Cloud computing is here to stay. As part of their ongoing technology education series NAFCU recently hosted Ventura County Credit Union (VCCU) CIO, Chad Ritchie, Amazon Web Services (AWS) Enterprise Strategist, Mark Schwarz & Think|Stack CEO, Chris Sachse, and for discussion around Credit Union Blueprints for Secure Cloud Strategies.
The overall tone was that credit unions must act with more urgency to adopt a cloud first and security strategy to prepare for any future disasters or disruptions. Members are relying on you as their trusted credit union to be ready.
Wherever you are on your cloud adoption journey, here are some best practices and trends to discuss with your team.
Thoughts & Trends
- The adoption of a cloud first strategy is not a sudden revolution, it is an acceleration of a trend that has been slowly happening within the credit union industry but more rapidly outside of it. It’s time to take this opportunity to catch up to fintech and big banks.
- The “digital experience bar” has been set from outside the credit union industry by cloud native and enterprise companies. Members and employees expect a simple and engaging digital experience. To remain competitive it is essential for credit unions to have a platform that allows for agility and resiliency. It’s a matter of relevancy, not a choice.
- Too much of cloud and security strategy around the leadership table and boardroom is rooted in negative language, “we have to move to the cloud and secure our credit union” can be shifted to “we get to take advantage of the same tools and services that are available to enterprise level companies”, transformative technology is available to organizations at any scale.
- If this year has taught us anything it’s to accept that we don’t know what’s coming. Disruption comes in many forms, a pandemic, a natural disaster, a security breach, losing a key team member. Regardless of the disruption, you need to know your technology will not add to your problems in in a time when you need it most.
- Elasticity, agility and flexibility are fun words for digital transformation buzzword bingo, what they really mean is having a vision, strategy and plan in action to be able to guarantee no discontinuation of services and ongoing improvement of your member experience.
People & Culture
- Transforming and evolving your infrastructure and security to ready for innovation may require radical culture change and there is no one size fits all. You need to design and define a mission statement for your transformation that is unique to the organization you are in.
- Your goal is to develop a simple and seamless experience for members and an invisible and painless one for staff. Once you have a clear vision of that future state, engage your peers, vendors, and team to develop a communication strategy that can articulate your mission to non-technical people throughout your CU.
- Look around your organization and vendor landscape and ask who can add value to your process, the ones that challenge you and want to be part of the development and communication of your plan are the most valuable.
- When you show desire to improve employee’s day to day work lives and solve their problems with technology you’ll get their buy in. Involve everyone in your organization, including your members and your vendors in your process. Journey map and document the experiences they are having and listen to recommendations.
- Foster a culture of failure acceptance because you will make mistakes. Neither people nor technology are perfect, and both will present pitfalls. Engage in open, honest conversations, learn, and move on quickly.
Tools & Technology
- “Moving to the cloud” is ambiguous and can suggest a heavy lift. However, like any technical tool it is something people can learn and there is a vendor landscape with certified professionals available to support you through the process.
- Cloud strategy doesn’t always mean expansion. Having a flexible environment also allows you to scale down to save costs. It allows you to constantly align your resources with your business needs.
- Adding software with fancy features and functionality into your environment may seem like a fix but do they solve a business problem and tie into your long-term vision? “Frankenstein” technology environments with disparate and often redundant software and hardware will slow your CU down in the long run.
- Technological tools exist to support humans, not the other way around. Identify the areas in your CU where technology is causing friction and undergo short projects with tangible outcomes that will overcome your issues.
- Many vendors offer risk free, often credit covered test environments for cloud and security strategies that can solve business problems and eliminate process friction, reach out and ask about funding and proof of concept programs.
Security & Compliance
- “The cloud” terminology suggests a mysterious, unknown place in the sky. So, it is understandable that it can provide some peace of mind to know your data is sitting in machines you can see and touch. However, many of the digital tools and services you use are currently using are web based, and already hosted in the cloud. It’s time to be comfortable with what you cannot see and touch while putting necessary safeguards in place to be secure and compliant.
- The question is not how you can be secure in the cloud, but how can you hope to be secure outside of it? Public cloud providers have spent millions of dollars on their infrastructure and security, providing constantly updated environments that follow strict compliance frameworks. Some of the largest corporations in the world, including government agencies trust these cloud infrastructures to secure and support everything they do.
- Technology selection supports your security posture not the other way around and taking focus off relying on and blaming the technology and putting it back on organization means you can govern IT rather than letting it govern you.
- Credit unions are not designed to protect data but are in that business, acting as custodians of your members most sensitive information. The building of an in-house security program that supports 24/7 threat detection of anomalous activity is both expensive and unrealistic. It is pertinent to find security vendors outside of your organization to partner with that support your security posture properly.
- Ultimately your credit union security posture is your responsibility. You have to make decisions that are reasonable for your risk tolerance and ensure that where ever your infrastructure is housed and whichever software you select you have staff or vendors that understand the necessary security configurations and how they relate to compliance models to secure the tools you are using.
“Here is the one metric that truly matters: Digital transformation = dramatically increased speed to market. How you define that is by how fast your organization can get meaningful solutions and experiences rolled out to your members, community, and staff. Everything else falls under that: Innovation, disaster recovery time, net promoter score, capabilities, assets, even the financials are impacted by it.” - Chad Ritchie, CIO, Ventura County CU.
WE TRANSFORM & PROTECT
We Transform & Protect by putting People Before Technology. We are a Managed Service Provider focused on cybersecurity and cloud solutions that support digital transformations. We believe that the technology your business relies on should be used to drive transformation and lead to a seamless user experience. In uncertain times it’s important to partner with people and companies you can trust. Think|Stack was built to handle the unpredictable, to help those who weren’t.
If you’re unsure what to do next or if you have questions about your technology, our Think|Stack tribe is here to help, contact us anytime.
About the Author
Chief Growth Officer