Credit unions are an important component of the financial system in the Unit ed States , Canada and many other countries. They perform many of the same functions as banks, but are member-owned and controlled. Like banks, they have a fiduciary duty to protect their clients ' assets and confidential data , and this need is even more acute because the customers are also the owners. Implementing the technical means to protect data can be a challenge to many c r edit unions as they are often smaller organizations with a limited IT staff. This makes solutions that are easy to implement and easy to administer very attractive to credit unions..


After evaluating a few different products and solutions, Drivelock was by far the best one. There were a few that were similar in concept , but not as granular or as easy to configure. I would recommend this to any corporation that wants to control access to their systems via external media. Kudos to the developers.


The Problem

Data and other confidential information from these computers creates the risks of data theft and accidental data disclosure. SFCU's Board of Directors and Joe Lio, Director of IT Operations, have always been aware of this risk, but recent privacy legislation and new regulatory requirements have made the need to protect customer data even more acute. To address these requirements, the credit union has been implementing measures to protect data. The IT department realized that an effective security strategy must include measures to prevent that data is not copied from the credit union's computers without authorization. Initial investigations made it clear that existing tools could not provide the needed protection.



The Solution

SFCU uses DriveLock to ensure that only allowed peripherals are attached to its computers. For example, tellers must be able to use USB-connected check scanners but are prevented from attaching any other device to their computers. The use of memory sticks on most computers is restricted to IT staff. This prevents the unauthorized copying of data that couId lead to the disclosure of confidential data and prevents the introduction of malicious software from removable media. DriveLock's integrated Device Scanner made it easy to identify all devices that were already in use and to create the rules required to allow their continued use.

The Result

With DriveLock, IT administrators can ensure that only approved peripherals are used and they don't need to worry about data leaving the organization on removable storage devices. Detailed logging allows Joe Lio and his staff to confirm that the policies are enforced correctly, and continued periodic reviews of the logs alert them to attempts to bypass the security policy and to inadvertent actions that may endanger data security. Users who have a business need to store files on removable media can continue to use approved storage devices without exposing the organization to the risk of viruses and other mali cious software. On the few occasions where Joe Lio has needed help with configuring DriveLock he has been very impressed with the quality and responsiveness of DriveLock' technical support.