Treasury’s New Bank Security Rules May Have Huge Cloud Impact
The U.S. Treasury Department has been considering implementing new bank security rules that would strengthen data security at banks and brokerage firms.
5 November 2014
Even before the devastating cyber-attack at JPMorgan Chase, top officials at the U.S. Treasury Department were considering how to strengthen security at banks and brokerage firms. The JPMorgan Chase breach compromised over 80 million account records for individuals and businesses.
The breach’s magnitude has accelerated these official efforts, says The New York Times. Potentially, this event may lead to new rules that will force financial institutions to change their existing procedures. The Treasury officials may require banks to ensure that their own outside service providers follow the proper procedures to protect data.
Impact on File Sharing Providers
The implications for cloud providers, especially file sharing and storage players, could be significant. Many such cloud providers rely on a consumer-centric business model. This approach focuses primarily on adding as many end users as possible — and has not necessarily emphasized the need to embed adequate security capabilities into the platform.
In fact, some of these providers have grown by simply giving away licenses for free. These consumer-centric providers haven’t made investing in security, data privacy, and regulatory compliance a priority. Consequently, we’ve seen how Dropbox has become a vector for distributing malware. There have even been some cases where hackers have used file sync and share services (FSS) to store command and control instructions for malware and botnets.
File Sharing Services May Face Greater Scrutiny
In addition, it’s likely that any new rules will place a burden on file sharing services to demonstrate that all of their partners and suppliers also meet minimum security standards. This requirement would place an enormous burden on any provider that has an architecture based on the open ecosystem model. Such providers would have to validate every integration with every partner — while introducing many points of additional risk for the banks.
We agree with the Treasury: Banks should hold their partners and service providers accountable to a minimum security standard. In fact, we at Intralinks are already held to this standard by most banks that use our platform to support due diligence for strategic transactions.
It’s possible banks will be mandated to not just trust the security posture of their vendors — but will also be required to validate their vendors and their vendors’ partners. If we want to keep data safe, this level of security is required. But implementing this standard doesn’t have to come at the cost of business efficiency or productivity.
Daren Glenister is the Field CTO for Intralinks. In his role, he acts as a customer advocate, working with enterprise organizations to evangelize data collaboration solutions and translate customer business challenges into product requirements, helping to steer Intralinks’ product road map and the evolving secure collaboration market. Daren brings over 20 years of industry experience and leadership in security, compliance, secure collaboration and enterprise software having worked with many of the Fortune 1000 companies helping to turn business challenges into real world solutions.