Verizon recently released its latest PCI Compliance report, which highlighted that businesses are starting to realise the benefits of compliance. It seems that many of the companies that suffered breaches over the last year were PCI compliant at the time of the breach, which emphasises that being compliant is not necessarily going to ensure security. This begs the questions, what else can be done?

As this universe of user identities and access points is growing exponentially, protecting critical company assets against unauthorised access, while maintaining compliance, is becoming increasingly challenging for organisations. Big Identity Data (BID) generated from these access relationships can be used to provision smarter IAM, eliminating audit pains and identifying potential access risks, before they have turned into a real threat for the organisation.

As threats are increasing, companies also need to move beyond the out-of-date mindset of periodically, and manually, reviewing access risk every three, six or twelve months. New security processes are required to ensure that financial service organisations and banks do not lose control over sensitive, private information. It can never be a tick box exercise, as the standard is protecting extremely valuable data.

An outdated approach to managing access to sensitive data exposes financial organisations to significant risk from hackers and other security threats, as there’s no real time view into how this information is being accessed and used. Instead of relying on manual compliance to keep up with regulatory changes, as so many banks do, modern financial organisations need to consider automated systems in order to avoid policy and regulatory non-compliance in the modern work environment. 

Certain facts are hard to contest and sadly reading about the latest data breach has become part of daily life. E-criminals are using more sophisticated techniques that look for loopholes in IT and security systems. It’s critical that companies address these by installing effective mechanisms that allow them to constantly analyse access risk in almost real time and alert IT teams of any abnormal activities that breach internal security policies and compliance standards.

There’s more valuable data online than ever before, with more users accessing it. Yet security is still not at the top of every bank’s agenda. Security culture should be embedded in a financial organisation’s DNA to protect sensitive information. Access rights need to be reviewed not just on a quarterly basis, but constantly, to assure that organisations can efficiently and accurately provision, identify and minimise risks, whilst maintaining continuous compliance.