Background
A multinational bank was undertaking several initiatives to better secure data in use, at rest and in transit. As such, their security function requested Wavestone’s expertise to provide a third party opinion on the current and future projects in this area.
The client’s security function is responsible for the delivery of the Group’s Security strategy and services to all its entities across the globe.
What did Wavestone deliver?
Wavestone identified possible gaps in the current and planned encryption activities as well as providing insight into industry best-practice and associated recommendations based on the findings e.g. restructuring internal resource to update legacy infrastructure.
Working closely with the internal PM, we organised workshops with key stakeholders in the Policy, Data, Storage and Supporting Infrastructure teams in order to review the projects in each area.
Moreover, Wavestone benchmarked encryption-related policies such as internal cryptography standards, classification and labelling against best practices from other European Financial Services. Following this, gap analysis was completed and recommendations presented to senior stakeholders to help inform decision-making for encryption projects in 2020/21.
Challenges
There were conflicting opinions between senior stakeholders regarding the future direction of encryption within the bank. We overcame these issues by continuing close communication with the internal project manager to ensure that we remained within the scope of the project and were aligned.
Results
Delivered a detailed review of the client’s current and future encryption projects whilst providing insight into industry best-practice. This allowed us to highlight gaps, risks and associated recommendations for improvement, allowing the client to define a clear roadmap and prioritise investments in encryption projects for FY 2020/21.