Managed IT for Banking and Financial Industries
The nature of technology in banking is radically transforming. Compliance, audits, security, customer experience… Virtually all banks are approaching complete dependence on technology; which is becoming more advanced and more complex in the process. Whether we like it or not, we can not avoid dealing with IT.
However, getting a handle on IT will give your financial organization competitive advantages.
- Faster and more agile customer experience with mobility
- Undermine risk of loss of data/lawsuit stemming from data breach
- Scalability of operations
- Reporting and employee efficiency
- Increase customer satisfaction and retention
- Regulatory compliance
More about IT in the financial industry:
The FDIC security standards require perimeter and internal security standards to be met, while advocating separation of security roles. PCI risks have changed a lot too; fines, liabilities and suspensions of merchants are all increasing for those institutions found in-compliant. In addition, GLBA (Gramm-Leach-Bliley Act) audits are on the rise.
What do FDIC audits focus on?
FDIC audits focus heavily on perimeter security and internal security. Perimeter security means any branch with internet access needs a managed firewall and IDPS. Using a dedicated circuit (T1 or MPLS) for interbank connectivity is best practice, but not required. The FDIC also advocates separation of security roles. The second key focus is internal security which requires an internal host based IDPS functionality, event log management with daily reviews and data loss protection for any device that leaves the building with personally identifiable information (PII).
Is two party authentication a requirement for financial institutions?
Currently, two party authentication is not mandated, although we expect it to be a requirement soon.
Do I need different security rules for laptops?
As a financial institution, you are required to protect information from leaving your network. Laptops can connect anywhere, so you need different rules when they are outside your network. These would include data loss prevention (DLP) and encryption.
What is mobile device management (MDM)?
Mobile device management is an evolving security issue. Why do you need it as a financial institution? It will give you an inventory of all mobile devices accessing the corporate network or data and allow you to push out security policies and settings over the air (OTA). Mobile device management will also ensure only devices compliant with their policies have access to corporate email and data as well as provide the ability to remotely lock or wipe a lost or stolen device.
Are there benefits to the approach of managed security for financial organizations even though they get audited every year?
A managed security solution is a proactive approach to security. It allows you to maintain current logs of your security status. Those logs created over time will serve as pieces of the audit requirements, speeding up the audit process and avoiding loss of productivity. Managed security also increases the due diligence of protecting your network reducing liability.
As a financial institution, what do I need to look for in an IT provider?
With the heavy standards financial institutions are held to, they should look for IT partners that are SOC 2 certified and offers a business associate agreement (BAA). There are other factor in choosing a provider. We list some of those in our whitepaper “The Bottom Line on Managed IT Services.”