By John French
What if your IT issues could be fixed before you even know they occurred? What if you could reduce your efforts to comply with the regulatory requirements of protecting the security and integrity of your sensitive information? And what if you could do both while reducing your overall IT expense?
It’s possible with managed IT services. Benefits such as these are why managed IT services are gaining popularity among banks that don’t have deep internal IT staffs of their own. A bank’s computer network is the backbone of its business because it delivers data to its employees anywhere and at any time. In reality, if you’re like many banking professionals, you simply want your network to work so you can focus on your business, not on your IT infrastructure. Managed IT services may be the answer.
What Is Managed IT Service?
Many banks and businesses contract with an independent third party to offload IT operations to a professional service company known as a Managed Services Provider or MSP. The MSP assumes an ongoing responsibility for 24-hour monitoring, maintenance, management and problem resolution for the IT users within a business. Finding the right MSP for you depends on your needs and your organization’s comfort level in providing its own IT expertise. It’s a business trend that’s gaining traction in the banking arena as a means of simplifying IT operations to support employees’ compliance initiatives and control IT expense.
Controlling IT Expense
According to a recent study by CompTIA, the IT trade association, 46 percent of managed IT service users have cut their annual IT expenses by 25 percent or more. And 50 percent have cut their annual IT expenses 10-24 percent. This is compelling evidence that managed IT services can deliver significant expense benefits.
MSPs take the responsibility for the product and support costs of your infrastructure for a monthly, predictable fee, which makes budgeting easy and eliminates unexpected expenses. Overhead expenses such as antivirus, SPAM filtering, content filtering, firewalls, business continuity resources, backup licenses and renewals are all expenses included as part of the MSP service. This enables both capital expenses and operational expenses easier to manage.
In addition, many banks are turning to MSPs to provide technology expertise and handle administrative tasks rather than investing in personnel. MSPs let you concentrate on running your bank, instead of worrying about your IT resources. It frees you from dependence on one or two key IT employees and ensures continued operations if they become sick or leave your organization. It also gives you specialized expertise that you may need for a specific project but can’t justify having on your payroll.
Reducing IT Challenges
Technology is growing increasingly complex and difficult to manage. Many organizations, including banks, are looking at managed IT services to provide IT skills that they don’t have in-house. And they’re finding that using an MSP frees them to direct their efforts toward IT initiatives that support their overall business goals, instead of dealing with day-to-day maintenance and “fires” as they come up.
Complying With Regulations
A financial institution is bound by compliance standards that protect the security and integrity of its clients’ sensitive information. Heightened cybersecurity concerns have increased the regulatory burden of providing a safe and sound network. Managed IT services can enhance both the physical security of your network and the electronic security of the data stored on it. Network security, password protection, encryption and best-practice processes combine to ensure a high level of regulatory compliance by controlling access to sensitive data. Because those IT functions are handled by an outside expert, your risk of IT non-compliance is reduced.
Finding the Right Provider
Many companies today offer various types of IT solutions and managed services. Because your bank is dependent on its IT to function effectively, it’s important that you partner with a MSP that has the skills and experience to meet your particular needs. Some questions to ask a potential MSP include:
- Do you have experience providing managed services in the banking industry? Banks have specific compliance and security concerns that other industries simply do not. Find an MSP with experience managing technology for banks. It will better understand the unique security and compliance requirements and be better equipped to provide advice and guidance.
- Do you have experience protecting the banking industry from cybersecurity threats? Bank regulators are making cybersecurity a higher priority in 2016. The FFIEC is revising its community bank examination program to break cybersecurity out as its own separate issue in examination comments. You should be looking for an MSP that uses best practices to manage and update its information security programs as needed to ensure that the programs anticipate new and emerging cybersecurity threats. The security program should include an ongoing risk assessment process, including an audit program to validate that the designed “cyber risk control structure” is adequate and effective.
- Do you offer security awareness training? Most successful data breaches begin with a phishing attempt. In the FDIC article titled, “A Framework for Cybersecurity,” security awareness training is listed as a critical component of cyber risk control, recommending training to anyone who is a potential access point to the bank’s data system. Find an MSP that offers ongoing training and regular testing to determine weak spots.
- Do you offer patch management? The FDIC, along with other regulators, list “patch vulnerability exploits” as one of the biggest threats to bank security and recommend implementing a Patch Management Program. Find an MSP that provides an effective program that includes written policies and procedures to recognize, prioritize, test and implement timely patches to intervene on known vulnerabilities in applications and operating systems.
- What are your business continuity plans? As of February 2015, the FFIEC IT Handbook states that financial institutions are now responsible for ensuring the solidity of their technology service providers’ business continuity plans. A qualified MSP specializing in managing technology for banks knows this requirement and will provide you with a Business Continuity and Disaster Recovery Plan, as well as other documentation that is synchronized with the permissions established on your system.
- Are you SSAE16 audited? According to an FFIEC article from July 2010, a financial institution’s use of third parties to achieve its strategic plan does not diminish the responsibility of the board of directors and management to ensure that the third-party activity is conducted in a safe and sound manner and in compliance with applicable laws and regulations. An SSAE16 audit is the best way for you to ensure that your vendors are compliant with this requirement.
The Bottom Line
The reasons for using an MSP vary by situation but often include one or more of the following:
- Tighter control of budget through more predictable expenses.
- Ability to acquire specific expertise when needed.
- The ability to focus on core competencies by ridding yourself of everyday housekeeping.
- Eliminate responsibility of hiring, training and leading an in-house IT department.
- Streamline operations with predictable IT performance.
- Increased ability to meet changing business and commercial conditions.
- Lower ongoing investment in internal infrastructure.
- Access to innovation and thought leadership.
Expense reduction of 15 percent or more is common when you compare managed IT services to the expense of maintaining an in-house IT department. That’s hard to argue with, especially in light of the compliance and efficiency benefits mentioned above. Some banks that are already using managed services compare it to having a trained, staffed IT department. It’s worth checking out to see if your bank could realize the same results.
John French is chairman and CEO of RESULTS Technology, a Kansas City-based Managed Service Provider that specializes in banking. He can be reached at firstname.lastname@example.org.