Zettaset Blog

Challenges with Data Security Regulatory Compliance in Financial Services


Data security regulatory compliance

Zettaset was recently featured on IT Portal Pro, an IT news platform that is one of the UK’s most respected resources for technology information. A summary of the featured article can be found below.

The financial services industry is faced with the challenge of securing rapidly-growing volumes of sensitive information. While all industries must maintain regulatory compliance to defend against data breaches and tarnished reputation, the financial sector in particular faces significant difficulties regarding data compliance.

It’s important for data security teams to understand the specific regulatory hurdles in place for the financial services industry and to develop strategies to address these data compliance issues.

Industry-Specific Data Protection Regulations

Financial organizations face legislation such as the Basel II accord and the Dodd-Frank Act. These contain regulations outlining the ways in which their sensitive data must be protected.

Companies must also comply with the Payment Card Industry Data Security Standard (PCI DSS), and as of May 2018, the EU’s General Data Protection Regulation (GDPR).

Strategies to Address Security Regulatory Challenges

How can financial institutions effectively address these standards and regulations? There are several ways to tackle them.

Many organizations make the mistake of relying completely on a perimeter security approach, protecting the boundaries of their network using firewall and intrusion detection products. In today’s environment, cybercriminals are well-versed in exploiting weaknesses and know that breaking through the network perimeter security immediately exposes an unprotected data center to direct attack.

Combining perimeter security with  a “data-centric” method that protects the data itself with encryption is a necessary step in achieving a layered data protection architecture that is in line with best practices and bolsters an organization’s regulatory compliance posture. In the event of a data breach, encryption renders sensitive information unreadable and unusable to an intruder.

Additionally, financial organizations must be aware that their data is constantly in flux, changing from “in-use” to “in-motion” and “at-rest.” It’s imperative that they use the right combination of tools to protect their sensitive information from end to end to most effectively achieve data security regulatory compliance.

Financial institutions must also prepare for the inevitable — future addendums and potential new regulations and requirements. The cybersecurity landscape is ever evolving, making it necessary for organizations to be flexible, agile, and ready to respond to changes in the regulatory and industry environments.

Finally, financial institutions should work with vendors to find tools that fit their requirements and reduce the strain placed on the IT team, while safely maintaining sensitive information under lock and key.

To view the full article on IT Pro Portal, click here.

Facebooktwittergoogle_plusredditpinterestlinkedinmail
Our Resources
Solution Briefs
White Papers
Application Briefs