Can a bank succeed without effective information security? Not in today’s world, where technology is such a vital part of every bank’s operations. And given legislative and regulatory actions that have forced widespread changes in the banking industry, IT infrastructure is an area on which banks must focus to achieve continued success.
One is the reliability of their IT infrastructure. Increasingly, banks are relying on IT investments in security and compliance to thrive amid shifting market conditions. There is a new focus on using technology to make employees more productive and businesses more competitive. With this increased focus on technology, IT departments will continue to have an important role in shaping the future of banking.
Staying Ahead of Change
Founded in 1867, Bank of Stockton has always been at the forefront of banking technology innovation. With 17 branches in five counties across central California, Bank of Stockton is known as a community bank with a reputation for continually investing in new technology-based products and services to better serve its customers. Whether working to attract and retain customers, protect privacy, or ensure regulatory compliance, Bank of Stockton is focused on optimizing their technology systems to ensure maximum security and compliance.
Bank of Stockton uses Fiserv Signature applications to manage the four core processing environments—production, training, new release, and backup. They've recently installed Powertech’s Compliance Suite—Compliance Monitor, Network Security, and Authority Broker—in their production environment to manage evolving compliance and data privacy threats.
Jim McDaniels, Assistant Vice President and Computer Operations Manager at Bank of Stockton, explains the company’s overall philosophy. “It’s simple really. Ultimately, it’s about knowing where you stand with compliance, privacy, and overall security issues. We want to actively manage our environment and the Powertech products give us the peace of mind that we are doing that well.”
Managing Evolving Compliance
The ability to protect both the company and its customers is a requirement of doing business in the financial industry. Banks are audited multiple times each year by both federal and state agencies for proof of compliance and security protocols. The Federal Deposit Insurance Corporation (FDIC), an independent agency of the federal government, directly examines banks for operational safety, sound business, and compliance with consumer protection laws. Both state and FDIC audits can include extensive investigations on the solutions in place for backup, recovery, and protection of sensitive data, including an examination of the technology used to protect and support this information.
All this means that the role of the IT department becomes very visible during an audit, and the ability to quickly and effectively provide relevant information and reports is very important.
Bank of Stockton uses Compliance Monitor to run internal audits of their user library and users, objects, and systems, allowing management to see any areas where the bank may be out of compliance. Using Compliance Monitor simplifies the reporting process required for most audits.
Jim outlines why good reporting is essential. “All banks are audited for security and compliance and these products help us maintain the level of security that the auditors like to see. The audits include a complete analysis of areas related to disaster recovery, business continuity programs, and documentation. We use Compliance Monitor to survey those areas and highlight where we are at risk of falling out of compliance. The reports clearly illustrate to bank management where we stand and identify where we need to tighten things up.”
Establishing Ongoing Protection
In addition to Compliance Monitor, Bank of Stockton also implemented Authority Broker, software for managing authority levels for each user, and Network Security, an exit program solution for monitoring network traffic to the server. Although these products were implemented only recently, Jim has been impressed with the system’s ability to track, monitor, and control access to critical data easily and effectively.
“We are learning more about what these products can do each day,” Jim explains. “Establishing security processes is an evolving, long-term balancing act. What we don’t want to do is make something so secure that our employees can no longer do their jobs. Authority Broker has given us the power to grant a specific authority level for a specific job at a specific time, which was exactly what we were looking to do.
“And, Network Security has really provided us with the information we need to look at our exit points and establish tighter controls over what our vendors are able to access. Security doesn’t happen overnight, but the big thing is that the auditors like what we’re doing. They are very impressed with the way we are going about managing security and compliance. The Powertech products have been a great investment for us.”
And, that is something the Bank of Stockton can build on as they define and achieve continued success.
Get Started with IBM i Security
Before your next audit, find out where your IBM i (AS/400, iSeries) is vulnerable with a free Security Scan.