PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

Ensure a Digital Chain of Custody for Compliance

Joe Gaska by Joe Gaska
May 28, 2021
in Compliance and Regulation, Data, Industry Opinions
0
Ensure a Digital Chain of Custody for Compliance

Ensure a Digital Chain of Custody for Compliance

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

If you’re a financial services organization, data is your business. Whether you’re in banking, insurance, wealth management, mutual funds or advisory services, everything centers around collecting, generating, moving, managing, analyzing and acting upon copious amounts of data – much of which is sensitive.  

The move to SaaS

There’s been a move to transform that data from paper-based to digital for some time. The pandemic greatly accelerated that shift, with financial services professionals working remotely and customers needing online access to their information. 

Now, more and more organizations are using cloud-based, SaaS applications to not only manage electronic financial data but also run their business. For instance, Salesforce helps manage sales and customer data and enables insights for product and service innovations. 

SaaS complicates compliance

SaaS provides numerous advantages. There are significant cost savings that come from not having to invest in, maintain or update supporting IT infrastructure. You can operate with much more agility, and easily and cost-effectively scale data and users. And since many users access the same application, they can easily share information and be sure they’re accessing the latest version.

But there are also complications, particularly when it comes to ensuring compliance in such a highly regulated industry. Consider the Gramm-Leach-Bliley Act, which requires financial institutions to “safeguard sensitive data, know where sensitive customer information is stored, and store it securely.” Or the SEC’s Regulation S-P, that mandates “protecting against hazards to the integrity, unauthorized access to, or use of customer records and information.” And then there’s the need to be WORM-compliant, meaning records must be “Write Once Read Many” to ensure they’re not altered or deleted.

When you use SaaS applications, your data resides in the app vendor’s infrastructure. Essentially, they own your data. However, the vendors operate under a shared responsibility model. This means they’re obligated to protect the SaaS app itself, but they’re not responsible for safeguarding your data. That’s your responsibility. 

Because of this, some organizations use backup vendors to help protect their SaaS app data. But even this causes complications because that data typically resides in backup vendor’s infrastructure under that vendor’s control, not theirs. 

How to reduce risk

Where data is stored is critical to how accessible and vulnerable it is. One key way financial services organizations can mitigate risk and enhance compliance is by bringing SaaS app data storage under direct ownership – and making sure to capture and retain all changes made to the data, as well as information about who made those changes. This includes not only who they are, but also where they were located, their IP address, device used to access data, and so on.

To take back ownership of data, organizations can back up and archive all historical data directly into their own cloud storage environment. With 69% of financial companies using AWS and 79% using Microsoft Azure even prior to the pandemic, it’s extremely likely that most organizations today already use cloud storage. And both AWS S3 and Azure have WORM compliant offerings, meaning organizations can make the data non-erasable and non-modifiable for a time interval that they specify.

By centralizing data into an owned data lake, organizations can then create “watering holes” of data access for authorized users – instead of gatekeeping information in a vendor-owned and controlled repository or providing access with relaxed risk management processes. 

Mitigating data sprawl

Reducing data sprawl is another essential component of compliance. Today, to access the data needed to perform their jobs, many employees copy data from SaaS applications into their own systems. This creates myriad problems, from inaccuracies caused by data being changed in one version of copied data and not others, to the more straightforward issue of not knowing everywhere data is stored – and who is accessing it. 

The more copies there are and the more potential touch points, the greater opportunities for unauthorized access and the harder access and changes can be to trace. These issues can put an organization at risk for breaches, intentional and inadvertent data corruption, and penalties when auditors come knocking.

By capturing every single data change and storing all that historical data in the secure AWS or Azure enclave an organization is already investing in, they can get all the benefits of SaaS while enabling the granular traceability and digital chain of custody required for compliance.

Tags: complianceCompliance and RegulationDataIndustry OpinionsRisk ManagementSaaS
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Mercator Advisory Group analysts and industry professionals.

    Must Reads

    live shopping, ebay

    Q&A: eBay Exec on Live Shopping and the Future of Payments

    March 24, 2023
    AI and Biometrics in Regulatory Compliance in Finance

    The Importance of AI and Biometrics in Regulatory Compliance in Finance

    March 23, 2023
    Everyone Benefits from the Real-Time Payment Networks  

    Everyone Benefits from the Real-Time Payment Networks  

    March 22, 2023
    commercial payments

    Optimizing Commercial Payments in the Digital Age

    March 21, 2023
    cross-border payments

    Cross-Border Payments: Fighting
    E-Commerce Fraud Using Data

    March 20, 2023
    fraud, ChatGPT-4

    How to Fight Fraud While Still Enabling a Great Online Customer Experience

    March 17, 2023
    RTP

    Financial Institutions Without an RTP Strategy Risk Being Left Behind

    March 16, 2023
    visa chargeback

    New Visa Chargeback Guidelines Will Be a Game Changer

    March 15, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result

      Register to download the Payoneer eBook: