Getting expert helpSometimes the best way to get the strongest IT security is to rely on outside experts for help.
That was the solution when Citizens Business Bank sought to upgrade its IT security. Instead of asking its IT staff to work harder, it decided to have them work smarter, using automated solutions, outsourcing security management, and Web-based modules to improve its training program.
As the only bank headquartered in Southern California’s Inland Empire region, Citizens Business Bank is 30 years old. It has assets of over $6 billion, 800 employees and 44 commercial banking centers throughout Southern California and California’s Central Valley.
“All the way to the Board”Like all financial institutions, Citizens is faced with a constantly changing regulatory environment that affects not only what it must report to regulators, but how it keeps customers’ information safe.
Even more important, the bank understands the need to let customers know that their information and their money is in safe hands—especially in these times, when hackers and cybercriminals are increasingly targeting banks and other financial institutions. This is why security is taken seriously at the very highest management levels, explains CIO Elsa Zavala. “Information security is an issue that goes all the way to the Board of Directors,” she says. “I provide them with a quarterly report on where we stand from a security perspective, and I’m proud to say that they are personally invested in ensuring the safety of our customer data.”
Security gained even more importance when Citizens launched Web banking and decided to manage online banking services as an in-house, rather than outsourced, operation. “We needed to build an infrastructure strong enough to maintain system integrity no matter what,” Zavala says.
Centralizing with SymantecCitizens began by having Symantec conduct a comprehensive security assessment, and devise a new security architecture to give the bank rock-solid protection. Citizens also chose to centralize management responsibilities for the new infrastructure with Symantec Managed Security Services. “I didn’t want to increase my staff and develop their expertise for 24/7 coverage on the latest and greatest security threats,” explains Zavala. “We wanted to depend on experts to manage this for us.”
Automation delivers improved security at lower costsDuring the security assessment, Symantec found that automation could both improve security and free staff time. As a result of the assessment, the bank deployed Symantec Control Compliance Suite in 2006. Citizens previously had two employees spending about half their work time preparing for audits and assembling compliance documentation; they can now be deployed to perform other, more strategic tasks.
Citizens also replaced its previous email security and anti-spam solutions with two Symantec Mail Security 8260 appliances. After deploying these devices, email volumes dropped 95 percent because so much spam is now being screened out. Because the appliances are inside the firewall, they help reduce the time spent managing spam.
Revamping trainingOnce the bank had addressed the software and management side of its IT security and compliance issues, it turned to the people side. The bank decided to change its approach to training employees about IT security. Traditionally, the bank had assembled employees at a central location for live training, an expensive proposition. Some employees invariably missed the training and those who went did not always retain information throughout the year.
Instead, the bank deployed the Symantec Security Awareness Program in January 2007. These are self-guided Web-based modules with questions designed to test understanding and promote retention. Bank employees can take this training at their convenience, but are required to complete one module a month. After the program was deployed, the bank saw immediate benefits. Not only does the new program produce savings on travel expenses to in-person training, but more employees are able to participate, and their comprehension and retention of the material has also increased.
Millions in savings
Outsourcing security management to Symantec and automating security tasks resulted in more than $4.4 million in savings for Citizens Business Bank, according to an analysis by The Alchemy Solutions Group
, using its Total Operational & Economic Impact (TOEI) methodology. Savings include:
- More than $2 million in labor cost and cost avoidance for having Symantec Managed Security Services monitor and report on Citizens’ security
- Nearly $845,000 in savings using Symantec Critical System Protection to monitor Citizens’ network
- More than $200,000 labor costs saved using Symantec Control Compliance Suite to provide automated compliance information instead of having IT staff do it manually
- More than $2.2 million in labor cost savings from deploying Symantec Mail Security 8260 appliances
- More than $20,000 in cost savings from using the Symantec Security Awareness Program to replace in-person training
One key benefit Citizens sought from the outset was to forge a partnership with a trusted vendor who could provide dependable round-the-clock assistance to all the bank’s many locations. Creating that kind of relationship has everything to do with how Citizens itself does business. “We pride ourselves in relationship banking, and really knowing what it takes to take that relationship to the next level,” Zavala says. “Our experience has been the same with Symantec.”
To read the Citizens Business Bank Business Value Analysis Study, click here