Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

How robust is your encryption strategy?

How robust is your encryption strategy?

By Luke Brown, VP EMEA, WinMagic

Because of the potential value of the information in their IT systems, financial institutions are frequent targets for cyber criminals.  Once protected by brick walls and layers of steel, financial services firms are being targeted by criminals who no longer need dynamite and lock picks to steal from them.  In recent years, some of the biggest data breaches have involved financial service providers, from banks and payment processing companies to loan providers and credit reporting bureaus.

IT security teams are doing their best to protect themselves from cyber criminals – and a key part of their armoury is encryption.

Encryption is what keeps your personal and sensitive information secure, scrambling data to ensure hackers can’t misuse this information.  Almost as old as the Internet itself, encryption can severely hinder attackers in their goal to steal confidential user and customer data, trade secrets, and more.

End-to-end encryption maximizes data protection regardless of whether the data is in a public or private cloud or on a device. It can be invaluable in the effort to combat advanced threats, protect against IoT-enabled breaches, and maintain regulatory compliance. But the wide variety of options for enterprise deployment can be intimidating, and companies haven’t been using it effectively.

Encryption is often seen by IT operations as a tick box exercise, with point solutions encrypting only segments of network infrastructure.  There is no encouragement from leadership to ensure there is a universal encryption policy over the entire network.  Without this overarching encryption solution with centralised key management, businesses are fundamentally undermining their cyber security strategy and leaving themselves vulnerable to a data breach.  Here are two key areas of danger:

  1. Your data is everywhere!

Mobile devices and inexpensive, easy-to-use, cloud file-sharing services make it easy to work anywhere and anytime.  Such access has become essential to operating in an always-connected world.  The net result is that your data can be anywhere.  Because companies have such a wide variety of infrastructure spanning everything from endpoints, data centres and cloud, encryption can be complicated to implement in modern environments..

Native encryption technologies are useful at one level, but they can still leave your devices vulnerable, and IT admin teams are left with lots of encryption keys to juggle which is a real headache.  Where companies lack strict security and encryption management for technologies such as virtual machines and hyper-converged infrastructure, uncontrolled data sprawl can be common, leading to silos of hidden data and a fragmentation of governance.  What is needed is an end-to-end data protection platform that works across all infrastructures.

  1. Beware the regulators! 

Rather like the never-end stream of news stories about Brexit, many of us have tuned out of reports about data breaches.  We know that they’re happening – day and day out – on networks when information is transferred or when devices are left unattended, lost or stolen and eventually fall into the wrong hands.  There are lots of ways to lose information and every one of them is potentially damaging to an enterprise.   With ever more stringent regulations, it’s easy for an organisation to fall foul of the requirements (often without knowing), leaving themselves exposed and non-compliant, and at risk of heavy fines.

Added to that, more and more regulations stipulate the need to not only protect data with encryption, but also protect the keys used to encrypt the data.  In fact, GDPR, MiFID II, PCI DSS and other breach notification laws state that businesses must document and implement procedures to protect keys used to secure data against disclosure.  At the end of the day, the value of encryption is only as good as the trust in your keys.

Plugging the gaps in your cyber defence

It’s easy to see how things can quickly get very complex, and why it’s important that organisations enforce encryption automatically through their security policy to help avoid disaster.  With boardroom enforced encryption platforms, businesses can rest easy knowing that data is protected across the network, and can’t be turned off by employees looking to optimise device performance, which is a real problem for both point encryption solutions and anti-virus products.

Encryption not only turns information or data into an unbreakable, unreadable code should someone unauthorised try to access it, but it is also often the only technology referenced in these evolving and escalating regulations as a reasonable and appropriate security measure.  Furthermore, centralising encryption management and ensuring keys are controlled from one point helps a company further enforce these regulatory and governance requirements.  Ultimately encryption is the last line of defence when a breach occurs, regardless of whatever action caused it, invader or accident.

In conclusion

If there is one absolute truth in business, it’s that data is now everywhere.  Big or small, companies wrestle with keeping data secure with an ever expanding mobile and agile workforce.   Effective control and management of the IT infrastructure spanning on-premises and cloud service providers for security and specifically encryption, is the only way to minimise the risks of data loss and meet growing legislative requirements.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post