Comply with new financial services regulations without changing infrastructure and processes.
As a financial technology company SIX treated all its data securely, including Client Identifiable Data (CID). However, to fit an efficient operational DevOps model, all data flowed freely in a distributed and connected infrastructure. When SIX was told by the financial services market regulator that additional strong regulatory requirements were due to be introduced, SIX had to find a way to comply that would require minimal changes to their existing infrastructure.
Christian Stork, Head Strategic Projects, explains further: “We were essentially asked to treat our customer data as if we were a bank ourselves. This triggered an in-depth analysis into our options through a project we named 'Bank Client Data Protection' (BCDP). Rather than creating dedicated zones where CID would reside securely, typically isolated from other areas, we wanted to find a solution which still allowed us integration between our applications. A data-centric security approach sounded like it would work for us.”
We are fully compliant with the latest financial services regulations and thanks to Voltage SecureData [Enterprise] we achieved this in a minimally invasive manner, without having to change our existing infrastructure. We protect our sensitive data very cost-effectively in a complex and distributed environment.
Extensive market research led to Voltage SecureData Enterprise. This is designed to secure sensitive data wherever it flows, on-premises, in the cloud, and in big data analytics platforms. Working with an implementation partner and OpenText (formerly Micro Focus), SIX implemented a proof-of-concept and a pilot project to ensure performance and functionality would fit their business processes before making the final commitment. “Our environment is very heterogeneous, and we offer a variety of different software solutions to our clients,” comments Stork. “One of the key things we like about Voltage SecureData [Enterprise] is that we can connect to a multitude of technical applications and platforms and introduce one unified way of protecting our data throughout our infrastructure.”
He continues: “The knowledge of Micro Focus CyberRes (now Cybersecurity by OpenText) and our implementation partner were vital to position and implement Voltage SecureData [Enterprise] and train our employees. Our implementation partner Prewen and Micro Focus (now OpenText) really understood our business model and processes and guided us through introducing the required security with Voltage SecureData [Enterprise] into our architecture. This was a great time for us to introduce our own data security Center of Excellence, and we received outstanding support for this, too.”
Leveraging Voltage SecureData Enterprise , SIX is pleased that there is no need to move an entire application into a more secure zone if even a handful of sensitive data is being processed. The data encryption is activated as soon as data arrives in the company network, expanding the 'data at rest' protection, which is the backbone of SIX's approach, to also cover in transit and in use protection. Data is only decrypted when it leaves SIX or when processing absolutely requires it. “Our regulator requires us to apply a very strict 'need to know' principle,” says Stork. “This completely matches Voltage SecureData [Enterprise]'s motto of 'encrypt at source, and decrypt rarely' so that no-one, not even SIX employees, ever see the clear data without a specific need to process it. There are also strict rules around the data leaving Switzerland. CID can also not leave Switzerland without being sufficiently protected—unless the transfer is sanctioned by the data subject, of course. SIX decided to use encryption to ensure the necessary level of protection. Voltage SecureData [Enterprise] gives us maximum flexibility to comply with any requirements.”
Data analytics is a major part of the financial technology services offered by SIX. Voltage SecureData Enterprise enables data encryption in SIX's Cloudera enterprise data cloud, to increase data access for faster insights and innovation.
Voltage encryption techniques retain relationships in protected data while dramatically reducing the risk of data breach and data privacy non-compliance. “Now that we have introduced the data-centric Voltage SecureData Enterprise framework we demonstrate the benefits to other business units daily. This gives us great leverage across the organization and encourages other departments to use our central encryption service for further use cases around data security,” comments Stork.
He concludes: “We are fully compliant with the latest financial services regulations and thanks to Voltage SecureData Enterprise we achieved this in a minimally invasive manner, without having to change our existing infrastructure. We protect our sensitive data very cost-effectively in a complex and distributed environment.”
Our regulator requires us to apply a very strict 'need to know' principle. This completely matches Voltage SecureData [Enterprise]'s motto of 'encrypt at source, and decrypt rarely' so that no-one, not even SIX employees, ever see the clear data without a specific need to process it.
SIX operates the infrastructure for the financial centers in Switzerland and Spain, thus ensuring the flow of information and money between financial market players. SIX offers exchange services, financial information, and banking services with the aim of increasing efficiency, quality, and innovative capacity along the entire value chain. SIX is also building a digital infrastructure for the new millennium.