By Adam Bangle, Vice President EMEA at BlackBerry
More than 90 percent of financial services’ IT managers are not fully confident in the ability of their employees, consultants and partners to adequately safeguard data. This was revealed in a survey conducted by BlackBerry of 500 financial services IT professionals across six countries in North America and Europe.
The survey revealed that one of the reasons for this low level of confidence is the widespread use of unsanctioned cloud-based file-sharing services, to store or share files. The survey also revealed that the majority of financial services institutions reported they had experienced a breach due to gaps in securing and sharing business files, and almost one-third of respondents indicated that sensitive data had been exposed to competitors due to the use of cloud-based file sharing services.
Regulatory and Reputational Risks
This common workaround has become a thorn in the side of many IT departments because once a file leaves the organisation’s control, it is untraceable and at risk of exposure. This issue is particularly concerning in regard to compliance with General Data Protection Regulation (GDPR) mandates, as untracked files shared outside of organisational control can lead to regulated information being compromised.
There can be serious consequences from these types of security breaches, especially within the financial sector. Once information ends up outside of an organisation, there is no chance to remediate the risks posed. When customer files fall into the wrong hands, a company may not only be in violation of GDPR, but is also at risk of suffering considerable damage to its reputation and the subsequent loss of business.
Productivity is Key Driver
At the heart of the issue is how to prevent employees from feeling they need to use unsanctioned software or services in order to get their work done. Through the use of shadow IT software, employees feel that they are more productive. In fact, 75 percent of those surveyed in financial services indicated that productivity was lost due to the constraints posed by company sanctioned software and services.
The problem is mainly caused by outdated systems at organisations and governments combined with security controls that don’t take user workflows into account. Larger companies are typically slower at adopting new tools with which employees can do their job. This issue is compounded by the fact that most employees are accustomed to the newer, more user-friendly tools they encounter in their daily lives as a consumer.
Yet, at work they are forced to use older software and are thwarted by security controls that create barriers to productivity. Because employees want to work in the most efficient manner, they are often forced to look for alternatives outside of the organisation’s toolsets. The answer: meet the needs of the users in a logical way that supports modern workflows, because users will find workarounds if these needs are not being met.
Zero Trust Solutions
This is where IT teams at organisations run into a wall, because many intuitively believe that a choice has to be made between productivity and security. This is not the case, and the key lies in the needs of the user. Organisations should leverage Zero Trust security architecture collaboration tools that ensure workers can securely access company systems, data, and productivity suites with the minimum of disruption to their workflows. Zero Trust strategies ensure that effective security controls govern every user, device, and application interacting with an organisation’s network.
Zero Trust security principles are the most secure means to allowing remote workers access to files and productivity software when working remotely. They can provide secure access from anywhere to any application, desktop tool or file on a corporate network while allowing employees to use corporate-managed or their personal devices to access behind-the-firewall content without sacrificing the productivity they are accustomed to when working in a traditional office environment.
Such a solution can also provide secure browser functionality to run common web and legacy applications, and also provide access to intranet resources users have access to when working in the office. A browser-based solution also allows users to connect seamlessly to email, calendar, and contacts without the need for IT to manage individual devices or performance-killing VPNs that cannot offer the same level of performance.
Zero Trust solutions that employ machine learning and predictive AI can also block attacks and dynamically adapt security policy enforcement based on criteria like location, device handling, and other behavioural and contextual factors that can also protect against human error and well-intentioned security workarounds. Such tools can improve the user experience by minimising disruptions and the need to reauthenticate across multiple devices and applications unless warranted, providing the user with a zero touch experience.
Conclusion
Zero Trust strategies and the right collaboration tools are essential to assuring effective security controls are in place to manage users, device, and applications both inside and outside of an organisation’s IT environment. They also work to securely maintain seamless workflows for remote workers to support collaboration, productivity and continuity for critical business operations. This is essential for all industry verticals, and particularly important for the financial industry given its highly regulated nature and the sensitivity of the data involved.
