BANKING SECURITY and COMPLIANCE



Similar documents
WHITE PAPER. Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting

Evolution from FTP to Secure File Transfer

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

The governance IT needs Easy user adoption Trusted Managed File Transfer solutions

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud

Complying with PCI Data Security

Encryption Services

DRAFT Standard Statement Encryption

Alliance Key Manager Solution Brief

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration

How Managed File Transfer Addresses HIPAA Requirements for ephi

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

How Reflection Software Facilitates PCI DSS Compliance

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks

Managed File Transfer and the PCI Data Security Standards

MOVEIT: SECURE, GUARANTEED FILE DELIVERY BY JONATHAN LAMPE, GCIA, GSNA

Our Key Security Features Are:

Securing Your Business with Managed File Transfer

SecureAge SecureDs Data Breach Prevention Solution

White paper. Why Encrypt? Securing without compromising communications

Compliance and Industry Regulations

TOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA A BEST PRACTICES GUIDE

Memeo C1 Secure File Transfer and Compliance

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )

DMZ Gateways: Secret Weapons for Data Security

ENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

A Strategic Approach to Enterprise Key Management

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Passing PCI Compliance How to Address the Application Security Mandates

Projectplace: A Secure Project Collaboration Solution

A Decision Maker s Guide to Securing an IT Infrastructure

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

How To Achieve Pca Compliance With Redhat Enterprise Linux

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

Compliance in 5 Steps

PCI Data Security Standards (DSS)

Healthcare Compliance Solutions

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

THE KEY TO DATA SECURITY

Supporting FISMA and NIST SP with Secure Managed File Transfer

Sync Security and Privacy Brief

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Data Protection: From PKI to Virtualization & Cloud

Feature. Log Management: A Pragmatic Approach to PCI DSS

Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

Global Client Access Managed Communications Solutions. JPMorgan - Global Client Access. Managed Internet Solutions (EC Gateway)

IT Compliance Volume II

Encryption Services

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA COMPLIANCE AND

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Egress Switch Best Practice Security Guide V4.x

Nine Steps to Smart Security for Small Businesses

Security Survey 2009: Privileged User Management It s Time to Take Control Frequently Asked Questions and Background

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief

PineApp TM Mail Encryption Solution TM

The SparkWeave Private Cloud & Secure Collaboration Suite. Core Features

Secure Messaging for Finance White Paper

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

Why Encryption is Essential to the Safety of Your Business

SECURELINK.COM COMPLIANCE AND INDUSTRY REGULATIONS

WS_FTP. Addressing the Need for Secure File Transfer

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

Cloudbuz at Glance. How to take control of your File Transfers!

Application Delivery in PCI DSS Compliant Environments

SecurityMetrics Vision whitepaper

Fortinet Solutions for Compliance Requirements

Alliance Key Manager Cloud HSM Frequently Asked Questions

SafeNet DataSecure vs. Native Oracle Encryption

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Five keys to a more secure data environment

PCI DSS COMPLIANCE DATA

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

Nine Network Considerations in the New HIPAA Landscape

Security Throughout the File Transfer Life-Cycle:

Advanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know

Are your multi-function printers a security risk? Here are five key strategies for safeguarding your data

PCI DSS: An Evolving Standard

Beyond FTP: Securing and Managing File Transfers

WS_FTP Professional 12. Security Guide

PCI Data Security. Meeting the Challenges of PCI DSS Payment Card Security

How to Develop a Log Management Strategy

Beyond FTP: Securing and Managing File Transfers

Managed File Transfer and the PCI Data Security Standard

Transcription:

BANKING SECURITY and COMPLIANCE

Cashing In On Banking Security and Compliance With awareness of data breaches at an all-time high, banking institutions are working hard to implement policies and solutions that protect sensitive financial information along with their reputations and industry competitiveness. In today s digital world, critical financial data including social security numbers, bank account information, mortgage statements, payment card numbers, and other high-value, highly confidential information is being sent back and forth between businesses and individuals at speeds faster than anyone ever thought possible. While this information exchange allows financial institutions such as banks to deliver higher levels of service and capitalise on emerging growth opportunities, it also leaves them vulnerable to security breaches and data leaks. For financial organisations, data security is an operational and, at the same time, regulatory imperative. A bank that fails to protect a customer s financial records faces the threat of losing customers whether they are individuals or businesses along with a tarnished reputation, class-action lawsuits, and the loss of competitive advantage. Financial institutions face the risk of data breaches every day. These breaches can occur when data is being transferred to customers, vendors, and other institutions; when it is being stored; and when it is being processed. Threats can include the theft of computer equipment, employee malfeasance, and sophisticated hacking and phishing attacks. Recent high-profile banking data breaches include: A compact disc containing personal information of more than 370,000 customers of HSBC was lost after being sent by courier. The bank was subsequently fined over 3 million by the Financial Services Authority (FSA). The UK branch of Zurich Insurance had to write to 51,000 of its customers to inform them of a data loss. The back-up tape was lost during a routine transfer within South Africa to a data storage centre in August 2008 EXCEEDING COMPLIANCE REGULATIONS Ipswitch File Transfer solutions ensure the compliance and security of financial information with support for current industry regulations: Gramm-Leach-Bliley Act (GLBA) Protects consumers personal financial information held by financial institutions. Payment Card Industry Data Security Standard (PCI DSS) Safeguards payment cardholder data and sensitive card authentication information. Sarbanes-Oxley Act (SOX) Protects public company financial information. BASEL II Ensures the soundness and stability of the international banking system using risk management strategies.

