Almost half (41 per cent) of respondents admitted that their organisation uses less stringent safeguards to protect confidential data during the testing and development of their web portals and applications than during the initial production stage. This approach appears to be a result of confusion over culpability when it comes to data protection. The majority of respondents, 27 per cent, said that no one department has responsibility for protecting this data, whilst another 16 per cent revealed that responsibility lies with their business heads. With security, compliance and legal teams being sidestepped, decisions around data protection are being made by those who are more likely to be driven by the need to meet corporate targets, rather than addressing data security risks. This leads to a lack of governance and risk management, which in turn adds to the risk of a possible data breach.
The issue of compliance is further complicated when external parties come into the equation. Nearly 85 per cent of respondents said that their organisation outsources the development and testing of software applications. In over half (51 per cent) of cases, outsourcing these functions involves sharing real data, highlighting an increased risk as it passes through more hands. By not ensuring that third parties have appropriate safeguards in place such as data masking in place, banks are greatly increasing the likelihood of customer data being lost or stolen.
âIt is imperative that financial organisations take greater ownership of the data they house by putting people with the right skills and motivations in control. This will not only clear up confusion around data security, but also bolster customer confidence,â said John Poulter Senior Vice President, EMEA, Informatica. âEnsuring that the right technology is in place is a sure fire way for banks to gain an advantage over their competitors and foster existing and prospective customer relationships that are vital to their success. Data loss or theft will no doubt continue to dominate the news agenda this year, so banks need to do all they can do to ensure their customer data is protected and safe, no matter where that data resides, in a data center on-site or in the cloud.â
Consumers today are faced with an onslaught of attempts to steal their personal information, ranging from identity theft, to credit card and banking details. The assumption that your money is safe with your bank has taken a knock over the last couple of years with the memory of the UK governmentâs Â£37 billion bank bail-out still fresh in the minds of many. So suggesting that not only your money, but your bank details are at risk could have a devastating impact on UK banks. As data volumes continue to grow, financial organisations are under additional pressure to store and manage this data deluge securely, whilst keeping costs to a minimum.
New technology is also having an impact. More than a third (38 per cent) of respondents said that their organisation uses public cloud computing infrastructures or platform services in testing and development environments. Of these, nearly one in two (46 per cent) admitted that they are not confident that the data held there is secure. Whilst the cloud can bring real business benefits if approached with the correct strategy, this survey shines a light on the problem for banks investing in the cloud without a proper understanding of how to ensure that customer data stored there is being managed with the same level of care as data stored on-premise.
Poulter concluded, âThe findings of this research highlight the increasingly complex challenge that IT professionals in the financial services industry face, to manage the growing volumes of customer data stored across the business. Every day people trust their banks to adequately manage and protect their personal information and itâs worrying to see that they are being unwittingly exposed to unnecessary risks. Despite a string of high profile data breaches in the financial services industry, it appears that IT professionals need a further reminder of the need to effectively manage customer data.â