The financial services industry is subject to some of the most stringent and complex regulations, stemming from lessons learned from financial failures over the past 10 years. The industry is regulated for anti-money laundering, fraud protection, customer data protection, and much more with regulations such as MiFID, SEPA, ISAE3402, and industry standards like PCI-DSS. Compounded by the realization among industry leaders that cyberthreats will continue to plague their organizations and that future data breaches are inevitable, encryption has become an important focus in financial services institution’s goal of safeguarding sensitive data.
It is no surprise that heavily regulated industries report the highest use of encryption technologies. But research suggests[1] that the extensive usage of encryption is starting to slow among financial services: just 57% of organizations reported use in 2017, compared to 56% the year before.
Now is not the time to slow down encryption adoption efforts in the financial services industry. Sensitive client data, as well as a financial team’s own proprietary market or competitive research, are perpetually under attack from cybercriminals. As this amount of data grows – so too does the importance of including encryption as a part of a broader data protection strategy.
The encryption technologies offered or supported in Office 365 can help reduce a variety of risks, and help customers meet regulatory requirements for financial services organizations. And while encryption is a useful technology to help customers meet their compliance and data protection needs, not all data should be treated equally; creating a data governance strategy can identify what data pieces will be sufficiently protected with baseline encryption capabilities and what data requires additional protection mechanisms. Some of the capabilities delivered in Microsoft 365 are Transport Layer Security (TLS), BitLocker, Office 365 Customer Key, Office 365 Message Encryption, Bring Your Own Key in Azure Information Protection (BYOK in AIP), and S/MIME. For customers that need specific key arrangements with their cloud service provider, we provide several key management options:
To get a better understanding of encryption, and how you can use it to protect your growing data, read this whitepaper “Introduction to Encryption in Office 365”.
- Susan Kim (@iam_susankim)