Client Success: Financial Services Company Banks on Compliance with Privacera

This story is part of our client success series. It showcases Fortune 100 and 500 customers across various industries that turned to Privacera to solve their tough data security, access, and governance challenges. Check out all the stories in this series. 

From its diversified banking, investment and mortgage products and services, this financial services company has accumulated a wealth of data from its global clients. It monitors and uses its consumer and business data, along with markets, to fuel business, marketing, and operations decisions. 

When the company needed to prove data handling compliance with federal guidelines, including Gramm-Leach-Bliley Act (GLB) and the Fair and Accurate Credit Transactions Act, it turned to Privacera. Read how this financial services company gained the ability to discover and tag sensitive data and implement fine-grained data protection with Privacera.

Business Risks

As a major financial institution, this company manages regulations from multiple government agencies. Under the GLB Act, it adopted rules limiting the disclosure of nonpublic information about consumers to nonaffiliated third parties. The rules require disclosure of privacy policies to consumers and, in some circumstances, allow consumers to prevent sharing certain personal information to nonaffiliated third parties. The privacy provisions affect how financial services companies transmit consumer information and convey it to outside vendors. 

Also, federal financial regulations under the Fair and Accurate Credit Transactions Act have increased the waiting period after companies provide privacy disclosures to new customers. The increase also applies to the waiting period before companies can share information with affiliated companies for marketing products and services.

Business Issues

This financial services company needed to prove adherence to federal data handling guidelines. However, it had no consistent way to identify, tag, protect, and monitor sensitive information across multiple systems, including MapR and Dremio. 

Its key challenges were to:

• Close the gaps in its security and access coverage
• Establish and enforce consistent data access policies across MapR and Dremio
• Track and audit data access

Solution

This company required the ability to discover and tag sensitive data and implement fine-grained data protection. It also needed a way to develop tag-based data access policies across its data systems. Although the company was using a data catalog to scan and tag its data, it needed to add data security and access controls. 

By adopting a unified data security governance approach with Privacera, this company was able to integrate its existing data tags into the platform and deploy tag-based access controls to protect and control access to sensitive data. It also established fine-grained access controls to secure specific data resources and create consistent data handling standards across MapR and Dremio environments.

By implementing Privacera, this client is able to manage access permissions on its Hadoop MapR clusters for Hive and MapR services. For Dremio, which is its centralized reporting tool, it uses Privacera to manage access permissions for Dremio users. The Dremio implementation uses tag-based access controls extensively and attribute-based access controls (ABAC) that leverage both data and user attributes to secure data. 

No matter how unique your data ecosystem, products, and processes are, Privacera can help future-proof your data security, access, and governance for greater scalability, connectivity, and competitive opportunities. For expert guidance on key aspects of unified data security governance, get your complimentary copy of the Gartner Hype Cycle for Data Security, 2023, where Privacera is named a Sample Vendor for Data Security Platforms (DSPs). Get your free report here.