4 Steps to Take for Brokerage Cybersecurity
A comprehensive approach to data security for regulated industries involves more than just technology. It should include these key cybersecurity pillars.
19 November 2014
Reuters claims that in 2015, we may see the Financial Industry Regulatory Authority (FINRA) increase its focus on brokerage cybersecurity. The article says that FINRA will hire “technology savvy examiners” to review how brokerages secure client data, among other tasks.
On the surface of it, this movement comes as good news, especially for brokerage customers. It comes in the wake of rising concerns among Wall Street players about hacking, says Reuters. Companies fear having client data compromised: In fact, Reuters notes that a Wall Street trade group, the Securities Industry and Financial Markets Association (SIFMA), has entered the fray. The association wants a new inter-agency regulatory group that could craft cybersecurity policies for the finance industry.
4 Crucial Roads to Cybersecurity
Both FINRA and SIFMA seem to understand that a comprehensive strategic approach to data security involves more than just technology. The right approach needs to engage people, processes, and technology together. I believe that a successful approach to enterprise security needs to address four key areas — what we describe as the “Four Pillars.”
With that in mind, the four key pillars you should consider are:
- Enterprise governance: The internal rules and policies that guide your business operations and managerial decisions.
- Sharing process control: The rigidly defined rules for managing user access, provisioning, and the like. This includes the prevention of the unauthorized printing, downloading, copying, or screen capture of data.
- Content lifecycle control: This is the pillar for managing content sharing during any collaboration workflow.
- Technology infrastructure security: As a CTO myself, I love this part — it includes the virtual and physical security of sites, hardware, and systems. Here, there are lots and lots to talk about … just not now.
The pressure from government regulators is only going to increase. And this movement to improve data security will affect any regulated industry, not just financial services. CIOs and CISOs in health care, life sciences, energy, and elsewhere should take note and start to build in plans to address each pillar in your future governance plans.
Daren Glenister is the Field CTO for Intralinks. In his role, he acts as a customer advocate, working with enterprise organizations to evangelize data collaboration solutions and translate customer business challenges into product requirements, helping to steer Intralinks’ product road map and the evolving secure collaboration market. Daren brings over 20 years of industry experience and leadership in security, compliance, secure collaboration and enterprise software having worked with many of the Fortune 1000 companies helping to turn business challenges into real world solutions.