How Small Credit Unions Can Handle Cybersecurity with the Cloud


By Michaline Todd, CMO of

With the latest change in administration, Washington will be taking away some of the cost burden for banking industry but cybersecurity is getting more strenuous and hackers are getting more aggressive. In the coming years, there will be more regulations from the federal government and more strenuous rules from state governments  as well. It’s not just the big banks that will be impacted by these changes – it’s the smaller financial institutions too.

Steve McAtee, CIO of Vibrant Credit Union (VCU), has worked to keep pace with the rapid changes in the industry.  Keeping pace and not blowing up the credit union’s IT budget is a challenge. Like most other small credit unions, Vibrant was trying to do more with less and they implemented’s security platform (ESP) to help with the pain of annual audits and continuous monitoring for vulnerabilities in their Amazon Web Services (AWS) environment. has helped monitor VCU’s environments and helped the organization remain compliant throughout their year plus partnership.

Over the next few years, Steve sees more regulations from the federal government coming down the pipe. The FFIEC Guidelines will be the biggest change and challenge for the banking industry that will shape their regulatory success for cloud adoption. “How do I achieve compliance for this benchmark in the next year or two? – By leveraging the security of the cloud,” Steve said. In the next year, Vibrant will need to be in an SSA16 compliance everywhere and Vibrant will leverage to get there. Steve sees his Cloud spend as a regulatory spend and not a technology spend.

Most institutions, banking included, will see a significant push on the industry for colocation hosting, and on premise data centers will have to prove they are compliant. This might force a change in the industry because costs are just too high. The cloud is a cheaper, more efficient option for compliance and data storage and that’s why most organizations are making the move. “Of course, I would love to have twice the security staff and three times the budget to meet these standards, but that’s not always possible. So, ESP makes it possible for me and my team to move along the maturity model much faster than my peers without relying on budget and resources that aren’t available.”

Over the last year, has helped Vibrant Credit Union to quickly find and remediate bad actors and threats in the cloud, ensure proper encryption of member data, and strengthen their security and compliance posture. With ESP’s automated security platform, Steve is able to provide a stable secure banking platform and lower costs in an organization with a small staff and limited resources. The current cost model of ESP also allowed Steve to trim the product offering to fit the specific needs for a credit union in the AWS environment.Steve is able to deliver better value-add solutions creating security, matching regulations and meeting customers standards for highly secure highly accessible banking services. Steve says, “There are just not enough hours in the day to go through all of the information and checks manually that ESP can automate.”

As businesses grow and take on more assets, they are taking on more risk as well. More assets means that financial organizations have more regulations and rules. has allowed Steve to take on more.