Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Database
    • IT Management
    • Small Business
    • Storage

    How to Protect Data During Financial Mergers and Acquisitions

    Written by

    Dave Meizlik
    Published December 23, 2008
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Today’s financial climate is fueling a wave of mergers and acquisitions, particularly among financial institutions. With an infusion of fresh cash from the federal government, in the next six to 12 months we are likely to see weaker banks snapped up by larger institutions. This “fire sale” economy, where companies are snapped up for cheap with little time for due diligence, makes it difficult for the acquiring companies to take inventory of physical assets such as phones and computers, let alone understand and protect the sensitive data that’s on all of those systems.

      Financial organizations use and retain a massive amount of regulated and sensitive data that can sit on a file server, a laptop or other device. To secure their investment, purchasing organizations must quickly take inventory of the acquired company’s information assets, gain visibility into where these assets are stored, find out who has access to them and make sure they are secure.

      Three steps to protect newly acquired data

      There are three steps financial institutions can take to protect their newly acquired data: monitor business communications for sensitive data, discover information assets and implement policy controls to secure sensitive data.

      In a merger and acquisition scenario, many employees and information owners will leave, move departments or be let go, putting sensitive information at risk of loss, misuse or, in rarer incidents, theft. With employees joining and leaving the company, it’s necessary to find out who has copies of records on their desktops or laptops, whether those people are still with the company and where the IT assets are located. In a time of consolidation, employees with access to confidential data may try to keep their customer lists in personal Web-based e-mail or copy data to an external device.

      Therefore, the very first step the buying institution should take is to immediately begin monitoring business communication channels for sensitive data. To do this quickly and effectively, acquiring companies should be prepared with technology assets such as a DLP (data loss prevention) solution, encryption technology and rights management technology so they can “parachute in” and immediately start to get visibility.

      Steps to Protect Newly Acquired Data

      Let’s explore in more detail the three steps financial institutions can take to protect their newly acquired data:

      Step No. 1: Monitor business communications for sensitive data

      The first step following an acquisition should be to monitor business communication channels for confidential data. One of the easiest ways to do this is with a DLP solution. This technology includes out-of-the-box templates for hundreds of data types and regulations. For example, DLP technology can be used to find regulated information such as information about the Gramm-Leach-Bliley Act (GLBA) and the Sarbanes-Oxley Act, as well as customer data such as Social Security numbers and credit card information.

      In a merger and acquisition situation, a lot of confidential data is exchanged between law firms, auditors, human resources and other departments. During an acquisition, fear and uncertainty can lead good employees to make bad decisions. For example, salespeople may make copies of customer lists, while developers may make copies of proprietary source code. It’s critical to get visibility into both the good and the bad business processes early on.

      This will give organizations the intelligence necessary to better govern and secure the business by monitoring the communication channels to see what data is being sent, where it is going and who is sending it. Most people think that they have to do a deep discovery process for their data before they can monitor it. However, by using built-in policy templates in a DLP solution, they can easily begin to monitor for the data they suspect they have, even before they know for sure.

      Step No. 2: Discover information assets

      Data discovery provides an inventory of the data stored in an organization and can alert managers to data that is “at risk” of being lost. When data is discovered, you gain visibility into the organization’s information assets and can begin to classify them. Through this process, you can improve both storage and security across the enterprise and better plan for provisioning, access and growth (while at the same time mitigate risk).

      Although most organizations can satisfy their discovery requirements by using the policy templates built into a DLP solution, the technology also provides for deep content inspection using digital fingerprinting technology. This capability permits the discovery of virtually any type of data, including proprietary information such as source code, merger and acquisition documents, and patent information.

      Step No. 3: Implement policy controls to secure sensitive data

      After gaining visibility into what data an organization has and what data is being used, a DLP solution can institute controls to protect it. Setting policy controls around data, employees and communication channels allows organizations to send data wherever it needs to go, but safely. Communications during a merger and acquisition are critical, and data transfer should not be blocked under the right parameters.

      For example, the legal teams for each party must be able to send information back and forth, but it’s also important that those communications are secured. That’s where DLP and encryption technology come into play. Setting policy controls can manage who can send what data, where they can send it and how it is sent. For example, in the attorney scenario, policies could be set to automatically encrypt e-mails between lawyers. Other examples of setting policy controls include fingerprinting data so that it can be sent securely in an e-mail. However, if someone tries to post it on a financial chat board, the policy would prevent it. The goal of policy controls is to secure data while at the same time enabling business.

      Understanding What Data Needs Protection

      Understanding what data needs protection

      Perhaps the most critical capability of a DLP solution is its ability to accurately understand the data that needs to be protected. Confidential data comes in many forms: It can be in an Excel file, a presentation, a database, a Word document, an e-mail or an instant message.

      The ability to look beyond the “wrapper,” or format type, and examine the data itself is the core strength of DLP technology. Content-aware DLP technology has data intelligence and can identify critical differences (such as whether a list is a confidential customer list or a grocery list). It can tell if the data is source code or a merger document, or even if it’s just an innocuous e-mail between colleagues.

      With a DLP system that identifies what is confidential and accurately protects that data, an acquiring organization can secure its investment early on, better understand the business it has acquired and reduce risk.

      /images/stories/heads/knowledge_center/meizlik_dave70x70.jpgDave Meizlik is a senior manager for Data Security Solutions at Websense Inc., a security software company. Dave also has a blog covering data loss issues at http://ondlp.com. He can be reached on his blog’s site or at dmeizlik@websense.com.

      Dave Meizlik
      Dave Meizlik
      Dave Meizlik is a Senior Manager for Data Security Solutions at Websense, Inc., a security software company. Dave also has a blog covering data loss issues at http://ondlp.com. He can be reached on his blog's site or at dmeizlik@websense.com.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×