Data Protection for Credit Unions
•Download as PPTX, PDF•
1 like•297 views
This document summarizes a discussion on data protection for credit unions. It introduces the moderator and peer panelists, who work in credit union IT. The agenda includes discussing the increasing complexity of IT environments and data growth, compliance requirements, data loss threats, and methods to protect data. Technologies mentioned that can help include backups, determining recovery time objectives, onsite vs offsite storage, cloud storage, and site replication. The discussion emphasizes the need to identify all data to protect, have multiple recovery points, ensure data is encrypted and unattended, and out of region in accordance with compliance. Questions from attendees were taken at the end.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Data Protection for Credit Unions
Similar to Data Protection for Credit Unions (20)
More from Carbonite
More from Carbonite (12)
Recently uploaded
Recently uploaded (20)
Data Protection for Credit Unions
- 1. DATA PROTECTION FOR CREDIT UNIONS A Peer Supported Discussion October 20, 2016
- 2. MEET YOUR MODERATOR Lee Bird, President, Btech Btech specializes in affordable, managed IT security services for credit unions. Btech works with over 120 credit unions throughout the United States. Btech helps credit unions meet compliance goals by implementing and managing security services.
- 3. John Lockie, AVP of Infrastructure and Security Caltech Employees FCU Rick Menjivar, Chief Information Officer Chaffey FCU PEER PANELISTS
- 4. Credit union landscape Data loss threats Methods to protect data Compliance Technology choices Q&A AGENDA
- 5. Increasing complexity of IT environments Hyper-growth of data and applications Protection of electronic member information Compliance requirements for data retention/destruction CREDIT UNION LANDSCAPE
- 6. Accidental Deletion Viruses, Malware, Ransomware Natural Disasters – Storms, Floods, Fires Power Outages Hardware Failures WHAT CAUSES DATA LOSS?
- 7. Determine RTO (Recovery Time Objective) Define RTO for all data Use the appropriate data protection technology based on the required RTO Protect all data 1. Determine Onsite vs. Offsite Requirements Onsite for DR’s or data loss where site is still available Offsite for DR’s where access to data center isn’t possible “Out of the region” – Compliance requirements HOW SHOULD I START PROTECTING DATA? 2.
- 8. WHAT DO I NEED TO KNOW ABOUT COMPLIANCE? NCUA Rules – Do you know them? Encryption of electronic member information Measures to protect against destruction, loss or damage of member information Regularly test the key controls, systems and procedures of the InfoSec program Gramm-Leach-Bliley Act (GLBA)
- 9. DO THESE TECHNOLOGIES COVER ALL MY DATA PROTECTION NEEDS? Challenges with these technologies
- 10. • Regularly scheduled backups • Unattended • Multiple Copies of the same data • Multiple retentions over a pre-defined period of time - Daily, weekly, monthly, annual retentions POINT-IN-TIME BACKUP
- 11. Slow WHAT ABOUT BACKING UP TO TAPE VERSUS DISK? CHALLENGES WITH TAPE Tapes need to be replaced annually Transfer of tapes off-site Are they out of the region? The cost for an offsite storage vendor Security How many people are touching my tapes? Tape audit All tapes must be accounted for, all the time, otherwise must report possible loss of member information.
- 12. • Cloud for DR if region is affected • Cloud so that protected data is out of the region • Site replication or CDR for low RTO • Can have a local copy for quick recovery WHAT DOES CLOUD BACKUP BRING TO THE TABLE? vs. PUBLIC PRIVATE
- 13. • Identify all data to be protected • Break down data recovery into RTO’s • Have multiple data points for recovery • Data must be out of the region • Data must be encrypted • Solution must be unattended – What does this mean? SUMMARY: WHAT ARE DATA PROTECTION “MUST-DOs” FOR CREDIT UNIONS?
- 15. We created a quick checklist for you to get a real Data Protection Score IS YOUR DATA PROTECTED?
