Data at Rest is Data at Risk
Data at rest on the desktop is data at risk. Period. End of story. But some stories need explanation.
Particularly applicable to the world of banking — data at risk on the end-user desktop can lead to crippling consequences.
Why? Because banking is really about information. In the ever-changing financial regulatory landscape, financial institutions need to be continuously innovating, maintaining compliance, gaining visibility, mitigating risk, and seamlessly consolidating data. And this is no easy task because financial services institutions inherently bring data into every situation — so in essence, from transactions to customers to products, the financial world is fueled by information.
This “information” — the lifeblood of the institution, is none other than the data that is aforementioned — and when it comes to rest in an end-user application(EUCA) on the desktop, there is trouble afoot.
Where does the trouble come from? In the US, it is the Office of Comptroller of the Currency — the regulatory body — otherwise known as the OCC. (Search “OCC MRA EUC” and look at the Cease and Desist order to get a flavor).
The problem is the lack of effective controls on that data as it passes through the organization or even between institutions and their customers. But we have sophisticated systems for that — what’s the issue? This is the age-old problem we won’t go into here — but suffice to say that there is so much information and need for information velocity, that desktop applications get created to get work done -Excel models are spun up, macros are written, emails and files are sent, you get the picture.
A lot of this data lives on an employee’s desktop in Excel. An accidental copy-paste error here, a cell deletion there, or use an older version of the data — and everything could come crashing down.
If you look at the anatomy of an Excel EUCA, you can see that every EUCA typically has a few input files, a few computing files full of formulas and macros, and a few output reports which either update a target system or send a report to a regulator amongst many things.
The issue is that the corporate end-user could use a wrong input file, a wrong macro file, send an older report, or use the data maliciously. This data is at rest on the user desktop or on a shared drive and thus is at risk, and this is just at the top of the list of things that can go wrong.
But a large bank or financial services institution is dealing with thousands of these End User Computing Applications (EUCA) — and estimates are that about 90–95% are Excel-based and thus project the inherent risks associated with Excel onto the financial institutions’ data governance infrastructure.
In the past, the risk and compliance managers were able to meet the compliance check by providing good documentation and basic file-level controls, but not any more…The mitigation of EUC risk is now on the radar of the OCC.
Why should you care about any of this?
Well for starters, because of recent penalties, EUCA risk has become part of the OCC playbook.
And it has triggered all financial institutions to ask this question: How many end-user computing applications do we have running in our company? 10,000?,20,000? Some large banking institutions have more than 40,000!
It’s like a fender bender. No worries until it happens to you, except a fender bender would not be the right analogy. This would be a full-on multi-vehicle, high-speed crash.
The point is, what you choose to do now has far-reaching effects and it behooves any of us to not take this lightly and we think many leading banks are taking notice and acting responsibly to address this challenge face on.
Now that we’ve established the problem — let me introduce the solution.
The different approaches to remediate these EUCAs are another topic of discussion. At Boardwalktech, we have focused on the key issue — data at risk on the desktop — and have a novel approach to solving it.
Boardwalk Velocity is a low code, plug-and-play platform that absorbs the EUCA model and data, preserves the Excel experience, and eliminates data at rest on the desktop along with EUCA risk.