The Data Security Challenge

Data Safety is Primordial

In a context of digital transformation, the challenges of data security are considerable. What on the one hand stands out as a need for modernization, a competitive advantage or a characteristic of economic development also appears as a source of vulnerability if the systems and data are not well protected.
Security plays a decisive role in all fundraising or investment activities. Without it, major incidents could impact asset managers and their activities.
Where threats are constantly increasing, the risk of data breaches is almost permanent and increasingly stringent regulatory requirements: virus injection, theft of customer data, intrusions, increase in attacks related to teleworking ( Covid-19 crisis), industrial espionage…

A cloud or a safe?

Two risks in particular concern asset managers: data transfer and “cloud” storage solutions. Many companies choose to host their tools in the cloud, which is now becoming the norm and the future of computing. The cloud market is booming (new products, busy publisher roadmaps, mergers/acquisitions, partnerships, etc.).
When selecting third-party IT service providers, it is important to obtain detailed information on their security programs: access to data, location (country of jurisdiction), right to audit, technical aspects of the infrastructure and measures taken by the service provider to ensure the integrity and security of this data, etc.

Security Optimization

The challenges of alternative investment actors in terms of cybersecurity are:
  • Knowing the origin and uses of the data, defining the rules and the life cycle for it.
  • Being able to geolocate the data, ensure the security of the data transmitted by the supplier, guarantee the availability of the service.
  • Complying with the GDPR by protecting sensitive data, define and manage authorizations and data retention periods.
  • Management of consent and right to be forgotten, data masking and anonymization.
The characteristics of optimal access management should be:
  • Simple and understandable with a vision of users and uses provided by a “user-friendly” tool,
  • Integrated across the data platform and then specifically for each new application,
  • Automated as soon as possible,
  • Delegate to business lines and functional teams,
  • Regulated by an adequate definition of access rights and traceability.

Cybersecurity, data security and respect for personal data are topics of major importance for asset managers, investors and fund administrators. To best ensure the security of its data, each organization must above all inform and make its employees aware of these risks, their sources, their potential impacts and give them the means to identify and eliminate them. This involves the organization of workshops, internal training with the collaboration of the DSI or by choosing the right software with the right measures put in place.