In 2007 the FSA imposed a 980,000 fine on the mortgage lender Nationwide Building Society after an employee laptop with data on millions of customers was stolen. Effective information security practices are more important than ever in the challenging times currently facing the banking industry. In the finance and banking sector the Data Protection Act, presided over by the FSA, and the Gramm- Leach-Bliley Act (GLBA) govern the collection and disclosure of customers personal financial information and requires that financial institutions design, implement, and maintain safeguards to protect this information. The acts contain important provisions requiring that customer data be protected not only by those institutions that collect it, but also by all financial institutions that receive information from other financial institutions. In other words, vendor management is a critical component of your compliance strategy. Proper risk-assessment requires that you be aware of your vendors security and compliance status as well as your own. Compliance with GLBA is mandatory and the regulation includes severe civil and criminal penalties for non-compliance, including fines of up to $100,000 for each violation, personal fines, and the loss of deposit insurance, such as that provided by the Federal Deposit Insurance Corporation (FDIC) in America. In today s climate, no financial institution that deals with sensitive financial information can afford to ignore the very real challenge of ensuring data security, integrity, and privacy. The Risks of Insecure Data Transfer With the increasing popularity and ease of electronic storage and transfer, interest in the safety and integrity of this sensitive data is at an all-time high. Banks have traditionally relied on methods like tape backup, DVDs, network storage, FTP, email, and even instant messaging to move data between partners, branches, and customers. While these methods are convenient, they fail to deliver security, efficiency, or reliability all of which are critically important to today s financial organisations. Tapes, DVDs, and laptops can be stolen or lost, compromising the data they contain, particularly if the data is unencrypted. Standard FTP does not include strong authentication or encryption capabilities, which opens the door to the potential for hackers to access sensitive data. While email and instant messaging lack scalability and use server resources inefficiently, the larger problem with these methods involves their lack of encryption and data integrity. In addition, following the receipt of records, neither email nor IM have processes for workflow, data integrity verification

to make sure the entire transmission arrived untouched and uncompromised, or the ability to enforce business rules to control access to those records. A Better Way to Ensure Financial Confidentiality To operate effectively, banks must replace ungoverned document transfer and storage methods with secure, reliable, and compliant information exchange processes that ensure data integrity. These processes help financial organisations move confidential data between locations in a secure, accurate, controlled, and documented manner that addresses the full range of current and evolving legislative and regulatory mandates. A secure file transfer solution enables financial organisations to send data more secure ly with return receipts and extensive tracking and auditing capabilities to ensure compliance with BASEL II, GLBA, PCI DSS (Payment Card Industry Data Security Standard), SOX (Sarbanes-Oxley Act) and regulations imposed by the FSA. Two common security protocols that help secure and increase the reliability of data transfer are Secure Sockets Layer (SSL) and Secure Shell (SSH). Both are specifically designed to encrypt file transfers as well as the associated administrative network traffic. SSL and SSH enhance the security and reliability of file transfer by using encryption to protect against unauthorised viewing and modification of high-risk data during transmission across open networks such as the Internet. Data must also be protected when it is being processed, in transit, and in storage. Financial organisations should use the strongest commercially available cryptography for storing and transporting data: 256-bit AES SSL. Combining SSL and SSH security with OpenPGP provides an additional level of protection for data at rest. OpenPGP encrypts files in storage through the use of cryptographic key pairs that authenticate users and data. Receivers need to use the corresponding private key in order to decrypt the file. Additional security measures include the use of FIPS 140-2 validated encryption libraries to secure files in transit, using 256-bit AES encryption and SHA-1 libraries to secure files in storage, and using the smallest possible buffers to secure files when processing them between transfer and storage encryption in order to prevent the exposure of large chunks of sensitive information in memory. To prevent even encrypted files from lingering on disk longer than absolutely necessary, files should be overwritten with cryptographic-quality random data upon deletion. The ideal level of data erasure is NIST 800-88 compliant and fulfils a critical PCI requirement.

