Click Cover to Read Digital Edition



ICBA National Convention
March 1-5
Gaylord Palms Resort
ABA Mutual Community Bank Conference
March 22 & 23
Marriott Marquis
Washington, D.C.
Card Forum & Expo
April 8-10
More events >  

<- Back

Share |

Print Friendly and PDF

What to Look for in IT Security

By: Paul Herbka

You’ve heard it said, “All that glitters is not gold.” That phrase definitely applies to IT security in the banking industry. Of course, we all want to hit the mother lode, but what will happen if you end up with a handful of fool’s gold? Security, true security, is the equivalent of the mother lode, whereas compliance alone can get you that fool’s gold. Which result do you want? Shall I assume the mother lode of security?

Like any good miner, you will need some good tools and resources to help you in your quest for the mother lode. It can be difficult to locate trustworthy partners, vendors and programs. What you need is a map to lead you through the maze. Security brings you into compliance, but compliance does not always bring you security. There are many stories of companies who passed a compliance test only days later to have a breach of millions. Don’t be tricked by the glittering fool’s gold.

The first thing you need to do is find a good IT security partner who understands the main principle of “security first.” Following is a list of what to look for in a quality security partner (also called VAR, reseller and outsourced IT shop):

After you locate a partner to help you, you need a good process or system for authentication and authorization. These are two generally overlooked or undervalued items in good IT security. Authentication is being sure someone is who they claim to be. Authorization determines what that person can see or have access to based on his or her role (customer, teller, branch manager) in your bank. There are many good authentication/authorization solutions. Things to look for are:

AegisUSA is an example of a company that does identity management (including customization for special applications). Identity management can range from password management to single sign-on or full blown “fully federated identity management,” which is everything. This provider offers solutions between $40,000 and $100,000 and they will be implemented within 30 days.

What else do you need on this journey to the security mother lode? In your list of resources and tools, you will need good banking software. You should look for:

The solutions from Integrated Bank Technology [] are an example. The company’s software is easy to use, sophisticated and “green.”

Next on this mother lode quest, you need someone to do a complete security evaluation. This can be done by a partner like SecureWorks or by an independent tester. And finally, you need to ensure you have the required defenses. Below is a list of things you should have:

It is this level of security that helps you enjoy the mother lode. With this defense-in-depth, you will not be tricked into the lure of the shiny, but worthless, fool’s gold. Fool’s gold levels of security leave you uneasy and with a sinking feeling in the pit of your stomach should anything happen at your bank. Security at the mother lode level lets you sleep soundly at night.

Paul Herbka is president of the Denver chapter of the Information Systems Security Association. He can be reached at paul74h(at)

Copyright © November 2010 BankNews Media