financial services data privacy data...
TRANSCRIPT
Financial Services Data Privacy –
Data Migration
22nd May 2014
© ERS 2014
Concerns on data privacy through an
IT Transformation Programme
Keith Bucknall Strategy, Architecture & Infrastructure - ERS http://uk.linkedin.com/in/keithbucknall/ @keithbucknall http://www.keithbucknall.co.uk
© ERS 2014
ERS
• Leading motor insurer for more than 60 years
• Largest personal lines syndicate within the Lloyd’s Market.
• ERS offers a diverse range of insurance for private cars, classic cars, vans, motorcycles, taxis, minibuses, fleets, haulage and agricultural vehicles. One of the top 10 Leading UK Insurers.
• Insurer 1 in 4 motorcycles in the UK.
What is data & why is it
important?
© ERS 2014
© ERS 2014
Do you know where your data is?
Facts and statistics collected together for reference or analysis - Oxford English Dictionary
The quantities, characters, or symbols on which operations are performed by a computer, which may be stored and transmitted in the form of electrical signals
and recorded on magnetic, optical, or mechanical recording media - Wikipedia
© ERS 2014
Data – Why is it important
The average cost of the worst breach for large organisations is £600,000 to £1.15m, up from £450,000
to £850,000 a year ago, according to the 2014 Information Security Breaches Survey.
© ERS 2014
Our story through a IT Strategy & Transformation
© ERS 2014
IT Transformation
• Company reorganisation / restructure
• IT Operating Model: – Shift Outsource to Co-source
• Application Consolidation & Re-platform: – Data Archive / Migration
– System Decommissions
• New hosting facilities
• Network (local & wide area) refresh
• Telephony refresh
© ERS 2014
System Consolidation
© ERS 2014
What did this mean?
• New Suppliers: – data transfer, access or data processing
• New Systems: – access to key systems, IP, trading and company sensitive
information
• Data Migrations: – how, secure, auditing / reconciliation, live VS archive
data, decommission
• New Devices: – BYOD, pressures, mobile, access anywhere!
• New Staff: – vetting, checks, contracts, ideas
© ERS 2014
1. Who administers system data? Business or IT
Poll?
2. Who owns or is responsible for the data in a system?
Business or IT
© ERS 2014
Work with the business?
• Working with compliance, risk and audit: – Strategy specific risk register – Data transfer agreement – Privacy impact assessment – NDA’s – Internal audits on projects – data migration
• Raise awareness of data ownership • Nominate Data owners / representatives and
system owners • Data Security Committee & breach reporting • Archive & Retention policy
© ERS 2014
Additional initiatives?
• Dropbox type of service
• Reduction in backup and restore windows (by 70%)
• Alignment of App SLA’s to Infrastructure
• Mobile Device Management
• Internal & Guest secured wireless
• Network Access Protection & identity management
• Intrusion detection & prevention
• Data Leakage Prevention
• Secure & Closed Circuit Messaging
• Social Engineering & physical security exercises
© ERS 2014
The IT Department is changing? • The desktop era • xYOD • Generation X,Y,Z – “baby boomers” • Social everything • Wearable tech
• Big Data
• Data Duplication
• Speed to implement – cut corners
• Staff
Closing thoughts?
© ERS 2014
© ERS 2014
http://uk.linkedin.com/in/keithbucknall/ @keithbucknall http://www.keithbucknall.co.uk [email protected]