Western Federal Credit Union

Nate Howe, Vice President of Risk Management, Western Federal Credit Union, speaks on information security governance in the financial industry

Video Transcript

…my name is Nate Howe. I work with Western Federal Credit Union based in Southern California. I am the Vice President of Risk Management

… We have about 30 branches. We’re located in eight states…

The enduser base is about 400 employees and they’re supported by 100 servers in two data centers…

… patching the operating system is critical, especially to the extent that a service available over the network could be exploited.

…But the new direction of attacking a system is also taking advantage of the files that the enduser is executing and that may be the PDF files, the Word documents, running Flash within a webpage, so it became critical for us to also find a tool that would patch those third party applications and utilities, whether it be QuickTime player, WinZip, Flash, Office. For us it meant a lot more than Microsoft patching and that’s where BigFix came in.

… we evaluated about five competitors and we brought our security side and our IT side to the table because both of those organizations would be using the tool. And through demonstrations, making an evaluation matrix and scoring, and getting down to our finalist, at the time labeled BigFix, eventually that becomes the IBM Endpoint Manager.

really became the winner for us because we could see it patch a system in realtime, we could report metrics, and we just became very impressed with the technical support and the engineering support provided…

One of the responsibilities in my area is to prepare for annual audits. … we’re able to better generate the inventories that they want to see, the list of our top vulnerabilities, and also demonstrate to them the metrics that we report every month to our oversight committees.

… we now have clean vulnerability scans and that makes our regulator more comfortable when they come in and look at our operations.

…We’ve also been able to use the tool to get a better inventory of installed applications. That helps us with software licensing. Make sure that we’re not out of compliance with those software agreements. And if somebody may be using unauthorized software on their workstation, I can have an administrator then schedule and remove that offending software. We’ve even used BigFix at times to deploy software and to deploy files to the workstations that we wanted our employees to watch for training.

… we were conducting a software conversion and that is a conversion of our transaction system for the financial institution …
we actually used BigFix for software deployment to put those new updated client tools at every workstation. We never could have done that manually, especially with some branches located out of state and no IT staff. … our future plans involve doing a lot more than we have been doing. …
For example, with Power Management, … overnight when no employees are using that system, I can schedule it to be turned off, but then also have it turned on again when they come in, in the morning. …

…The biggest benefits of this solution for us are doing more with fewer people. We actually have a single administrator dedicated to the BigFix system, patching the integrated anti-malware tools that are in that same view. So it’s not that our environment has become less complex. It really is very complex behind the scenes. But with that single view into all those different aspects of the system and the security having one staff member managing the patching for the 600 systems, it really allows us to kind of stay ahead of problems…

… we can focus less on infrastructure, …. And we focus more on business applications and enabling business automation. That’s really where our talent should be focused at this point now that we have the workstations under control.