It's a risky information business...

...but there are processes which can successfully protect your assets and capitalise on revenue opportunities

By Geoff Noble

Managing risk is critical to financial services organisations, and information is central to business processes and innovation. Highly essential therefore, is successfully managing the risk associated with information.

The most effective means of recognising, assessing and mitigating the risk that information is exposed to throughout its life-cycle is via Information Risk Management (IRM) strategies.

Intellectual property, financial, legal and personal information flows throughout your extended enterprise. IRM follows the information’s path as it is created, distributed, stored, copied, transformed and interacted with throughout its life-cycle. This “path” provides a holistic view upon which you can develop a comprehensive information risk mitigation strategy that ensures that information is an asset – and not a liability.

Financial services organisations are increasingly consolidating disparate and disconnected views of risk. By taking an information-centric view of security, an institution can eliminate the siloed approach to managing risk by taking an enterprise-wide view of information as it travels through the organisation.

IRM allows you to improve existing methods for mapping risks across the enterprise. Financial institutions need to protect lines of business from information risks and take advantage of the opportunity to leverage security investments across multiple lines of business – including retail banking, corporate banking, card services, consumer finance and merchant services.

Securing access to sensitive data requires organisations to implement the appropriate level of authentication and encryption, security event management and fraud detection. A combination of these tools enables organisations to deploy enterprise solutions focused on internal as well as external threats to information.

IRM allows you to address five key initiatives more effectively.

1. Secure business continuity
You need the ability to maintain fluid operations regardless of external or internal interruptions, epidemics, attacks and disasters. You increasingly rely on employees being able to access information whilst travelling, and more business processes are moving to the Internet, giving customers, trading partners and employees network access needs. To stay competitive and secure business continuity, institutions must increasingly provide secure remote access.

Information stored on enterprise networks is among your most valuable assets, and access to that information must be closely managed. Strong authentication for both remote and internal access proves the identities of individuals before allowing access to your IT resources. Two-factor authentication is a much more secure level of user authentication than static passwords. Strong authentication for employees is an important initial layer when financial institutions open up internal systems to remote and third-party PC access.

2. Meet regulatory and governance challenges

Financial services firms worldwide audit data to comply with regulatory mandates. But most financial institutions have complex, highly distributed infrastructures where collecting logs is a major challenge.

The intense pressure to demonstrate compliance with internal governance and external regulations can stall and complicate business operations – and can drive up operational costs.  Companies should have access to an information management platform that is able to provide comprehensive and efficient transformation of event data into actionable compliance and security intelligence.

3. Expand into new markets
Financial services organisations operate in a global environment and are exposed to information risks as new technologies, processes and cultures are introduced. Sensitive data must have the appropriate level of authentication and encryption, security event management must be monitored and fraud detection must be reliable.

IRM allows you to leverage the value of your security infrastructure to support business growth. Securing enterprise data will help you maintain the credibility and integrity of your information by ensuring that only authorised people have access to sensitive information, and that information cannot be unduly altered.

4. Improve customer confidence

Your customers expect their financial information to be secure and private  Financial institutions can leverage a comprehensive IRM strategy as a compelling value proposition to end customers. When you can ensure that customer information is secured with proven up-to-date technologies and services, you can improve customer retention and generate new sales.

Customers enjoy the ease of self-service online services, but fraud attacks are the fastest-growing security threat. While online and phone channels help meet customer demand, they come with the risk of fraudulent transactions, reducing consumer confidence. To leverage the benefits of conducting business online, you need to ensure that your channels are trustworthy and secure.

5. Reduce the costs of doing business
An IRM strategy reduces risk and costs throughout the enterprise, allowing you to successfully manage risks throughout the information life-cycle.

By selecting a trusted advisor, they can help you discover and identify information that needs to be secured with an appropriate level of protection at the appropriate stage of its life-cycle. By identifying and closing information security gaps through an effective IRM strategy, you can focus on critical operations that drive revenue and customer confidence – instead of having to respond to security breaches.

Successful IRM creates tremendous opportunities for financial services firms to protect assets, capitalize on new revenue opportunities, build brand value and address evolving market requirements.

Geoff Noble is banking & finance specialist at RSA, the security division of EMC.