By Roy Urrico
Finopotamus aims to highlight white papers, surveys, analyses and reports that provide a glimpse as to what is taking place and/or impacting credit unions and other organizations in the financial services industry.
The thirst for big data by financial institutions, such as credit unions and banks, has created potential problems with unnecessary data storage, data risk and environmental concerns. These are among key takeaways from data erasure and mobile lifecycle solutions provider Blancco Technology Group’s report, Too Much in The Vault: The Costs and Risks of Data Bloat for Financial Services Providers.
The report, based on a December 2022 survey of 1,800 IT professionals, drills down to focus on findings from responses from 900 data retention and data disposal decision makers at financial services providers in North America, Europe, and Asia Pacific regions.
“Our new report confirms some of the same issues we’ve seen in highly regulated industries, including financial services, one being the enormous growth of data being stored on-prem and in the cloud,” said Russ Ernst, chief technology officer, Blancco, “While digital transformation is critical to maintaining a competitive edge, 67% of respondents see the switch from analog to digital as increasing the amount of redundant, obsolete, or trivial (ROT) data collected.”
Ernst added, “What is more concerning is that 59% use data deletion to deal with some of their EOL (end of life) data, a process that can leave data intact. One key takeaway from this report is this: financial services organizations must establish data erasure best practices to securely eradicate all ROT and EOL data for good. This will not only minimize their threat footprint it will also reduce the cost of storing unnecessary data.”
Challenges Facing the Financial Sector
Key challenges facing the financial service providers, according to the report, include:
Approximately two-thirds of financial services organizations say digital transformation has increased the amount of ROT data collected. This unnecessarily increases their overall data attack surface. Even with that risk, one in six providers do not have a specific policy for data no longer needed.
·At least 90% of financial services organizations host data in the cloud (51% report hosting all data there). But although they have plans to move to the cloud, one in ten still hold their data on-premise.
Sixty-seven percent of financial service organizations are concerned about IT-generated e-waste, and 61% have asked their cloud providers how they are reducing their environmental impact. Also, 57% of financial services organizations surveyed have implemented a plan to reduce their carbon footprint – a proportion that probably needs to grow considering that more stringent emissions reporting regulation is likely heading their way.
Impact of Financial Services Great Technological Changes
The report states “Almost no sector has gone through as much technological change in recent years as financial services.” It describes how the fintech revolution completely changed the delivery, use, and consumer expectations of information.
This demand for new digital services has put pressure on legacy financial institutions to change how they do business. Meanwhile, new fintechs now compete with long-established corporations for everyday financial transactions.
“Financial records are about the most sensitive data a business can hold, and it’s vital that EOL data is identified and dealt with correctly,” the Blancco study suggested. It pointed out marked differences in how enterprises operate technologically.
The report also noted new fintechs have built businesses entirely on new cloud infrastructure. Meanwhile, older financial institutions migrated legacy systems to newer ways of operating. This includes embracing cloud data storage and service delivery for customers.
The increased amount of data financial institutions and fintechs store, access, and process raises questions about the impact such expansive information growth has regarding environmental, social, and governance (ESG) data factors. Additionally, the report wrote, “Having more data around also makes it easier for hackers to target the financial sector – it’s like a goldmine for data thieves.”
Regulatory Focus Includes Carbon Footprint
The report noted much of the regulatory focus has been on safeguarding personally identifiable information (PII). With that in mind, regulations to govern data protection and privacy increased such as General Data Protection Regulation (GDPR), which also included mandates for data deletion and data minimization.
However, these regulatory changes are not the only ones gaining momentum, emphasized the Blancco report. Many governments and organizations concerned about climate change have established net zero goals to cut greenhouse gasses. The concern is that data storage creates a large carbon footprint because it takes large amounts of energy to keep servers running. “Uncontrolled data collection can become a significant deterrent to the net zero plans of many,” said the Blancco report.
In the U.S. and Europe, for example, financial organizations are coming under increasing regulatory pressure to more accurately document progress against environmental initiatives.
The Blancco report described increasing calls for companies to provide information on sustainability-related risks and opportunities surrounding the ESG responsibilities as it relates to data. For example, the European Parliament’s Corporate Sustainability Reporting Directive (CSRD) aims to fix structural weaknesses in current ESG reporting; and a proposed U.S. Securities and Exchange Commission (SEC) regulation would require disclosure of climate-related goals.
Trusting the Cloud
Blancco, in its report, also found many financial institutions trust public cloud providers to safeguard their data. Only 22% use a private cloud to hold data, and of those, only 4% use only a private cloud. A small number, 2%, use a mix of on-premise data storage and public cloud. The rest (76%) either trust a single public cloud provider or multiple public cloud providers. The most popular public cloud providers are Amazon Web Services (AWS) and Microsoft Azure at the top, with Google Cloud Platform not far behind.
The move to the cloud means that digital processes are needed, and that cloud-specific processes are required, reported Blancco in its findings. “Our findings show some financial services providers are falling short when it comes to meeting their obligations around EOL data, including data held in the cloud. This puts them at greater risk of regulatory fines, data breaches, and losing customer trust,” the report found.
On December 5, 2023 San Francisco-based global investment firm Francisco Partners announced it had completed the acquisition of Blancco, which is headquartered in London and Austin, Texas, for about 175 million British pounds sterling, or about $221 million. Blancco has more than 2,500 customers across 70 countries.