Managed Services and Safeguarding Financial Data

It's widely known that cyber-criminals see financial services firms as prime targets in cyber space simply because, as Willie Sutton put it, "that's where the money is." In 2010, a private investment firm called MF Global lost billions of investor dollars overnight in a mishap that led to a congressional investigation and left everyone wondering where the money went and what happened. Data breaches like this can be disastrous to organizations, personal fortunes, and the privacy of clients' personal information.

Safeguarding financial data is not an easy task under any circumstance. So, the big question is: how does an organization ensure its data isn't inadvertently or maliciously passed from one organization to another or simply vanish, without burdening the IT department? To get to the solution, we must first understand the history.

The financial failures resulting from the Great Depression created a tough time for financial institutions and in 1933, Congress passed the Glass-Steagall Act barring banks from conglomerating with other financial institutions so one company couldn't act as a combination of an insurance company, investment bank and commercial bank. But more than a half a century later, as the Internet led digital rush of the 90s pushed firms and organizations to transition their records into digital formats, the U.S. Government passed the Financial Services Modernization Act of 1999, more commonly referred to as the Gramm Leach Bliley Act (GLBA), lifting some of the restrictions set in 1933, to let financial firms team up with compliant organizations to offer a wider range of financial services under one corporate umbrella while ensuring the safe transmission of customer data across offerings.

GLBA conveniently breaks down responsibility for data integrity and security into three general definitions. The Financial Privacy Rule and the Pretexting Protection provisions require policies for employee handling of customer data, focused on protecting and preventing access not authorized by the customer. The Safeguards Rule requires that risk assessments be performed on the technology that collects, stores and processes customer information and that these safeguards be updated and maintained in an effective state. These provisions map implementation to current best practices that are designed to remain effective even as threats continue to evolve over time.

While important, these obligations for digital and Internet infrastructure quickly become daunting for organizations of any size, not to mention those needing to coordinate work flow, data processing and customer interactions. Many on premise IT departments have found themselves challenged to keep up with the demands of new security trials. To solve this, many have decided to move some portion of their IT burden to cloud-hosting experts that offer this type of compliance.

By leveraging managed services that offer GLBA compliance, IT departments in financial services firms can pass the GLBA burden onto managed services experts. These compliant services provide those protections for cloud-hosting support and relieve a firm's IT department from having to divert resources for hiring and/or training personnel to assume a burden they may never be able to keep up with.

It's important for financial firms to confidently find their footing in this seemingly ever new and challenging digital realm. By partnering with GLBA compliant managed services companies, they not only ensure protection and privacy for customers, but also implement a more economical option for their company. It's a win-win.