What Your Data Security Strategy Should Include
Like other financial institutions and corporate entities, credit unions today are facing unprecedented challenges in managing and protecting their critical infrastructure. Security concerns, complex and disparate technology and stringent, complicated new regulatory requirements such as Sarbanes/Oxley (which addresses corporate governance for public companies, not CUs), and Gramm-Leach-Bliley (GLB), which protects the financial privacy of customers and members, have drastically changed the landscape in the past five years and it is highly likely that more changes lie ahead.
These factors underscore the importance of managing and safe-guarding the systems that allow a credit union to deliver services to its members with solutions that are flexible and effective.
A complete, overall strategy that addresses the organization's needs, both now and in the future, is essential. This strategy should include:
* A framework for dealing with firewalls and electronic perimeters in real time.
* Means of limiting liability risks and ensuring data is not lost,
* Methods to meet regulatory requirements, whether as a private or public institution.
* The ability to accommodate evolving government compliance requirements and growing business processes over time.
The systems that comprise a credit union's electronic infrastructure are many and varied, including networks, servers, storage devices, switches and other hardware and applications that perform a wide range of functions. Because these systems are not necessarily linked together, efficiency is crucial. It is important to find a solution that will use minimal devices to monitor and manage the entire electronic infrastructure, and provide information, access and remediation options from a single screen.
An initiative of this magnitude is a major investment that will affect the organization for many years to come, so it is important to have some vision and look for solutions that will accommodate growth and change in the next three to five years. This means letting the business-drivers guide the process, and then finding the technology to best fit these needs. Too often, technology drives business decisions, rather than solving them, and can lead to early obsolescence, inefficiency and disappointing results.
First, executives should examine all electronic systems that touch the credit union- critical applications that affect delivery of service, guard against security breaches and warn of system failures. These applications should be ranked in order of critical impact on the operation if they go down. Then an evaluation of current monitoring practices should be conducted to determine where holes, gaps and vulnerabilities exist. Once these priorities and needs are identified, the search for an effective solution can begin.
Ideally, a solution should:
* Effectively monitor and manage the entire infrastructure from a single screen.
* Work seamlessly with the existing system.
* Include options to repair critical events in real time from remote, with or without human intervention.
* Provide effective communication to both internal and external auditing bodies.
Potential solutions should be evaluated based on their ability to deliver these results. Credit union executives who are considering several different solutions should push providers to substantiate their claims and demonstrate the capabilities and effectiveness of their offerings. The best way to do this is by securing an evaluation license for two weeks, and testing it in the organization's own environment.
This demo should be able to meet 80% of the credit union's needs-if not, the organization risks investing excessive time, money and resources on consultation, development and training to CREATE a workable solution where one should already exist. Another indicator is the timeframe for implementation. An effective monitoring and management solution should take weeks, not months, to implement.
By using a "big picture" approach to assess needs and carefully evaluating providers, credit unions can select the best solution for their operations and help ensure the integrity, reliability and efficiency of their critical IT infrastructure.
Steve Cotton is CEO of Tdi.