Cloud Coverage
Posted by Diana Hennel, SVP, CTO, Catalyst Corporate FCU on 3/22/2018

The forecast for credit unions is a bit cloudy… but not in a murky, hard-to-see sense. Quite the opposite. The future of cloud-based computing is sunny, and credit unions’ movement to “the cloud” – in varying degrees – is inevitable.

What exactly is the cloud? It’s a network of servers, storage and software, accessed through the Internet that each provide a different function. Some cloud providers provide IaaS – infrastructure as a service (Amazon Web Services, Azure); some provide PaaS – platform as a service (Amazon Web Services, Azure); and others provide SaaS – software as a service (Office 365, Salesforce, ADP, Workforce). The cloud also allows users to store and access data from a common, off-site source.

One major benefit of the cloud is the opportunity for credit unions to forgo costly, depreciating hardware infrastructure. This makes it a cost-effective solution for many companies trying to add to their bottom line.

Often, credit unions want to know, “Is this type of system safe and secure?” The short answer is: it can (and should) be, with the proper steps. When migrating to the cloud, take these three steps:

Know your Responsibilities. While each cloud vendor is slightly different, it’s important to understand that security in the cloud is a shared responsibility. Your contract with your cloud provider should define what the credit union controls and what the vendor provides as part of the service. What you’re responsible for depends on the level of service you are buying – IaaS puts more burden on the credit union while SaaS puts the majority of the responsibility on the provider. Moving to the cloud doesn’t mean you should get rid of your security stack. Instead, it means you have to understand how your tools support a hybrid environment as you transition.

Consult your Toolbox. Strongly consider using the FFIEC’s Cybersecurity Assessment Tool. Although use is optional at this time, Catalyst Corporate has seen numerous benefits in its adoption of this tool, such as better understanding of its risk profile and maturity level. This tool may also help define an organization’s cybersecurity roadmap based on FFIEC guidelines, whether applications are on premise or in the cloud. The CyberSecurity Assessment Tool also aligns with the NCUA’s Automated Cybersecurity Examination Tool (ACET), which it will begin using this year to assess cyber preparedness in credit unions with assets greater than $1 billion.

Be Prepared. Unfortunately, in today’s environment, it’s not a matter of if, but when, you’ll have to deal with an information security incident or breach (whether on premise or in the cloud). How a credit union responds has a big impact on member perception. Resolve to determine how you will respond before something happens. Establish an organizational plan and understand your credit union’s risk tolerance by holding regular tabletop exercises to clarify everyone’s roles in such an event. Exercises should include the executive team, marketing, legal counsel and even your board members.

Moving into the cloud is inevitable, so make sure your credit union is ready!

Categories: Business Partners, Compliance, Education & Training, Research
Post a Comment
Email: (Email will not be published.)
Subscribe to the Blog

Categories & Archives
Category Filter

Author Filter




Connect: FacebookTwitter©  Credit Union Resources, Inc. All rights reserved.


Contact Us
6801 Parkwood Blvd.
Suite 300
Plano, Texas 75024
Phone: (469) 385-6400
Toll Free: (800) 442-5762
Online Form