Cloud Vulnerabilities & Disaster Disruptions: Protecting IT Systems

Credit unions, like many financial institutions, often seek a better ROI by using public cloud storage, but in the process expose systems to apparent vulnerabilities similar to the Capital One incident.

In the Capital One breach, a hacker took advantage of a faulty public cloud to obtain personal information, including names and addresses, of approximately 100 million individuals in the U.S. and 6 million people in Canada.

The Gladiator team at Allen, Texas-based ProfitStars, a division of financial technology powerhouse Jack Henry & Associates, pointed out while public clouds work for some applications, they often are not a good choice for the complexity of hosting a financial institution’s entire infrastructure. In addition, public clouds lacking the necessary security strength, typically place the burden on organizations to maintain protection.

Sebastian Fazzino, director of sales operations at Gladiator and Financial Crimes Solutions from ProfitStars, explained, “It plays really well when you have an enterprise level organization that can apply all the appropriate technologies necessary to secure that infrastructure running in that public cloud. The key difference, they are putting that onus on the credit union. That’s really where we have a significant strength position with our private cloud.”

Gladiator provides a private cloud allowing credit unions to transfer management responsibilities to JHA’s trusted advisers and engineers. The Gladiator Hosted Network Solutions in essence provides infrastructure-as-a-service, Fazzino explained.

Randy Buck, COO, compliance officer, and director of information technology at the $114 million Los Angeles-based California Bear Credit Union recalled their consideration of in-house infrastructure versus a cloud solution. “After factoring in intangibles that came with the Jack Henry solution, they signed on for Gladiator in September 2016, started deployment s the next month and finished in January 2017,” Buck said.

He continued, “Looking at someplace else to throw our virtual machines, especially for the disaster recovery, were the pieces that actually drove us into deciding on the Gladiator solution.” California Bear uses Symitar EASE, the outsourced delivery model of the Episys core processing platform, also housed within the Jack Henry cloud. “If we did have a disaster, we had one place that we actually had to connect to get into.”

Disaster recovery capabilities as one might expect is kind of a big deal at the California credit union. Much of California Bear’s critical infrastructure, such as their Ease core, document imaging, and bank by phone system, sits in that in the Jack Henry cloud.

Read more about public versus private clouds in the October 23rd issue of CU Times.