Sotero protecting sensitive customer data in a Post-GDPR World
On one hand, there is a need to comply with KYC guidelines, requiring collection of copious amounts of data in a bid to safeguard against money laundering. On the other hand, GDPR will give customers more access to and control over that data. With the growing need for analytics, the problems are obvious.
GDPR moves the UK and EU to a prescriptive regime and places an expansive set of requirements on Financial Services sector with an onus to protecting sensitive customer information. Sector with an onus to protecting sensitive customer information.GDPR implementation costs for banks run to an average of €75 million, the highest spend in any sector.The cost of non-compliance could see fines imposed by ICO up to €20 million, or 4% of the organization's turnover — whichever is greater.
The headlines of data breach are relentless. The ability to monetize stolen data has spawned a virtual industry of criminal hackers. Negative impact to businesses in the form of customer mistrust, market share loss, and poor brand reputation is an inescapable consequence.
Success for any organization in the GDPR regime hinges on the ability to protect and safeguard sensitive and critical data assets, whether they are 'At-rest' (stored in databases on storage devices), or 'In-transit, (transported from one location to another). A major gap exists in the way these data assets are protected today. When an application needs to use the data, it must be decrypted. Many data breaches target vulnerable data 'in-use'. Exafluence's unique Data Security offering, in partnership with Sotero, empowers next generation Infosec investments by enabling your applications to operate on encrypted data, using a state of the art Al and Machine Learning engine to monitor, flag and prevent potentially harmful and malicious activity.
It uses advanced cryptography to encrypt and decrypt data at rest as well as data in use, on the fly with no change to existing applications. No development effort is required to decrypt the data as our custom driver configurations perform all the necessary SQL encryption and the results are decrypted and feed back to the client applications at runtime.
It supports most data storage platforms relational and NoSQL, Hadoop clusters etc. and enables applications to interact with encrypted data sets, regardless of the deployed environment, providing organizations interoperability of same level of protection on premise, in the cloud and for hybrid deployments. Encrypted data archival is achieved seamlessly since the base data set is already encrypted.