Financial institutions must go to great lengths when it comes to protecting information, whether that information resides in-house or is accessible to its customers online.
To achieve these goals, these organisations must adopt new technologies, ramp up online banking options, and deal with employee turnover. That's why these firms continually need to review the security measures in place, says Christian Leuenberger, project manager at the Credit Suisse Group, a financial services headquartered in Zurich.
“Reviewing all security aspects is a permanent task of a bank,” Leuenberger says.
Greg Kyrytschenko, director of information security, People's United Bank People's United Bank, the largest regional banking organisation headquartered in the north-east of the US, certainly adheres to that rule. A recent internal audit pointed out the need to protect and control employee access to data stored on in-house networks. In response, the bank implemented a new tool to review employee access to bank data. In essence, the tool helps IT officials control who has access to what, says Greg Kyrytschenko, the bank's director of information security.
The application assigns employee read-and-write privileges only to the files they absolutely need. And it provides insight into file views to get a bird's-eye perspective into how often data was tapped.
The latter information is printed regularly as a report and can be helpful to flag suspicious behavior, for example, an employee that may be about to resign and plans to take important documents with them.
“This gives us visibility we haven't had in the past,” Kyrytschenko says.
Most users only need access to a small fraction of the data that resides on file servers. Those users with access to information not necessary to their tasks are a security risk, says Johnnie Konstantas, vice president of marketing for Varonis Systems. Her company makes the data governance solution that People's United implemented in March.
Nearly every organisation relies on spreadsheets, presentations, documents and blueprints stored on a central server or network. Solutions such as those implemented at People's United Bank, control and manage employee access to broad portions of this information by expressly granting employees permission to access only relevant network folders.
Indeed, according to a recent Identity Theft Resource Center survey, 16 percent of security breaches reported for 2008 came from insiders, up from six percent for the same time period in 2007. Yet, 76 percent of organisations don't have a process in place to determine which employees should have access to pertinent data.
About 80 percent of all business information is comprised of unstructured information, or all information not housed within a database, according to a Ponemon Institute survey. It is this type of information that requires controlled access.
In the vault
By Jean Thilmany on Jan 16, 2009 2:32PM