Protect CUs From Cloud Flaws, Disruptions

Credit unions, like many financial institutions, often seek a better ROI by using public cloud storage, but in the process expose systems to apparent vulnerabilities similar to the Capital One incident.

In the Capital One breach, a hacker gained access to a faulty public cloud containing personal information, including names and addresses, of approximately 100 million individuals in the U.S. and 6 million people in Canada.

The Gladiator team at Allen, Texas-based ProfitStars, a division of financial technology powerhouse Jack Henry & Associates, pointed out while public clouds work for some applications, they often are not a good choice for the complexity of hosting a financial institution’s entire infrastructure. In addition, public clouds lacking the necessary security strength, typically place the burden on organizations to maintain protection.

Sebastian Fazzino, director of sales operations at Gladiator and Financial Crimes Solutions from ProfitStars, explained the credit union security issues related to the cloud centers on three elements: Sophisticated threats that are complex, pervasive and persistent; an increasingly intricate IT environment; and an incredible cybersecurity talent shortage that exists today. “It plays really well when you have an enterprise level organization that can apply all the appropriate technologies necessary to secure that infrastructure running in that public cloud. The key difference, they are putting that onus on the credit union. That’s really where we have a significant strength position with our private cloud.”

Gladiator provides a private cloud allowing credit unions to transfer management responsibilities to JHA’s trusted advisers and engineers. The Gladiator Hosted Network Solutions in essence provides infrastructure-as-a-service, Fazzino explained.

The Gladiator cloud can include: Hosted servers, managed IT Services operating system support, productivity software (including support for Microsoft Office, Exchange, email, and other Office-related apps), internet access, advanced malware protection and routing to redundant JHA data centers (with virtual private network backup), disaster avoidance and tapeless backup.

“All of their Windows infrastructure instead of running on premise at the credit union runs within our facilities, our data centers,” Fazzino said. He pointed out Gladiator uses a virtual machine environment from Palo Alto, Calif-based VMware and a seven layered security solution. “What we’ve done is kind of take that ownership and responsibility of securing that environment for the institution.”

Fazzino observed, “One of the nice things about our infrastructure is that it operates in a fully redundant environment, what we call disaster avoidance rather than disaster recovery.” The private cloud is completely contained within Jack Henry at two of its data centers in Branson, Mo. and Allen, Texas. “We can securely give them access to their entire core, Windows infrastructure, actual desktop through a laptop, tablet, a smart device,” Fazzino said.

Randy Buck, COO, compliance officer, and director of information technology at the $114 million Los Angeles-based California Bear Credit Union, which has two branches blocks apart, recalled their consideration of in-house infrastructure versus a cloud solution. “After factoring in intangibles that came with the Jack Henry solution, they signed on for Gladiator in September 2016, started deployment the next month and finished in January 2017.

“Looking at someplace else to throw our virtual machines, especially for the disaster recovery, were the pieces that actually drove us into deciding on the Gladiator solution,” Buck stated. California Bear uses Symitar EASE, the outsourced delivery model of the Episys core processing platform, also housed within the Jack Henry cloud. “If we did have a disaster, we had one place that we actually had to connect to get into.”

Disaster recovery capabilities as one might expect is kind of a big deal at the California credit union. Much of California Bear’s critical infrastructure such as their Ease core, document imaging, and bank by phone system, sits in that in the Jack Henry cloud. Buck pointed out, what this means is if they do have a disaster, they can make one virtual private network connection into the Jack Henry Environment and access their resources. “So, they’re not having to log out of one resource and then log into another resource to get to the information that they’re going to need.”

Additionally, the Gladiator private cloud protects against malware such as Emotet, a banking Trojan malware program, which gains sensitive financial data by inserting computer code into an infected Windows system. “When you are running your infrastructure in house, the only way to get rid of a significant Trojan or worm like that, you have to reformat and rebuild all of your workstations from scratch. That is not an insignificant task,” Fazzino pointed out. “With our hosted network solutions environment, something like Emotet doesn’t even phase us should an institution get hit by it.” Just a quick reboot of their workstation fetches a brand-new operating system.

The first items the credit union jumped on when they began deployment centered on patching and antivirus. “Gladiator takes care of all of that for us,” Buck said, “That takes a load off of us and they monitor our firewall as well with the core defense.”

Gladiator also screens for any changes such as new user account additions, which generate emails to the California Bear’s team. “Nobody’s generating fictitious accounts out there. If we make changes it will generate notices to us as well,” Buck said. Anything else that happens on the interactive directory environment reveals itself on monthly and/or weekly reports California Bear can either generate or download directly from Gladiator.

“We make use of the intrusion detection and prevention services as well as keeping the bad guys out,” Buck noted. “We also have the advanced malware protection keeping virus type stuff out as well at the perimeter keeping [hackers] from even getting to our network.”

Not everything California Bear uses system wise is a JHA product; their antivirus, for example, is from Trend Micro, but even there Jack Henry manages it for the credit union. “They monitor all of our machines to make sure they are on the latest revision of the definitions and that the patching works together as well using that same database.”

Over the next month or so, when the last of the credit union’s legacy document imaging system data migrates to the Symitar Synergy Document Management, California Bear will only maintain their telephone and print servers in house.

Not only is the credit union happy with Gladiator but Buck explained so far their regulators and auditors really like it as well. “We get comprehensive reports as far as what is happening on the network as well as on the perimeter and they actually tie it back to the regs. Considering we had no real viable disaster recovery solution when I got here, they were more than happy to see that come into play.”

Buck noted the biggest benefit is removing that day to day weight from their shoulders and having Gladiator inherit that burden to have to keep up with all that technology. “We can actually worry about what we can do to make the credit union better. Knowing that patches go out when they’re supposed to and antivirus definitions are updated when they’re supposed to is a blessing for the whole organization.”

The Windows infrastructure a credit union runs in house can easily move to the Gladiator private cloud, Fazzino explained. Some 140 financial institutions currently run in the environment. “While most of the Gladiator clients are Jack Henry customers, they’re not all Jack Henry customers.” The ProfitStars product is core agnostic and also supports third party applications, as long as that application can exist in a virtual desktop.

“The end goal for a credit union is for IT infrastructure to support its ability to grow its business,” Fazzino said. “Gladiator’s role is to ensure that that infrastructure is leaving the credit union in a secure, compliant and resilient state with the right people applying the right technology and keeping it up and running 24/7.”

Some Industry reports, Fazzino observed, place a significant return on investment in leveraging the cloud. “That’s certainly one of the driving forces of it. But cybersecurity is probably the biggest advantage in moving to a private cloud. If you can leverage and harness the economies of scale we can bring to the table, at a subscription cost, it’s a no brainer.”