Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

File Sharing Use Cases in Financial Services

2,031 views

Published on

Financial services institutions need to meet high standards of security, particularly when collaborating with external partners, in order to comply with federal regulations and protect their customers. However, security protocols designed to protect sensitive information can actually hinder workplace productivity. This presentation demonstrates different ways that financial institutions were able to get back to business using BlackBerry Workspaces, the secure file sync & share solution.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

File Sharing Use Cases in Financial Services

  1. 1. © 2016 BlackBerry. All Rights Reserved. 1 1 File Sharing Use Cases in Financial Services Jeff Holleran Vice President, Corporate Strategy July, 2017
  2. 2. © 2016 BlackBerry. All Rights Reserved. 2 2 Agenda  Secure File Sharing in Financial Services  Financial Services Use Cases  Next Steps
  3. 3. Secure File Sharing in Financial Services
  4. 4. © 2016 BlackBerry. All Rights Reserved. 4 4 Financial Services: Key File Security Drivers  Regulations - Multiple Requirements:  Data Security and Encryption  Strong Authentication and User Management  Protection of Customer Data  Chain of Custody and Compliance Reporting  DLP Support  Intellectual Property Protection  Internal Technology and Systems  Management and Maintenance of Client IP  Corporate Governance and Confidentiality  Mergers and Acquisitions  Executive-Level Communications  Maintenance of Mandated Internal Business Firewalls  Threat Intelligence Sharing
  5. 5. © 2016 BlackBerry. All Rights Reserved. 5 5 Regulatory Requirements NYDFS 500 GLBA/ FFIEC PCI DSS GDPR Protection of Customer Info X X X X Encryption X X X X Access Controls X X X X Compliance Logging and Reporting X X X X Oversight of External Users X X X X Incident Monitoring and Reporting X X X Section 500.15 Encryption of Nonpublic Information. (a) As part of its cybersecurity program, based on its Risk Assessment, each Covered Entity shall implement controls, including encryption, to protect Nonpublic Information held or transmitted by the Covered Entity both in transit over external networks and at rest.
  6. 6. © 2016 BlackBerry. All Rights Reserved. 6 6 Best-Practices Security Standards  ISO/IEC 27001 Certification  ISO 27001 was developed to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system."  SOC2 Type 2 external audits against AICPA auditing standards  A SOC 2 report helps to address third-party risk concerns by evaluating internal controls, policies, and procedures that directly relate to the security of a system at a service organization.  FIPS 140-2  U.S. government (NIST) computer security standard used to approve cryptographic modules. Financial Services firms and their technology partners should conform to the following standards: The following standards provide best-practices security benchmarks for technology providers:  US DoD ITAR & DFARS Compliance (NIST 800-53 and NIST 800-171)  US HIPAA compliance and reporting  UK Cyber Essentials Standards
  7. 7. © 2016 BlackBerry. All Rights Reserved. 7 7 File Sharing Throughout the FS Enterprise CEO Board of Directors • SEC filings • Tax/audit filings • SOX reports • Placements • Board reports CIO / CTO Investment Banking Human Resources • Compliance reports: GLBA, SOX, PCI, etc. • Contracts • Proprietary systems • Compensation • Bonus data • Employee equity grants CFO Market Research Legal Real Estate Services • Contracts • Corp dev/M&A • eDiscovery • Outside counsel Business Partners Investors Banking Customers M&A Parties Banking Services • Board documents • Strategy plans EXTERNAL • Buy-side research • Sell-side research • Advisory Services • M&A deal materials • Mortgage documents • Ecological assessment documents • Property debt documents • Loans, Letter of Credit • Performance report • Wealth Management/ Investment fund performance data Regulators Outsourced Operations Industry Groups Outside Attorneys Risk Assessment Sharing
  8. 8. © 2016 BlackBerry. All Rights Reserved. 8 8 File Sharing Today: Major Risk Factors The average organization has 13 file sync applications in use – most not approved or managed by IT 13 76% of organizations send traffic to Dropbox (2GB/mo. on average) 76% Source: Netskope, Palo Alto Networks, Gartner Of non-sanctioned cloud services used in FS firms are cloud storage and webmail apps 40% Of cloud DLP violations at FS Firms involve Webmail, Cloud Storage or Collaboration Apps 72%
  9. 9. © 2016 BlackBerry. All Rights Reserved. 9 Secure Enterprise File Sharing Requirements Security & Compliance Productivity  File Encryption  Encryption at rest, in transit and in use  FIPS 140-2 certified crypto-modules  File Access and Usage Controls  Only Authorized Users May Access Data and Files  Restrict File Redistribution  DRM, watermarking and online-only mode  Administrative Controls  Fine-Grained User and Policy Management  Ability to Revoke or Change Access Automatically or Manually  Logging and Auditing  All Data Access Events Must Be Captured and Logged  Flexible Compliance Reporting  DLP Integration and Support  Collaborative Workspaces  Accessible via browser and apps  Cross-Platform Support  Platform Agnostic  Secure Access, Productivity and Synchronization  Extend and Secure Existing Repositories  “Protect-in-Place”  Provide Access and Sharing W/O File Migration  Support Existing Workflows & Systems  Robust Integration Architecture  Development API’s and SDK’s
