• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • Latest News
  • About Us
    SEARCH
IT Infrastructure, Network Security

Gauging How the FDIC Proposed Standards Will Affect Financial Industry Cyber Security

With the new Proposed Standards from the FDIC, financial institutes will need to ensure their cyber security is up to standard. We spoke with Jeff Kaplan to find out how the financial industry might be affected.

April 3, 2017 TechDecisions Staff Leave a Comment

The Federal Financial Institutions Examination Council (FFIEC) as well as the Federal Deposit Insurance Corporation (FDIC) have recently made announcements that focus on cybersecurity.

The FDIC in particular imposes more stringent requirements — called the Proposed Standards — across several categories of cybersecurity, including: cyber risk governance, cyber risk management, internal dependency management, external dependency management and incident response, cyber resilience and situational awareness.

TechDecisions spoke with Jeff Kaplan, CEO of Breakthrough Technology Group, about how these Proposed Standards might affect the financial industry and beyond:

TD: How will the newly released proposed standards impact how financial services use technology?

Data privacy and security are top concerns, and a key technology issue will be determining the best way to leverage the cloud. Whether a company is governed by industry mandates such as HIPAA (healthcare) or FINRA (banking and finance), or perhaps it has its own internal reasons to safeguard its data, a private cloud offering is the better way to go. Unlike public clouds, private cloud offerings can provide users with dedicated virtual firewalls and computing environments that are virtually — and sometimes even physically — isolated from other companies’ data.

At the consumer level, there will be another aspect of privacy and data security to consider around mobile payments. The related technologies are evolving rapidly, and as consumers become more mobile-centric, financial services institutions will need to be more careful and deliberate when mitigating services.

Data jurisdiction is another security concern for some companies. They need to know exactly where their data is being stored and specifically that it’s not crossing international borders. Few public cloud providers can make this guarantee, but private cloud providers can.

When using the cloud to support these new standards, financial institutions are advised to pay close attention to:

Data classification. How sensitive is the data that will be placed in the cloud (e.g., confidential, critical, public) and what controls should be in place to ensure it is properly protected? Does the cloud service provider encrypt or otherwise protect non-public personal information (NPPI) and other data whose disclosure could harm the institution or its customers?

Data segregation. Will the financial institution share resources with other cloud clients? For example, will the data be transmitted over the same networks, and stored or processed on servers that are also used by other clients? If so, what controls does the service provider have to ensure the integrity and confidentiality of the financial institution’s data?

Recoverability. How will the service provider respond to disasters and ensure continued service? Does the financial institution’s business continuity and disaster recovery (BCDR) plan include specific details in its service level agreement (SLA) such as recovery time objective (i.e., how long it will take to recover the bank’s data following a disaster) and recovery point objective (i.e., the maximum amount of data that may be lost following a disaster).

TD: How do public cloud environments play into these new Proposed Standards and affect financial services?

The reality with many multitenant – cloud offerings is that once a company commits to a specific platform, infrastructure and/or application, changing that decision is anything but easy. In today’s ever-evolving business environments, new regulations (like Proposed Standards) are constantly being introduced, mergers and acquisitions are an everyday reality, and customer demands are always increasing.

As such, financial institutions need to plan for change being a constant, rather than settling on a firm set of technologies based on what’s familiar. Public clouds may be very accessible and offer attractive economics, but this is not the only option, and may not provide enough flexibility, especially for financial institutions that want to be on the cutting edge for competitive advantage.

TD: How does a private cloud work differently than public cloud environments? In addition, how are private clouds as a service different than public cloud offerings?

Lets first define “the Cloud” how analysts see it, as well as the Industry.  Many people have the perception that “Public Cloud” is external whereas “Private Cloud” means hosted on a customer premise, managed by a customer internal IT team.   Our view is that Cloud encompasses any application hosted by a third party, typically off premise, and accessed by either the Internet or private connectivity such as MPLS. Cloud computing has evolved so much over the years that it is necessary to identify various subsegments of the market, beyond Public Cloud Providers such as Amazon and Microsoft Azure.

Managed Cloud Providers deliver the benefits of the public cloud with the security and flexibility of a private data center. In a public cloud environment, on the other hand, customized services and accommodations are limited because the public cloud provider has to be cognizant of the other tenants on its platform.

Managed Private Clouds offer virtual or physically dedicated and isolated environments for each customer and provide complete visibility – of environment. Financial institutions are best served by managed private cloud by virtue of the deployment model’s allowance for customization, security, and flexibility.

TD: Why could private clouds be a better alternative to financial services?

Banks are subject to increased scrutiny and auditing requirements, and they need to ensure these requirements can be met in a cloud environment, too. With a private cloud, specific reports and visibility and security  can be built in to satisfy compliance requirements, which may not be the case in a public cloud environment.  Given the volatility of today’s market, banks need the assurance of a next generation infrastructure that performs optimally, and is also agile and flexible enough to quickly pivot in response to business or regulatory changes.  Also important, is the peace of mind from knowing that their data resides in a private, secure environment, and exactly where it is located.

Tagged With: Cloud

Related Content:

  • Cyber technology security lock on screen, network protection Why Security Technology Convergence is Crucial to Future-Proofing…
  • WatchGuard Ransomware WatchGuard: Ransomware on Pace for Record Year
  • Crestron Williams Fortune 500 Company Standardizes Meeting Rooms with Creston
  • Microsoft Defender Microsoft Releases Security Posture Management for Defender for…

Free downloadable guide you may like:

  • Uber Advanced Technologies Group Drives its Business Forward

    The guiding principle for the new Uber meeting room redesign was “invisible comfort” to ensure that everyone could maximize productivity.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Uber Advanced Technologies Group Drives its Business Forward

The guiding principle for the new Uber meeting room redesign was “invisible comfort” to ensure that everyone could maximize productivity.

Windows 11
Blueprint Series: Upgrading to Windows 11

Upgrading end users to Windows 11 could be one of the most challenging tasks IT has to face in the coming years. Although the new version is touted...

The State of the IT Department in 2022

The role of the IT professional has shifted from one that supports the business to one that is deserving of a seat at the table when it comes to ma...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2022 Emerald X, LLC. All rights reserved.