March 31, 2003

Heritage Trust Federal Credit Union turned to Dimension Data to outsource its network security.

Security managers are faced with a constant stream of viruses, security vulnerability alerts, and software patches to fix software vulnerabilities. The problem is especially acute for medium-sized businesses like Heritage Trust, which has just 10 IT managers to manage IT at 12 branches. Many IT managers are finding security to be impossible to keep up with, and many, like Heritage Trust, are turning to outside consultants to do the job for them.

"There's always something new, a new virus, a new type of attack," said Robin Ward, vice president of information systems for Heritage Trust, Charleston, S.C. "Dimension Data keeps us well aware of what we need to be doing to protect ourselves." As part of its service, Dimension Data did a sweeping security assessment for Heritage Trust last year, Ward said. It continues with quarterly security assessments, as well as around-the-clock auditing of system logs to watch for intrusions.

For Heritage Trust, the decision to outsource was made because the financial institution did not want to make the expenditure of bringing the expertise in-house.

"When you start looking at 24x7 coverage, you have to have at least three people--or more, because you cannot work three people around the clock seven days a week," Ward said.

Heritage Trust has a total of 180 employees, with about $350 million in assets and 63,000 members.

Heritage Trust pays about $5,000 per quarter for ongoing audits from Dimension Data, monitoring costs $3,000 per month.

Although Dimension Data provides expertise and staffing, the relationship from Heritage Trust's perspective isn't outsource-it-and-forget-about-it. Heritage Trust needs to work closely with Dimension Data on who is permitted to have network access over which protocols, and Heritage Trust needs to decide whether to implement changes that Dimension Data recommends.

As part of last year's initial security assessment, Heritage Trust installed Cisco Systems intrusion detection systems and redundant firewalls, Ward said.

Also as a part of the Dimension Data recommendations, Heritage Trust put its Internet banking servers in a demilitarized zone to guard against hackers using the Internet banking servers as platforms with which to launch an attack on the bank's internal network

The around-the-clock scans look for evidence of hackers war-dialing to search for modems, scan server logs, and search for applications with security holes requiring patching or reconfiguration.

Dimension Data contacts Heritage Trust in emergencies using phone or e-mail. Dimension Data rates threats as low, medium or high severity.

Heritage Trust decided on Dimension Data because they already had a prior business relationship, working with Dimension Data on a voice over IP installation.

This article originally appeared in InternetWeek NewsBreak, a daily e-mail newsletter. InternetWeek focuses on four core areas--supply chain, Web development, security, and IT services--delivering not just the news, but also analysis and insight into what really matters to the enterprise. To subscribe: http://www.submag.com