Maintaining Data (Document, Message, Audio or Video) Security is critical for any business and specifically to satisfy strict compliance with financial regulations. Activities within financial institutions such as commercial and investment banking, insurance, stock brokerage, accounting and others, naturally require highly sensitive documents to be exchanged, as well as the adherence to strict regulatory requirements. As a result, these institutions face multiple challenges when it comes to sharing and protecting financial documents and information.
Any business that exchange sensitive documents (within the firm and external collaborators) using email services may be exposed or accessed by an unauthorized third party. Some types of sensitive documents include:
- Sharing financial information (exclusive financial reports)
- Board of directors packages (access to extremely sensitive and heavily regulated information)
- Investment portfolio performance statements
- Competitive market research (must be accessed by the authorized recipient only)
- Outbound investor communications (may require OTR communication to make sure not copied or forwarded to third party)
- Due diligence information for a merger or acquisition
- Exchange of healthcare information
Email service (accessible and used by everyone) is a standard to exchange information over the Internet. The email exchange of extremely sensitive documents does not guarantee that the intended client accessed the document. In addition, there is no guarantee that the communication met the access control, privacy and security standards dictated by compliance regulations such as:
- Gramm-Leach Bliley Act (GLBA) Section 501(b)
(requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data)
- Federal Financial Institutions Examination Council (FFIEC) security guidance
(an interagency body that seeks to standardize the oversight criteria and methods of the various financial regulatory bodies)
- Financial Industry Regulatory Authority (FINRA)
(a non-governmental organization that regulates member brokerage firms and exchange markets; the government agency which acts as the ultimate regulator of the securities industry, including FINRA, is the Securities and Exchange Commission)
- Payment Card Industry (PCI) Data Security Standard (DSS)
(prohibits credit card transactions using open e-mail)
Since there is no technology available to satisfy the above strict compliance regulations in data exchange using email service, the majority of businesses such as financial firms, healthcare service providers and hospitals send email to clients with instructions regarding sensitive documents, redirecting clients to login and how to access the documents that can be downloaded by the clients. This is cumbersome and requires multiple steps: receiving email and performing these steps every time a sensitive document is available..
The Case for Unified Security Package for Business Communications
Delivering a sensitive document directly to a user's mailbox using any email service requires Unified Security Data Exchange Package (use of an email system complemented with data security functionality). This approach enables adherence to strict financial rules and ensures delivery of sensitive documents to an email user's mailbox. It requires that the security package be independent of any email service but have a similar touch and feel of an email system functions to facilitate ease of use. Use of a Unified Security Package is necessary to provide a superior customer service which enables a business competitive advantage.
SDE* technology is a connectivity solution created to provide interoperability for companies and clients. SDE exceeds the strict compliance financial regulation requires. SDE prevents access exposure (a common problem with stolen tablets or notebook computers) by using an advanced multi-layer secure archive process. SDE also satisfies proof of financial transactions with time stamps while keeping financial transactions or documents secure both for clients and companies with exclusive security features:
- Access Control (only the authenticated recipient from the authenticated originator sees the message/document; secure message/document cannot be accessed by a third party)
- Privacy (everything is hidden; cannot identify sender/recipient, document content or subject)
- Security (Enhanced multi-layer end-to-end security without the need for digital certificates which are subject to theft and fraud ; original document not alterable or accessible during secure data exchange between sender and recipient)
- Audit Trail (multi-layer secure archive of authorized recipient, authenticated originator, original document and access time stamp (equivalent to certified mail with return receipt) that is only accessible by the authenticated user)
- Automated control and management of sensitive documents by the users (automated secure archive database of original documents linked with unidentifiable secure document) that can be automatically configured at the enterprise (network) level
SDE Client has an automated transparent processes satisfying all financial regulations for Access Control, Privacy, Security and Audit Trail. It allows the use of your favorite unsecure email system and is easy to use.
How SDE mitigates the risk of Business/Financial Transactions and liability exposure…
- Uses two forms of identification…PWD/PIN commonly used by government agencies for entity authentication…improves entity authentication over typical use of only user id and password
- Blocks access to SDE Client and financial transactions on stolen or lost mobile devices even if the PWD/PIN is discovered....the result is equivalent to deleting financial transactions on a stolen or lost mobile device
- Connectivity/Interoperabily Secure Outer Layer ("Mitigating Risk of Business/Financial Data Access")
Interoperability among participating clients and various organizations that accurately records all transactions and is only accessible by the authenticated user and guarantees delivery and access....thereby providing a trace of a Business/financial transaction with proof of delivery