Openness is not a threat: How credit unions can embrace new IT models securely and with confidence

With the shift to remote and hybrid work, financial institutions are struggling to empower offsite productivity while keeping sensitive financial data and transactions secure. Credit unions especially are feeling the pressure due to the age of their IT systems, the need to support new partner-driven business models, and a patchwork of virtual desktop (VDI) solutions. They’re all asking the same question: “What’s the best way for us to securely enable remote and hybrid workflows?”

Credit unions are well aware their IT systems are due for updating. The frailties of legacy technology are public knowledge. In Spring 2021, Cision reported that 48% of credit unions and 58% of their vendors may have possible critical vulnerabilities due to out-of-date systems.

The challenge is that few credit unions or their members can tolerate the downtime it would take to upgrade or migrate from older solutions or software such as Windows 7. Financial institutions also have to meet what are arguably some of the most stringent regulatory and auditing requirements of any industry and abide by a growing slate of cybersecurity laws. That would make any organization shy to take on change.

A new (and open) world

Up to now, it’s been possible for credit unions to delay major IT upgrades because their communications networks have been more or less closed systems. That’s changing with the explosion of external FinTech applications that need to be integrated with internal systems, as well as increasingly complex business tools such as enterprise resource planning (ERP) solutions that can be built only with the help of third-party developers. All of a sudden, the corporate network has had to open up.

This is a good thing because it creates opportunities for new kinds of partnerships and collaborative business models — ecosystems that add value for credit union members. But it also increases risk due to the traditionally flat architecture of credit unions’ networks. In a flat network, one IP address or subnet can shift to or attack another IP address or subnet in the environment. Malware and phishing schemes can easily exploit this kind of lateral movement.

It’s unrealistic for most credit unions to consider completely rearchitecting away from their flat spine-leaf or hub-spoke architectures — you can’t rebuild a plane while you’re flying it. But adopting and enforcing privileged access management (PAM) practices can mitigate the risk of lateral movement by controlling who accesses what in the network based on role. PAM also provides a clear and auditable chain of evidence for all actions done within the network environment. But here credit unions often run into another obstacle, because the traditional virtual desktop solutions used to enable remote/hybrid workers and external partners aren’t built to do the full PAM job.

Where typical VDIs fall short

Most VDIs on the market today are point solutions: they don’t cover the full set of requirements to facilitate productivity and enforce security and ensure compliance. Setting up virtual private networks and shipping out laptops are common strategies that still leave critical boxes unchecked and could lead to a breach.

On top of this, the flatness of credit union networks means any remote user accessing the network should be isolated to prevent any harmful lateral movement of malware from their devices into the corporate network. But VDIs by definition are shared environments: the whole point is that everyone is able to access common applications.

Credit unions and other organizations have used some inventive techniques to get around this — jury-rigging VDIs to get them to perform segregations and isolations they’re not built to do. That’s not sustainable and can make adding new users to the network a long, painstaking process.

The alternative is to create virtual “rooms” for each person accessing the network: spaces where they can touch the parts they need and nothing more, using their own tools, with a complete record of what they did while they were there. That’s the premise behind the Tehama solution. We make it possible to optimize workflows and at the same time maximize security with a zero-trust environment. Basically, our solution acts as the bouncer at the door to the club: there’s only one way in for each user, and only certain places they can go once inside.

A unique opportunity to collaborate and conquer

Because of their cooperative business model, credit unions are in the unique position of being able to pool resources and join together in customizing a modern remote/hybrid working solution that meets the needs of multiple institutions instead of each one having to develop a solution on their own.

Using automation, orchestration, and user management capabilities that aren’t available with traditional VDIs, credit unions can develop productive remote work environments and third-party ecosystems for innovation and meet the full range of audit and compliance requirements. Facilitating secure, productive remote and hybrid work is more possible than many credit unions may have ever imagined — all they have to do is seize the opportunity.

Connect with us to learn more about how the Tehama solution can meet the needs of your credit union.