Cloud Data Protection for Financial Services

Global Banks and Investment Firms need to satisfy an increasingly complex web of international and regional data residency and protection laws

Overview:

Organizations who are trusted with maintaining the privacy of customer’s financial records know quite well that they, perhaps more than any other industry other than the Defense Sector, need to comply with a multitude of data privacy and security requirements. Whether the policies are driven by internal data privacy and cloud data governance teams based on internal security standards or by requirements from compliance requirements associated with external industry specific mandates such as GLBA in the US or those from APRA in the AU, financial data requires very explicit safeguards. And the sensitive data can take many forms across various sub-sectors in the industry, as exemplified in the chart below.

Enter the Cloud:

Cloud adoption makes an already complicated Financial Services IT Security scenario and makes it exponentially more difficult. Why? Because this sensitive, regulated data now can flow into public cloud environments where, by definition, the data will be stored and located in new location(s) and will now be accessible by a host of new individuals (such as employees of the cloud service provider, their suppliers, etc.). This creates a compliance and regulatory perfect storm for many players in the industry, and is keeping them from using the public cloud for anything but the most benign use cases.

Given that public cloud SaaS applications, for all of the benefits they bring an organization, introduce new questions associated with data location, data access, data regulations and data security, how are banks and FI’s supposed to get full beneficial use out of all they can offer? The answer?  Blue Coat.

Global Leader in Financial Services

Customer Case Study

Global Leader in Financial Services for Consumers and Businesses Regulated Data Stays Local and the Power of the Cloud is Unleashed – Say Goodbye to On-Premise Challenges

This global diversified company happens to be one of the largest financial lenders in the world. As part of a global initiative to embrace cloud technologies where possible, a team tasked with building out a new Gateway capable of supporting multiple regions around the world for the origination and provisioning of consumer loans (asset-backed and unsecured lending). The Gateway needed to support the lending needs of branches operating in locations as varied as Southeast Asia and Central Europe. Besides regional IT and infrastructure differences, the team needed to consider all of the country specific and regional data protection laws that would the system would need to adhere to.

No cloud Gateway, on its own, could meet their data privacy requirements. In addition to a variety of financial services sector compliance mandates, many countries where the loan Gateway would be used had restrictions on financial services data crossing a border. This of course was problematic given that the core cloud Gateway that best met their functional needs was Force.com, part of the Salesforce.com cloud Gateway.

Requirements

The solution team had to develop a solution that enabled the global organization to leverage a U.S.-based cloud (Salesforce.com) while keeping all regulated data local in the countries where the loans were being originated and serviced. Said another way, all regulated data needed to stay completely out of the cloud. And the cloud application’s functionality – built on Force.com – could not be adversely impacted. Users of the loan system in the branches needed to have full access to the information just as if it where all truly stored in Salesforce.com! Also – external application, providing data on things such as credit-worthiness, which needed to be considered during the loan decisioning process, needed to be able to integrate and interoperate with the Gateway without interruption.

Solution

The company’s compliance and data privacy teams investigated a solution area that Gartner and Forrester have named Cloud Data Protection Gateways as a possible way to solve the problem. After speaking to leading Industry Analysts in the space and conducting a detailed RFI/RFP and Proof of Concept process, the organization unanimously selected Blue Coat as their technology partner for this security capability. ’ strong security proposition (ability to use non-mathematically generated tokens or strong 3rd party encryption) while simultaneously preserving more cloud functionality than any other product in its class was a key differentiator of the solution. Equally important was the solutions ability to easily support other cloud Gateways and the simply interoperability with third party systems from the Salesforce AppExchange ecosystem facilitated via robust Web Services and APIs. (Editor’s Note: is now deployed across multiple divisions of this organization supporting an array of clouds and use cases).

In the loan system built on Force.com, sensitive documents and data fields containing PII are replaced with a surrogate token or encrypted value before they leave the enterprise’s control. Only the replacement value is processed and stored in the Salesforce cloud, so the enterprise and their auditors are assured that information is meaningless if it is accessed by any unauthorized individual or parties. And best of all, the Blue Coat Gateway ensures that the critical Salesforce functionality that the company’s solution depends on, such as the ability to Search on loan applicants names and loan numbers that have been obfuscated, is retained.

Resources

Cloud Data Protection Gateway Datasheet
Cloud Data Protection Gateway Encryption Solution Brief
Cloud Data Protection Gateway Tokenization Solution Brief