Legal and financial services

Celestix for legal and financial services

Few industry sectors are so heavily regulated as the financial services sector. Data handling, storage and sharing are particularly sensitive given the high value of the records being managed. Pressure on financial organizations is increased due to the publicity that data breaches attract and that in turn result in damaged brand reputation, loss of trust and the threat of financial penalties. The cost of resolving a data breach can be significant so prevention is better than cure.

Clearly defined policies have been implemented globally to ensure financial organizations handle data securely. Federally mandated codes of conduct such as The Sarbanes-Oxley Act, Gramm-Leach-Bliley Act and State level security breach notification laws exist to ensure certain standards are applied to the management of sensitive data. Many regulatory bodies such as the Information Commissioners Office in the UK have the power to investigate potential failures to comply with regulation and to levy financial penalties on organizations that have failed to comply.

The diverse nature of the financial services sector demands a broad set of security policies to ensure data is handled effectively. From online banking records for consumers through to high value investment transactions, every time financial data is used in a live environment it is at risk from theft and misuse.

The financial sector also faces one of the largest security concerns of all, ensuring maximum security while allowing for maximum collaboration with external parties.

IT Security issues in legal and financial services

• Enabling consumer access to online banking services
• Ensuring trust between third parties that wish to access confidential data
• Data loss through malicious intent or negligence
• Providing the most secure services to business and consumer customers without high costs
• Providing policy based access and control
• Meeting compliance standards for data handling
• Providing comprehensive reports to support compliance claims

Celestix solutions

• HOTPin is a powerful tokenless two factor authentication solution that is used to deliver a One Time Password (OTP) via a soft token installed on a smart device, USB key or PC, or via SMS in a fully clientless mode. HOTPin can be provided as a managed service that can be re-branded, allowing financial organizations to offer their own branded authentication solution to customers at a very competitive price.
  • Authenticate users to restricted and confidential files, applications and resources
  • Prevent identity theft and subsequent data breaches
  • Report on authentication attempts and provide evidence to support compliance
  • Integrate with any RADIUS based access technology
  • Enforce brand image with branded soft token and
  • Increase customer loyalty through easy to use highly secure authentication

• WSA appliance range runs Unified Access Gateway 2010 (UAG) to provide secure portal based application access to users based on profile and the level of trust of the endpoint device. WSA appliances are trusted by financial services organizations because of the granularity they provide in terms of access policies based on endpoint trust and also on the level of application based control they provide.
  • Provide access only to the applications relevant for the users role/profile
  • Restrict access to applications that are not applicable to the users profile
  • Provide granular application access policies that protect data within applications
  • Present customised user experience
  • Collaborate with third parties while remaining in control of data and applications
  • Integrate with HOTPin tokenless two factor authentication for a simple to manage, tightly integrated access and authentication solution

• MSA appliance range runs Threat Management Gateway 2010 (TMG) to provide multi-function application firewalling and proxy services
• Provide defence in depth firewalling for the most sensitive of network zones
• Deliver web content quickly and ensure availability
• Protect corporate IT users from internet borne threats