BANK OF CHOICE USED THE RIGHT TECHNOLOGY RIGHT/Experts' Perspectives
Lenhoff, Alan, Euston, Gerry, Fisher, Dan M., Nason, Jonathan, Independent Banker
SECURITY THREATS INCREASED WHEN BANK OF CHOICE EXPANDED TO BECOME A STATEWIDE INSTITUTION. HOW DID IT MEET THE CHALLENGE?
In 2004, Weld County Bank, a community bank in Colorado's Evans-Greeley area, became Bank of Choice. During 2005-2006, Bank of Choice acquired banks in Fort Collins, Windsor and Arvada. Bank of Choice became a billion-dollar institution with 19 branches statewide, including several in Denver. As its assets and customer base grew, so did the risk that the privacy of its customers might be breached.
Dan Barbattini, vice president and IT director for Bank of Choice, was faced with the challenge of satisfying the requirements of the Gramm-Leach-Bliley Act of 1999 (GLBA), which protects the privacy of bank customers. He was also faced with the crucial task of establishing trust and confidence among thousands of new customers at a time of critical growth for his organization-and at a time when identity theft and other forms of fraud have been increasingly prevalent concerns among bank customers and the public in general.
Defining the Challenge
Having brought four community banks together under one holding company, the 300-employee Bank of Choice needed to consolidate systems while protecting and securing customer data. It had to implement security at all 19 branches of the bank, centralize protection for the bank's customer information, deploy uniform desktop systems throughout the bank and achieve compliance with GLBA.
"What I found," Barbattini notes, "was that not all of the community banks we acquired had in place the same standards that we did for technology to protect the bank and their customers from a security perspective." It was necessary to bring the newcomers up to snuff by joining together the systems with maximum effectiveness and efficiency.
To that end, Barbattini focused on consolidating the 19 locations; reducing the number of endpoints; and establishing perimeter security, patch management, centralized data protection and other attributes of a GLBA-compliant entity. He began by evaluating the IT infrastructures and outsourcing contracts of all the acquired banks, and then finding the best ways to bring the disparate branches into new vendor relationships strategically chosen to meet the needs of the organization. He also brought the separate branches into the main data center, which became the single endpoint in a robust DS-3-based wide area network (WAN).
As part of meeting his objective, Barbattini developed a strategic relationship with Symantec Corp. and its business partner Advanced Internet Security Inc. This enabled Bank of Choice to implement virtualization-based solutions for data protection, endpoint securities and systems management. Working with those partners, the bank created a virus-free environment that is manageable from a single console for all sites. The software provides proactive threat protection for branch systems, content filtering and spam prevention. It enables a multi-layer security strategy, from gateway to desktop, including protection for the portal environment, spam identification and filtering, disk-to-disk data backup and recovery, and hot backups for open applications (thus eliminating "backup windows").
In short, Bank of Choice was able to standardize security, backup and client management practices throughout the networks of the newly acquired institutions. "We were able to take four separate banks and 19 locations and make them work efficiently," Barbattini notes. "That's return on investment."
A Real-Time Test
Part of that return on investment can be measured tangibly. The system saves 20 hours per day in back-up administration across the network. The ability to deploy client desktops in about 20 minutes, Barbattini estimates, saves about 80 hours per month. This amounts to time savings of 8,640 employee hours a year or approximately $245,000. …