Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Database

    Big Banks Ally for Data Security Program

    By
    Lisa Vaas
    -
    February 1, 2006
    Share
    Facebook
    Twitter
    Linkedin

      Big banks are confronting technology service providers to learn how their customers sensitive data is being protected from security breaches.

      The Wall Street Journal on Feb. 1 reported that Wells Fargo, Bank of New York, Bank of America, Citigroup, J.P. Morgan Chase and U.S. Bancorp, backed by major accounting firms and a financial services industry group, are adopting common guidelines to which suppliers will be required to adhere.

      Such service suppliers include telecommunications companies and data-service hosting companies such as IBM.

      The program, called the Financial Institution Shared Assessments Program, aims to do away with what is now a considerable amount of wasted resources on the part of financial institutions as they call on service providers for information needed to appease auditors.

      /zimages/6/28571.gifPeoples Bank loses a tape containing confidential information. Read more here.

      “Third-party providers are providing some information, but financial institutions are using their own resources to continue” seeking additional information on a broad array of security details, according to Faith Boettger, a senior consultant to BITS, the industry group behind the project.

      The effort is aimed at making it easier on both sides: for the financial institutions that need the information, and for the service providers that are getting deluged with invariably disparate and often redundant requests.

      “Service providers receive inconsistent audit information and requests,” Boettger said in an interview with eWEEK. “Were looking at a standardized way of obtaining that information.”

      The new policy wont just touch on what level of encryption providers put on data or what security protects databases that contain customer information, although those are two of the granular details it will touch on. Rather, the policy will cover a providers entire security ecosystem.

      The group is putting together a standardized questionnaire that will touch on service providers security policy, asset classification and control, personnel security, physical and environmental security, communications and operations management, access control, system development and maintenance, business continuity and regulatory issues.

      The questionnaire will be released on Feb. 9, as will a set of agreed-upon procedures. On the same day, BITS also plans to announce the formation of a working group to ensure ongoing education and coordination of the program, Boettger said.

      /zimages/6/28571.gifIBM extends its hosted client offerings to banks. Click here to read more.

      IBM, Acxiom, First Data, Viewpointe and Yodlee participated in a pilot of the program last year and have agreed to participate when the program is expanded this month, according to the Wall Street Journal article.

      Priscilla Rabbayres, a global regulatory executive in the financial services sector for IBM, told eWEEK that IBM considers the financial institutions efforts to be of “enormous importance,” particularly given the times.

      “If we look back even a year ago, this was an important issue, but it really came to life with the California legislation of 2003 [that required enterprises to inform customers of security breaches],” she said. “Since then, with reports we see in the press on a regular basis, secure data has been lost through high-tech means, through low-tech means, pretty much any which way.”

      As it is, the FCC on Feb. 1 proposed fining AT&T for a missing privacy report. On the same day, the Boston Globe ran a full-page letter apologizing for packing bundles with paper containing the credit card numbers of some 200,000 subscribers.

      Along with this increasing leakiness of data repositories comes auditors interest in them. “Regulators are looking at this very carefully,” Rabbayres said. “Enforcement penalties are now becoming the norm. Everybodys on notice—not just financial services companies. It behooves them to ensure theyre appropriately handling confidential information of customers as well as confidential corporate information, because its being targeted.”

      Until fairly recently, Rabbayres said, the efforts by financial services companies to evaluate the security levels of service providers in order to satisfy auditors have been “somewhat diverse,” she said.

      “One service provider may look at one standard, another at another aspect,” she said. “It hasnt been an easy prospect to know which service providers do provide state of the art” security measures.

      At issue is consumer confidence. “With banks, for example, the transformation of the service industry depends on the confidence in online banking,” Rabbayres said. “If consumers shy away because they think information wont be secure, that has a major impact on the business of financial institutions.”

      The program pilot looked at a range of security capabilities in place at IBM and other providers, Rabbayres said, including their methodology of assessment of security capabilities. That methodology deals with resilience, what kind of hardware and software is used, what processes are in place, and how providers interact with financial institutions.

      /zimages/6/28571.gifCheck out eWEEK.coms for the latest database news, reviews and analysis.

      Lisa Vaas
      Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×