IT security in banking: Sparkasse Aachen
In Germany, the requirements placed on financial service providers are the result of the German Banking Act on the one hand, and the minimum requirements for risk management, which the BaFin published in 2012, on the other hand. In summary, banks must ensure that the integrity, availability, authenticity and confidentiality of their data is always guaranteed at the levels of IT systems and associated processes. These regulations must, of course, also be implemented for the use of removable media. Sparkasse Aachen has therefore decided to introduce perimeter protection by PROVAIA.
A solution for high security standards
In order to fulfill its own security goals, the Sparkasse Aachen (Savings Bank Aachen) blocks all USB connections at all workstations within the bank, among other security measures. This is an important prerequisite to the effective use of our PROVAIA technology. Removable media have to pass the security gateway of the PROVAIA appliance. At Sparkasse Aachen, this doesn't merely apply to USB flash drives, but also to SD memory cards from digital cameras. Employees use these SD cards to store photographs of real estate assets that have been mortgaged, for example.
Secure and in continuous use
PROVAIA supports Sparkasse Aachen with two main processes: It scans and checks data on removable media with several antivirus scanners. Since the Sparkasse no longer uses USB flash drives for internal purposes, employees copy all checked data that has been deemed safe to Windows network shares. However, PROVAIA first filters and blocks blacklisted file types, such as executable files. However: The level of security achieved by any technical security measure depends on the way people use it. With this in mind, PROVAIA systems are so easy to operate that employees will use them gladly and reliably. Misuse can generally be ruled out.
Precise processes, improved compliance
By improving the IT security w.r.t. removable media, Sparkasse Aachen has also been able to improve both its processes and its compliance. Once data from removable media enters the internal network via one of its PROVAIA appliances, the company is able to document any movements of the data. This is a critical prerequisite to meaningful reporting within the framework of an IT security strategy. Thus, Sparkasse Aachen fulfills the requirements regarding the handling of removable media, while also realizing its own goals for IT security.