|Client ||:||A leading online investing services company.|
The client is a leading online investing services company and a provider of online retail banking products and services, commercial lending and commercial equipment financing. Founded in 1980 to provide investors and traders with a better way to invest and make their own trading decisions, it has grown into the largest branch network among online investing firms and provides education to help millions of investors invest for themselves.
The client’s finance services was named by The Monitor as one of 2014’s "Top 25 Most Active Players in the Vendor Channel," with $96.9 million of vendor/dealer related new business volume. Overall in 2014, the division had nearly $291 million in new business volume.
The client was also named number 83 in sales volume and number 65 in new business volume on the 2015 Monitor 100 ranking, published by the trade publication The Monitor. The ranking lists the 100 largest equipment finance and leasing companies in the United States by annual volume and asset size.
The rapid growth of the client, a major financial services firm, brought with it significant pressures related to data security. With the increasing sophistication and number of threats to data security (both internal and external), data security had to be bullet proof, tested continually, and free of complications. Like most financial institutions, Customer Sensitive Information (CSI) was highly secured in the production environment. However, security measures in the test environment were more relaxed.
Due to federal requirements, their corporate parent mandated secure CSI in the test environment via a robust data masking process. Significant amount of sensitive data existed (such as SSN, Tax ID) in non-production systems, which contributed to significant risk. There was a need to mask the data in these systems which were primarily used for development, testing and support purposes. The client needed a comprehensive approach to protect the Customer Sensitive Information (CSI) in the test environment while reducing the probability of a data breach and the associated financial and customer loyalty implications.
Estuate also needed to address several technical challenges while delivering the project, including that:
Estuate delivered an approach to data masking that enabled the client to successfully lock down production data, while allowing for full-daily testing and development activities. The solution delivered covered both data identification and data masking.
The first stage of the data masking project was to understand what data was needed to mask and where it was located. Data Identification was performed to know the location, trends and relationships within to perform the consistent masking runs.
Automated data discovery was used to ensure an objective, a systematic approach to data sampling, making it possible to verify that all of the required sensitive content has been identified and secured on an ongoing basis. Estuate developed new algorithms to identify potentially sensitive trends and relationships within the data and filter them out.
Once the Estuate established what sensitive data is going to be masked and where it was located, IBM InfoSphere Optim’s scalable data masking techniques were deployed across applications, databases, operating systems and hardware platforms to meet current and future needs. Estuate developed new routines and techniques for accurately masking complex data elements. Estuate incorporated specific data transformation routines that integrated processing logic from multiple related applications that supported even the most complex data masking requirements.
Estuate’s solution shielded confidential data, such as credit card numbers, addresses, and phone numbers from unintended exposure by de-identified data that can be shared safely internally or externally. It also:
We needed to be confident that identifiable personal data is completely protected from unauthorized use for compliance reasons. However, we also needed to use production-derived data in non-production environments to enable efficient and thorough testing. Failure to ensure data privacy compliance could have resulted in millions of dollars in financial penalties and possibly even more. Estuate understood the challenges we had and they delivered a solution with no disruption to the day-to-day business that had to keep going. The solution with the masking capability is now helping us protect sensitive data and also meet stringent targets for test data management.
Manager – Information Security