IT Budgets Tackle Pent-Up Demand
CUs expect slightly increased tech spending in 2011, and security upgrades are a top priority.
Conventional wisdom says technology is outdated in three years unless it’s upgraded or replaced. Throw in the Great Recession, and you get delayed tech investments and pent-up demand for the tools needed to run today’s high-tech business operations.
Credit unions, like other businesses, are noticing the obsolescence of their technology. Credit union information technology (IT) budgets for 2011 appear to focus on three areas:
- Making vital security and infrastructure improvements;
- Striving for efficiency and productivity; and
- Supporting self-service channels and online interaction.
Credit unions put many items—now on their 2011 technology wish lists—on hold in 2009 and 2010 as they waited for the recession to ebb. Although the national economy is still in flux, credit unions expect to relax budget restrictions in 2011 in pursuit of high-priority items, particularly security upgrades.
A critical security shift
The amount of elasticity in credit unions’ IT budgets varies with local economic conditions and the urgency of the need for improved security. Kevin Prince, former chief technology officer and current consultant at Perimeter E-Security, a Credit Union National Association (CUNA) strategic alliance provider, says some credit unions are pushing the limits of their IT security capabilities. Perimeter provides security solutions for financial services and other industries.
“There’s pent-up demand, and there are some things that have been held back that credit unions absolutely need to do,” Prince says.
Among the critical issues is a shift from “edge-based security,” which focuses on the connection between internal systems and the Internet, to a higher level of “end-point security,” which examines the potential for security breaches in all devices used in all aspects of operations.
“There are so many ways hackers can compromise end points now,” says Prince. “And when they do this—when they compromise a personal computer [PC] on the inside of the network, for example—those attacks very frequently can completely bypass all the edge-based security.”
Compiling and compounding
Equally important, in Prince’s view: Credit unions are taking a comprehensive look at the “compiling and compounding” impact of continuous technology purchases aimed at addressing security threats and mitigating risks.
“Now for the first time people are stopping and saying, ‘Do I really still need all this stuff? Are there other technologies that do it more effectively? Are current technologies addressing my greatest risks?’ They’re figuring out how to get the biggest bang for their buck,” he explains.
Credit unions typically have used separate systems for firewalls, intrusion detection, and Web content filtering. New options for streamlining security combine these functions in a unified threat management system on an all-in-one device.
Another way to streamline security is to outsource services to a vendor, which can allow credit unions to benefit from multimillion-dollar infrastructure maintained by a team of security experts. Cloud computing—products and services that can be accessed on demand via the Internet—is expanding the range of security and technology solutions available to credit unions from vendors.
In addition to streamlining systems, Prince urges credit unions to explore two security measures:
- Host-based intrusion detection systems place software on servers and offer 24-hour monitoring of security threats, which can help bridge the gap created by skipping the past two years of security upgrades; and
- Ongoing training of internal users increases awareness of the latest techniques that hackers use to compromise the network, while reinforcing a culture of information security.
Potlatch No. 1 Federal Credit Union, Lewiston, Idaho, will focus on improving internal security in its 2011 budget, says Ron Broaddus, chief information officer. The $423 million asset credit union has limited IT purchases to “required spending” since 2009.
“We’re looking at security not just from the standpoint of external penetration, but to protect ourselves from ourselves,” he says. In 2011, the credit union will examine systems that prevent “data leakage” by analyzing transactions to spot patterns that indicate potential fraud.
In future years, Broaddus says artificial intelligence tools could identify potential security breaches, such as the same computer terminal being used to look up a dozen credit card numbers in a brief time period. He’s also seeking tools that restrict access to internal systems without becoming cumbersome for employees, such as biometric sign-on systems that use physical characteristics to verify authorized users’ identities.
“We can make it really hard for people to get in and out of systems, but then what they do is write the procedure on a Post-It note and put it on their monitors,” Broaddus says. “We’re trying to hit the right balance.” Continual security education for both internal users and members reinforces safe security practices.
Potlatch No. 1 Federal’s IT budget also must support strategic initiatives, including:
- Expanding from 11 to 13 branches;
- Moving from manual, paper-driven operations to automated processes in records retention, document imaging, accounting, and other operations (for example, IT is training employees to shift from faxing internal documents to scanning them to the optical system for electronic delivery and storage); and
- Adding new self-service features for members, including mobile banking, and e-alerts and e-statements for online banking users.
