Despite the ever-increasing number of network security solutions on the market, it seems we're still hearing bad news about the state of data security in the financial services sector. A recent TowerGroup study says the number of reported lost customer records is up 50% in the last seven months!

Analysts agree that many businesses aren't doing enough to prevent data loss and theft, despite corporate governance laws like Sarbanes-Oxley and the Gramm-Leach-Bliley Act. The message is clear--if you haven't put solid security measures in place, now is the time.

This issue highlights security problems in financial services, technologies that can help, and includes a story about a real-world security implementation for TimePlus Payroll.

Thanks for reading,
Pat Donnellan, CEO

At the Black Hat conference earlier this month, the financial services sector was slapped on the wrist by analysts who revealed an appalling lack of IT security embedded in financial transactions.

Here's the problem--financial organizations without fast, 24/7 application access won't get ahead. Can you imagine being a bank that doesn't offer reliable Internet banking? Or how about a trader who misses a deal because her software application runs too slowly? Disastrous.

But, speed and availability shouldn't be the only objectives. As customers become more aware of shoddy security within the industry, they'll demand levels of IT security beyond what's guaranteed by most financial services organizations today.

We're entering an era where speed and accessibility aren't enough. Businesses that don't make security a priority and can't promise their customers protection against data loss and identity theft will find themselves losing goodwill and customers.

TimePlus Payroll is regarded as one of the most dependable and customer-centric payroll services in the country. With more than 30,000 customers and 210 offices, the company needed a reliable, safe way for employees and customers to access its network when they're not in the office or behind a corporate firewall.

Chief Information Officer, Peter Appleyard, weighed AEP's Netilla Security Platform against Citrix in an exhaustive SSL VPN evaluation. He opted for the NSP over Citrix based on two criteria: trustworthy security and easy installation and management.

The NSP integrated into TimePlus Payroll's network infrastructure with little effort and provides watertight security. Alternately, Citrix would require a much more complex and costly implementation.

"The NSP gives us the fastest and most secure method of accomplishing remote operations without having to change our application architecture," said Appleyard. "The NSP has exceeded expectations in every way possible."

The FDIC's authentication guideline for financial information states that single-factor authentication--such as user name and password--are inadequate for protecting customer information. Financial institutions were expected to meet this guideline by 2006, but many are still scrambling to make the grade.

A study released in June this year by Sestus Data Company and BearingPoint Financial Services Information Security Group reports 96% of U.S. banks are failing to implement multi-factor authentication.

Does your organization still need to upgrade? AEP Networks specializes in FIPS-approved access products purpose built to work with RSA, VASCO, and our own FIPS-certified two-factor solution out of the box. Organizations across the federal government and financial services industries-including the Department of Justice, The Philadelphia Stock Exchange, E*Trade and Commerce-use AEP products for secure access to information.

Learn more about AEP's certified SSL VPN and identity-based application gateways to help you meet GLBA, SOX and the FDIC guidelines.

Financial services-and financial markets-are far more global and integrated than they were a decade ago, thanks to online transactions and electronic communication. As such, many financial services organizations outsource to partners, vendors and suppliers around the world.

These organizations are in a tough spot. They need to make network resources available to outsource partners, but they must also comply with regulations (e.g., Sarbanes Oxley, GLBA) that force them to lock down their networks.

Network access control (NAC) can solve this dilemma. NAC is an IT security technology that controls access to a network by authorizing the user and device and verifying the user and device with the company's security policy. Importantly, NAC provides network access control without introducing latency into the environment. In financial services every second means money!

Once network access is secure, you can further boost security by adding identity-based access solutions that track each network transaction to specific users.

Read more about Identity-based Access and Resource Control solutions offered by AEP, including NACpoint and NACpoint Small Office.

The number of natural and man-made disasters seems to be one the rise, making business continuity and disaster recovery planning a priority for organizations in all industry sectors.

Remote access to company data and applications makes businesses more resilient after a catastrophic event. When staff, partners and customers can access corporate networks from any location, business won't grind to a halt.

Earlier this summer, we released the AEP Netilla Security Platform 5.6--the only SSL VPN that offers load balancing for data centers in multiple geographical locations.

NSP 5.6 improves business continuity after a disaster by enabling load sharing and failover between independent NSP clusters in geographically diverse data centers. If one of your data centers goes down, NSP clusters in another center will manage the network traffic.

Disaster Recovery Demand Licenses can also be purchased for NSP 5.6 for businesses that may need to increase their license capacity on short notice.