The risk of not scanning this encrypted web traffic significantly increases the chances of your institution becoming a victim of a malware outbreak or a data breach. Examiners in some regions have started to pick up on this security hole, and they are encouraging institutions to address this issue.

Another area of concern for institutions is new and emerging threats. Attackers are continually innovating and improving their attack methods, and basic security solutions may not be enough to detect and prevent these advanced attacks. Newer solutions specifically designed to analyze the growing attack techniques have been developed. The use of sandbox technology and machine learning are being tasked to make it more difficult for attackers to be successful. In many instances, these solutions can be imbedded within your perimeter firewall solution. These types of defenses can vastly increase the effectiveness of your security landscape.

Even though your firewall is viewed as a technical security device, it is also the device that grants users access to the internet. The internet has quickly become a business-critical service. When strategizing about upcoming budget aspects, the institution should consider the business risks involved when an internet device causes downtime. There are ways to mitigate internet downtime using high availability solutions. High availability involves having two firewall devices configured in a cluster. If one device fails, the second device seamlessly takes over responsibility so that downtime is avoided.

Additional devices and licensing will also affect the budget. These changes can be small or very large depending on the scope and goals of your strategy. Going forward, have a plan and strategy to deal with the ever-changing security landscape.

Technology

The biggest move in technology over the last half decade has been the move to the cloud. This will continue to be the case in 2019. The cloud offers benefits such as low maintenance, high availability and rapid disaster recovery that can’t be easily or affordably addressed with in-house solutions. The future likely means more servers and business functions moving to the cloud. This likely is where technology spend will move over the next 5 years. Another term for this is Infrastructure as a Service (IaaS). There are three likely situations that will lead to this move and determine how your institution makes the transition.

Your institution desperately needs high availability and/or disaster recovery and is willing to incur the cost of moving from a hardware-based solution to a cloud-based solution.
Your institution’s hardware infrastructure is reaching the end of its life and it is time to purchase all new hardware or move in a new direction. This can be a good time to evaluate your current setup and what is best for the future.
Your institution has some regular hardware turnover scheduled for next year and wants to evaluate slowly moving to the cloud. Instead of buying a new server, it may be time to evaluate what the future of your infrastructure will look like and if the cloud is a long-term solution.

Some vendors pitch the move to IaaS as a cost savings move. There are cost savings involved. No more hardware to buy and maintain; no more electricity to run the devices; no more cooling to keep hardware cool; and the ability to achieve high availability is easier and more efficient. However, the move to IaaS is typically not a cost savings, but a feature advantage. Most institutions will be lucky if they break even with moving to an IaaS model, but they will gain great redundancy, uptime, reliability, and disaster recovery capabilities.

Generic cost estimates are impossible due to the fact that everyone has different infrastructure, needs, wants, etc. But if flexibility and added freedom is something your institution wants or needs, start investigating what IaaS might cost for your institution. This technology has matured greatly over the last few years and continues to evolve, making it viable now and likely the wave of the future.

In moving into 2019, focus on two things. Are my current processes and products adequate? Not have they passed exams this year, but are they mitigating the current risks to the institution? Too often measuring by exams leaves the institution open to a false sense of security and potential exam issues in the future. For compliance, ensure the institution’s processes are thorough, up to date, and adequate to meet the needs of the institution. For technology, consider what the long-term goals of the institution are and start working on a plan to implement these changes. Security is going to need new investments each year for the foreseeable future. The historical solutions for security problems have been successful which has forced criminals to find ways around them. It’s time to realize that the threats have changed, and it is time to address the new threat landscape.

14 Nov 2018

Banks, Credit Unions, Technology Marshall Jones 0 comment

5 Ways Cloud-Based Solutions Improve Disaster Recovery for Banks and Credit Unions

5 Ways Cloud-Based Solutions Improve Disaster Recovery for Banks and Credit Unions Disaster recovery is a concern for all banks and credit unions, regardless of size and location, but the hard truth is that a number of institutions are not adequately prepared for emergency situations and are unable to quickly recover from a disaster. This goes against FFIEC compliance regulations and can also equal significant revenue losses and reputational damage.

Implementing cloud-based solutions can help solve this issue by significantly speeding up the disaster recovery process and improving operations. In fact, one of the biggest benefits of using cloud-based solutions is its impact on disaster recovery.

5 key ways cloud-based solutions improve disaster recovery:

1. Improved access to data

Cloud-based solutions provide the flexibility of being able to access and restore systems quickly from any location. The cloud provides instant connection to critical data and servers, which prevents compliance and regulations issues and fines, reduces loss of revenue and increases customer or member confidence.

