Managing Data Lifecycle for Financial Services Companies

Here’s how financial services can protect and manage their customer data in light of current future privacy regulations.

Last Updated: October 4, 2022

Financial companies are increasingly moving mission-critical operations to the SaaS platform. But doing so requires careful planning and a strong strategy to ensure data security, performance, and compliance, writes Dave Horton, VP of solutions engineering at Odaseva

Financial services companies use of customer CRM platforms has grown well beyond managing customer relationships. Many solutions have evolved to include a wide array of specialized, integrated tools has led financial services companies to use these SaaS platforms for mission-critical processes, and it often serves as the foundation of these organizations’ digital businesses.

But moving these functions from on-premises systems to a SaaS platform amplifies the already complex task of managing financial services customer data. Regulations, market forces, and customer expectations require this data to be secure, agile, and compliant – that’s a tall order, but it’s necessary. And it’s within reach, so long as organizations follow sound data management principles. 

The complexity problem

Financial services data is especially complex to manage. The data models that financial services companies use are very sophisticated, and the data arrives in very large volumes at a high-frequency rate. What’s more, the relationships between data are often complex.

The volume and complexity of the data can often slow down query performance, which is a significant challenge. And there are additional performance and management issues that arise as a result of security requirements. Such sensitive data must be encrypted, so the keys must be well managed, and the encryption/decryption process is compute-intensive. If not well-architected, this will further deteriorate performance.

Compliance exponentially increases management complexity. Financial data is often material, requiring special handling, and often falls under a wide array of consumer data privacy laws, including the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), among many others. Data residency requirements may restrict where data can physically reside. And these examples are just the tip of the iceberg regarding regulatory compliance.  

So, let’s talk about how financial services organizations can reduce risk, improve performance and maintain compliance after moving to Salesforce.

Reducing Risk

When a financial services organization has a data problem, the stakes are high. An employee error can compromise data. An integration failure can cause data loss.  Trusted third parties who have access to the organization’s Salesforce implementation may experience a breach of their own. These are just a few of the cases that a risk mitigation strategy must work to prevent or mitigate, in the event they do occur.

A solid risk mitigation plan will:

    • Always have a backup and restore strategy in place to recover data from any point: There is an old saying among backup specialists: Backup is easy, but recovery is hard. Just because an organization has backups doesn’t mean they can restore from those backups to meet recovery point and recovery time objectives (RPOs and RTOs). Possessing a backup isn’t necessarily a guarantee that one can recover. Recovery has to be an integral part of the data protection strategy, and it’s essential that the ability to restore on time be tested regularly.
    • Choose vendors for third-party services that introduce a minimal risk: Select “no view providers.” That way, even if they suffer a breach or a successful attack by a malicious actor, the organization’s data won’t be affected because the compromised provider won’t have access to it.
    • Anonymize data in sandbox environments: Doing so will limit data exposure during development and testing.
    • Encrypt all data: Data should be encrypted at rest, in transit, and use. Moreover, the organization should own and manage the encryption keys.

Improving performance

Customer loyalty is critical to success for a financial services organization. After all, finding a new customer is far more expensive than retaining an existing one. To retain customers, it’s important to ensure that they have an excellent experience, and a big part of that is providing speedy and efficient digital systems.  

Likewise, developers need an agile, high-performance environment to build innovative new products fast enough to stay ahead of the competition and meet ever-growing customer expectations.

Given the large volumes of complex data that financial services organizations use, it may seem impossible to provide good performance. After all, the bigger you get, the slower you move, right? Not necessarily. Lean data management processes can reduce slowdowns within the Salesforce environment.

Have a clear archiving strategy, which applies coherent rules about which data stays on the platform, what moves off-platform, and what gets deleted, in keeping with your business needs and industry regulations. In this way, you can reduce the amount of data in production so that it only includes the data you truly need, with the rest stored in the archive.

Achieving compliance

The financial services industry is one of the world’s most heavily regulated verticals, and penalties for non-compliance can run well into the eight or nine-digit millions.n some cases, they can put a company out of business entirely and entangle officers and employees in serious legal trouble.

The more vendors, service providers, and technologies an organization has the higher the risk of non-compliance. Remote work, too, increases risk. A big part of any mitigation strategy is to limit who, how, and where service providers and employees can access data. Implementing a least privilege access policy, where people have only the minimum access required to do their jobs, can significantly reduce risk.

Other steps include:

  • Minimize the number of service providers and technologies: The fewer technologies and third parties that have access to your data, the lower the chance of a breach.
  • Regularly audit service providers for compliance: Also, don’t just file the reports away. Read them. Organizations can reduce the audit burden and compliance risk by working with vendors using the same core technologies as they do.
  • Anonymize data in sandbox environments: In addition to securing data during testing, this also helps ensure compliance with data privacy and other regulations.
  • Create clear data residency and retention policies: Once they’re created, audit regularly to ensure that these policies are being followed.

Achieving data security, compliance and performance is definitely within the reach of financial services organizations who have moved from on-premises to a SaaS platform. But doing so requires planning, forethought, discipline, and accountability. With the right strategy in place, these organizations can see the full benefit of a SaaS platform without increasing their risk.

How do you think financial services can reduce the risks and secure customer data? Let us know on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .

MORE ON COMPLIANCE

Dave Horton
Dave Horton

VP of Solutions Engineering, Odaseva

Dave Horton is VP of Solutions Engineering at Odaseva. He has previously served in senior architecture, engineering and sales engineering roles at SHI, OneTrust, Vodafone and VMware. He is a Certified Information Systems Security Professional (CISSP) from (ISC)2 and is a Salesforce Certified Administrator. He holds a B.S.c in Computing Systems from the University of Northampton.
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.