Safend for Basel II ComplianceMaintaining Data Security and Regulatory Compliance
In the financial services arena, risk mitigation is key to both business continuity and regulatory compliance. In light of the most recent Basel Accords (Basel II), financial institutions worldwide are now obligated to mitigate three primary categories of risk – credit, market, and operational. Operational risks under Basel II includes risks relating to the human factor and especially as associated with "inadequate or failed internal processes, people and systems…"
In light of these stipulations, financial services organizations are responding to operational risk mitigation requirements by reporting in a more organized, formal manner. Part of this effort includes new attention to risks arising from now ubiquitous technologies like mobile devices, portable storage, and wireless networks.
Although Basel II still lacks specific operations risk mitigation guidelines, financial services IT departments are tightening security procedures and policies, with a focus on the endpoints – home of over 60% of sensitive corporate data, according to studies.
Safend Auditor and Protector are designed from the ground up to help large organizations meet the challenges of BASEL II. Seamlessly integrating with existing solutions, Safend monitors and controls the flow of information to and from any endpoint. Safend provides healthcare organizations with detailed visibility and granular control over data transfer from the endpoint via wireless ports and all physical storage devices, providing a comprehensive audit trail of endpoint activity and simultaneously protecting against data leakage.
Meeting the Challenges of Basel II
By delivering a high degree of control over access mechanisms at the endpoint, solutions from Safend prevent unauthorized information transfer, facilitating compliance with emerging data privacy standards like Basel II. With Safend, financial services organizations can:
- Evaluate vulnerabilities - Safend Auditor collects information from each endpoint, delivering a comprehensive list of which devices, ports and connections are used now or were used in the past. From this data, a specialized plan can be developed to allow regulatory-compliant endpoint control.
- Defining access at all endpoints - Safend Protector enables financial services organizations to define new endpoint security policies or supplement existing ones and then extend and enforce them across all endpoints, and over all physical, wireless, and removable storage devices. This enables the ongoing flow of data, while still maintaining security, productivity and ultimately compliance.
- Maintaining and updating access - The Safend Management Console enables system administrators to check user access rights periodically, another common regulatory requirement. Safend transfers these sensitive credentials using a secure SSL channel, so remote systems can be administered securely from a single location.
- Ongoing policy enforcement - Safend Protector enforces endpoint security policies on a highly-granular level, monitoring real-time traffic and applying security policies over all physical, wireless and removable storage interfaces. Safend detects, logs and restricts unapproved data transfer from any computer in the enterprise. Each computer is protected 100% of the time, even when it is not connected to the network. Safend can further ensure that mobile users and data are secure by encrypting any data written to removable storage devices or by enforcing the use of hardware encrypted flash drives only.