Bank: Georgia Bank & Trust
Problem: Manually updating software for a fleet of machines was increasing operational and regulatory risks.
Solution: Automate app and system updates via a co-managed, software-as-a-service solution.

Keeping 400 PCs updated with the latest service packs, security patches and system changes manually had become unmanageable for admins at Georgia Bank & Trust. As hard as they'd try to update the hundreds of devices piecemeal, staff at the Augusta, Ga.-based community bank just couldn't keep up with the onslaught of system and security updates from Microsoft and Symantec.

Like many small institutions, the 12-branch community bank of $1.6 billion in assets had approached device management ad-hoc, simply by updating machines separately using the baseline functionality of each of their major vendors' offerings. But the results of that method, which involved using Microsoft's Windows Server Update Service (WSUS), a free version of VNC for remote control access to PCs, and another service for software inventory: at least some of the bank's machines nearly always lacked the latest updates. It was something both state and FDIC examiners, which typically alternate their biennial audits of the bank, said they didn't like.

"We had tons of PCs that were not complying," said Sherry Wiggins, vice president of IT at Georgia Bank & Trust. "It was a constant attempt to try and catch up to get the patches and the service packs. We were always behind."

It was then that Wiggins took a tip from Safe Systems, a third-party firm that focuses on reviewing and reporting IT risks specifically for banks and credit unions, which had been performing quarterly health tests on Georgia Bank & Trust's network to ascertain status of its operating systems, servers and disc space. Safe Systems recommended the bank consolidate its updating tasks by tapping NetComply, which through a partnership with Kaseya, remotely monitors, reports on and remediates fleets of PCs and servers.

Safe Systems is a managed service provider for Kaseya's device management software, although Safe Systems owns and fully manages this software in Safe Systems' data centers. The Alpharetta, Ga.-based vendor has customized Kaseya's software with compliance-focused reporting features for banking. Other device management software providers targeting small to medium-sized companies include FrontRange Solutions, Dell KACE, Matrix42 and Microsoft InTune.

Kaseya deploys a software agent that collects information on every device, PC and server needing updating in the enterprise, including all installed software on each device, as well as the system versions and license keys. Then NetComply pulls that information into a Web portal through which users can immediately see onscreen which specific software updates are needed for each machine. Systems are updated automatically, but admins can simply click where needed within the NetComply interface to update devices missing changes if they were offline or hibernating during auto-revisions, or Safe Systems can schedule automatic fixes.

When users log into NetComply, they're logging into Safe Systems' customized version of Kaseya's device management software, to which Safe Systems adds custom filters and manages update schedules and policies for bank customers. For instance, a specific anti-virus profile can be created for a server, in which certain directories would be excluded from real-time scans that could disrupt applications. The combined solution also enables banks to perform remote maintenance of particular machines, and to remotely run processes while a PC is still in use.

"It frees us up from chasing our tails trying to get all of this stuff manually to concentrate on our users," Wiggins says. "So it makes our shop much more efficient."

Safe Systems customizes the reporting on data collected by Kaseya's device management solution to meet the bank's compliance requirements. NetComply's output includes alerts on missing patches, quarterly service reviews and reports on the bank's compliance with IT management and security standards and rules. "When the auditors come in we run them a NetComply report," Wiggins says.

Now with automated updating and screen-based reporting aimed at remediating the bank's 560 PCs and 47 servers, pleasing examiners has become "a lot less of a hassle," Wiggins says. "It's easier to get the information they ask for than it used to be, and we're in a better position overall anyway, because everything's up to date."

In December, the bank began using anti-virus software from AVG that works with the Kaseya framework and NetComply service. At press time the bank was set to use a new critical application patching service from NetComply called CAPS, which updates non-Microsoft applications like Adobe Reader, Flash, Java and QuickTime. "The hackers are increasingly targeting these non-Microsoft products, so to get a way to update those automatically is fundamental to security for us," Wiggins says.