Making Secure and Managed File Transfer a Reality An effective data transfer solution must be able to ensure end-to-end security, reliability, and auditability throughout the file transfer process, and provide management visibility over the process via integrated, application-level security, compliance reporting, auditing, workflow monitoring, and automation. Important features to look for in a data transfer solution include the ability to: Reduce the risk of providing access to financial data while complying with regulations such as BASEL II, GLBA, PCI DSS, SOX and those from FSA Simplify and automate file transfer processes to better understand, monitor, and respond to changing requirements without compromising customer confidentiality Protect file transfer communications through embedded security Provide robust data management, monitoring, and scheduling that includes tracking, auditing, and guaranteed delivery with non-repudiation Four Critical Considerations When evaluating technology solutions for data security, you should look at how four categories confidentiality, integrity, availability, and auditing contribute to compliance. Confidentiality ensures that information can only be consumed by authorised individuals and only for approved uses. Confidentiality begins with authentication of login credentials and putting a strong password policy in place, with features like expiring accounts and password management. Access control includes support for requiring 256-bit AES SSL encryption and TLS 1.1 or higher on all connections. This level of access should be mandatory for all clients connecting into your network infrastructure. If the clients connecting to your file transfer platform can t connect at 256-bit SSL or SSH or higher, access should be denied in order to protect your company from a potential data breach. Integrity means ensuring you have uncompromised delivery of all correct data with full SHA-512 support. Secure, encrypted data delivery is critical for ensuring business continuity. Secure hashing algorithms ensure that files have not been compromised during transport, and that the source and destination files are exact matches. A si ngle change in a file or writing a file to a bad sector on a disk can corrupt a file and produce faulty workflow notifications and business

process events. Non-repudiation takes data security to the highest level currently available by adding digital certi ficate management to secure delivery and data encryption. Availability can be achieved through load balancing and clustering architectures that support automatic failover and centralised configuration data storage to minimise the chance of a data breach. This also helps protect against antihammering and distributed denial of service attacks. Availability can also be achieved by building checkpoint restart and robustness into the solution that can overcome hardware failures or interruptions in Internet connectivity. Auditing provides comprehensive logging and log viewing with tamper evident security to guarantee the integrity of the log files. For technology, security, and other auditing purposes, all client/server interactions and administrative actions should be logged. A full MFT solution includes analysing capabilities, and features native and custom reporting and event driven notifications and workflow to ensure banks know what s happening on their networks, and that they ll be prepared to respond in the event of a compliance audit. IPSWITCH FILE TRANSFER: SECURE, MANAGED, AND COMPLIANT SOLUTIONS Ipswitch solutions deliver secure and managed end-to-end file transfer, enabling banks to meet GLBA, SOX, PCI DSS, and other compliance objectives and still have ready access to necessary financial information. Safeguard financial information Ipswitch file transfer solutions provide 256-bit AES encryption for transfers over SSL (FTPS, HTTP/S), SSH (SFTP, SCP2), and EDIINT (AS1, AS2 and AS3) protocols the highest commercially available encryption technology making them the most secure solutions for banks that require confidentiality when transferring financial data over the Internet. Ipswitch solutions also leverage OpenPGP file encryption, up to SHA-512 integrity, to ensure uncompromised transfers and non-repudiation. Exceed stringent regulatory requirements Our secure, automated, and reliable solutions track data access and security enforcement policies to enable a level of GLBA, PCI DSS and SOX compliance unrivaled by other file transfer methods. With the ability to create multiple hosts,

control user access down to the file level, and block attacking IP addresses in real time, administrators can help to ensure that confidential data is only accessible by those with explicit permissions. Increase ease of use and control IT operational and training costs Ipswitch solutions feature intuitive graphical user interfaces that are easy to configure and require no expensive training. Secure web-based interfaces let administrators control access, define rules, and ensure enforcement from one customisable dashboard. Silent installs and virtualization are also major cost-control mechanisms supported by Ipswitch solutions. Improve customer satisfaction The Ipswitch file transfer architecture scales to thousands of servers and clients providing the server clustering and load balancing necessary to ensure the availability and performance of critical merchant applications, and ensuring quick, seamless, and secure customer transactions. About Ipswitch, Inc. Ipswitch File Transfer is a global technology provider that builds solutions to securely move your valuable data. We enable companies and people to better manage their data interactions when visibility, management and enforcement matter. Our managed file transfer solutions deliver the control necessary to enable governance and compliance for our more than 40 million global users including the majority of Fortune 1000 enterprises and government agencies. These organizations trust Ipswitch File Transfer solutions to secure, manage, automate and streamline their critical and highly sensitive file transfers and data workflows. Learn more at http://www.ipswitchft.com or to contact us at http://www.ipswitchft.com/company/contact.aspx, or on LinkedIn and Twitter.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information