|Securing e-mail in the cloud (January 2009)|
It was 2006. Jay McLaughlin was hired to head IT and immediately saw some operational areas he wanted to fix at $1.5 billion assets, Orlando-based CNLBank. Few were more pertinent than e-mail security.
“Information has to be encrypted to meet GLBA compliance and for practical reasons,” McLaughlin says, referring to the Gramm-Leach-Bliley Act.
By last November, the senior vice-president of information technology had evaluated several vendors and had nearly decided about the contract. The bank was coming up on an audit and the information SVP wanted to make sure that day-to-day electronic communications weren’t exposed to viruses or other threats that might not sit well with examiners.
McLaughlin had full authorization over both the security and architectural purchases, which made his project management and purchasing process more manageable than many big banks experience with their numerous layers of technology personnel.
“Management of e-mail needed to be automated,” says McLaughlin. “I wanted a full range of encryption and monitoring functions. It’s hard with a small staff to stay on top of new virus signatures and other threats.”
One vendor on the short list was San Carlos, Calif-based Postini. “We looked at several vendors with offerings but liked this firm’s products,” he adds.
Adding to the appeal was the September 2007 acquisition by search engine juggernaut Google. In the days of McLaughlin’s e-mail security product evaluation, Google had joined the chorus of premier technology firms promoting a methodology known as “computing in the cloud,” that is, rendering a given IT function into a utility of sorts to be remotely consumed by a bank. (See Webnotes, Sept. 2008, p.50.)
Generally, says Google Apps Security product manager Adam Swindler, the upside of this approach includes the ability to easily move virus monitoring, spam protection, and software updates outside the bank, which allows a lean bank IT staff to concentrate on strategic projects.
Of course, in one sense, that is the value proposition of any outsourcing contract, but there are inherent efficiencies in this particular form of technology consumption, offering as it does a particular brand of component computing that lets a bank control everything behind its firewall except the outsourced task in question. It’s also a very affordable way to go.
There are other perks. Since the majority of e-mail is spam, removing it before it hits internal systems (something a cloud approach supports) reduces network traffic and, therefore, hardware requirements.
Moreover, Google’s real-time monitoring of billions of connections daily means that internet schemes spotted in the most remote folds of the web can be quickly screened against.
“There are other fringe benefits,” says CNL’s McLaughlin. “For example if there is a hiccup and e-mail goes down for a while, the application saves all incoming, consumer e-mails,” he says. “None of them will bounce, which could be embarrassing for the bank.” Reports, he related, are also intuitive and easy to obtain. “Basically, I’ve got all these e-mail security specialists working for me without the staff.” BJ
The electronic version of this article available at: http://lb.ec2.nxtbook.com/nxtbooks/sb/ababj0109/index.php?startid=34
| TechTopics Plus