In the financial services industry, there exist vastly different reporting lines for enterprise information archiving versus information security.
Archiving, e-discovery and supervision, as business processes, are traditionally owned by the corporate legal or compliance groups, though managed and maintained by IT staff. Sometimes archiving and e-discovery responsibilities are managed separately—with legal taking a more active role managing through self-service capabilities, for example. Insider threat management (ITM), cloud access security brokers (CASB) and data loss prevention (DLP) are programs traditionally owned and managed by the information security team.
Missing the Forest for the Trees
Respective operations teams properly address events when they occur in either domain. But many incident response teams are blind to insider threat events that may have consequences in both worlds, because they are addressed independently, without line of sight or collaboration beyond individual teams. Yet separate responses to insider threat events fail to address the root cause of a larger, more coordinated threats that crosses multiple domains. Such silos are clearly evident in financial services organizations, where anti-money-laundering (AML), cybercrime and security operations (SOC) teams are still separate reporting chains even though most money laundering misuses existing payment systems.
This disconnect is due to several factors: a lack of awareness of a unified solution, different reporting chains, politics and culture, narrow functional remits, lack of appetite for collaboration and independent solution vetting processes.
Enterprise Archive for Managing Insider Threat
Taking a more holistic approach will lead to a greater level of information security. Whereas ITM and DLP focus on “left of boom” events to manage the incident identification and prevention operations, Proofpoint Compliance solutions including Enterprise Archiving and Proofpoint Content Capture product sets provide a full suite of tools for “right of boom” confirmed compliance incidents to augment detect, respond and recover operations.
Content Capture contextually gathers and unifies data across diverse digital communications channels. Then it delivers content with its original context to an archive regardless of the user’s device or location. This ability to collect and preserve original format of various data feeds into a single repository provides an accurate and comprehensive timeline of events that may have led up to an incident, especially when modern communications take place in real-time. Optional add-on products such as Content Patrol and Compliance Gateway enable you to handle the unique real-time monitoring needs of social media. It also verifies and tracks receipt of captured content by the archive through reconciliation.
Enterprise Archive easily gathers the entire corpus of enterprise data for simplified search and discovery. It’s an intelligent cloud-based archiving solution that simplifies legal, discovery, regulatory compliance and end-user data access for the modern enterprise. It also offers a robust Compliance Risk Dashboard to highlight major compliance risks and monitor violation trends over time. Individuals exhibiting issues or violations would then become candidates to be tracked with more granularity in Proofpoint’s ObserveIT (ITM), CASB and uDLP solutions.
E-Discovery Analytics augments extensive, basic e-discovery functionality, built into Enterprise Archive, for search, hold and export. As an optional module, it gives you greater insight into and control of your litigation readiness strategy, with advanced features such as Case Management, Conversation Threading, and Technology Assisted Review, helping you respond confidently to e-discovery requests and support post event investigations.
Intelligent Supervision helps organizations address regulatory compliance requirements with tools that help simplify supervisory, monitoring and reporting of all correspondence. As an optional module, it helps you meet FINRA, SEC, and IIROC obligations quickly and effectively, while also providing a platform to help you supervise other types of compliance risk, such as conduct risk, either inside or outside the financial services industry.
Together, these tools amplify a company’s compliance and security posture. Activity data from Enterprise Archive can be assessed holistically with the event data from CASB, ITM and DLP. This cohesive view of data correlated from different sensors—typically isolated by different reporting chains—allows an organization to see the full narrative surrounding an event-turned-incident. This helps enhance both response and recovery actions, regulatory and/or corporate compliance, as well as post event investigations and future preventative/detection measures.
You can realize a significant value of integrating compliance and security strategy. However, this depends on reporting chains spending the effort and resources to collaborate.
Archiving with e-discovery processes need to be seen as surgical instruments in a holistic and enhanced compliance and security strategy, not simply as a hammer in the compliance toolbox.
How Proofpoint Can Help
Proofpoint, specializing in people-centric security and compliance solutions, can support collaborative compliance and information security efforts with leading products such as Enterprise Archive, Content Capture, Insider Threat Management and Unified DLP, providing a better strategy devoid of organizational boundaries.
Learn more about our unique approach here.