Technology

Core Operations Move to the Cloud

Even larger CUs—once skeptical due to security concerns—are taking a closer look at the cloud.

January 01, 2012
KEYWORDS cloud , data , processing
/ PRINT / ShareShare / Text Size +

Security concerns

Credit unions and vendors alike appear leery of using the public cloud or a hybrid for mission-critical, member-sensitive data and applications. Their opinions about running these operations on a private cloud are mixed.

Any type of cloud application currently appears too risky to carry member data for $1 bil­lion asset Numerica Credit Union, Spokane Valley, Wash., according to Kelley Ferguson, vice president of IT. Numerica uses only in-house solutions to ensure it always has access to applications while maintaining control of sensitive member information.

“There will always be people who claim to have secured your data,” Ferguson says. “But when it comes down to it, it’s still our data on your servers and your network. So while the concept is great, it’s just not the place for us.”

University of Kentucky Federal Credit Union, at $403 million in assets, also has ruled out cloud-based core processing at this time, says Kathy Begley, vice president of operations and credit.

All five of the credit union’s branches are within the Lexington area and each is within 10 miles of at least one other branch. Proximity, she says, makes a point-to-point connection the most efficient and reliable way to share applications and data delivered by the credit union’s in-house Symitar core processing system.

The credit union currently uses hosted applications that rely on private cloud technology for its timekeeping and credit card systems. Home banking will move to a hosted solution in the near future even though it will be considerably more costly than the existing in-house solution. The vendor has aimed all upgrades at hosted solutions.

Control issues

Dallas Telco Federal Credit Union in 2009 moved from an in-house solution to Symitar’s Ease product—a remote hosted core processing solution that fits the
definition of SaaS. Gary Doan, vice president, IT, says the credit union accesses core processing via a secure virtual private network (VPN) through the credit union’s Internet connection.

All data funnels through the $118 million asset credit union’s core processing router, supplied by Symitar, and connects only to the router at Symitar’s data center in Lenexa, Kan. The connection stays secure through VPN encryption.

“To me, it’s just as secure as point-to-point because if you can break down a secure VPN encryption, then you can get into a point-to-point,” Doan says. Arrangements with multiple Internet service providers create a backup for Internet failures.

One disadvantage of an outsourced approach, says Doan, is the loss of control. Dallas Telco Federal must rely on Symitar’s service desk, for example, when stopping and starting its internal connectors.

Switching to an SaaS that relies on shared capacity also meant giving up customized reports and made it impossible to accelerate the timetable for specific tasks or reports, since the system is shared by other credit unions.

“Because it’s a multicredit union server, the rules for all the credit unions are the same,” says Doan. “That can be a benefit because it forces you to think about your business processes. Nine times out of 10, the software you have will do everything you need.”

Other benefits of an SaaS approach for core processing, says Doan, include:

  • Significantly reduced compliance burdens, since the core processing vendor must meet regulators’ standards;
  • Savings of at least $10,000 annually in hardware purchases;
  • Lower staffing workloads; and
  • A high level of business continuity because the credit union can retrieve all data from the vendor.

A shift toward hosted solutions

The growing appeal of SaaS core processing is reflected in its greater acceptance among credit unions of all sizes, according to core processing vendors.

Ed Miller, Symitar’s director of operations, says small credit unions that were unable to affordably operate in-house core processing were the first to sign up when the vendor’s EASE product launched in 2003. Now, he says, “We’re seeing a trend toward the largest credit unions being interested in this service.”

The shift toward hosted solutions was also noted in two recent reports—“Core Banking Solutions for Large Credit Unions” and “Core Banking Solutions for Small Credit Unions”—both from financial research and consulting firm Celent. Many credit unions lack the economies of scale needed “to properly operate a robust in-house core processor,” notes Celent, making it more cost-effective to use a hosted approach.

The CoreSoft core processing platform, from VSoft Corp., is available as an in-house, outsourced, or cloud solution. Murthy Veeraghanta, chairman and CEO, says VSoft’s private cloud solution uses the same software as its outsourced solution. VSoft is still waiting to learn whether regulators will have specific requirements related to the use of cloud computing, he says.

Credit unions could see new providers enter the market, according to Jason Mendenhall, executive vice president of Las Vegas-based Switch, which builds and operates the world’s most powerful data center and technology ecosystems—the Switch SuperNAPs—and provides colocation, connectivity, and cloud services to national and multinational companies conducting mission-critical business. Switch SuperNAP is a CUNA Strategic Services alliance provider.

“The SaaS model really requires that the core processing provider develop new applications or re-architect their application to support a ‘salesforce.com’-like experience for its customers,” Mendenhall says. “Not every existing provider has undertaken that effort, but new providers are starting to emerge that will provide this type of solution for credit unions.”

Next: Bending toward the cloud

Post a comment to this story

Credit Union Magazine

Credit Union Magazine

October 2014

What's Popular

Popular Stories

Recent Discussion

Your Say: Have You Ever Suffered a Denial of Service Attack?

View Results Poll Archive