Post on 24-Jan-2017
transcript
DATA PROTECTION FOR CREDIT UNIONSA Peer Supported DiscussionOctober 20, 2016
MEET YOUR MODERATOR
Lee Bird, President, Btech
Btech specializes in affordable, managed IT security services for credit unions.
Btech works with over 120 credit unions throughout the United States. Btech helps credit unions meet compliance goals by implementing and managing security services.
John Lockie, AVP of Infrastructure and SecurityCaltech Employees FCU
Rick Menjivar, Chief Information OfficerChaffey FCU
PEER PANELISTS
Credit union landscape
Data loss threats
Methods to protect data
Compliance
Technology choices
Q&A
AGENDA
Increasing complexity of IT environments
Hyper-growth of data and applications
Protection of electronic member
information
Compliance requirements for
data retention/destruction
CREDIT UNION LANDSCAPE
Accidental Deletion
Viruses, Malware, Ransomware
Natural Disasters – Storms, Floods, Fires
Power Outages
Hardware Failures
WHAT CAUSES DATA LOSS?
Determine RTO (Recovery Time Objective)
Define RTO for all dataUse the appropriate data protection technology based on the required RTOProtect all data
1.
Determine Onsite vs. Offsite Requirements
Onsite for DR’s or data loss where site is still availableOffsite for DR’s where access to data center isn’t possible“Out of the region” – Compliance requirements
HOW SHOULD I START PROTECTING DATA?
2.
WHAT DO I NEED TO KNOW ABOUT COMPLIANCE?
NCUA Rules – Do you know them?
Encryption of electronic member
information
Measures to protect against destruction, loss or damage of
member information
Regularly test the key controls, systems and procedures of
the InfoSec program
Gramm-Leach-Bliley Act (GLBA)
DO THESE TECHNOLOGIES COVER ALL MY DATA PROTECTION NEEDS?
Challenges with these technologies
• Regularly scheduled backups
• Unattended
• Multiple Copies of the same data
• Multiple retentions over a pre-defined period of time- Daily, weekly, monthly, annual retentions
POINT-IN-TIME BACKUP
Slow
WHAT ABOUT BACKING UP TO TAPE VERSUS DISK?CHALLENGES WITH TAPE
Tapes need to be replaced annually
Transfer of tapes off-siteAre they out of the region? The cost for an offsite storage vendor
SecurityHow many people are touching my tapes?
Tape auditAll tapes must be accounted for, all the time, otherwise must report possible loss of member information.
•Cloud for DR if region is affected
•Cloud so that protected data is out of the region
•Site replication or CDR for low RTO
•Can have a local copy for quick recovery
WHAT DOES CLOUD BACKUP BRING TO THE TABLE?
vs.
PUBLIC PRIVATE
• Identify all data to be protected
• Break down data recovery into RTO’s
• Have multiple data points for recovery
• Data must be out of the region
• Data must be encrypted
• Solution must be unattended – What does this mean?
SUMMARY: WHAT ARE DATA PROTECTION “MUST-DOs” FOR CREDIT UNIONS?
QUESTIONS FROM ATTENDEES
We created a quick checklist for you to get a real Data Protection Score
IS YOUR DATA PROTECTED?
RESOURCES
Compliance Datasheet Comparison Card
All attendees will receive resources in a follow-up email
Data Protection Checklist
THANK YOU!Lee Bird, President, Btech221 E. Walnut Street, Suite 138Pasadena, CA 91101626-397-1045 | leebird@btechonline.com