Openness is not a threat: How credit unions can embrace new IT models securely and with confidence


Jaymes Davis

Jaymes Davis

Dec 1, 2021

·

5 min read time

Openness is not a threat: How credit unions can embrace new IT models securely and with confidence

With the shift to remote and hybrid work, financial institutions are struggling to empower offsite productivity while keeping sensitive financial data and transactions secure. Credit unions especially are feeling the pressure due to the age of their IT systems, the need to support new partner-driven business models, and a patchwork of virtual desktop (VDI) solutions. They’re all asking the same question: “What’s the best way for us to securely enable remote and hybrid workflows?”

Credit unions are well aware their IT systems are due for updating. The frailties of legacy technology are public knowledge. In Spring 2021, Cision reported that 48% of credit unions and 58% of their vendors may have possible critical vulnerabilities due to out-of-date systems.

The challenge is that few credit unions or their members can tolerate the downtime it would take to upgrade or migrate from older solutions or software such as Windows 7. Financial institutions also have to meet what are arguably some of the most stringent regulatory and auditing requirements of any industry and abide by a growing slate of cybersecurity laws. That would make any organization shy to take on change.

A new (and open) world

Up to now, it’s been possible for credit unions to delay major IT upgrades because their communications networks have been more or less closed systems. That’s changing with the explosion of external FinTech applications that need to be integrated with internal systems, as well as increasingly complex business tools such as enterprise resource planning (ERP) solutions that can be built only with the help of third-party developers. All of a sudden, the corporate network has had to open up.

This is a good thing because it creates opportunities for new kinds of partnerships and collaborative business models — ecosystems that add value for credit union members. But it also increases risk due to the traditionally flat architecture of credit unions’ networks. In a flat network, one IP address or subnet can shift to or attack another IP address or subnet in the environment. Malware and phishing schemes can easily exploit this kind of lateral movement.

It’s unrealistic for most credit unions to consider completely rearchitecting away from their flat spine-leaf or hub-spoke architectures — you can’t rebuild a plane while you’re flying it. But adopting and enforcing privileged access management (PAM) practices can mitigate the risk of lateral movement by controlling who accesses what in the network based on role. PAM also provides a clear and auditable chain of evidence for all actions done within the network environment. But here credit unions often run into another obstacle, because the traditional virtual desktop solutions used to enable remote/hybrid workers and external partners aren’t built to do the full PAM job.

Where typical VDIs fall short

Most VDIs on the market today are point solutions: they don’t cover the full set of requirements to facilitate productivity and enforce security and ensure compliance. Setting up virtual private networks and shipping out laptops are common strategies that still leave critical boxes unchecked and could lead to a breach.

On top of this, the flatness of credit union networks means any remote user accessing the network should be isolated to prevent any harmful lateral movement of malware from their devices into the corporate network. But VDIs by definition are shared environments: the whole point is that everyone is able to access common applications.

Credit unions and other organizations have used some inventive techniques to get around this — jury-rigging VDIs to get them to perform segregations and isolations they’re not built to do. That’s not sustainable and can make adding new users to the network a long, painstaking process.

The alternative is to create virtual “rooms” for each person accessing the network: spaces where they can touch the parts they need and nothing more, using their own tools, with a complete record of what they did while they were there. That’s the premise behind the Tehama solution. We make it possible to optimize workflows and at the same time maximize security with a zero-trust environment. Basically, our solution acts as the bouncer at the door to the club: there’s only one way in for each user, and only certain places they can go once inside.

A unique opportunity to collaborate and conquer

Because of their cooperative business model, credit unions are in the unique position of being able to pool resources and join together in customizing a modern remote/hybrid working solution that meets the needs of multiple institutions instead of each one having to develop a solution on their own.

Using automation, orchestration, and user management capabilities that aren’t available with traditional VDIs, credit unions can develop productive remote work environments and third-party ecosystems for innovation and meet the full range of audit and compliance requirements. Facilitating secure, productive remote and hybrid work is more possible than many credit unions may have ever imagined — all they have to do is seize the opportunity.

Connect with us to learn more about how the Tehama solution can meet the needs of your credit union.


Shape line

Read More

Driving Better Business Outcomes with SASE

Driving Better Business Outcomes with SASE

The ‘13 Trust Principles’ of SASE enable organizations to improve their cybersecurity postures , but going it alone means taking on all the risk. Why DIY, when you leverage Tehama’s standard of service to expertly mitigate the security gaps created by distributed, cloud-enabled work environments. In the wake of the ongoing global health crisis and the rise of remote work, businesses have learned that the key to productivity and business continuity lies in the ability to provide workers with a secure connection to their offices, their cloud-based applications and the internet. At the same time, the rapidly evolving threat landscape…
The Road to SASE: Know Your Gaps & Interdependencies

The Road to SASE: Know Your Gaps & Interdependencies

Over the last year-and-a-half, SASE has become a hot topic in security circles. Gartner predicts that by 2025, at least 60% of enterprises will have explicit strategies and timelines for SASE adoption encompassing user, branch and edge access, up from 10% in 2020.  Yet, the journey toward SASE adoption is a complex one. To help businesses better understand the importance of SASE in today’s cybersecurity landscape, as well as the gaps and interdependencies that may exist for their organization along the way, Tehama’s Jaymes Davis sat down with Evgeniy Kharam, Co-Founder and Host of the Security Architecture Blog and VP,…
The 13 Boxes You Need To Check To Keep Your Enterprise Secure

The 13 Boxes You Need To Check To Keep Your Enterprise Secure

If you’re in business today, it goes without saying that you have a tech security plan in place. And because you’re aware that the threat landscape is constantly evolving, you’re probably open to ways of making that security posture even more robust. Good news: There are hundreds of credible vendors that have products and services designed to help you reach that goal. But there’s bad news, too, because those products and services cover, at best, only a handful of the vulnerabilities common to any organization that’s connected to the internet. Right now, you have an opportunity to identify and correct…
Subscribe Here!

Get Tehama insights sent straight to your inbox!