A study commissioned by Informatica Corporation, the world’s number one independent provider of enterprise data integration software, has found that UK banks are cutting corners when securing customer data used in software development and testing.
85% of data used during software development and testing is made up of customer information. However, well over a third (43%) of IT professionals surveyed are not taking any steps to protect the data used during this process. As a result, banks are leaving their customers at risk from personal data loss.
Almost half (41%) of respondents admitted that their organisation uses less stringent safeguards to protect confidential data during the testing and development of their Web portals and applications than during the initial production stage. This approach appears to be a result of confusion over culpability when it comes to data protection.
27% of respondents said no one department has responsibility for protecting this data, while another 16% revealed that responsibility lies with their business heads. With security, compliance and legal teams being sidestepped, decisions around data protection are being made by those who are more likely to be driven by the need to meet corporate targets, rather than addressing data security risks.
This leads to a lack of governance and risk management, which in turn adds to the risk of a possible data breach.
The issue of compliance is further complicated when external parties come into the equation. Nearly 85% of respondents said their organisation outsources the development and testing of software applications. In over half (51%) of cases, outsourcing these functions involves sharing real data, highlighting an increased risk as it passes through more hands.
By not ensuring that third parties have appropriate safeguards in place, such as data masking, banks are greatly increasing the likelihood of customer data being lost or stolen.
“It is imperative that financial organisations take greater ownership of the data they house by putting people with the right skills and motivations in control. This will not only clear up confusion around data security, but also bolster customer confidence,” says John Poulter senior VP, EMEA, Informatica.
“Ensuring that the right technology is in place is a surefire way for banks to gain an advantage over their competitors and foster existing and prospective customer relationships that are vital to their success.
"Data loss or theft will no doubt continue to dominate the news agenda this year, so banks need to do all they can do to ensure their customer data is protected and safe, no matter where that data resides, in a data centre on-site or in the cloud.
"Consumers today are faced with an onslaught of attempts to steal their personal information, ranging from identity theft to credit card and banking details. The assumption that your money is safe with your bank has taken a knock over the last couple of years, with the memory of the UK government’s £37-billion bank bail-out still fresh in the minds of many.
"So suggesting that not only your money, but your bank details are at risk could have a devastating impact on UK banks. As data volumes continue to grow, financial organisations are under additional pressure to store and manage this data deluge securely, while keeping costs to a minimum.”
New technology is also having an impact. More than a third (38%) of respondents said that their organisation uses public cloud computing infrastructures or platform services in testing and development environments. Of these, nearly one in two (46%) admitted that they are not confident that the data held there is secure.
While the cloud can bring real business benefits if approached with the correct strategy, this survey shines a light on the problem for banks investing in the cloud without a proper understanding of how to ensure that customer data stored there is being managed with the same level of care as data stored on-premise.
Poulter concludes: “The findings of this research highlight the increasingly complex challenge that IT professionals in the financial services industry face, to manage the growing volumes of customer data stored across the business.
"Every day people trust their banks to adequately manage and protect their personal information and it’s worrying to see that they are being unwittingly exposed to unnecessary risks. Despite a string of high profile data breaches in the financial services industry, it appears that IT professionals need a further reminder of the need to effectively manage customer data."
The independent study commissioned by Informatica and carried out by independent research firm the Ponemon Institute, surveyed 437 senior IT professionals in the financial services industry across the UK.
“While this survey related specifically to UK banks, it would be surprising if the findings did not correlate in South Africa,” notes Paul van Aswegen, GM of Informatica South Africa. “We will be engaging extensively with local banks to analyse the scale of the issue here.”