FOCUS Some CUs are pushing the limits of their IT security capabilities. Cloud computing is expanding the range of available technology solutions. Board focus: Tech upgrades put on hold during the recession might be necessary in 2011.

Conventional wisdom says technology is outdated in three years unless it’s upgraded or replaced. Throw in the Great Recession, and you get delayed tech investments and pent-up demand for the tools needed to run today’s high-tech business operations.

Credit unions, like other businesses, are noticing the obsolescence of their technology. Credit union information technology (IT) budgets for 2011 appear to focus on three areas:

• Making vital security and infrastructure improvements;
• Striving for efficiency and productivity; and
• Supporting self-service channels and online interaction.

Credit unions put many items—now on their 2011 technology wish lists—on hold in 2009 and 2010 as they waited for the recession to ebb. Although the national economy is still in flux, credit unions expect to relax budget restrictions in 2011 in pursuit of high-priority items, particularly security upgrades.

A critical security shift

The amount of elasticity in credit unions’ IT budgets varies with local economic conditions and the urgency of the need for improved security. Kevin Prince, former chief technology officer and current consultant at Perimeter E-Security, a Credit Union National Association (CUNA) strategic alliance provider, says some credit unions are pushing the limits of their IT security capabilities. Per­imeter provides security solutions for financial services and other industries.

“There’s pent-up demand, and there are some things that have been held back that credit unions absolutely need to do,” Prince says.

Among the critical issues is a shift from “edge-based security,” which focuses on the connection between internal systems and the Internet, to a higher level of “end-point security,” which examines the potential for security breaches in all devices used in all aspects of operations.

“There are so many ways hackers can compromise end points now,” says Prince. “And when they do this—when they compromise a personal computer [PC] on the inside of the network, for example—those attacks very frequently can completely bypass all the edge-based security.”

Compiling and compounding

Equally important, in Prince’s view: Credit unions are taking a comprehensive look at the “compiling and compounding” impact of continuous technology purchases aimed at addressing security threats and mitigating risks.

“Now for the first time people are stopping and saying, ‘Do I really still need all this stuff? Are there other technologies that do it more effectively? Are current technologies addressing my greatest risks?’ They’re figuring out how to get the biggest bang for their buck,” he explains.

Credit unions typically have used separate systems for firewalls, intrusion detection, and Web content filtering. New options for streamlining security combine these functions in a unified threat management system on an all-in-one device.

Another way to streamline security is to outsource services to a vendor, which can allow credit unions to benefit from multimillion-dollar infrastructure maintained by a team of security experts. Cloud computing—products and services that can be accessed on demand via the Internet—is expanding the range of security and technology solutions available to credit unions from vendors.

In addition to streamlining systems, Prince urges credit unions to explore two security measures:

• Host-based intrusion detection systems place software on servers and offer 24-hour monitoring of security threats, which can help bridge the gap created by skipping the past two years of security upgrades; and
• Ongoing training of internal users increases awareness of the latest techniques that hackers use to compromise the network, while reinforcing a culture of information security.