Like many other types of organisations, financial services companies need to share files, whether it be internally among employees, or externally with customers, service providers and partners. File sharing solutions are increasing in popularity because of their simplicity in usage, their simplicity in inviting other users, as well as their efficiency over traditional back and forth emails. It is estimated that the average financial services company will use, on average, 29 different file sharing services in 2017.
Similarly, individuals have become active users of file sharing services for their personal matters. Most file sharing services also provide sync capabilities which allow users to always have their files backed up and accessible anywhere and on any device. As services such as Dropbox, Box and Google Drive became common for day to day personal usage, it is no surprise that many financial institutions’ clients are now demanding to use them to exchange documents with their financial institutions.
However, financial services institutions have different obligations than the average consumer. They must comply with local regulations. Regulatory frameworks and safeguards have been implemented mainly to mitigate cyber risk and prevent ominous situations such as cyber hacks and company data loss. For financial institutions, data breaches can be disastrous in terms of financial and reputational damages when they face regulatory fines. Therefore, the most common file sharing application built for consumers often cannot be used by financial institutions. A Netskope study of popular cloud apps found that 84% of the collaboration apps currently used in companies are generally not enterprise ready.
One challenge for financial institutions is the balancing of security and convenience. Leading consumer apps are very easy to use, and sticky (a user is less likely to change services when all their files are already with one vendor). On the other hand, the security and compliance required by financial institutions often forces the use of different services which are less easy to use, and must overcome the ‘sticky’ factor. It is also worth noting, that many financial institutions have been late to react to this trend and to provide suitable corporate approved alternatives. They find themselves in a position where a lot of their employees and customers have become frequent users of consumer apps which are now well anchored in these ecosystems, making it even harder for a financial institution to try to change behaviours. The phenomenon has become even more challenging with the increasing adoption of BYOD policies that allow employees to bring their own devices to work and use them for business purposes.
In Asia specifically, there are additional concerns. Most of the leading consumer file sharing solutions are US based and with the USA Patriot Act it gives the US Government the ability to legally access information residing in its territory. With data existing on a cloud provider’s servers based in the US, many Asian financial services firms no longer wish to host their data in the US. Because of a lack of suitable alternatives, the result is that financial firms often decide to block the use of all cloud consumer file sharing services within the enterprise. Although most countries have not yet passed strict data residency laws, which would enforce the retention of data within the country in order to protect their companies’ sensitive information, many regulators are now requiring cloud provider locations to be checked when used by financial services organizations. Regulator approval is required before using cloud services and a large part of the approval process is being able to demonstrate adequate data security and control over the data.
Looking at the requirement to balance convenience, security, and meeting local regulations, is there a simpler alternative for financial institutions? Instead of trying to force users to change applications, one approach could be to let them use the service of their choice and for the financial institution to implement a 3rd party security service on top of these applications to ensure data security and regulatory requirements are met. This approach gives financial institutions what they need to operate while meeting client expectations, therefore providing a win-win. Data-centric is a way to do it. It would allow financial services organizations to choose the level of security for their information, and which files security should apply to.
Encryption at the data level has many benefits: the risk of data loss is removed as the data is always protected even when information is shared via consumer file sharing apps, leveraging the numerous advantages of using convenient, well-known collaboration tools. This kind of approach also provides the necessary security and controls for regulatory approval for using consumer file sharing apps, removing the risk of compliance sanctions.
If you’d like to find out more about APrivacy’s ability to secure consumer applications, such as file sharing services for use in regulated industries, please contact us.
Digital Security Perfected – APrivacy Ltd. is an award-winning company which combines military-grade data security with a seamless user experience on any platform, any device, anywhere. APrivacy Ltd.’s enabling technology now allows the financial services industry to confidently communicate with clients using their favourite channels leading to increased revenues and reduced costs while meeting the strictest regulatory requirements.