+1.408.520.4937 | Blog | Support
Cloud Data Protection Solution | CipherCloud
  • Products
    Technologies
    Products
    • CipherCloud Gateway
    • CipherCloud for Salesforce
    • CipherCloud for Chatter
    • CipherCloud for Gmail
    • CipherCloud for AWS
    • Cloud Encryption
    • Cloud Tokenization
    • Cloud Audit
    • Cloud Malware Protection
  • Solutions
    Industries
    Compliance
    • Data Residency
    • ITAR
    • PCI
    • Financial Services
    • Healthcare
  • Partners
    • Partner Overview
  • Customers
    • CipherCloud Customers
  • Learning Center
    • Breach Watch
    • Featured Content
    • Webinars
    • White Papers
    • Product Content
    • Case studies
  • Company
    • About CipherCloud
    • Leadership
    • Press Releases
    • In the News
    • Events
    • Advisors
    • Awards
    • Investors
    • Careers
    • Contact Us
Products
Solutions
Data Residency
ITAR
PCI
Financial Services
Healthcare
Partners
Customers
Learning Center
Company

Financial Services

Section 501(b) of the Gramm-Leach-Billey Act (GLBA) requires financial institutions defined under section 505(a) to establish appropriate standards for protecting the security and confidentiality of their customers' non-public personal information. The standards' objectives are to:

  • Ensure the security and confidentiality of customer records and information
  • Protect against any anticipated threats or hazards to the security or integrity of such records, and
  • Protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer
Highlights

The GLBA guidelines require institutions to consider whether encryption of electronic customer information while in transit or in storage is appropriate. The Federal Financial Institutions Examination Council (FFIEC) states the following:

“Financial institutions should employ encryption to mitigate the risk of disclosure or alteration of sensitive information in storage and transit.

  • Encryption implementations should include Encryption strength sufficient to protect the information from disclosure until such time as disclosure poses no material risk
  • Effective key management practices
  • Robust reliability, and
  • Appropriate protection of the encrypted communication's endpoints”

A financial institution that does not deploy encryption may be called upon by the FFIEC to prove that it considered deploying encryption and justify why it decided against it.

GLBA’s Impact on Cloud Computing

There are two key aspects of the GLBA worth considering when discussing the privacy implications of cloud computing: the Financial Privacy Rule and the Safeguards Rule.

  • The Financial Privacy Rule requires institutions to provide their customers with privacy notice annually that explains collection, sharing, use and protection of their data. How can a financial institution truly state the nature of the use and protection of such data when it does not have full control over the data, may not have complete ownership of the data depending on SLA, and may not be able to anticipate the dynamic use of the data in cloud applications?
  • The Financial Privacy Rule also mandates that customers must be given the right to opt out of the information being shared with unaffiliated parties. If a cloud application provider is considered an “unaffiliated party”, the issue remains of how some customers can opt out when the financial institution has implemented a cloud platform
  • The Safeguards Rule requires institutions to implement an information security program; however, the migration of non-public information to the cloud makes the process more complicated. Institutions must consider security of data in the cloud (in transit and at rest) and must work with the cloud provider to ensure that the program is sufficient, accurate and operating effectively.
Why CipherCloud

As a pioneer in cloud data protection, CipherCloud provides various highly secure AES-based encryption and tokenization options to replace sensitive information with anonymous values that respect formatting, and preserve all native features and functionality of compatible cloud solutions, such as searching, sorting, and reporting. Customers retain full control of data and encryption keys within their enterprise network. Additional key characteristics of CipherCloud include:

  • Support for key rotation
  • Centralized logging and auditing of user activities in the cloud
  • Rapid configuration and deployment
  • Stateless and high-performance architecture
  • Subscription based pricing that eliminates up-front capital expenditure
Conclusion

With CipherCloud, you can migrate your data and applications to the cloud while ensuring compliance with GLBA requirements:

  • Eliminate cloud data confidentiality and integrity concerns
  • Satisfy regulatory requirements and independently manage compliance
  • Avoid consequences of privacy breaches and breach notification laws
  • Accelerate cloud adoption and value realization
"CipherCloud is an ideal solution for our customers’ data privacy and compliance concerns, the biggest sales hurdle we encounter in the Financial Sector. CipherCloud hit the nail on the head by eliminating security concerns while enabling our customers to independently manage their own privacy and regulatory requirements, and accelerate cloud adoption."

– Kerry L. Jackson, Principal & Chief Solutions Architect at Intellect Solutions

Products

CiperCloud Gateway

CipherCloud for Salesforce.com

CipherCloud for Amazon Web Services

CipherCloud for Gmail

Technologies

Encryption

Tokenization

Malware Detection

Cloud Audit

Solutions

Data Residency

ITAR

PCI

Learning Center

Breach Watch

Featured Content

Understanding Cloud Security

Product Content

Case studies

Company

About CipherCloud

Awards

Customers

Partners

Press Releases

Careers

Contact Us

Follow Us
Share to FacebookLikedInShare to Twitter
Copyright 2012 CipherCloud
Login