Integrate your Information Security with Master Data Management

Information security and data protection is a core function in today business world. Evolution of Internet and Social Media in specific turned information security to be one of the most important functions in multiple size organizations. Regulations has evolved as well to enforce certain minimum measures to be implemented by organizations to protect collected data, those measures are baseline measures and more is better.

Financial sector is dominating the scene in adopting information security practices to ensure protection of their systems with regulations to enforce PCI-DSS compliance. 

Financial Sector Secure Data Management Practice

Securing stored data, communicated data, printed data, and word of mouth data is the target of all Financial sector institutions, including banks, investment firms, payment processors, insurance providers, loan brokers, insurance brokers, and payment auxiliary service providers. All of them need to classify, categorize data and information on day-to-day operations.

As a security practice, all classified information need further work on processes consuming them, systems storing them, and people handling them. Security practices goes beyond financial sector institutions to customers by raising their awareness in dealing with financial data resides on their hands.

The usual behavior followed by vast majority of information security teams is to review permissions on structured systems, like banking core systems, card management systems, ATM systems, payment systems on so on. Systems permission review process follow certain pattern of collecting permission changes since last major audit, and reviewing validity of those changes. This practice is good and fulfilling the duty of information security teams, while it is not enough to understand evolving threats of growing data volumes, and data span.

Improving Secure Data Management Practice

Raising the level of security in data management need further involvement with operation teams and management teams regularly, it is not enough to rely on paper work or systemized processes generated data from traditional change control process on day-to-day basis to ensure data protection.

Data classification and categorization is continuously moving factor:

• Data categories change by the time
• Data classification can change by the time
• Data storage mechanism is moving target
• Data backup and retention is moving target
• Data exchange mediums are expanding target
• Data sensitivity is moving target
• Data Privacy is critical issues
• Data regulations is moving target

The need for better data classification and categories is not one time job. A process involves all teams. The necessity for businesses to improve the consistency and quality of their data arose from the transformation of dealing with data and turning it as a new paradigm naming it “key data assets”. Data such as product data, business assets data, customer data, transactions data, location data, and so on; are labelled with a tag called “key data assets”.

Businesses today, especially global enterprises have hundreds of separate applications, systems, and processes with fragmented data that crosses business departments and divisions. Applications and system like (ERP, CRM, and multiple core systems) hosts duplicate copies of similar data with different access control and different permission management processes. With such fragmentation, and duplication growing day by day; data protection and applicable access permission becomes out of control.

Master Data Management evolution

 
Information security and data protection is one side of the story for data management to protect businesses from data leakage.

Answering business teams and management teams’ questions is more necessity that is apparent enforcing businesses to launch data management programs.

Master Data Management (MDM) of data solutions are software products that support global identification, linking and synchronization of information across heterogeneous data sources through systematic semantic reconciliation processes to manage master data. MDM promise is to create and manage central persisted system of data for master data, with enablement for delivery of single data view to all stakeholders. It is a promise to support various business initiatives including information security teams to provide ongoing master data stewardship and governance through workflow-based monitoring, effective decision-making and corrective-action techniques. Organizations use MDM of data solutions as a part of Master Data Management Strategy; which is in itself should be part of a wider enterprise information management (EIM) strategy.

Gartner produced a study about Master Data Management solutions addresses top players in this niche.

 
In nutshell, MDM is one of the best tools to support information security teams to carry out their duties and provide better data security and better security management over ever-growing amounts of data collected and stored.

Author: Jawad Alalawi

Information Technology Professional specialized in Financial Payment Services, Risk Management, Information Security, and Compliance. Experienced in solutions development and implementation, and technical writer.

Banking and Technology Information Security Consultant
 

(22)