network monitoring Archives

01 Sep 2021

Banks, Compliance, Credit Unions Kai Xu 0 comment

FIs Must Plan Ahead for IT Projects to Get Hardware in Time

The coronavirus pandemic has fueled ongoing inventory and material shortages in a number of industries and IT is no exception. Many components, such as servers, routers, firewalls, network switches, phones, keyboards, microphones, webcams, and more are still in relatively short supply. We’re seeing lead times for hardware delivery lasting four to six months—and the situation could get worse with the Delta variant. So, it’s crucial for financial institutions to plan ahead when ordering IT equipment.

There’s a combination of factors driving these hardware shortages and delivery delays. With more people working from home, there’s an increased need for hardware, and the rise in demand for electronic devices has placed an extra load on the semiconductor industry. Semiconductors, commonly referred to as computer chips or chips, are a core element in almost everything electronic. The semiconductor market is also consolidated with only three manufactures who can produce the most advanced chips. These factors account for some of the reasons why chips are becoming scarce during a time of heightened demand. Currently, semiconductor lead times are stretching to more than 20 weeks—almost three times the pre-pandemic norm, according to Bloomberg.

Another key factor in hardware shortages is the just-in-time production (JIT) model that many companies, including those that manufacture chips, use to turn out small batches of products instead of creating huge inventories. While this lowers their production costs, it can cause supply chain problems when there’s a rapid surge in demand. Employee shortages worsened by the pandemic have only helped to strain hardware supply chain output even further.

If you’re planning to make upgrades or replace any end-of-life (EOL) equipment, you should order it now to help ensure your institution gets what it needs in time. Another issue is not about ordering the hardware; it’s about having time to properly execute the implementation. For instance, if you need new servers, routers, or phone systems, you need ample lead time to design the project, sufficient time for deployment, and additional time to ensure everything works properly post-implementation. Thinking ahead will make the hardware acquisition and implementation much easier to manage in the long run.

Potential Impact of Not Planning Ahead

Lack of effective planning for hardware purchases could result in serious complications. For instance, if you need a new phone system, you might not be able to secure phones, switches, and routers in time for your scheduled implementation. The delivery delay could be several months which not only impacts deployment but also results in a disruption to your current business functions.

In addition, a delay in installing new equipment could lead to security problems. Often, the new version of software will not install on old hardware, which could leave your institution using obsolete software that doesn’t get the appropriate patches and updates. So, actively researching any EOL issues that could lead to this problem is critical, (Incidentally, Microsoft Server 2012 is coming up on its EOL.)

Keeping hardware and software properly updated is also a matter of regulatory compliance for financial institutions. Management should implement policies, standards, and procedures to identify assets and their EOL time frames to track assets’ EOLs and to replace, or upgrade, the asset, according to the FFIEC Examination Handbook’s Architecture, Infrastructure, and Operations booklet. The guidance states, “Failure to maintain effective identification, tracking, and replacement processes could have operational or security implications (e.g., unavailable or unapplied security updates [patches] that make technology vulnerable to disruption).”

The bottom line is: If you need any IT equipment, it could be months before it’s available. So, plan your project accordingly and order the hardware as soon as possible to ensure the success of your implementation timeline. If you need assistance with researching lead times on hardware such as servers, routers, firewalls, network switches, and more or would like support with EOL products and planning for what is ahead, Safe Systems has experts on hand to help.

18 Jun 2021

Banks, Credit Unions, Technology Jamie Davis 0 comment

5 Areas to Outsource So Your IT Administrator Can Go on Vacation

5 Areas to Outsource so Your IT Administrator Can Go on Vacation

It’s summertime. And COVID restrictions are finally being lifted. Maybe now your IT administrator can go on vacation—if there’s someone available to fill in.

Third-party IT and security service providers can make it easier for smaller banks and credit unions to manage when staff takes time off. Here are five areas where financial institutions can outsource to maintain adequate IT resources—and peace of mind—while the IT administrator is out of the office enjoying some downtime:

1. Network monitoring for diagnostic or security issues — Monitoring is critical for detecting, diagnosing, and resolving network performance issues. A network monitoring solution can gather real-time information to ensure the system is being effectively managed, controlled, and secured. With proactive monitoring, IT staff can find and fix network issues more quickly and easily. This can help them keep the network operating smoothly, stay ahead of outages, and avoid expensive downtime. It can also help the IT department maintain critical business services and reduce potential security risks for the institution. Outsourcing network monitoring can lighten the workload for time-strapped staff who are probably juggling more tasks while the IT administrator is away.

2. Managed replication and real-time backup to the cloud — Replication tools can automate the process of copying data across multiple sources, relieving the IT department from the burden of monitoring backups on a daily basis. The data gets stored in multiple locations, increasing its redundancy and resiliency. Using cloud-based managed data replication and backup solutions can make it easier for institutions to have the data they need to maintain normal business functions. It also provides another major benefit: No matter where the network admin is, it will be easy to restore data if a hardware failure, power outage, cyberattack, or some other disaster impacts the system.

5 Things to Outsource So Your IT Administrator Can Go on Vacation Get a Copy

3. Regulatory and IT reporting — The need for data to confirm controls are in place does not go away when someone leaves or goes on vacation. It is important for management to have access to timely reporting about IT issues to enhance security and meet regulatory compliance. Having a system in place that generates reports in a single location, rather than manually created reports or reports pulled from disparate systems helps ensure data on security controls can be reviewed by anyone anytime. Partnering with a third-party provider that can aggregate reporting and control data can make it easier for institutions to meet these requirements.

