/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBy Vishal Dhupar
BANGALORE,INDIA:The current economic condition has added increased pressure on financial institutions to ensure enhanced risk management and transparency whilst providing a more efficient cost and overcoming hurdles as a result of the ever changing and consolidated financial ecosystem.
Information is at the nerve centre of such institutions today and enterprises must ensure they have effective control to ably manage and secure this information. This will enable them to be protected from internal and external threats in turn keeping their reputation intact, to comply with regulations and policies and to acquire new customers while retaining existing customers.
Today, banks are operating in environments that are highly regulated and security of customer data is a priority. Security and privacy of information remains a deciding factor for customers to choose providers. As a result, data loss prevention (DLP) technologies are becoming increasingly imperative amongst financial institutions. Some of the other drivers for DLP include demonstration of scrupulous data protection standards and protecting the reputation through negative media coverage resulting from a data breach.
The increased anticipation of protection indicates that there is more to lose. In fact, a recent study by Symantec has shown that Indian enterprises rate cyber security as their primary issue and cyber attacks cost Indian enterprises an average of over INR 58 lakh.
Aside from the issues related to a reputation breach or competition, the financial services industry hoards one of the largest amounts of data. Today, large institutions have petabytes of data. This data is scattered across the organizations with various functions and used by different individuals.
Additionally, with the mobile workforce becoming more prevalent, enterprises are using their personal devices for corporate purposes, either at the workplace or while working remotely. Consequently, enterprises are left with the challenge of understanding where their sensitive data resides and how it is being used in order to lessen the risk of data breaches. Moreover, new avenues to keep customers satisfied such as upholding high service levels and flexibility along with online and mobile banking, introduce new complications while protecting customer data. These have made data loss technologies all the more relevant and critical.
With DLP, financial institutions are able to protect their confidential data by:
-
Permitting the connection of only authorized laptops, desktops and other devices to the bank’s network
-
Preventing employees from transmitting confidential documents and other information through corporate or Web email
-
Encrypting backup tapes and disks to curb data usage in the case of fraudulent access or loss of data
-
Preventing sensitive data from being accessed by unauthorized users while being stored
Reporting the risk of exposure of confidential information across departments of the financial organization -
Complying with industry standards and financial data security policies and regulations
Creating a culture of security
Today, the most efficient enterprises are using DLP to rectify employee behavior as well as to advance their defense posture. Example: DLP prevents an email containing sensitive and confidential information from going out and the sender is notified about this act.
Additionally, reports of policy violation incidents are provided to the DLP solution enabling the identification of users by the IT team who require special training or support. Through this, the DLP system gives the financial institutions another means to enhance the level of security awareness across an enterprise.
{#PageBreak#}
While studies do show that most data loss is not malicious and is in fact unintentional, many employees do have a real business need to transfer and remove sensitive files but do not have an adequately secure channel.
Guarding data at rest
With DLP helping to improve the efficiency pertaining to data at rest, financial institutions can ensure enhanced performance as a result of data discovery on their systems. Through this, files that need protection can be identified. Enterprises need to be aware of what resides on their systems to understand what needs to be protected; by discovering unsecured files that contain sensitive and confidential information. Redundant data along with orphaned data that can be deleted can be located with DLP.
New methods of communication
Employees today do not confine themselves to using just email, both at home and at the office. They now use new communication channels such as social networking sites, chat, IM, etc.
While we find that people are becoming more and more protective of their personal information, employees are also making less distinctions between their professional and personal lives thus causing the line between official versus personal information to blur. While financial institutions do understand the impact of ‘2.0’ today when transacting and interacting with clients online, what they are not completely prepared for is the adoption and implementation of new practices such as web-based collaboration tools, IM, social media, etc.
The adoption of these new tools and practices has forced such enterprises to think of new ways to attract and retain new entrants of this generation while ensuring security within the virtual workplace. These institutions face a wide number of challenges with mobile transfers, loyalty programs promoting flexible solutions, text messaging of bank balances and 24x7 access to services online. This means that IT systems need to be more flexible to cope with the many innovative and fluid demands. Such far-reaching changes are not always easy for an enterprise and can hamper progress in some instances.
So what does this mean for financial institutions today? They need to determine how to have easy access to information while ensuring flexibility and security especially considering new working behaviors such as business process outsourcing and working from home.
With this, enhanced collaboration amongst teams in different locations is encouraged thus breaking down internal barriers and resulting in more dynamic organizations.
Recommendations
Financial organizations have the opportunity and ability to produce in-house the same effective technology landscape that their clients are provided with. The new era of banking has brought about a number of valid concerns however, adopting the right processes tools and effective planning will enable enterprises to build an internal ecosystem that is in line with the enterprise’s progressive approach.
Going forward
DLP is today finding its way in all types of industries along with other types of security related technologies. Employees unintentionally exposing sensitive and confidential information will continue to be an issue and the best solution is to the address the challenge now.
(The author is Managing Director, Symantec India)