Paying dividends: Financial Services Roundtable
Paying dividends: Financial Services Roundtable
While his company is in the midst of testing one data leakage prevention (DLP) solution, he hasn't been too impressed. Currently, the solution simply is in auditing or reporting mode because he is concerned about configuring it to actually stop potential data leaks for fear that normal business workflow will slow. With potential impacts to the bottom line in mind, he wondered just how well security solutions fulfill their market claims.  

When considering customer security, issues become even more convoluted – especially again considering widespread use of mobile applications, said Ryan Kalember, HP Enterprise Security, director, solutions marketing. Citing the example of technologists earlier this year using Bluetooth-enabled devices to hack into a car's computerized system to stop it mid-drive, he said to the SC Magazine group: “If they can change fuel ratios with Bluetooth, imagine what they could do with your banking application that has no security.”

He explained that his division is working with banking customers to understand how their clients access systems through different channels, including mobile, web or ATM, so that they can get a more holistic view of these different activities. Through these efforts, not only would they be able to build profiles on what customers are doing and what channels they prefer, but there could be huge security benefits.  

“Probably the most interesting thing for me is being able to get a complete view across those different areas,” he said.

For instance, when customers log into their banking accounts online, the application connects the action to their online banking identities. When using credit cards as a physical location, that system records the transaction using the credit card number. To correlate those two different actions together, the overall corporate system must be able to identify these varying identity attributes as a particular customer's, he said. By achieving this holistic view, a corporate system having different systems that touch unique transactional channels could alert security pros when a customer's credit card is being used in a physical store in Tokyo at the same time that the associated account is being enlisted for some online purchase in New York City.