4. IT support experts — Financial institutions must have the appropriate IT expertise to stay on top of complex security issues. Outside vendors can provide access to IT specialists who can augment the efforts of their IT team. The added support not only can be a godsend while the system administrator is on vacation, but it can also meet an ongoing need. An institution can use outside experts to provide technical knowledge and resources that may be lacking in the IT department.

5. Cloud-based infrastructure — Virtual servers, storage, software, and other cloud-based solutions offer access to resources on demand. And since cloud infrastructure is flexible and scalable, it is the ideal way to modernize a computer system and build redundancy. Using cloud-based infrastructure allows financial institutions to have duplicate copies of their data and core systems available whenever they’re needed. So, if an IT issue comes up, a third-party service provider can troubleshoot the problem remotely while the IT administrator is on leave.

Safe Systems offers a range of IT and security solutions to help institutions keep their operation and network running efficiently. Learn more about how our compliant solutions can provide professional support whenever your IT administrator takes a much-needed break.

04 Jun 2020

Banks, Credit Unions, Technology Allison Stahlman 0 comment

I’m New to Banking Technology – What Do I Need to Know?

The reality for the community banking industry is that often, institutions are limited in staff size, especially in IT. As a result, employees are sometimes placed in an IT role without any prior experience and they are forced to learn the “ins and outs” of information technology quickly to ensure that the institution stays in compliance and the IT environment is secure.

This can be a daunting task for a financial institution employee who’s been placed in an IT role for the first time. From our experience working with more than 600 community financial institutions, there are four key steps that someone who’s new to banking technology needs to know to quickly get up to speed on all things IT:

Step 1: Determine the Financial Institution’s Current State

When stepping into an IT role from another department, the first thing you must do is get a strong understanding of the current state of the institution and how the IT infrastructure is set up. Key questions include:

What does the IT infrastructure look like?
What technology is currently in place?
Is there hardware or software that is reaching end-of-life?
Are network schematics and data flow diagrams up to date and accurate?

Look at all the policies and procedures currently in place and understand what management has approved for the information technology program and how the environment is organized. It’s important to know exactly where the bank is from an IT perspective because without this knowledge you won’t be able to troubleshoot potential issues or plan strategically for where the financial institution needs to be to meet compliance guidelines.

Step 2: Review Vendor Relationships and Responsibilities

It is critical to know exactly who is responsible for each IT activity. Many community banks and credit unions use a variety of vendors, including core providers, cloud providers, managed services providers, and others. It’s important to understand which vendors are involved with all your hardware, software, and IT services and review the service level agreements (SLAs) which are typically found in the contract to be clear on what the vendor should be providing to the institution. This is crucial because if an issue arises you need to know if it is your responsibility to handle it internally or if you should reach out to a vendor for support. Make sure you are clear about what the institution’s vendors are responsible for, when to go to them for help, and which activities are your responsibility under the SLA.

Another key part of this role is vendor management. As a new IT admin, you have a shared responsibility for monitoring and managing the institution’s vendors and weighing the risks each one poses to the institution. To keep the network compliant and secure, you need to thoroughly evaluate potential vendors; identify critical vendors and services; implement an effective risk management process throughout the lifecycle of the vendor relationship, and report appropriately to senior management. Some key best practices include:

Developing plans that outline the institution’s strategy;
Identifying the inherent risks of the specific activity, and the residual, or remaining, risk after the application of controls;
Detailing how the institution selects, assesses, and oversees third-party providers;
Performing proper due diligence on all vendors;
Creating a contingency plan for terminating vendor relationships effectively; and
Producing clear documentation and reporting to meet all regulatory requirements.

Having a proactive plan in place will help you effectively manage vendors and have a clear understanding of the level of criticality and risk for each service provider. Properly vetting and managing vendors will reduce risk for the institution, while also ensuring compliance requirements are met successfully.

Step 3: Understand the Institution’s IT Organizational Structure

How IT roles are structured within a community bank or credit union varies by the institution, but many financial institutions have an IT administrator, information security officer (ISO), chief information officer (CIO), and an IT steering committee to support IT activities. It’s important to learn how the institution is set up and understand what the ISO and CIO are responsible for so you can work together to ensure the institution’s environment is operating securely and efficiently. It’s also important to make sure all ISO duties are separated from other IT roles at the institution to maintain compliance with FFIEC requirements.

At some point, every functional area of a bank or credit union touches IT in one way or another so understanding how every system, application, and functional area within the institution operates and relates back to IT enables you to help the staff by troubleshooting the different issues each department may experience.

Step 4. Review Recent Audits and Exams

Another way to determine the current state of the financial institution is to review all recent IT audits and exams. Determine if there were any findings or recommendations made by a regulatory agency and make sure that this has been addressed and remediated appropriately. With this information, you can tell if there are any current issues or pain points and start to make strategic plans or address specific issues as they arise.

Financial institutions are held accountable for FFIEC compliance and must manage regulatory activities including reporting effectively. New IT personnel should become familiar with FFIEC guidance and understand what is required to meet regulatory expectations and perform well on future audits and exams.

With these steps, new IT admins can gain a deeper understanding of information technology and what their key responsibilities are at the financial institution to ensure the community bank or credit union can successfully meet examiner expectations and keep operations running smoothly.