Financial Institutions

Finance

Today: competitors, cost pressure and the BaFin (German federal financial supervisory agency)

  • Secure business processes for customers

    • Bank customers expect highest possible protection of their sensitive data
    • Data security is a competitive advantage, customers increasingly do question this
    • Data loss creates damage to one’s image – besides measurable costs
  • Data protection law and bank secrecy

    • The BaFin has intensified their efforts regarding financial institutions’ IT security during the last years. Special tests supported in increasing the institutes’ IT security safety consciousness (Source: BaFin report)
    • The protection of bank customers’ privacy is regulated by the Federal Data Protection Act as well as by the bank secrecy and prosecuted at disregard.
    • Protection of sensitive data against unauthorized access has to be ensured by a cryptographic method recommended by the Federal Office for Information Security (BSI).
    • Allocating access rights to internal bank staff has to be mandatory to fulfill the respective business purpose. This does also apply to administrators.
  • IT-Governance

    • According to German law, the general management is responsible for all major risks. This responsibility cannot be delegated.
    • Data theft, industrial espionage and fraud by massive attacks may be prevented by encrypting sensible financial data.
    • Often internal and externals audits (amongst others by the BaFin) show insufficient encryption of individual-related data.
  • Cloud-solutions

    • If critical data is encrypted beforehand, it can be processed in the cloud.
    • Increasingly, regulatory requirements define the banks‘ scope of action when using IT services in the Cloud.
  • IT-security law

    • According to German law an encryption method especially accepted as secure has to be used to fulfill the legal requirements.
  • Data-Warehousing and Data-Mining

    • Consolidating operative data from different sources for future analysis contradicts the regulations regarding protection of informational self-determination and transparency for the person concerned.
    • Selective encryption allows protecting all personal and sensitive data against unauthorized access. Even access by application and database administrators can be prevented.