IT
Financial Services organisations must implement appropriate security measures to protect personal data and have a clear data protection policy - particularly with the implementation of the General Data Protection Regulation (GDPR) only 18 months away.
The Financial Services sector now needs to incorporate these requirements into Business Continuity & Disaster Recovery solutions. Whereas data security is core, classification of personal data, storage and accessibility of that data is essential in order to respond to GDPR reporting requirements in the event of a breach.
When choosing a suitable service, financial services companies should deal with a reputable and experienced organisation which can help secure and protect digital assets. This begins with defining the data requiring protection, then designing a service which will protect and retrieve that data in the event of a data breach or service disruption. This may be a Backup as a Service (BaaS) to protect data, or combined with Disaster Recovery as a Service (DRaaS) to also protect services. This helps ensure business continuity by minimising downtime and disruption to customers and employees while ensuring compliance with GDPR.
GDPR requirements firmly put the ability to retrieve data under the spotlight and clearly point to online backup systems as being the essential solution. Data access and retrieval must be easy, as tape has become impractical.
BaaS enables financial services companies to reduce the risk of data loss, lower compliance costs and improve data governance. Offered with a managed service, should a breach occur, the service team helps with data recovery. More comprehensive full DR services provides businesses with a customised recovery plan meeting both compliance and continuity needs.
Data backup is the second most common IT function moved to the cloud (email being the first). BaaS connects systems to a private, public or hybrid cloud managed by a third party.
You decide how many locations your backups reside in. This usually includes an encrypted, off-site backup on a separate domain so that it is not affected in the event of a cyber-attack. You can even have a local storage backup which can improve recovery speed.
Why should you have BaaS?
1. IT outages can cost millions. In 2014 Gartner rates the average cost of IT downtime at over $300,000 per hour.
2. In the event of a data disaster, recovery is four times faster with cloud backup – 2.1 hours as compared to 8 hours.
3. There is no need to worry about data security. Data may even be more secure in the cloud than it is on company servers. The fact that this security is managed by a third party means continuous monitoring, protection and encryption options are used.
4. BaaS offers companies a full audit trail – your business is compliant. Having your backup processes managed by a third party offers you the compliance needed including SAS 70, Central Bank and regulatory bodies as well as EU Directives such as the NIS Directive and Data Protection Regulation (GDPR).
GDPR Directive
The new GDPR directive means that financial services businesses must:
-
Understand where all data resides and ensure it is protected
-
Appoint a data controller
-
Carry out risk assessments
-
Notify authorities within 72 hrs of a breach
-
Implement appropriate systems to minimise risk
-
Implement full data protection
The potential risks for non-compliance include fines of up to €10M or 2% of global turnover for the NIS Directive and €20m or 4% of global turnover with the GDPR Directive.
Failure to comply with regulations may result in significant fines, even if no data breach or disaster occurs.
By Trilogy Technologies.