Integration of Security Intelligent ERM Controls Enhances Data Loss Prevention in Banks
Various world events have fueled an increased interest in ERM within the financial sector, as scrutiny of this industry’s risk management policies has heated up. Banking institutions are often keyed in on as they thrive on the business of risk, with their collective success dependent on achieving a balance between risk management and increasing profits. It is important for those in banking to key in on building and integrating security intelligent ERM controls that removes the risk of data loss by using data loss prevention techniques that have a razor edged focus on business control systems. While it is important to focus on popular ERM controls like application security and IT general controls (ITGC), the nature of the financial industry necessitates having ERM business control systems in place first before undergoing the other control integrations.
Driving Data ERM Controls
Establishing a security intelligent ERM control architecture is something that every banking organization needs to have at the top of the business to-do list. The challenge of this in today’s data driven financial world is not only the vast quantities of financial data out there, but also the fact that this data is scattered all over the cloud as well as the data center, various endpoints and mobile devices. This makes data loss prevention (DLP) a mind spinning proposition, considering the security and time impact needed to reign in, monitor and evaluate piecemealed data storage locations. Therefore it is imperative that any banking institution coordinates every available resource when creating security intelligent ERM controls.
Banking organizations need to drive DLP and Enterprise Rights Management (ERM), as these two technologies can be leveraged along with other technologies, process changes and end-user education as part of an overall strategy for information risk control. Used together, the one amplifies the protections of the other to provide high levels of security intelligence that can protect sensitive data more effectively. That being said, organizations need to carefully select the manner in which these controls are put into place to avoid accumulating a scattered collection of tools that no one quite knows how to use.
Integrating Data Loss Protection Controls
The driving technology behind DLP tools gives banks a wide range of automated controls to provide seamless DLP protection with high levels of ROI. The DLP controls I like to utilize the most enable me to:
- Find, recognize and classify sensitive data
- Compare user actions against policy to identify actions that pose security risks
- Establish and monitor data security policy enforcement
- Gain increased awareness of organization-wide data management risks
I especially like to key on the point above regarding user actions. It is important for banking IT security staffs to understand that users with access to sensitive information will handle that information inappropriately more often than not, typically leading to inadvertent disclosures but occasionally doing so with malicious intent. In either case, these disclosures may lead to economic loss as well as giving the competition part of an organization’s game plan. It is for this reason that a financial organization’s DLP budget needs to be set at a higher level than expected, as intelligent DLP solutions will work across all aspects of your IT infrastructure, and will usually integrate directly with your document and storage management systems. While this has DLP controls well positioned for risk management at the point of data access, business needs still dictate having an additional tool to ensure that the data protection policies follows your data wherever they go or however they are used.
Policing Data In Flight
Here comes Enterprise Rights Management (ERM) to save the day! This ERM (not to be confused with Enterprise Risk Management), presents the banking industry with a method to apply data protection policy directly to information throughout its existence. This includes the point of data creation, data storage, when it is changed or shared or even when the information has an expiration, or time to live (TTL).
With ERM in place, data moves and acts normally from the user perspective, as all of the action takes place behind the scenes. What occurs is that ERM usage controls become integrated within the data’s parent programs. For example, Microsoft Word will have integrated usage controls for .docx, .doc, and .rtf file types. In this way it works similar to DLP in that this integration requires a link with identity management in order to compare the user’s actions against the set policy and allow or disallow actions based on the nature of the information and the requested information usage. Also like DLP, enforcement is applied at the point of access, enabling the control policy to move with the information, even when leaving the walls of the organization.
This give banking institutions a security intelligent, content aware data security strategy by protecting business data regardless of where it goes, which is especially important with the growing collaboration and data sharing efforts many in the financial sector are moving toward. This helps those in banking to use collaborative tools to their full potential while keeping data secure and under control.
Ease Your Way Into DLP
Those responsible for the protection of a banking organization’s data security policy will experience greater ease with an integrated DLP-ERM solution in place. Champion will use its skill and financial industry knowledge to improve the efficiency and value of these technologies through implementing expanded content and identity awareness, and will work with you to strengthen the security intelligence controls in your information risk management strategy.