Potlatch No. 1 Federal hopes to virtualize about one-fifth of its servers by year end, which is possible due to a 2010 upgrade to Citrix terminal servers. Virtualization reduces costs because there are fewer servers to maintain. And it enhances disaster recovery because recovering virtualized servers is faster than recovering physical servers.
Park Community Federal Credit Union, Louisville, Ky., has similar plans for increased virtualization, according to Kyle Snider, vice president of information technology. About 70% of the $465 million asset credit union’s servers are now virtual, he estimates, and the percentage is likely to increase slightly in 2011.
“We’re constantly looking at virtualization for physical servers, which in turn saves space, drops utility bills due to climate control, and makes life easier when you have problems,” he says. The credit union also is considering removing physical PC towers and moving to thin client-based personal computing.
“We believe at this point it will save a lot of time for our technical staff, pushing updates will be painless, troubleshooting hardware will be almost nonexistent, and hardware rollouts will be minimal,” Snider says. “Will it save us money over time? That’s the question we’re still asking ourselves.”
Park Community Federal operates branches in four states. Security investments in 2011 will focus on identifying and preventing threats such as identity theft, fraud, cyber crimes, and embezzlement.
A core partnership
At $1.4 billion asset Spokane (Wash.) Teachers Credit Union, IT efforts continue to focus on achieving the benefits of refining a core system for credit unions, says Belinda Caillouet, vice president, information technology, and a CUNA Technology Council executive committee member.
Starting in late 2007, Spokane Teachers and two other credit unions partnered with Harland Financial Solutions to adapt its Phoenix core system for the credit union industry. Spokane Teachers will launch the enhanced PhoenixEFE Core system in April 2011.
Caillouet says the Harland partnership enabled the credit union to work closely with the company, enhancing PhoenixEFE Core features to serve the more commercially focused credit union market. Spokane Teachers dedicated a significant amount of staff time to reviewing requirements, testing enhancements, and consulting with Harland developers. The goal of the partnership: to support the credit union’s strategic initiatives and improve its everyday operations.
As part of the core conversion, IT will convert to a new online banking system from Q2ebanking. And it will move credit card processing from an in-house system to a program through The Members Group. As core conversion demands wane, IT will tackle productivity and efficiency projects delayed during core system development, and search for new content management software and other tools to enhance members’ online access to services and information.
Supporting online interaction while safeguarding systems is crucial for dealing with both internal users and members, says Caillouet. A recent reminder of the importance of interaction came when Spokane Teachers moved its members-only classified advertising section two clicks away from the home page. Members immediately protested.
“The whole social side of it is huge,” says Caillouet. She’s currently evaluating how the credit union can use policies and systems to enable employees and members to interact using social media. “I feel comfortable we’ll come up with a solution in 2011.”
As members and employees alike move to new forms of electronic interaction, channel integration will be essential, she says, adding that new products like the iPad will help shape expectations for how and when employees and members access information and services. Those changing expectations will drive IT decisions as credit unions chase the moving target of technology advancement.
“That’s the future,” says Caillouet, “meeting the members on their territory.”
TECH TRENDS BEYOND 2011
IT leaders say a wide range of issues and opportunities are likely to shape budgets in 2012 and beyond:
- Outsourcing will provide access to cost-effective services, particularly at small credit unions with limited IT staff.
- Virtualization will occur on both the server and the desktop levels, enhancing capabilities while reducing the hardware and space required to support operations.
- Cloud computing will offer new options for accessing a wide variety of products and services via the Internet.
- Telecommunications’ ongoing evolution could prompt dramatic infrastructure changes at cost-conscious credit unions.
- Securing remote users will gain importance as credit unions allow more employees to work from remote locations or telecommute from their homes.
- Smart cards could gain widespread adoption in the U.S., replacing magnetic stripes on debit and credit cards with computer chips to enhance capabilities while reducing fraud.
- Social media sites such as Facebook, LinkedIn, and Twitter could expand the channels used to interact with members and current and prospective employees.
- Channel integration will give members the same services and the same experience from every communication or transaction channel.
- Payment systems will continue to evolve, requiring IT systems to keep pace.
- Security information and event management tools will collect information from all devices, and then analyze it for a comprehensive view of threats and attacks.