2. Eliminates the need for duplicate data centers and back-up locations

Banks and credit unions using the cloud eliminate the expense of having duplicate data centers and expensive back-up sites. Organizations access the servers remotely to install, run, and maintain applications. In addition, banks and credit unions do not have to worry that their data center or back-up facility will also be hit by the disaster. For many community financial institutions, their branches and offices are often all in the path of the disaster given their geography.

3. Quicker response times

Using the cloud enables banks and credit unions to respond more quickly to a disaster, sometimes in as little as minutes, rather than hours or days. Cloud-based solutions eliminate the need for time-consuming manual administration and intervention.

4. Reliable and up-to-date backups

Cloud solutions automatically perform back-up functions on a regular basis. This ensures that updates are accurate and that banks and credit unions have the most recent version of documents and data at all times. This helps ensure disaster recovery operations are utilizing the most recent version of all solutions and data.

5. Scalability

Cloud solutions offer a high degree of scalability. As banks and credit unions grow and technology evolves, their systems grow as well. Instead of having to physically implement new servers to handle the growth and implement disaster recovery plans for all new systems, cloud based solutions can easily expand with the organization.

Because disaster recovery from the cloud provides a much more streamlined process, recovery times are much faster; data can be accessed from anywhere; and the time-consuming and error prone process of manually recovering from a disaster is eliminated.

Implementing cloud-based services can be challenging and even a daunting task for some community banks and credit unions. Working with an outsourced service provider, such as Safe Systems, can help with the process while ensuring the systems are compliant and meet all regulator expectations. We built our Managed Cloud Services solution specifically for community banks and credit unions to enable quick recovery from any disaster, as well as ensure your data is safe and secure.

How much do you actually know about moving to the Cloud?

Take the Quiz

07 Nov 2018

Banks, Credit Unions, Technology Marshall Jones 0 comment

4 Misconceptions About Cloud Security in the Financial Industry

4 Misconceptions about Cloud Security in the Financial Industry

More and more banks and credit unions are either thinking about or already entrusting their IT solutions and data to cloud-based systems. While the allure of having applications and systems hosted on a cloud network is appealing to community banks and credit unions due to the ability to eliminate servers, internal infrastructure, and applications that would typically have to be hosted inside the institution, there are still some concerns with the transition, especially as it relates to security. Many organizations have some misconceptions and struggle with truly understanding the security differences of housing their sensitive data in the cloud vs. keeping it housed on servers and hardware solutions that are located on-premise.

Having sensitive data stored in a virtual environment is certainly different from on-premise resources, so it makes sense that security-related issues and concerns would need to be addressed and considered. It is understandable that you might have some doubts on whether you can really put your trust in something you can’t physically see and control in your own building or financial institution.

So, let’s take a look at some of the common issues and misconceptions about cloud security.

Misconception #1 – The cloud is not secure!

Cloud-based solution providers don’t take security lightly. In fact, the global cloud security market is predicted to reach $12.64 billion by 2024—up from $1.41 billion in 2016, according to Hexa Research. According to the report, the growth is driven by the increasing use of cloud services for data storage, and the rising sophistication of cyber attacks.

Misconception #2 – Once I move my data to the cloud, its security is not my responsibility

One of the main security-related issues when it comes to the cloud is determining who is actually responsible for data security. Cloud security is typically expected to be a shared responsibility. Just because a bank or credit union utilizes cloud-based solutions doesn’t mean they aren’t responsible for monitoring the security of the solutions, ensuring the data is safe and meeting compliance and regulation requirements. IT professionals and cloud vendors should share cloud security duties.

Misconception #3 – My data can be lost in the cloud

Cloud-based solutions excel in one critical security area and that is information resiliency. Utilizing the cloud will prevent the loss of data while also reducing the likelihood that it will be susceptible to corruption. Cloud-based solutions can recover quickly and continue operating even when there has been an equipment failure, power outage, natural disaster or other disruption, providing a bank or credit union continuous access to data and vital information.

Misconception #4 – Anyone can access my data

The cloud actually reduces the surface area of possible penetration attacks because the entry points into the cloud are very well defined and are locked down with multi-factor authentication and other mature and trusted security tools and processes. While physical security is no longer a worry, banks and credit unions will still need to manage user work stations, connections to applications, and switches and routers, to name a few. In addition, cloud-based solutions provide users with detailed reports of all activity– who has logged in, who accesses certain information, etc., which provides the ability to audit unusual or potentially harmful actions on the network.

