Ensuring clients’ critical data remains secure is key to the success of businesses around the world, be they startups, mid-sized businesses or global corporations. Yet, Target’s announcement that as many as 110 million customers’ credit and debit card information was stolen during the 2013 holiday shopping season was a startling reminder for many that a data breach can happen to anyone at any time.
Couple this incident with widespread concern over the recent Heartbleed virus — an encryption flaw that affected many popular websites and left millions of users scrambling to change their passwords — and there is no denying that data security is top of mind for companies and their clients alike.
For banks and financial services providers the stakes are especially high, as a data breach doesn’t just stand to expose a name or email address, but it also holds the potential to expose a person’s financial records, account numbers, passwords and other critical data that could lead to identity theft and other significant consequences.
Effectively maintaining a secure environment for clients’ critical financial data requires mitigating risk before it even happens. This may include contracting with a managed services provider for intrusion detection and virus packages that are tailored to meet the unique needs of your business’ data environment. However, before jumping into the “what you need,” it is vital to identify what you’re seeking to protect, and where.
Some financial services companies opt to house their servers and store critical data in an on-site data center that is part of their office building. Companies taking this approach may include banks, wealth management firms, accountants, financial planners and mortgage companies. For those financial firms that find their data bunking in the same space as their executive suites, it is important to answer the following questions:
1. How secure is the physical space? Is the server room or data center staffed with IT and security personnel 24/7?
2. Is there a secure pathway for data — internal and external — to travel in? What has been done to make the pathway secure?
3. Who is responsible for monitoring the company’s firewall for “intrusion detection” and making adjustments to enhance performance?
4. What is the company’s data security process? How is it being articulated to clients and other relevant stakeholders?
5. How will the company respond if a data breach is suspected?
While these questions do not represent an exhaustive list, they map the first steps towards ensuring both the company’s and the clients’ financial data is kept safe and secure.
Off-site data protection
Small financial institutions and corporations alike may choose to house data in an off-site data center. If taking this route, there are a few key areas that warrant exploration: resiliency, redundancy and monitoring. Let’s start with the basics.
If you’re going to make the leap and move your bank’s mission critical data to an off-site location, you want to know that the data will be secure. This speaks to both the physical environment and the configuration of your data and servers. On the physical side (think building structure) you need to know whether or not the address of the data center is publicly disclosed, if the building is secure, and what monitoring systems are in place.
When it comes to data configuration, you need to know about the company’s security posture. This includes their firewall process, deny policy, data pathway security and intrusion detection and virus packages. If your financial services firm elects to buy the data center’s network services, you’ll also want to inquire about protection at the router and in-network optimization, among other key areas.
Keeping clients’ financial data secure is an ongoing, complex challenge. Whether housing this vital data on-site or off, it is important to remember that you need to understand the online and offline processes that are being taken to protect client data.
Michael Boccardi is president, CEO and a co-founder of Cervalis, a Connecticut technology and IT infrastructure firm.
