Securing the Financial Cloud

Blog
June 19 2013

Operating in the highly regulated banking and financial industry, you must remain accessible to your customers while maintaining the tightest information security. ITIL® Information Security Management provides a framework to support both compliance and security while still efficiently taking care of your customers.

Financial institutions need IT Service Management specialists to help them implement and maintain information security without slowing down business.

Consult the Bible of ITIL®

ITIL® Information Security Management is a framework to guide effective, efficient, and secure computing practices. Efficient solutions should be ITIL® compliant and should offer training in using ITIL® in your information security strategy. This same level of protection is also recommended by the FFIEC in a 2011 supplement responding to the growing sophistication of cybercrime.

ITIL®, while not strictly a standard, still offers recommendations to protect information using a layered approach. Multiple tools are chosen to provide compliant and safe authentication, building integrity through digital signatures and hashing. While each individual tool may have a weakness that can be exploited by malware, another tool is also in place that can bolster that weakness and bolster the system from attack.

But the protection does not stop there. In the event the data is compromised, a truly secure system will detect and respond to the threat in real time. Files that have been changed are marked to show unauthorized incursions and changes. This same capability is used to ensure that original files, in their entirety, have arrived at the transfer destination without change.

Doing Business in Cyberia

Given enough time, a determined thief can break through nearly any security. The online world is still trying to catch up. One of the biggest threats has been High Roller, where the perpetrators identified and targeted large consumer and corporate accounts. The Wall Street Journal explains how it happened:

"Operation High Roller was characterized by extensive automation. The compromised employee computer interacts with a server controlled by criminals and much of the processing of transactions is done on the criminal’s server, which makes it easier to hide and bypass corporate security software. All of the instances that involved High Roller malware could bypass complex authentication including so-called two factor authentication that use smartcard readers to generate a one-time password."

In other words, you need to not only fortify your defenses but be able to quickly identify when and where those defenses have been breached.

Serving Your Customer

It may seem that all these additional ITIL® Information Security Management practices will take time away from serving your customers and allowing them access to their accounts. On the contrary, these solutions help you find the sweet spot at the intersection of high security and high access. Being safe doesn’t have to mean bogging the system down with endless challenge questions, difficult password policies, or other complex identification practices.

Instead, your customers can enjoy the same level of service you have always given them with the assurance that their data is as safe as you can make it.