Cloud services offer many benefits for financial institutions, including system standardization, centralization of information, the simplification of IT management and the built-in ability to stay current with technology and hardware updates. Deploying these tools in an on-premise environment and ensuring the entire network is secure enough to combat the growing cyber threats seen today would require not only large investments in infrastructure, but large teams to manage them as well. This can be extremely costly for small to mid-sized banks and credit unions. Ultimately, moving assets to the cloud enables banks and credit union’s IT executives to focus on the key capabilities that support the institution’s unique strategy while having the confidence all assets are secure.

How much do you actually know about moving to the Cloud?

Take the Quiz

20 Dec 2017

2017 12 5 Things to Consider Before Moving to the Cloud

Banks, Credit Unions, Technology Brendan McGowan 0 comment

5 Questions to Ask Before Moving to the Cloud

2017 12 5 Things to Consider Before Moving to the Cloud

The allure of having applications and systems hosted on a cloud network is appealing to community banks and credit unions as it allows them to eliminate servers, internal infrastructure, and applications that would typically have to be hosted inside the institution, as well as the associated support each one requires. As a result, many organizations are considering, or currently in the process of, moving to cloud-based systems.

While the cloud can certainly help streamline processes and increase bandwidth for bank staff, there are a number of details that community banks and credit unions should consider before making this transition, beginning with the cloud destinations or management types:

The Infrastructure Management Types

On Premise

All hardware is located on-site at the financial institution.

Co-Location

All hardware is housed at a third-party data center. This solves the issue of location.

Infrastructure as a Service (IaaS)

A cloud provider hosts the infrastructure components traditionally housed in an on premise data center, including servers, storage and networking hardware. It solves the issue of location + hardware storage.

Platform as a Service (PaaS)

A cloud computing model where a third-party provider delivers hardware and software tools to users over the internet. This model solves the issues of location + hardware + platform.

Software as a Service (SaaS)

A software distribution model in which a third-party provider hosts applications and makes them available to customers over the Internet. Some examples include Gmail, Facebook and Office365. This model solves the issues of location + hardware + platform + software.

Cloud services offer many benefits for financial institutions, including system standardization, centralization of information, the simplification of IT management and the built-in ability to stay current with technology updates and vendor software releases. For cloud services to be implemented successfully, financial institutions must understand the different types of cloud environments that are available and which one best meets the strategic objectives of their institution. Each bank has a unique corporate strategy that will guide how it moves to the cloud, what type of cloud solution is best for its environment and what specific technology assets should be moved to the cloud.

Here are five questions you should ask before making the decision to move to the cloud:

Which applications can we move to the cloud?

Evaluating which applications can be moved to the cloud and which vendors offer cloud-based solutions is really the first step. This will help organizations understand issues and elements that will be solved or created by the move to the cloud. For example, even with cloud-based solutions, financial institutions will still need to manage user work stations, security issues, connections to applications, and switches and routers, to name a few.

Does moving to the cloud fit with our corporate strategy?

Some organizations consider moving to the cloud simply because they think it is the right thing to do; however, there is no set path that all financial institutions must follow. Each bank has a unique strategy that is driven by its market situation, such as the desire to expand service offerings, open new branches, merge with another institution or even be acquired. Your corporate strategy informs your institution’s IT strategy and will guide you in choosing the management type that best fits your overall goal.

Is the connectivity at my bank strong enough to support cloud-based solutions?

Delays in loading cloud-based applications can be frustrating as well as costly. The increased use of cloud-based computing will place added demands on Internet speed and connectivity, making a strong connection critical for the success and health of the financial institution. This is a very important consideration when determining whether to move to cloud-based services. Confirming your institution has the proper connectivity will certainly help streamline this transition.

Are there additional security, risk and compliance issues to consider when moving to the cloud?

Moving to a cloud-based application will mean giving up some controls to the cloud vendor. When selecting a cloud vendor, evaluate their practices and strategies for user identity and access management, data protection, incident response and SOC 2 Type II documentation. You should have a solid vendor management program in place to verify that your vendors are compliant and are following the service agreement.

Will moving to the cloud save my institution money and cut down on IT costs?

Many financial institutions find that the transition does not translate to a lower price tag, and in-fact can result in the bank actually spending more. However, with this expense comes the simplification of IT management and the built-in ability to stay up to date with software releases. Migrating to the cloud commonly requires an organization to move from a capital expenditure (CAPEX) to an operating expenditure (OPEX) financial model, in which large capital outlays for purchase of servers, computers and networking hardware, are replaced by monthly, quarterly, or annual fees that an institution pays to operate the application.

