Financial Services Cloud Forum

 View Only

How do you balance conflicts between critical operational and regulatory data requirements?

By Anne Lanc posted Fri August 02, 2024 11:13 AM

  

                          

As a senior Financial Services executive you’d be forgiven for feeling confused.  It seems that every year there’s yet another regulation you need to meet. 

GDPR, CCPA, Sovereignty, ESG and now DORA with its regulations on operational resilience, concentration risk, 3rd party risk and vendor lock-in, all impact data. Yet while each of these regulations individually looks sensible in its own right, when viewed as a whole, they impact and often conflict with one other.

Consider operational resilience.  You obviously need to make sure you can access your data in the event of disruption or outages.

 

However taking multiple copies of data to ensure resilience increases its attack vector, impacting its security and, depending upon where you store the backups, potentially increasing third party risk, and risk to the privacy of your data and its sovereignty.

If you use different Cloud providers to avert concentration risk and maintain resilience, your staff need different and wider skillsets.  With the well published shortage of skills in the market, highlighted in the IBM Cost of a Data Breach 2024 report just published, the challenge becomes more complex, more costly and ironically adds risk.

Adding to this imbalance, ESG requirements are becoming more prominent with regulators. For example, taking multiple copies of data increases your carbon footprint and cost, and certainly won’t   help you meet ESG targets.

And what about sovereignty?  Keeping data in one geographic location may lead to concentration risk and impact resilience. On the other hand, taking multiple copies for resilience may impact your sovereignty governance.

This is before even considering increasing international regulator focus on data privacy.  Ensuring data’s compliant with data privacy regulations is a requirement of doing business.  But 70% of all countries in the world have their own data privacy regulations and guess what? they’re all different.  As a multinational that’s a nightmare.

Figure 1 outlines the critical data challenges that you need to balance from a regulatory and operational perspective.

It’s time to think differently.

Data Out Protection:  Protecting critical data across hybrid multi-Cloud.

Data is the “Gold” that bad actors want.

Yet it’s the poor cousin of the security we all apply around people, networks, devices and services. Unlike these traditional perimeter security approaches, data redefines the concept of a perimeter across hybrid Cloud.

So it makes sense to protect data as a sovereign asset in its own right, building in security, compliance and resilience into every data asset, so it’s safe and recoverable everyone it travels, anywhere it rests.

We call this “Data Out Protection.”

So how does Data Out Protection help you balance your data challenges to reduce cost and risk and meet critical compliance, ESG and operational needs?

Data Out Protection applies three critical but easy to implement measures via a single control pane, completely aligned with your risk, security and compliance governance by:

1.        Embedding security and resilience within each data asset according to data classification policies under your control;

2.        Embedding data privacy compliance measures automatically by default; and

3.        Selecting where you store your data across multi and hybrid Cloud according to your own sovereignty governance.

This enables you to protect data anywhere it travels, everywhere it rests.

Add a dashboard that gives you visibility to see and mitigate threats across your data landscape, transforming how you balance security, resilience, compliance, sovereignty, cost and ESG challenges in a verifiable way.

Figure 2 shows the impact of Data Out Protection on the challenges set out in Figure 1.

You can now manage your data holistically without vendor lock-in and with full assurance.

You now have the power to control the security, resilience and privacy of all your data, anywhere in the world, from a single centralised dashboard. 

Your dashboard gives you visibility of all your data whether on your premises, across multi-cloud or at the Edge. 

You know:

  • Where it’s stored.
  • How it’s protected.
  • That it’s compliant with privacy regulations everywhere.
  • You can recover any data anytime, on-demand, after Cloud disruptions or ransomware on one or more data stores.
  • The sovereignty, concentration and resilience of your data across providers, geographies or storage types, and manage this according to your organisation’s risk appetites.
  • You can map your critical ICT assets to your information assets (data) as required by DORA – in real time. 
  • That data storage volume and costs are reduced by half, to help meet Environmental, Social and Governance targets, at significant uplift in resilience. 
  • Your data is also quantum decryption resilient now because of the unique way Data Out Protection transforms and protects your data.

and as transformed data is meaningless to bad actors, this nullifies the risk of disclosure from breaches of data stores and reduces 3rd party risk.

You now have the perfect platform for managing your data across the critical operational and regulatory requirements in accordance with your organisation’s risk appetite and governance.

Scales of justice with solid fill

For more information on Data Out Protection see Dr David Lanc’s Whitepaper on the attached link:

Data Out Protection Whitepaper

CEO Ionburst (US) LLC



#data
#financial-services
#Regulatory
#Governance,RiskandCompliance

0 comments
21 views

Permalink