By Sam | November 12, 2015
Deciphering Your Credit Union Cloud Options To Ensure Your Data Is Secure

Secured Cloud ComputingIf you are a Credit Union that believes no service provider can be as responsive as your own team, then cloud probably isn’t for you. However, if you think the right service provider can be more responsive, more communicative, and more reliable than doing something yourself (think online banking providers or the power company) then Cloud may be a good choice for your Credit Union. Often times, we get questions about how Ongoing Operations secures, isolates, and ensures that YOUR Credit Unions data doesn’t get intermingled with those OTHER GUYS! This is a huge concern!

The reality is that how your Credit Union cloud data gets handled by your Technology CUSO really depends on the type of cloud platform. Public Cloud, Private Cloud and Community Cloud are your main choices.

Public Cloud

In a public cloud world (think of Amazon or Microsoft) you have very little ability to audit, manage or validate how this is handled.   It can also be tough to determine exactly where your data is at any given time. Your data is part of a huge storage platform that is ultra reliable and has great security defenses.   Nonetheless- when you have to be able to defend things to the NCUA or other examiners, sometimes a cleaner audit trail helps significantly.

Private Cloud

Ongoing Operations defines cloud as being scalable, offsite, infrastructure. We regularly hear the term Private Cloud. In our opinion, Private Cloud isn’t really cloud. It is more infrastructure as a service and is really a good option for total control freaks that really can’t give up the keys to some pretty basic stuff. Private cloud is really what most Credit Unions are doing today – they have a Virtualization Platform, a SAN environment, and a switching fabric that is isolated and dedicated to their organization. This seems like a more secure option, but in reality most of these are designed with the idea that the outside world is the only threat and inside the Credit Union nobody ever tries to steal anything or breach security. Of course, those of us that have been through crypto lockers, malware, anti-virus, social engineering, etc. realize that most threats actually derive from some external penetration or vulnerability that is then perpetrated on a trusted environment. Hence, while it seems that Private Cloud provides the security and isolation we need – in our opinion the fact that there is a Cone of Trust actually obliterates the perceived security.

Community Cloud

Ongoing Operations offers a Credit Union Community Cloud Platform, so warning – WE ARE BIASED! The Community Cloud Platform allows us to take Public Cloud Architecture and isolate it to specific data centers 2000 miles apart. Inject the fact that we consider everything on the network is considered a threat – so we lock everything down server by server, firewall, router, switch ports etc. and tie it all into a super logged, monitored, and audited architecture.   Consequently, your cloud storage is locked down and isolated to meet SSAE16, NCUA, and other standards. If required, we can isolate spindles and almost every variable so that the Credit Unions environment is highly protected both from other Credit Unions in addition to itself.     So combine great security by design with audit-ability and threat detection along with the fact that almost all of our clients are financial services related or super security concerned – and it makes for a much lower risk profile than private or public cloud.

So, what are the things to look for in the cloud provider to ensure that your data/storage is secure?

  • Audit-ability (NCUA, SSAE, PCI)
  • Redundancy (of the platform and the locations)
  • Physical locations of production and backup data
  • Access of outsiders (non secure personnel) to the data at various locations
  • Security features (cameras, MFA, etc). to access the critical data
  • Control of key security points (firewalls, telecom providers, encrypted data etc.)
  • Ability to Isolate the data (either logically or virtually)

If you can validate all of those components you probably can be sure that your cloud data is more secure than you can make it in your own environment while getting the scalability and resiliency you are looking for!

Want to learn more about the services that Ongoing Operations provides? Click here.

Interested in what OGO is up to? Subscribe to our blog today!

Posted in Business Continuity Planning, Cloud Topics, P3 - Plan, Prepare, Protect and tagged , , ,

Cost-Effective Solutions for Your Credit Union

Simply fill out this form and select the topic(s) that you would like more information for, and our team will reach out shortly.

Medium

Role
I agree to receive marketing communications from Ongoing Operations regarding news, updates, products, etc.(Required)

blank
modal close button

Welcome to the Ongoing Operations blog archive.

For our most up-to-date information, please visit ongoingoperations.com.

HOME