International Cybersecurity Congress 2018: Microsoft plays hard for info protection
From 5-6 July 2018, Moscow welcomed cybersecurity professionals from all over the world in the first International Cybersecurity Congress (ICC), Sberbank’s conference with aims to become a global reference in the area.
Information protection is a relatively new field, but it is becoming a major area that firms need to start looking out to, particularly in the light of new regulation like GDPR coming into play, according to Enrique Saggese, principal programme manager, information protection, Microsoft.
“When I joined the industry over 20 years ago, they gave me a computer without any type of user management system, or firewalls, or permission. Just an app coming in a floppy disk from ‘who-knows-where’ to do my job,” he told FinTech Futures.
Nowadays, the industry is different. Sensitive information has become ‘managed information’, and it requires encryption and authentication over the user, the network, the device etc. Given that many of the breaches are due to human error, it is very common for an employee to send a document with sensitive information to an external person, even if by accident.
In financial services, this is one of the two main problems that compromise data from companies, said Saggese. Data exfiltration, considered “stolen data” in some cases, tends to happen due to user negligence.
According to Saggese, it is common to find solutions that are running in parallel but have contradictory rules regarding data protection or data transmission.
The second issue is around compliance problems. With e-discovery tools for compliance purposes, many documents cannot be found within the bank’s drives because the regulatory rules for the search doesn’t allow it.
To solve these issues, Microsoft is in talks with data loss prevention solution (DLP) providers in Russia during the ICC, so they can use their own software development kit (SDK) to be able to launch solutions that can fully operate over protected data, and use all of it without leaks.
The aim of the company is to allow software around the viewing, transmission and protection of documents to fully access the information within it while keeping it secure, setting rules for software to follow that prevent any leak and keep privileges relevant.
While in the US most regulation tends to be market specific and thus easier to set information protection rules based on them; in Europe, cross market regulation can give way to contradictions between security and privacy that are harder to bypass.
This also is slightly different from Russia and China, where the implementation of cloud services works great for its effectiveness, but requires a cloud exit plan in case regulation drastically changes. “There is a certain fear that companies start being required to store their information on-premise in these geographies,” says Saggese.
What if your bank gets hacked? Read our fourth report here.
Our third report from the event was about calling time on secretive banks.
The second report discussed the spirit of collaboration.
The first report explained how DDoS is the business of petty criminals.
Want to know more about Sberbank and its tech? Read our in-depth case study here.