By Sam | August 10, 2014

What Is Managed Security And Is It Right For My Credit Union ?

During a tabletop this month I had a side conversation with a Credit Union CIO about their recent NCUA audit. Now mind you, I need to frame this just a bit so you’ll understand that this Credit Union is at the top of it’s game when it comes to Information Technology. So I was surprised to learn their auditor had really taken them to task about cyber-security preparations (or lack thereof).  I get it – Credit Union’s need to be prepared and everyone is telling them to get it done yesterday! But no one is telling them how! And unless something drastic has changed in the economy, I can quite confidently guess that although the number of threats against your Credit Union is growing exponentially – your I.T. staff remains the same (in size and training). To meet the demand, smart Credit Union CIO’s are turning to managed security service providers (MSSP) to augment their staff and meet compliance and  strategic needs.

What is an Managed Security Service Provider (MSSP) ?

According to the Gartner Group:

” An managed security service provider (MSSP) provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services. MSSPs use high-availability security operation centers (either from their own facilities or from other data center providers) to provide 24/7 services designed to reduce the number of operational security personnel an enterprise needs to hire, train and retain to maintain an acceptable security posture.”

From a Credit Union perspective, nothing is ever one-size-fits-all. As you begin researching your options for managed security you will find  your options limitless and offer you the opportunity to ease your way into a managed security relationship.

Are managed security services right for your Credit Union?

Depends! Consider the following set of questions to begin determining your need:

• Does your Credit Union have the staff to DEDICATE to IT Security? Before you answer – consider that 100’s of new risks are discovered everyday.
• Do you have a certified CISSP on staff? I’m normally not big on certifications but when it comes to security a strong common foundation is key!
• If you do have a CISSP on staff, can you afford to keep them? Certified personnel generally cost more in labor than non-certified. So not only do you have the training but can you dedicate 2080 hours/yr to ONE specific area of your enterprise?
• If you were to encounter a cyber-threat (i.e. DDoS) that lasted for days would you have the resources to defend your infrastructure? This is where many Credit Union’s make a critical mistake – having a SINGLE certified person. When will the sleep? What if they are part of the threat?

I realize these are tough questions and we will pursue this topic even more over the next couple of weeks. Having an MSSP augment your IT team may be right for your Credit Union if any of the questions above left you feeling exposed!