Today: competitors, cost pressure and the BaFin (German federal financial supervisory agency)
Secure business processes for customers
Bank customers expect highest possible protection of their sensitive data
Data security is a competitive advantage, customers increasingly do question this
Data loss creates damage to one’s image – besides measurable costs
Data protection law and bank secrecy
The BaFin has intensified their efforts regarding financial institutions’ IT security during the last years. Special tests supported in increasing the institutes’ IT security safety consciousness (Source: BaFin report)
The protection of bank customers’ privacy is regulated by the Federal Data Protection Act as well as by the bank secrecy and prosecuted at disregard.
Protection of sensitive data against unauthorized access has to be ensured by a cryptographic method recommended by the Federal Office for Information Security (BSI).
Allocating access rights to internal bank staff has to be mandatory to fulfill the respective business purpose. This does also apply to administrators.
According to German law, the general management is responsible for all major risks. This responsibility cannot be delegated.
Data theft, industrial espionage and fraud by massive attacks may be prevented by encrypting sensible financial data.
Often internal and externals audits (amongst others by the BaFin) show insufficient encryption of individual-related data.
If critical data is encrypted beforehand, it can be processed in the cloud.
Increasingly, regulatory requirements define the banks‘ scope of action when using IT services in the Cloud.
According to German law an encryption method especially accepted as secure has to be used to fulfill the legal requirements.
Data-Warehousing and Data-Mining
Consolidating operative data from different sources for future analysis contradicts the regulations regarding protection of informational self-determination and transparency for the person concerned.
Selective encryption allows protecting all personal and sensitive data against unauthorized access. Even access by application and database administrators can be prevented.