Community
In the absence of a national privacy referendum—similar to the EU’s GDPR—states are taking matters into their own hands with individual privacy laws. As of June 2022, five states—California, Colorado, Connecticut, Utah and Virginia—have passed privacy initiatives. Previously, organizations would need tools from disparate companies to protect their data to comply with data privacy laws and regulations. Often, the most significant security gaps occur because of multiple tools that don’t properly integrate with each other. With new, integrated platforms, organizations can use one tool to protect data fully.
Financial institutions are challenged by the complexity of managing multiple security solutions from many providers. As more firms move to the cloud, this kind of problem is exacerbated. For example, at the onset of the pandemic, companies quickly moved to the cloud to support remote work environments, prioritizing speed over data protection. Financial institutions may have been secure in their traditional, walled databases, but legacy security tools were not built to handle the amount of data these companies must process and analyze in a borderless cloud infrastructure.
Data security platforms (DSP) are stepping in to break down silos and provide financial institutions with a simple, all-in-one platform. A term coined by Gartner, DSPs have become popular due to the growing need for consistent data security methods. For financial institutions, the convergence of data protection tools into DSPs has come at the perfect time, as cloud-driven complications are making it difficult to secure one of the most highly sought-after forms of data: personally identifiable financial data. When looking to adopt a DSP, there are a few considerations companies should keep in mind:
A wide range of services
Financial organizations have diverse security needs, and a DSP should be configured to address all of them, especially considering the complex nature of regulatory compliance. A DSP will be the one tool used to secure data throughout the organization, whether the data is at rest, being shared or traveling through the data analytics pipeline. Organizations should be able to use their DSP to encrypt, tokenize and mask data without modifying code or software development kits.
Easy integration with cloud providers
Integration should be a top priority. A DSP allows users to implement a data security mesh—protecting the perimeter of each device within an organization— with a low-code or no-code solution. The DSP should seamlessly integrate with any cloud provider so a financial institution is not locked into only one and can choose which provider is most appropriate while also providing support for exponentially growing platforms used in the cloud, like Docker and Kubernetes.
Multiple, comprehensive types of data protection
Data never lives in just one place; it is constantly in motion throughout the analytics pipeline, requiring different protection methods at every stage. Typically, systems are designed to secure data-at-rest or data-in-motion, but not both. A DSP provides the tools and services to protect data at all points in the pipeline, so it is completely protected even while it is being analyzed.
Future-proof compliance
Compliance should be an absolute minimum requirement for any DSP. Data protection laws are a foundation for good business practices in the U.S. and abroad. A DSP should provide the data protection necessary for a firm to remain compliant, regardless of how regulations will change over time.
Conclusion
Financial institutions can collect and store more than 150 billion highly sensitive data points, and keeping them protected continually is a seemingly insurmountable challenge. The emergence of DSPs reflects the ever-present balance between data security and privacy with its utility. Ensuring the DSP integrates with cloud platforms, protects data throughout its journey in the data analytics pipeline, and stays ahead of compliance mandates is a non-negotiable component in creating a competitive edge.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Andrew Ducker Payments Consulting at Icon Solutions
19 December
Jamel Derdour CMO at Transact365 / Nucleus365
17 December
Alex Kreger Founder & CEO at UXDA
16 December
Dan Reid Founder & CTO at Xceptor
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.