The risk alert issued on May 23, 2019 by the Office of Compliance Inspections and Examinations (OCIE), a unit of the U.S. Securities and Exchange Commission (SEC), warns of the very things we at Continuity Software have been calling attention to during this past half year.
The SEC is responsible for the enforcement of laws and regulations in the US securities markets. The OCIE alert noted that financial firms do not consistently use security features, and that weak and misconfigured security settings put electronic customer records and information in network storage solutions at risk. This warning was issued for both on-premise and cloud-based network storage solutions.
OCIE identified three key problems with how sensitive data was stored:
OCIE cautioned that these security-setting misconfigurations could lead to unauthorized access as well as regulatory compliance issues.
The alert cited examples of practices they recommend to remedy these faults:
If you’re familiar with our mission at Continuity Software, and our writing on the topic, the substance of the OCIE risk alert won’t surprise you.
We developed Data Security Advisor™ to address these and related issues involved in achieving and maintaining the security of core data storage systems, including storage arrays, cloud storage, storage network, storage management systems, data protection systems and additional storage devices. In a nutshell, Data Security Advisor checks the configuration of storage systems and detects vulnerabilities, violations of vendor and industry best practices, organizational security baseline requirements, ransomware protection guidelines, and non-compliance with regulations and standards that could impact the security of peta bytes of critical data kept within these storage systems.