Senior financial analyst at Countrywide Financial, Rene Rebollo, accessed the company's networks from an unsecured computer on several Sunday nights over a period of summer months, stealing and selling two million customers' data. The FBI arrested Rebollo in August, 2009.

The case mentioned above may ring a bell with several banks and financial institutions globally. Almost all organizations experience some degree of data theft. Especially with many employees assuming right to privacy on corporate networks and taking away files related to their work when they switch jobs. Most such incidents go undetected and for some the evidence is not substantial enough to take legal action.

Apart from theft, data leaks also occur due to negligence or mismanagement of data. Financial services organizations, including banks and insurance companies, face the daunting task of protecting corporate and customer data from internal and external data leaks. Several millions of dollars are spent in improving data security; however, complete security has always been out of reach, with loopholes rampant in present data leak prevention products. Furthermore, preventing data leaks from occurring, while making sure productivity and data accessibility is not hindered, appears impossible.

Financial companies have moved more and more applications online and many processes take place over the web. Unfortunately, data security on the web browser ends at typical application level access controls such as user id/password, while user activity information such as print, copy, screenshot, etc. are not available. The computer running the browser is also not under the control of the web server.

In addition to this, any files downloaded or reports generated over the web have absolutely no protection at the local computers. The files have no footprint and can be easily moved through various mediums such as storage devices, emails, instant messengers, among other means. Web applications and files are the two single largest sources of data leaks at the hands of trusted users for banking institutions.

In the presence of a dynamic regulatory environment, the risk assessment process adopted must be flexible enough to adjust to new regulations, especially in the case of insurance companies, an industry governed by rigid regulations. Perimeter security solutions do secure the infrastructure against external threats of virus and hackers. However, in the absence of a complete endpoint security solution these controls can be rather weak against insider data theft. Organizations invest heavily on network and server security controls, creating multiple layers of controls which are difficult to compromise. But once data is removed from the server’s secure environment it becomes vulnerable to the weakest link - the employee.

Pawaa Software has addressed the above issues faced by the financial industry, with the introduction of its patented innovations – pawaaWEBB and pawaaFILE.

PawaaWEBB is a powerful data protection software that helps banks and other financial institutions to successfully secure their online data. The software goes beyond traditional authentication and access controls, and provides complete visibility into users’ behavior regarding how confidential and sensitive information is handled.

By using pawaaWEBB, companies can enforce the same IT and security policies on both managed and unmanaged computers, whether they are within or outside the network, thus ensuring uniform security. The user can only visit the URLs that are permitted by the policy. Also hardware such as USB, Bluetooth, CD/DVD are safe guarded so that data leaks cannot be created while in the session.

Detailed logs follow the user’s activities such as applications launched during the pawaaWEBB session, clipboard activities, screenshots, bandwidth usage, print, URL clicks, etc. These are sent back to the server for audit trails, forensic analysis and report generation. Apart from monitoring and controlling user activities and the computer hardware, pawaaWEBB can also mask certain parts of the web pages for certain user groups without having to modify the back end applications and database.

PawaaFILE is a patented Intelligent File Format which is completely secure and addresses some of the basic security issues that exists with the normal file format. It fills several security gaps including the safety and control of the files downloaded from the web and the reports generated from web applications. Any file downloaded or reports generated from pawaaWEBB are automatically converted to the pawaaFILE format.

PawaaFILE provides the finance industry complete control over files through its Information Rights Management policies. The policy maker of the company decides who can create the pawaaFILE, from which application, where it can be circulated, what type of authentication mechanism is required to consume the file, when it expires, Information Rights Management policies such as print, save as, edit, screenshot, time bound policies, and much more. So when a pawaaFILE leaves the organization accidentally or maliciously, it is of no use to unintended users outside the organization, or outside the organization's network, based on the policy. Only intended users can use the file, for the time allowed as defined in the policy.

The format of the pawaaFILE requires up to three keys to open the file, making it literally impossible for the hackers to break into it.

The combination of pawaaWEBB and pawaaFILE makes a powerful data leak prevention solution. Together they offer banks and finance companies an extremely high level of web and file security, while ensuring that the solution is practically usable.

Between core banking applications, loan processing systems, payment gateways, wealth management, private banking and other applications, customer and confidential information in a bank is being accessed by many people from different departments. A complete audit trail is required, in addition to visibility on who is accessing the information and how the information is being handled. The files downloaded and reports generated from these applications should only be used by intended users, hence preventing any types of data leaks and compliance violations. Through this powerful combination, banks and financial institutions can now,

More and more compliances require the banks and financial institutions to insure the security and the confidentiality of the customer records and information, to protect against any anticipated threats and hazards to the security of the data, to protect against unauthorized access to use the customer data and finally demonstrate that their security controls work. PawaaWEBB and pawaaFILE help banks with these requirements without having to make major changes to their IT infrastructure or applications.