Community Banking and their layers of security. . .
Michael Hartke’s first post as Executive Vice President!
Thinking back to my first talk to security professionals in community banking almost 10 years ago, the question continues to this day. First some background… infotex was moderating the Indiana Bankers Association Security Conference when one of the scheduled speakers had to cancel last minute due to illness. We gathered our partners and rushed to restructure the speakers’ talk into a panel discussion. To be honest, I don’t recall the topic of that round table, but what I do remember was the last question that closed out the panel and that day.
I started the presentation by going through the slides I had learned that day as we reworked the talk. Looking back, it wasn’t my best presentation, but hey, at least I’d be forgiven for my misgivings considering the circumstances.
After I turned the floor over to the panel, I joined them as the last panelist. Due to that ordered arrangement and the quality of experts that jumped in to help, I often didn’t have much to add to the great answers already provided by the time the floor was mine.
Of all the details of that day I had forgotten and the ones that remain, the last question is a memory that is clear. “How many layers of security are appropriate for a community bank?”
After the fellow panelists fielded that question with the same professional acumen they had previously, one noted that security is like an onion… you’ll want many layers protecting the ‘heart’, another started discussing the actual technical controls you’ll want to have in place (SIEM, SOC, IDS, IPS, etc.). Again, when it came to me, everything had already been said but it was because clearly there was no “silver bullet”. As much as we all want one, it just doesn’t exist and when we become complacent thinking, we have one, that is when we lower our guard.
After the usually long-winded answers of the other panelists (for good reason, it’s a complex question) and the fact that it was clear there was no easy answer, I simply said “Five. Five layers”. The audience started laughing, they recognized what I had from the time the question was asked, to me – the final panelist.
I went on to qualify my answer by saying that the other panelists had answered the question well already and I had nothing to add except for the irony that we will never be able to answer that question in the way that I did.
Since then, we have seen some awesome advancements in EDR, XDR, MDR technologies, Zero Trust, NACs, etc. One thing they all have in common is that they are considered valuable layers in that security onion.
Original article by Michael Hartke. Executive Vice President, infotex
Interested in our services? Visit offerings.infotex.com to request more information!