Is Outsourcing IT Security Right for Your Bank?

By Bill Johnson

In today’s dynamic landscape, the risks faced by financial institutions are substantial. Cyberattacks, computer system failures and natural disasters are just a few of the nightmare scenarios keeping bankers up at night. And for good reason. Institutions facing these situations risk losing critical data, revenue from downtime, and most importantly, their reputation.

Modern security threats are complex, sophisticated and evolve quickly. It’s not only the biggest banks that are targets. No institution can count on a “security by obscurity” approach.

Given its critical nature, entrusting the management of security to a third party may seem counterintuitive. However, it makes sense for many institutions, particularly when resources are limited. Outsourcing can enable institutions to access the specialized expertise, talent and resources needed to effectively protect against cyber threats and manage a complex technology infrastructure of servers, networks and firewalls. It can also provide access to essential disaster recovery and business continuity services. On a day-to-day basis, third-party management of IT security can free internal staff and resources to focus on other high-value initiatives.

Here are five areas for financial institutions to consider when evaluating their IT security approach:

1 What type of expertise do you have in-house? Does your IT team have the expertise and number of people needed to manage security threats? Are they up to date on the latest tools and training? Outsourcing offers financial institutions access to expertise and resources dedicated exclusively to security and allows a smaller staff to focus on key areas. Institutions will still need IT management in house to help manage the provider.

2 How complex is your IT environment? As the number of locations, servers and devices increases, the demands on staff are magnified. Phishing and social engineering tactics are increasingly carried out via smartphones and email. Security must be addressed across all entry points and endpoints.

3 Can you easily handle regulatory requirements and reporting? Regulatory compliance is ever-changing and complex, and can consume a significant portion of employees’ time. Keeping up with regulations often requires a financial institution to modify tools, processes and reporting for compliance. An IT security provider will be able to help financial institution staff manage these requirements while keeping up with day-to-day operations.

4 Are you prepared for a disaster? In the event of a hurricane or other disaster, the ability to manage and monitor branch systems from a remote location can help keep staff safe. In the event that data is wiped out of a primary location, data recovery services can replicate the data onto other servers so the information is not lost.

5 How well can you detect a threat? Shared knowledge can be a significant advantage when it comes to detecting phishing, malware and penetration attacks, as well as attempted cyber breaches. Using combined insights from the provider’s many partners allows organizations to better predict, detect and manage threats. It can also help to detect internal breaches that may be difficult to detect through internal monitoring alone.

Financial institutions have unique needs related to their regulatory oversight, branch structure and importance to their customers and communities. If your financial institution does choose to employ outside IT security expertise, maintaining the security of sensitive data and providing the best experience for your staff and customers should remain the ultimate goal.

Bill Johnson is vice president for Sentry Performance Solutions at Fiserv.