  10. 10. Financial Services Case Studies
  11. 11. © 2016 BlackBerry. All Rights Reserved. 11 11 Common Financial Services Requirements SHARING TO AGENTS / MERCHANTS EXTERNAL AUDIT REPORTING M&A / COMMERCIAL TRANSACTIONS LOAN / CREDIT INFORMATION Remote access / mobile productivity • Control sensitive / regulated information shared to agents • Capture data from remote locations on mobile devices • Securely synced folders Securely collaborate with 3rd parties • Sharing spreadsheets, models, numbers, etc. • Control how files are used, who is accessing them, when and where • Revoke access to documents after deal Regulated, non-public information • Share confidential, non-public documents with outside auditors • Compliance regulations Protecting customer statements (PII) • Collaborating on loan / credit information throughout lifecycle • Providing regulated statements, capital calls, tax documents LITIGATION / TRAIL CASES Sharing to outside counsel • Simple and secure sharing of files (some large – 10 GB) • Prevent forwarding of information and revoke access after trial
  12. 12. © 2016 BlackBerry. All Rights Reserved. 12 12 USERSBUSINESS NEED BENEFITS Requirement 3.4: All credit card data needs to be encrypted or rendered unreadable. • PCI certification on portfolio basis • Already adopted for secure collaboration  Easy to apply to PCI • Executives (SVP / VP) • Managers • Customer representatives • Anyone who touches customer credit card information • Persistent AES-256 encryption • Encryption and controls travel with the file • All file activities are fully tracked for auditability Case Study: PCI DSS Compliance - Protecting Customer Personal Data Customer Overview American financial services company operating in business banking, retail banking and wealth management Payment Card Industry Data Security Standard (PCI DSS)
  13. 13. © 2016 BlackBerry. All Rights Reserved. 13 13 Case Study: Agent Network Regulatory Audit USERSBUSINESS NEED BENEFITS  Each of the 2,500 agencies must undergo regulatory audit every 18 months  Requires collection of policies from 10-20 customers, approx. 20 documents per customer  No secure standard process for sharing files  Auditors (India)  Audit Manager  Regional Sales Manager  Independent Agency  Minimize security risk by standardizing the process.  Control who has access, how long, what they can do with the file, etc.  Track activity for access to sensitive data. Export audit logs for records. Customer Overview Global provider of insurance, annuities and employee benefit programs, serving 90 million customers.
  14. 14. © 2016 BlackBerry. All Rights Reserved. 14 14 USERSBUSINESS NEED BENEFITS Need to protect business documents for transactions. • Replace Intralinks with a mobile- friendly solution • Globally accessible by 1,000 internal users and 15,000 limited partners • Board members • Internal employees and contractors: Sales, PR, Legal • Limited partners • Rolled out globally • Easily integrated with existing portal with APIs – no change to user experience • Added security controls on business documents Case Study: Securing Investor Relations Customer Overview One of the world’s largest private equity firms.
  15. 15. © 2016 BlackBerry. All Rights Reserved. 15 15 Case Study: Wealth Management Advisors USERSBUSINESS NEED BENEFITS Establish a mobility strategy • Securely share and work on mobile devices • WMAs spent hours printing & shredding files • Must be easy enough to use for senior executives and board members • Wealth Management Advisors (WMA) • Clients • Senior executives and board members • Reduce the amount of paper used, resulting in $440K worth of carbon credits • Save time to spend with clients, doing more value-added work Customer Overview Large European bank, operating in more than 50 countries globally.
  16. 16. What Next?
  17. 17. © 2016 BlackBerry. All Rights Reserved. 17 17 Perform a Security Audit and Review BlackBerry Shield Security Audit and Review Program  Option One: Online Self-Assessment  Option Two: 90-Minute Detailed Personal Review For more information: https://us.blackberry.com/enterprise/security/mobile-security-best-practices • Device security policy management • Security administrator controls • OS integrity and malware controls • Encryption (at rest, in transit) • Authentication • Data leak prevention • Secure communications and content protection • Application security • Availability Technical Controls Administrative Controls • Mobile Device Lifecycle Management • Application security • Organizational security structure • Security configuration change management • Risk assessment • Security incident and response • Governance/HR and Legal • Security awareness training BlackBerry Offers a FREE Security Audit
  18. 18. Thank You… Questions?

×