Integration of Security Intelligent ERM Controls Enhances Data Loss Prevention in Banks

Various world events have fueled an increased interest in ERM within the financial sector, as scrutiny of this industry’s risk management policies has heated up. Banking institutions are often keyed in on as they thrive on the business of risk, with their collective success dependent on achieving a balance between risk management and increasing profits. It is important for those in banking to key in on building and integrating security intelligent ERM controls that removes the risk of data loss by using data loss prevention techniques that have a razor edged focus on business control systems. While it is important to focus on popular ERM controls like application security and IT general controls (ITGC), the nature of the financial industry necessitates having ERM business control systems in place first before undergoing the other control integrations.

Driving Data ERM Controls

Establishing a security intelligent ERM control architecture is something that every banking organization needs to have at the top of the business to-do list. The challenge of this in today’s data driven financial world is not only the vast quantities of financial data out there, but also the fact that this data is scattered all over the cloud as well as the data center, various endpoints and mobile devices. This makes data loss prevention (DLP) a mind spinning proposition, considering the security and time impact needed to reign in, monitor and evaluate piecemealed data storage locations. Therefore it is imperative that any banking institution coordinates every available resource when creating security intelligent ERM controls.

Banking organizations need to drive DLP and Enterprise Rights Management (ERM), as these two technologies can be leveraged along with other technologies, process changes and end-user education as part of an overall strategy for information risk control. Used together, the one amplifies the protections of the other to provide high levels of security intelligence that can protect sensitive data more effectively. That being said, organizations need to carefully select the manner in which these controls are put into place to avoid accumulating a scattered collection of tools that no one quite knows how to use.

Integrating Data Loss Protection Controls

The driving technology behind DLP tools gives banks a wide range of automated controls to provide seamless DLP protection with high levels of ROI. The DLP controls I like to utilize the most enable me to:

  • Find, recognize and classify sensitive data
  • Compare user actions against policy to identify actions that pose security risks
  • Establish and monitor data security policy enforcement
  • Gain increased awareness of organization-wide data management risks

I especially like to key on the point above regarding user actions. It is important for banking IT security staffs to understand that users with access to sensitive information will handle that information inappropriately more often than not, typically leading to inadvertent disclosures but occasionally doing so with malicious intent. In either case, these disclosures may lead to economic loss as well as giving the competition part of an organization’s game plan. It is for this reason that a financial organization’s DLP budget needs to be set at a higher level than expected, as intelligent DLP solutions will work across all aspects of your IT infrastructure, and will usually integrate directly with your document and storage management systems. While this has DLP controls well positioned for risk management at the point of data access, business needs still dictate having an additional tool to ensure that the data protection policies follows your data wherever they go or however they are used.

Policing Data In Flight

Here comes Enterprise Rights Management (ERM) to save the day! This ERM (not to be confused with Enterprise Risk Management), presents the banking industry with a method to apply data protection policy directly to information throughout its existence. This includes the point of data creation, data storage, when it is changed or shared or even when the information has an expiration, or time to live (TTL).

With ERM in place, data moves and acts normally from the user perspective, as all of the action takes place behind the scenes. What occurs is that ERM usage controls become integrated within the data’s parent programs. For example, Microsoft Word will have integrated usage controls for .docx, .doc, and .rtf file types. In this way it works similar to DLP in that this integration requires a link with identity management in order to compare the user’s actions against the set policy and allow or disallow actions based on the nature of the information and the requested information usage. Also like DLP, enforcement is applied at the point of access, enabling the control policy to move with the information, even when leaving the walls of the organization.

This give banking institutions a security intelligent, content aware data security strategy by protecting business data regardless of where it goes, which is especially important with the growing collaboration and data sharing efforts many in the financial sector are moving toward. This helps those in banking to use collaborative tools to their full potential while keeping data secure and under control.

Ease Your Way Into DLP

Those responsible for the protection of a banking organization’s data security policy will experience greater ease with an integrated DLP-ERM solution in place. Champion will use its skill and financial industry knowledge to improve the efficiency and value of these technologies through implementing expanded content and identity awareness, and will work with you to strengthen the security intelligence controls in your information risk management strategy.


Managing and Regulating Third Party Data Loss Prevention Through Enterprise Rights Management


The Human Element of Effective Cyber Security in the Financial Industry


Erick Bacallao joined Champion Solutions Group in 2015 after a career of Software Development in Cuba at the National Cancer Care Institute of Cuba, followed by moving to the States with allAware.


Champion acquired allAware and its properties and Erick has utilized his extensive background and expertise in IT and Software Development to rise to VP of Product Development in less than 5 years. During this time, Erick has been involved with key projects that led to the launch of numerous products including CSP Boss, Inscape platform and 365 Productivity Insights.


Erick has a Bachelor of Science in Computer Science from the University of Havana. He won Gold Medals for Programming from the Ministry of Education in Cuba, and he is certainly still a Gold Medalist for Champion!


As President and CEO, Chris is responsible for the development of key strategic alliances and solution portfolio. He leads Champion’s go-to market and execution strategies for integrated offerings in the cloud, in security, and in digital infrastructure, always focusing on improving the customer experience and driving transformative business outcomes.


He also aligns key partner initiatives with company strategy and oversees corporate marketing and messaging to gain mindshare with customers and partners. It’s his vision and innovativeness that have catapulted Champion up the ranks to become a $100M+ organization—and one of the most respected solution providers in the industry.


Over the past two decades, Chris has also focused on mergers and acquisitions, as well as innovative product development. He is the original founder and an active member on the Board of Managed Maintenance, Inc., a SAAS provider and consulting firm that utilizes their award-winning One-View Portal to help the IT Channel and its customers manage their IT Maintenance.


Chris is also the original founder and chief strategist behind one of the original storage cloud providers, Storage Access / BluePoint. During the course of a few short years, he had raised $20M and took that company public on the Toronto Stock Exchange. It has since been acquired by Pomeroy.


In 2012, Chris led the acquisition of MessageOps and continued the product development and worldwide launch of its premier SAAS, 365 Command. Built on Microsoft Azure, 365 Command is currently managing over 1 million seats of Microsoft’s Office 365. After achieving this phenomenal milestone, 365 Command and other MessageOps O365 utilities were sold to Kaseya.


Over the past 35 years, Chris as worked tirelessly to not only advance his own career, but those of his employees. In addition to leading a $100M organization, Chris can also be found sitting with sales teams, cold calling and coaching, and validating why Champion has been listed on Best Places to Work by both South Florida Business Journal and Computerworld.

Ultimately, the success garnered by Champion Solutions Group, its associated companies, and their employees is due in large part to the leadership of its President and CEO. Perhaps the most fitting award Chris has earned is South Florida Business Journal’s 2013 Ultimate CEO Award.