- 16. RESOURCES Compliance Datasheet Comparison Card All attendees will receive resources in a follow-up email Data Protection Checklist
- 17. THANK YOU! Lee Bird, President, Btech 221 E. Walnut Street, Suite 138 Pasadena, CA 91101 626-397-1045 | leebird@btechonline.com
Editor's Notes
- Moderator introduces himself I’m Lee Bird, President of Btech. I started Btech in 1989, and since 2000, we have worked exclusively with credit unions – providing IT security services using “best of breed” technology. We currently work with over 120 credit unions throughout the United States.
- --Introduce John --Introduce Rick Thank you John and Rick and let’s dive right in
- Today we’ll be taking a look at these Agenda Items as we learn how today’s Credit Union IT professionals and managers can succeed in a quickly changing and complex environment. We’ve got two great guest panelists – they are YOUR PEERS – TWO CONSUMER CREDIT IT PROS – who will share their recent experiences.
- Here’s a look at the Credit Union Landscape today. These are just some of the challenges CU professionals face. We are all seeing a lot of data growth! Is it all just imaging data? Or, are you seeing other areas – like maybe email or email archive – with lots of data growth. John, let’s get started by asking you “Why has data protection surfaced as such a huge challenge for CU professionals?” (Answer) Rick, what about you? Is there ONE SINGLE factor that is making your job tougher these days?
- Let’s start with data loss. We need to remind ourselves that there are so many ways that credit unions can lose on-premise data. Better hardware has made some of us complacent in our data protection strategies. We just don’t see crashed HDD’s or broken RAID arrays like we used to. Human error remains the number one way that valuable data is lost. And these days of course, everyone is talking about ransomware, the malware that can encrypt your data while cyber crooks demand payment to unlock it. That’s before we get to the havoc Mother Nature can wreak on systems and the outages and failures that are part of doing business.
- Here are some thoughts on looking at your data protection strategies. Do you ever consider RTO? What about Onsite vs. Offsite? Rick, how difficult is it to determine what you are able to keep on premise? John how have you met or tried to meet offsite compliance requirements? Rick and John, what do you feel is best practice for “out of the region” compliance? After all, Hurricane Sandy affected 4 of the 10 FEMA Zones.
- What’s the number one challenge compliance poses for credit unions? Does anyone else feel that some of the rules are ambiguous? What about the FFIEC’s requirement for data encryption? That counts as data protection, right? Goes over the NCUA Basics. What it means for Credits Unions.
- Do you feel like we have started forgetting about basic “data backup” because of all of the new technologies out there? While newer data protection technologies may offer a lower RTO, do they have limitations in their ability to protect all data? Asks panelists for their experience with any of these, or challenges
- Let’s talk about Point-in-Time Backup and Why It’s so Important to Today’s Credit Unions. I strongly feel that there is still a need for point in time backups, even though I’m seeing some CU’s get rid of them in favor of other technologies. This leaves a big gap in the ability to recover data based on certain scenarios. John, how does point-in-time factor into your strategy? Rick, can you explain how these factor into NCUA compliance?
- I won’t ask for a show of hands – but, how many of you still have a tape drive? It’s still out there! Backing up to a portable USB is like a tape – isn’t it? What about backing up to a disk vault – an appliance. Lee highlights pros and cons of tape. Moderator’s choice on whether panelists have input here. Lee likely hears plenty of ‘tape’s stories as most attendees do. Tape isn’t dead and a lot of you in audience may be using it. But there are significant challenges.
- Let’s talk about cloud backup. I think the Examiners are comfortable with the Cloud now, as long as the vendor is doing their due-diligence, like SSAE-16. Is your CEO, or the Board comfortable with the Cloud yet? I still see some Executives that aren’t comfortable with the Cloud. Rick how has it helped you? Do you test it regularly? Challenges John, what did you learn about cloud backup as it relates to credit union landscape?
- Lee summarizes key points or MUST DO’s For panelists: Do our panelists have any final takeaways? Or what do panelists think is biggest challenge moving forward for all credit unions
- Now it’s time for your questions for me, or our panelists
- We created a quick checklist for you to get a real Data Protection Score
- Thank panelists and audience Contact information Question for MZ: How do we want to offer up more extended cheat sheet or detailed Best Practice List?