Banks and financial institutions are increasingly under the scanner for possible data security and privacy breaches. However, within an increasingly deperimeterized world, they are also forced to share confidential data with customers, employees and third party vendors.

This requires BFSI companies to walk the proverbial double edged sword by maintaining privacy on the one hand, while also sharing critical data with customers, stakeholders and other outside parties. This requires control over data by them even after it has left their premises. IRM or Information Rights Management technology ensures organizations can control how the data is being used after it crosses their perimeter.

“Defining a perimeter itself is a tough ask today, in fact virtually impossible in this deperimeterized world,” says Vishal Gupta, CEO of Mumbai-based Seclore Technologies, a leading vendor of IRM solutions. “Employees today are extremely mobile, access data and applications from various devices; official, personal as well as public and they use a variety of applications. Therefore any sort of perimeter whether based on location, device or application is virtually impossible. That’s where IRM becomes extremely critical,” adds Gupta.

According to Gupta, although organizations may be spending millions on securing data within their premises, it is extremely vulnerable to misuse once it leaves the organization. Outsourcing of business processes by banks for example is a possible threat source for data misuse and breach of security. Banks, for instance outsource a number of business processes today including the printing of credit card and bank statements to third parties, where data goes through a number of employees and technologies while it is being processed.

This leaves critical data vulnerable to theft by employees of the third party vendor who could quite easily steal it and sell it to other parties looking for commercial gain out of such pilfered data. Identifying such breach and pressing for damages is like searching for a needle in a haystack.

IRM allows organizations to set rules regarding who can access data, and till what time. They can also define rules so that data self-destructs after it is printed once. Prevention of screenshots, copying and pasting together with clear definition of who can access the data makes unauthorized replication of the data extremely difficult.

No wonder some of the early adopters within the BFSI sector have already made IRM a key part of their data security infrastructure. “IRM is in the early adoption stage yet, but we have seen adoption from leading banks such as HDFC, ICICI, Kotak for both their banking and insurance divisions. Bajaj Allianz is also our customer. Among the PSU banks, SBI is the early adopter, while other banks and financial institutions are evaluating this technology,” adds Gupta.

However, some barriers remain. Key among them is the requirement for recipient of an IRM-protected document to install something before they can access the file. “This was seen as a barrier by organizations, as it would inconvenience recipients, but they are realizing that it gives them control over their critical data. Also the recipient is also not threatened as the sender has control only over the data sent by them and not over any other aspect or data of the recipient’s computer,” says Gupta.

With increasing awareness of the benefits of IRM and criticality of data privacy dictated by both business needs and tightening regulatory frameworks, Gupta hopes to see heightened adoption of IRM within the BFSI sector soon.

Keep yourself updated on latest news and articles from the BFSI segment

Subscribe to our Newsletter Become a fan on Facebook

Follow us on Twitter Subscribe to our RSS Feed