Community banks often are faced with a unique challenge. On one hand, the declining cost of technology levels the playing field, enabling community banks to leverage the same tools used by their large bank competitors. But on the other, new technologies require IT executives and staff who hold very specific skillsets.
To answer this challenge, one solution many banks have incorporated is partnering with a vCIO from a bank-focused managed services provider. Doing so supplements their in-house expertise and ensures the bank is strategically pursuing its technology needs.
What is a vCIO?
A vCIO, or virtual chief information officer, gives community banks access to experienced and knowledgeable individuals who can complement bank staff or fill holes that are open due to budget cuts or lost talent. vCIOs are seasoned professionals who can provide guidance, perspective and recommendations across multiple complexities, including M&A, core conversions and IT audits.
While each community bank has unique circumstances, there are a few questions vCIOs hear most often, four of which relate to overall IT strategy.
1. What do I need to know to successfully leverage “the cloud” at my bank?
One of the biggest misconceptions about cloud services in the banking industry is that cloud technology will automatically save the bank millions of dollars. While banks do usually save money by moving to the cloud, the impact varies depending upon the level of services required and the number of those services that are hosted remotely.
In the simplest terms, cloud costs are being transferred from large capital expenditures in institutions or data centers, but the cost is morphed into a monthly recurring expense to a cloud provider. This can result in lower capital costs, but increased operations costs. Despite increased operations costs, great advantages are gained since cloud technology enables a bank to:
- Scale quickly to accommodate growth
- Quickly ramp up new services
- Streamline maintenance and software updates
2. What level of communication is needed between IT staff and the board of directors?
It’s crucial to establish a strong level of communication between IT and the bank’s board and executives. Since regulators hold the board ultimately responsible for managing risk and vulnerabilities as well as guiding the bank’s strategies, the directors need to know as much as possible about the bank’s IT and cybersecurity circumstances. That’s why IT managers must clearly outline the risks present in the current infrastructure, as well as plans to address vulnerabilities.
In addition, since the board sets the bank’s long-term strategy, IT managers who can present strong business cases for new services or tools—whether back office or consumer-facing—will receive stronger support when purchase decisions must be made.
3. Should I upgrade my work stations to Windows 10?
The short answer is, it depends. Banks use many applications and peripherals, and each is upgraded to work with Windows 10 at a different pace. The best thing to do is test the OS before you implement it in a live production environment. Load at least one test workstation with every single bank application and peripheral, then run tests and simulate the demands that will be put on the workstation on a daily basis to see what works and what doesn’t.
If your bank is buying a new workstation, also consider getting a Windows 10 license that permits downgrading to an older version of Windows should the environment prove less than beneficial to the bank.
4. I want to allow my users to have remote access from home and on their smartphone. What do you recommend?
The biggest issue with Bring Your Own Device (BYOD) is establishing the related security and access policies to ensure no unauthorized parties can access sensitive bank systems. Auditors want to see a layered mobile device management approach for PCs and mobile devices that outlines the various levels of access as well as emergency response and remote wiping policies in the case of a lost device or terminated employee.
As a result of strategically evaluating the individual needs of the bank, some institutions require staff to use only bank-owned devices (laptop, tablet, smartphone, etc.) for accessing their network. If your bank decides to allow BYOD, implement clear policies on how such devices will be kept secure, including such common factors as one-time passwords and multifactor authentication (MFA) to access remote servers.
Also, consider which devices are allowed access, and determine how to containerize bank data from personal data, since the IT department must be able to wipe bank data from devices while leaving personal data intact.
Check Back for Part 2
Check the CSI blog next week for more common questions vCIOs receive about cybersecurity and fraud.
Russ Furze serves as a vCIO with CSI Managed Services. Russ has worked in Information Technology for nearly three decades. He has expertise in Information Security, business continuity, disaster recovery, cloud computing and vendor management.