An application hosted in the cloud does not require any major capital investments for the institution. While the monthly fee in the OPEX model may be higher than the hardware and software costs, it eliminates the responsibility and indirect expense of bank personnel having to maintain the IT infrastructure. Think of these pricing models in the same way as owning a car versus taking Uber. When you own a car, you are responsible for its general upkeep, paying for gas, cleaning the car, etc. When you take Uber you simply pay for the ride and the driver is responsible for the vehicle’s upkeep. While you may pay a little more for that Uber ride, you gain more free time to focus on activities you enjoy.

Working with a financial industry IT service provider, like Safe Systems, can help you with the decision-making process involved with moving to the cloud while ensuring the solution and applications are compliant and meet regulatory expectations. We work with each institution to create a plan, based on their goals and strategies, to determine what can and should be moved to the cloud. Ultimately, moving IT assets to the cloud enables your bank and IT executives to focus on the key capabilities that support your bank’s unique strategy.

2017 Community Bank Information Technology Outlook

Primary Research and Analysis of Your IT Priorities in 2017

23 Sep 2016

Banks, Technology Brendan McGowan 0 comment

Banks Beware: Not all Clouds are Created Equal

Many banks today are finding the cloud to be very appealing for their business objectives. Cloud services offer many benefits for banks, including reduced IT ownership costs, system standardization, centralization of information, the simplification of IT management and the built-in ability to stay up to date with technology updates and vendor software releases. In order for cloud services to be implemented successfully, financial institutions need to consider and understand the different types of cloud environments that are available.

Today, cloud computing can be implemented in three different ways: public clouds, private clouds and hybrid clouds. Each approach requires different levels of security and management based upon the applications involved and the nature of the data, government regulations and compliance issues at stake. Let’s take a closer look at the different options available for cloud services.

Public Cloud

A public cloud is a multi-tenant technology platform that any organization with a credit card, including banks, manufacturers and retailers, can sign up for and consume the needed technology resources. The purest definition of a public cloud, for example, would be a service like Amazon Web Services or Microsoft Azure. Community banks that select this option for cloud services can easily put any application they choose into the cloud. Many financial institutions choose this option because it is inexpensive to set up and to use the service. All hardware, maintenance and communication costs are covered by the provider, allowing banks to utilize a pay-per-usage model where the only costs incurred are based on the IT capacity that is used.

While public clouds are the lowest direct expense option for IT assets, they do pose some limitations. This model uses custom configuration, security, and SLA specificity that can be hard to implement, which poses challenges for financial institutions due to the regulations governing data security and compliance.

Private Cloud

Private clouds deliver similar advantages to public clouds, but with additional layers of security and required regulations for financial institutions. Unlike public clouds, which deliver services to multiple organizations using a multi-tenant technology platform, private clouds have been modified by providers to offer unique features and controls designed for the specific needs of vertical markets such as financial institutions. The hardware, data storage, and networking are customized to ensure higher levels of security and eliminate compliance and data privacy issues.

The goal of a private cloud is to gain the benefits of cloud architecture without giving up the control financial institutions have in maintaining their own data center. However, there is a price for this. It is going to be more expensive and harder to implement a private cloud service than a public cloud approach for the average small-to-medium sized community bank.

Hybrid Cloud

In a hybrid cloud environment, banks can choose to have some legacy applications and supporting IT assets remain on premise and some applications move to a cloud provider, while supporting communication between the two technology platforms.

Using a hybrid approach enables banks to migrate select IT assets to the cloud while still maintaining the internal assets required to manage certain legacy applications that are not yet ready to move to the cloud. By allowing workloads to move between the on premise and cloud computing platforms, banks have access to greater flexibility and more data deployment options as needs and costs change.

The Ideal Environment for Banks

Each bank has a unique corporate strategy that will guide how they move to the cloud, what type of cloud solution is best for their environment and what specific technology assets should be moved to the cloud. While the idea behind moving to the cloud is to eliminate servers, internal infrastructure, and applications that must be physically hosted inside your bank, as well as the associated work required to manage each one, there should be a process to determine the appropriate cloud solution for your institution.

Evaluating the various cloud options can be daunting for community banks. Working with a financial industry IT network service provider, such as Safe Systems, can help you with the decision process as well as the design and move to the cloud while ensuring the solution and applications are compliant and meet regulatory expectations. We work with each institution to create a plan, based on their goals and strategies, to determine what can and should be moved to the cloud. Ultimately, moving IT assets to the cloud enables your bank and IT executives to focus on the key capabilities that support your bank’s unique strategy and lets bankers go back to being bankers!