As originally published by Credit Union Times Magazine

Securing Your Organization Without Sacrificing Growth

By Drew Dizon, SVP, Strategic Partnerships & Digital Delivery at NYMBUS

Cyberattacks in the last 18 to 24 months have taken a decidedly more global turn. No longer the shadowy work of lone hackers operating out of a dark basement, today’s largest, most concentrated attacks appear to originate from – and target – sovereign nations, and are aimed at crucial services as well as financial institutions. Because these more sophisticated attacks are aimed at online and mobile banking applications, your organization must continue to incorporate innovative solutions. If the hackers have evolved and grown more complex, so, too, must your cyber defenses. With today’s consumers hyper-alert to security breaches with every headline, can you afford to put your brand at risk? While the “too large to fail” financial institutions can weather a digital attack, smaller, local credit unions could be wiped out by a large cybersecurity breach. And since today, a member’s mobile phone could be seen as a softer attack vector than an institutional system, it is more important than ever for credit unions to keep their members safe through all their touchpoints.

For the past decade, increasing security defenses meant adding more layers to an organization’s core system, increasing the bulk and complexity of IT infrastructure, almost to the point where even IT staff couldn’t get in. Add to that the time-consuming process of securing required approvals and signoffs to add new equipment, and it may be months before a new layer of security could be deployed, and that could be too late.

But security doesn’t have to be a bad word, nor does it have to be anathema to growth and innovation. It is possible to successfully navigate today’s cybersecurity waters and innovate at the same time.

Nothing’s Stronger Than … a Cloud?

Financial institutions have the opportunity today to innovate and implement efficient operations with modern digital experiences, and to increase their cybersecurity while doing so. Today’s systems, built to be digital from the ground up and maximize the cloud, offer a solution for smaller, more nimble credit unions looking to leapfrog the “big guys” in their markets, offer new products and services, and reach new audiences.

“But wait!” you say, “the big guys are set in their ways, they’re not playing with this fancy new tech just because it’s there, right?” Cloud technology is neither new nor untested. Big banks have been working for years with cloud-based systems, rolling out applications a few at a time, testing to see what works. Dedicated cloud use for heavy workloads makes sense – sharing the load by shifting jobs to the cloud saves your own machinery from being overworked. The cloud has become a mature technology, but credit unions and banks locked in the grip of legacy core systems wouldn’t know it. If the largest financial institutions are only able to test a few cloud applications at a time because they’re locked into old systems, innovative, smaller players that are able to capitalize on new technologies much more quickly can gain an advantage.

Cybersecurity in the Cloud: What’s the Advantage?

The very nature of the cloud – both its distributed, decentralized data processing and storage, and the fact that cloud providers serve multiple customers who demand up-to-the-second technological advances – means it is more secure than a dedicated, onsite data center. Consider the impact if a flood or fire struck even a satellite branch of a credit union. Localized events can destroy localized data. But when the various bits and bytes are spread out over large geographic areas, an event in one location has much less impact on the whole. By adding cloud-based technology to your existing infrastructure, or moving over entirely, disaster recovery from a localized incident is much faster, since the brains of your system still operate offsite.

Cloud providers like AWS or QTS Data Centers have multi-layer security infrastructures in place, including impressive military-grade physical barriers to entry. Many small financial institutions consider a locked door to the IT server room to be sufficient. Attackers know that smaller targets have fewer barriers: According to a 2015 study, malware was present in 36% of onsite systems, versus only 4% of cloud service providers. Cloud providers specialize in monitoring their systems second by second and can head off attacks almost before they begin. Traditional IT environments have a small number of administrators with full control. Cloud computing relies on diversified infrastructure control, increasing the complexity to ensure network security.

Can You Afford Not to Move?

Just 10 years ago, baby boomers were the big demographic prize for all markets. Financial institutions developed and grew by catering to the needs of that generation. Now, of course, millennials are the largest market this country has ever seen, and they have radically different expectations of the services they demand. Key among those are mobile and online banking experiences that are safe and secure, that move with them no matter how they want to interact, and that are much more personalized than their parents’ generation. While mom and dad, and especially grandma and grandpa, will walk into a branch office to do their banking, the millennials who comprise your future member base want to pull out their phones, message payments to each other, sign loans on a tablet and get text alerts when even the slightest problem occurs.

Legacy core systems that can’t comply with the demands of today’s and tomorrow’s members will need to be scuttled. Adding more layers is a slow, costly and painful process. Financial institutions that do not take the 10- or 20-year view of their members and their needs run the risk of going the way of Kodak. When converting to new, agile, cloud-based and open API core systems that increase security and make it simple to add in new product offerings, one must ask if they can really afford not to make the move?