Case Study: Banking on Proactive Information Security

Competition for consumer business in the banking industry is playing out more and more on Web-based products and services, as banks seek to differentiate by making it easier for customers to check balances, conduct transfers and pay bills online. This was especially true at the Bank of Alameda in Alameda, Calif., a mid-sized bank founded in 1998.

This higher reliance on the Web cannot come at the risk of exposing bank customers to violations of their privacy, identify theft, or other information security risks of online banking. So Bank of Alameda has put in place a secure infrastructure that can be managed by a small IT staff, one that leverages state of the art tools in automated remediation management to get the job done.

In 1998, when the big security push was the Year 2000 threat and the fear that computers would crawl to a halt at midnight on Dec. 31, 1999, federal bank regulators were looking closely to see that banks were ready.

“We thought we were OK because we had all brand-new equipment,” says Michael Roberts, chief information officer for the bank. “But they said that’s not enough, you had to test and then document everything.”

The bank did that, putting policies and procedures in place to meet the regulatory requirements. From that experience the bank concluded that a proactive security stance was the best approach.

“We decided to stay on the forefront of what was happening in security to protect the infrastructure that we had developed,” Roberts said.

Bank of Alameda has five branches that are all connected with a T-1 line. Backroom processing is outsourced to Fiserv, an information management provider for the financial services industry, with clients in 60 countries and 21,000 employees. The bank connects to Fiserv via a frame relay.

“A lot of what I do is vendor management,” says Roberts, who has one other person on his IT staff.

The bank was an early user of firewalls and intrusion detection systems, which gives Roberts confidence in its perimeter security. More recently, Bank of Alameda has concentrated on beefing up internal security. It acquired the Retina Network Security Scanner from eEye Digital Security, which provides reports about vulnerabilities at each workstation.

This was helpful, but, Robert says, “Once I knew what the vulnerability was, I had to go to each workstation to take care of it.” With branches in five locations, that was time-consuming.

So the bank searched and found the Hercules product from Citadel Security Software, which automates much of vulnerability remediation. Hercules is able to accept reports from Retina, and allow the security administrator to determine what action to take.

“We can pick and choose what to remediate,” says Roberts.

For example, if a software patch is required, the administrator can direct Hercules to go to the Microsoft site for the update, download it and apply it to each affected workstation.

“That’s a great time saver for us,” Roberts says.

The price of Hercules also was attractive when compared to other products priced from $20,000 to $30,000 that are doing similar work. Hercules is priced at $21 per device per year; the Bank of Alameda has 50 workstations and 11 servers.

The bank schedules remediation updates for times when users are not on their workstations, so there is little impact on productivity.

“We’ve been actively using it for six to eight months now, and everything is working great. It’s doing exactly what we want it to do,” Roberts says. The regulators are also pleased with the bank’s proactive stance toward information security. “It’s been a useful tool for us and would also be useful for other banks our size.”

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

• Anticipating The Coming Wave Of AI Enhanced PCs

  FEATURE |  By Rob Enderle,
  September 05, 2020

• The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  August 14, 2020

  SEE ALL
ARTICLES