May 29, 2019
OCIE Warns of Cloud-Based Server Security Risks
Last week, the Office of Compliance Inspections and Examinations (OCIE) discovered several security risks related to the storage of customer information by broker-dealers and advisers, particularly related to the use of cloud-based servers. The primary risk was found to stem from firms choosing not to utilize available security features on storage platforms.
OCIE identified several common issues which could result in gaps in Regulation S-P and S-ID compliance:
To strengthen data storage security, OCIE recommends conducting ongoing review of storage solutions, drafting guidelines for properly configuring these systems, and implementation of comprehensive vendor management policies.
WHAT DOES THIS MEAN FOR ME?
A lack of security, including misconfiguration of data storage technology, poor oversight of vendor-provided network storage, and failure to scale security measures to protect data of different risk levels on cloud-based storage platforms, can leave data vulnerable to access by unauthorized persons.
Creating and implementing a dynamic cyber security program, aligned with Regulation S-P and S-ID requirements, is a key element in gaining client trust and maintaining a full compliance program.
Fairview Cyber provides clients full-service vendor management, including: remote and onsite due diligence reviews and maintenance of an approved vendor list; complete drafting of cyber security policies and procedures; and ongoing penetration testing.
If your firm is seeking to supplement your cyber and vendor management support, Fairview Cyber can help. Contact us to learn more about what we can do for your business.