High profile security breaches and the resilience of advanced persistent threats have clearly demonstrated why security concerns have influenced the regulatory legislation governing all industries, and why regulations are here to stay. The fact that the majority of data gathered and compiled by organizations, including banks and other financial institutions, is now in electronic format and the failure to secure your network against emerging threats can open you to threats and greater risks, make securing this information as important for small banks and credit unions as it is for national chain institutions. While storing information electronically has certainly made storage and transmission of this information less costly and more efficient, it has also provided more opportunities for data to be lost, stolen or corrupted. According to one banking professional, “We see a growing dominance of hacking and malware used to grab credentials or create back doors.” These back doors can let in criminal malware from the outside as well as create opportunities for data loss from inside your organization.
VESL’s security policies are based in industry proven framework for best practices. Below is the snapshot of the framework.
The Risk of Data Loss
Losing customer or client data due to lax security or insider misconduct has plagued banks and other businesses for generations. Since the dawn of cyber communications, these risks have increased, because breaches can involve thousands of victims, and fines or judgments against the offending institution can soar into millions of dollars. In a case against Bank of America in 2011, a breach coordinated by insiders resulted in $10 million being stolen from banking customers. An insider had leaked sensitive data on at least 300 B of A customers including, bank account numbers, Social Security numbers and more.
VESL’s Security Services Best Practices
Enterprise systems are exposed to substantial risk from data loss, theft, and manipulation. Efforts to manage this risk are expensive and complicated because threats change quickly. As part of a preemptive IPC strategy, many enterprises are consolidating their electronic assets into database management systems. Databases allow better protection and control of access to these assets. Securing these databases is critical to protect sensitive information and comply with policy regulations.
VESL’s security best practices provide:
Uniform Data Security: The RAS Security model allows uniform specification and enforcement of access control policies on business objects irrespective of the access path. It overcomes the limitation of custom- built approaches that only work when an object is accessed via the specific code path that has access control logic embedded into it.
Secure End User Identity Propagation: Application sessions allow the end user identity and associated attributes to be conveyed securely to the database allowing the database to use the information for end-user access control and auditing.
Declarative and Fine Grained Access Control: RAS policy components encapsulate the access control requirements of the application in the form of declarative policy on data for application users, application roles, and application privileges. With column security, RAS model extends authorization to the column level to protect sensitive data such as SSN. With support for master-detail, parameterized, delegation, and exception based declarative policies, RAS meets the real-life deployment requirements of applications.
Security without Performance Trade-off: In most current systems, security is either coded into the applications or it is externalized but requires multiple round-trips impacting performance. Unlike these cases, RAS is natively implemented in the database and provides a security solution without trading-off performance.