Comments
Smaller Banks Leverage Partners for Big Data Insights
Newest First  |  Oldest First  |  Threaded View
DerinBluhm
50%
50%
DerinBluhm,
User Rank: Apprentice
2/28/2014 | 10:11:00 PM
re: Smaller Banks Leverage Partners for Big Data Insights
The guy without legacy systems always has an advantage, but what if you simply get rid of your internal systems?

If you look at the complexity of banking technology, and layer in security, monitoring, auditing, DR, etc. It can be tough for a community bank to hire and retain someone qualified to run IT or afford to own, operate and maintain the infrastructure.

It is not a stretch to say (though many with a direct job in the roles will disagree) that community financial institutions under $500M and potentially up to $1B in assets should not have internal IT departments, but rather utilize a fully outsourced technology model.

There are very good companies out there performing these services now, and I would expect the usage to accelerate as end users get more accustomed to remote support while regulators push for better security and monitoring practices.
KBurger
50%
50%
KBurger,
User Rank: Author
2/27/2014 | 4:51:36 PM
re: Smaller Banks Leverage Partners for Big Data Insights
This might also spur a (mini) wave of de novo's -- new bank start-ups, where they spot a gap/opportunity in terms of markets, services, customer needs, and then can capitalize on cloud, mobile and other digital technologies (and also NOT have legacy issues). We've seen this with some digital/virtual start-ups (e.g., Simple, which is going to be acquired by BBVA), but I'm thinking "physical" as well.
Kelly22
50%
50%
Kelly22,
User Rank: Author
2/26/2014 | 8:55:55 PM
re: Smaller Banks Leverage Partners for Big Data Insights
Good point, Kathy. While many customers value the digital capabilities of larger banks, a good amount still prefer the personalized, face-to-face communications that smaller community banks offer. Those banks are in a good position to leverage modern technology to improve retention.
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
2/26/2014 | 8:24:26 PM
re: Smaller Banks Leverage Partners for Big Data Insights
I know some tech vendors are focused on this issue that you mention Derin and have gone so far as to take on a more consultative role when it comes to the SSAE-16 rules and audits since a lot of smaller banks don't have the resources/staff/expertise to handle it on their own. But that focus is going to have to grow more widespread throughout the industry to gain more confidence from the banks.
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
2/26/2014 | 8:18:51 PM
re: Smaller Banks Leverage Partners for Big Data Insights
And they have fewer layers of bureaucracy, which helps a lot when it comes to taking actions based on the insights they are getting from data and analytics projects.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
2/26/2014 | 8:10:44 PM
re: Smaller Banks Leverage Partners for Big Data Insights
A few years ago, someone from a large bank here in NY showed me a SSAE-16 report. Yikes...at least 100 pages, complicated and to a non-techie or compliance expert, an SSAE-15 report makes little sense.
KBurger
50%
50%
KBurger,
User Rank: Author
2/26/2014 | 7:04:19 PM
re: Smaller Banks Leverage Partners for Big Data Insights
Community banks and other smaller FIs potentially have an advantage because, almost by definition, they tend to be closer to their customers than are very large banks -- they know their customers better and in fact have actually face-to-face relationships with them. Obviously a generalization, but that is what we've been hearing for years. In the wake of the financial crisis many pundits suggested that smaller banks would have an advantage in terms of customer relationships and reputation (remember the movement to urge consumers to close their accounts and open new ones with community banks?). So if they can couple that advantage with modern technology that gives them the analytics and other tools that can provide even greater insight, then well-managed smaller banks should be in a very good position to drive growth and customer retention.
DerinBluhm
50%
50%
DerinBluhm,
User Rank: Apprentice
2/26/2014 | 5:53:59 PM
re: Smaller Banks Leverage Partners for Big Data Insights
Wholly agree with Bryan that community financial institutions need third-party help, but those vendors wishing to house sensitive data will need to overcome the challenges of the vendor due diligence process.

Many organizations simply lack the skills to properly evaluate the vendor due diligence documentation. A Type 2 SSAE-16 attestation report can be hundreds of pages long, covering technology processes and controls that are foreign to non-technical personnel and often beyond the understanding of more junior technology staff members.

Ultimately, if the reviewers can't explain their analysis of the vendor's information security controls to technology and regulatory auditors, then they aren't going to take the personal risk by pushing cloud services.

Vendors can improve their chances by including talking points explaining the important findings (or lack thereof) in the SSAE-16 reports. Further, sharing their actual risk assessments and security audits (even if sanitized) would take care of the heavy lifting needed to build confidence in the vendor selection decision.

As Jonathan states, the smaller institutions have limited staff. The more work the vendor does to complete the due diligence process for the community financial institution, the more rapidly they will build case studies that can be referenced by the more conservative banks and credit unions who take their due diligence efforts seriously.
Byurcan
50%
50%
Byurcan,
User Rank: Author
2/26/2014 | 2:23:09 PM
re: Smaller Banks Leverage Partners for Big Data Insights
Smaller banks definitely need to rely on third-party vendors to help perform these tasks. As Claypoole notes, most community banks don't have their own analytics department, or the capacity to mine through big data. That's why these partnerships are important.


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.