I spent this week in Tokyo Japan meeting with a few dozen financial services organizations. The primary purpose of my visit was to work with a few folks from the local McAfee team, pictured here, to discuss threats and trends within the financial services industry.
Financial institutions are diverse with multiple business models such as: private banks, investment services including asset and hedge fund management, stock brokerages, insurance, and conglomerates. These organizations are highly competitive because differentiators between financial services organizations are often opaque. They are extremely dependent on their IT assets operating as designed and even small issues over a limited amount of time can cost millions. And in a business where keeping sensitive, private data safe is paramount, the volume, velocity and variety of data passing through their mission-critical assets can be staggering and can require substantial capital and operational expenditures to protect. As such, there are four key areas they are focusing: cost reduction, data protection, agility, and compliance.
1. I spent this week in Tokyo Japan
meeting with a few dozen financial
services organizations. The primary
purpose of my visit was to work with a
few folks from the local McAfee team,
pictured here, to discuss threats and
trends within the financial services
industry.
2.
3. Financial institutions are diverse with multiple business
models such as: private banks, investment services
including asset and hedge fund management, stock
brokerages, insurance, and conglomerates. These
organizations are highly competitive because
differentiators between financial services organizations
are often opaque. They are extremely dependent on
their IT assets operating as designed and even small issues
over a limited amount of time can cost millions. And in a
business where keeping sensitive, private data safe is
paramount, the volume, velocity and variety of data
passing through their mission-critical assets can be
staggering and can require substantial capital and
operational expenditures to protect. As such, there are
four key areas they are focusing: cost reduction, data
protection, agility, and compliance.
4. Within security, total cost of ownership reduction has
historically been associated with risk avoidance and
stopping “bad things” from happening. However, with an
optimized security model the cost savings are no longer in
the realm of subjective guesswork.
It used to be that every issue had a dedicated technical
solution. Each solution required an agent. That agent
needed a console, and that console needed a server.
There was probably also a database, the need to have
support staff, rack space, power, connectivity, etc. All of
a sudden, a point security solution becomes much more
expensive than the cost of the product. By reducing the
footprint, minimizing agents, consoles, servers,
maintenance, licenses, IT support, contract negotiations,
and the like, real cost is reduced, security is improved,
and operational efficiencies are gained.
5. At the heart of every financial institution is sensitive
data. This data has value and that value transcends
legitimate and illegal uses. As such prudence dictates
that at the heart of every financial institution’s security
strategy resides controls for protecting sensitive data.
A connected security framework includes multiple
data-centric controls such as DLP, encryption, and
DAM, but it also leverages other controls around
networks and endpoints to enrich those solutions.
Regardless of external attacks, internal attacks, or
careless activity that puts sensitive information as risk,
having a connected framework will enhance data
security situational awareness while providing greater
control and resulting in a reduced risk posture.
6. Employees and customers alike are demanding
access to anything, anytime, anywhere, from any
device – they want agility. As we move from IPv4
to IPv6 the level of connectedness is going to
increase exponentially. These trends are already
driving change within financial institutions in areas
like mobility. Another change that requires an
agile security framework with a holistic approach
is next generation datacenter security that has
become vastly important in the face of trends like
consolidation, virtualization, and cloud services.
And if this wasn’t enough, IT is stilling being called
upon to address threats like APTs and
insiders. Having separate solutions in silos with no
connectivity lacks the underlying framework and
thus the agility to scale in today’s business place.
7. Simply put, financial institutions aren’t being asked to be
agile enough to embrace new trends; they are being
told by business leaders and customers alike. Because
the trends they are being asked to address will often
change, it’s important to have an agile framework that’s
not dependent on point solutions in silos. McAfee offers
a better way to minimize risk and say “yes” to new
requirements. And as additional devices get brought
into the mix, the situational awareness is enriched
because now there are more data points such as details
from that server, that user, that piece of data, that
mobile device – so more informed decisions can be
made more quickly. With a deep understanding that
complexity is the number one enemy of security,
McAfee has designed it’s solutions around the security
connected framework to be easy to use without
sacrificing the scalability financial institutions require, and
always remembering that security is the imperative.
8. From a technical perspective getting compliant often
starts with discovering where the assets, which are
subject to regulations, are located. Because systems,
data, and users are always moving around, this is a
continuous process. Once the data is discovered it
becomes necessary manage the information so that’s is
available and usable when needed, and in the case of
financial institutions more likely than not, there will be
multiple regulations to address. This is why many IT
organizations cite that generating reports to
demonstrate regulatory compliance is one of the most
time consuming and costly initiatives they have. Further,
many IT organizations still have separate solutions
responsible for security and compliance thus ensuring
that there will be wasted resources and disjointed
processes.
9. The McAfee security connected framework
streamlines the compliance process. Centrally
aggregating management and reporting
accomplish this. The interface is the same
regardless of the McAfee products and partner
products that are integrated, so it’s fast and easy
to get the information needed, create the reports,
and move on. Because the information can be
analyzed in real-time, compliance can be treated
as a continuous process just like security, instead
of snapshots in time. Finally, because the
technical controls are aligned across security and
compliance, the operational controls and
processes can be aligned too, thus further
creating synergies between security and
compliance efforts.
10. As part of the McAfee Security Connected framework, there
are a few key technologies that stood out among the rest in
terms of the interest level from the financial services customers
we met with.
Application whitelisting
Hardware-assisted security (secure silicon)
Context-aware SIEM
Reputation threat feeds
Security for virtual environments
Security for cloud environments (especially identity
management and data security)
Data security in the form of encryption, DAM, and DLP
As a stand-alone product all of these provide value. But as
part of an integrated McAfee Security Connected framework
the overall security posture is improved, risk is more effectively
mitigated, and operational efficiencies are gained that
reduce cost and yield a more agile and effective IT
infrastructure.