As an outsource security partner BAI provides managed security, managed firewall, managed ids, content filtering, internet security, network security, penetration testing, and vulnerability testing.

The clear message from banking regulators in their Senate testimony is: Banks are hurting.

The follow-up question is: Exactly how badly are they hurting, and how will their pain trickle down to impact information security programs and priorities?

By the FDIC's estimate, 90 of its institutions are currently on the so-called "Problem Bank List," up from 77 at the end of last year. These are institutions that theoretically could fail, but which more likely will be bailed out to weather the economic storm.

But just because the institutions survive doesn't mean they'll thrive anytime soon, and that reality impacts security programs in several ways:

Resources will remain tight - indicators are that no one is likely to get any additional headcount or discretionary spending budgets, and there is going to be extra scrutiny on dollars spent and projects pursued. This condition suggests a couple of points to consider:

Security leaders are going to have to make a stronger business case in favor of their key projects. Security for security's sake won't cut it; the projects that get funded will be the ones that are defined in the greater context of the institution's business.

Security leaders also may have to think differently about how they manage risk. What are the strongest, most immediate threats to your institution and customer trust (identity theft, phishing) vs. those that might feel a little more distant (i.e. pandemic). Not quite life/death, but security leaders are going to be forced to make some tough decisions between the risks they mitigate and those they put on hold.

Outsourcing will flourish - in tough times; businesses focus more on their core competencies, and outsource non-essential tasks and services. This means more reliance on third-party service providers – such as Managed Security and the growing managed IT services industry as a whole.   Specifically, Managed Security tops the outsourcing list of priorities in an effort to help ensure organizations are not subjected to a breach at this particularly sensitive time. 

The Big Will Get Bigger - in terms of mergers & acquisitions, this is a great time to be an acquiring bank. There are plenty of struggling institutions ripe for the picking. But whether an acquirer or an acquiree, one must be mindful of the role information security and regulatory compliance must play in M&A activity. Customer trust is the critical success factor for any banking institution, and it's at risk today from the security threats that plague banks. Security can't just be part of the discussion in an M&A; it has to start the conversation.  The benefits of a comprehensive security audit are very real for both parties.

Compliance Feels no Downturn - no matter how many institutions are on the "Problem Bank List," the Identity Theft Red Flags Rule compliance deadline is still Nov. 1. This is the ultimate reality facing banking/security leaders: No matter how harsh the lending crisis or how rocky the economy, identity theft, business continuity and vendor management are still regulatory compliance mandates that won't go away, or for which institutions will be given an extension or a break.

And, really, isn't that the bottom line? It doesn't matter what the regulators say the "State of the Banking Industry" is, or whether your institutions are in or out of the proverbial woods. Compliance is the mandatory destination-- it's up to you to figure out how best to get there.