The lifeblood of a banking or financial services firm is data. And this financial and banking data includes customer financials and account information, cardholder data and transactions and non-public personal information. Almost all the data generated or used by a financial services firm, is regulated, potentially sensitive or private.
The data security compliance and regulation challenges alone are daunting for banking or financial services firms. Data-at-rest security requirements are found within PCI DSS requirements for credit card related information, GLBA, SOX/J-SOX, NCUA, data privacy and data residency laws, and even the USA Patriot Act. Each data security requirement adds to the need to protect sensitive data wherever it resides. In addition, banking and financial services organizations must meet the additional data security concerns that result from normal operations:
- Safeguarding critical financial data from data breaches with maximum return and minimum risk.
- Adjusting security postures as external attacks on financial infrastructure and online properties increase and change.
- Meeting the need to protect from the traditional concerns with insiders and privileged users, while also dealing with the additional hazards that compromise of these accounts may bring.