Organizations are moving to cloud services for their rich data capabilities along with increased scalability, flexibility and cost-effectiveness. The cloud is proving to be a key enabler for data-driven organizations looking to fuel growth and unlock insights, but leaders in financial services are realizing their current approach to protecting data doesn’t always work for them or their customers. In addition to the financial and regulatory penalties, financial institutions now face a crisis of consumer trust.
I recently sat down with Matt Pitchford, Principal Solutions Architect at AWS, and Privitar’s CTO, Jason McFall, to discuss how financial services leaders can take control and build a new narrative around their respect for customer data.
Consumer trust is at a tipping point
Data-driven banking is changing the face of the industry for the better. Digital transformations are accelerating innovation. Data is now financial service organizations’ most valuable asset. Unfortunately, data breaches are eroding trust in those who collect and use individual’s data.
Loss of consumer trust is an existential threat to financial firms. Trust is essential to create and deepen customer relationships, and clearly has an impact on their willingness to give permission to firms to use their personal data. Trust in their financial services providers to protect data privacy is a mere 45%. As a result, 2 out of 3 business leaders in financial services believe the risks associated with using the data are not worth the potential benefits.
Making data safe, accessible and usable
Enterprises not yet in the cloud often believe their on premise controls are stronger and more secure. During our conversation, Matt referenced AWS customers whose CISOs are now more confident in their ability to implement fine grained controls at all levels. Matt explained, “Within the cloud you can implement layers at the edge of the cloud, at your presentation layer, at your logic layer, at your data layer, and make sure that (each) is performing the right interactions according to your policies and procedures.”
It’s important to understand that privacy and security are different but complementary. As Jason explained, “Security is about preventing the wrong people from accessing your data; privacy is about controlling what you can do with the data, what you can learn from it and what inferences you can make. It’s about separating valid inferences from unwanted privacy invasion. You have to make pragmatic calls and really understand what’s going on. Data privacy is about being intelligent, thinking deeply about the risks and then building layers of protection and defense.”
Matt highlighted how collaboration enables AWS to support customers with concerns about data privacy. “We want to understand who needs to access the data, and what they’re trying to deliver from gaining access to that data. AWS offers a lot of tools around the security and control of data, but around deep analytics we might bring in a partner, such as Privitar, to work with us and understand how we can enable their business users to get access to the right data to enable them to deliver value... without compromising any rules or regulations.”
Design in privacy automation
Matt explained that AWS Financial Services customers have begun to design security and privacy into their data repositories. This allows consumption from the outset. Jason elaborated on how businesses should define this service. “Architects designing a system without thinking about security would be laughed at, mocked and fired. It needs to be the same for privacy. Privacy needs to be thought about from the outset - from the point of data collection all the way through to data usage and data deletion. And then that needs to be enforced by building it into a process and a pipeline that makes it easier to do the right thing because the right thing happens automatically.”
Automated data provisioning with privacy protection built-in accelerates accessing the right data and unlocks its potential. As Jason explained, “It takes a long time to provision data when everything is done subjectively by humans making decisions and repeatedly managed as if for the first time. If you can automate the process then you get consistency, you get transparency, you get clear auditability, and you reduce human error.” Everything speeds up, but especially time to data.
To learn more about data privacy in the cloud, check out the whole conversation, recorded for our webinar “Practical data privacy lessons for Financial Services Leaders”, or download our 2-page datasheet “Data Privacy with Privitar on AWS”.