By Chris Pickles, Head of Industry Initiatives, Global Banking & Financial Markets, BT
… hard on the outside but soft on the inside.
Organisations tend to focus on keeping threats out, but once their external defences have been breached the perpetrators can access pretty much anything they want.
Compared to the way financial institutions secure data as it’s on the move, there are huge differences in operating principles.
In such organisations even relatively low-volume activities like payments processing and post-trade securities processing get heavyweight security applied to them, and communications are expected to be encrypted and tamper-proof with non-repudiable proof of delivery.
At the other end of the scale, high-volume activities such as pre-trade market data delivery and trading activities tend to have almost no security applied to them.
The approach is one of prioritisation.
In a business world of finite resources, it’s not possible to protect everything, so it’s important to make sure that you focus on securing data and traffic that is particularly sensitive.
In a recent interview in “Wall Street & Technology”, Lou Steinberg, CTO of TD Ameritrade, said:
“Knowing my favourite flavour of ice cream is not the same as knowing my Social Security number, and so different levels of protection get assigned to different levels of information. If you try to protect everything, you protect nothing. What we’d rather do is classify our information and assign our best controls — our best protective measure — against the most important, most sensitive data.”
Protecting information when it moves outside your organisation is vital, but there are now an increasing number of ways for outsiders to penetrate a company’s internal systems.
Protecting those systems is now the big issue for IT departments.
The risks are extended still further with the rise of BYOD.
Protecting information from intruders looking to breach your external defences is a more critical issue than many IT people imagine, and it’s time to put some thought into how to do it.