How can financial services and banking organizations ensure that their ncino data stays safe in the event of a data loss or corruption?Like in many industries, digital transformation has revolutionized how financial institutions interact with customers, manage data, gather information, and market their services.
To fuel this transformation, many banking institutions have turned to nCino. Built on Salesforce, nCino combines customer relationship management (CRM), customer onboarding, account opening, loan origination, deposit accounts, workflow, credit analysis, enterprise content management, and instant reporting capabilities into a single platform.
While banking institutions have unlocked countless benefits by embracing platforms like nCino, the rapid adoption of new cloud data has created new challenges. Chief among them involves developing effective data protection strategies to keep sensitive information compliant, accessible, and secure.
In this post, we outline why it’s so important for financial services companies using nCino to have data security and backup capabilities, and what that solution should include.
Why protect your nCino data?
You are ultimately responsible for your data, not nCino
The shared responsibility model in cloud security makes providers and users accountable for different aspects of data security. This will be unfamiliar territory for some financial services companies just beginning their move to the cloud. Under the shared responsibility model, the company that controls the data, not the cloud provider processing it (Salesforce for example), is ultimately responsible for protecting the data from user-inflicted data loss or corruption.
Cyberattacks disproportionately target financial services companies
Banks and other financial institutions handle enormous amounts of sensitive data daily, making them a prime target for cybercriminals seeking to profit from that information via fraud, extortion, or outright theft. In fact, according to a report by Boston Consulting Group, financial service providers face cyberattacks at a rate 300 times greater than other industries.
Internal data breaches are a real threat
Data inside SaaS applications like nCino is constantly changing, and the pace of that change accelerates as your organization increasingly relies on nCino as the key pillar for digital transformation. Integrations, customizations, and clean-ups happen regularly so you can keep the data as useful as possible to your business stakeholders. Despite your best efforts, the need to move fast with these types of projects can introduce errors. Human error is the leading cause of SaaS data loss and can include things like integration errors, customization errors, and clean-up errors.
The consequences of non-compliance due to a data loss are significant
Under regulations like GLBA, GDPR, 23 NYCRR 500, and CPRA, fines for noncompliance are stiff. The latter statute affects any company with customers in California and imposes a $2,500 penalty for each violation not rectified within 30 days. Given that the legislation equates separate violations with individual victims of a breach and that breaches often impact millions of customers, it’s not hard to see how compliance failures can be financially crippling for firms of all sizes.
What your nCino data protection solution should include
Financial services and banking organizations have unique challenges when it comes to SaaS data protection. Here are several things organizations should consider regarding protecting their nCino data.
Flexible backup frequencies and fast, granular recovery
Because of the sensitive nature of personal financial information, this data must be available 24/7. That’s why financial institutions must limit how much data they can afford to lose and the amount of time it will take to recover after a data loss or corruption.
To minimize your recovery point objective, you should back up your nCino data at least once daily. But having the option to back up more than daily is essential, especially for data that changes frequently. The ability to back up on demand is also valuable when making large-scale changes before they get deployed to your production instance.
On the recovery side, you need to be able to find out when the data was last correct, so you can pick the right backups to restore from and ensure the correct data gets back into nCino. Be sure to choose a backup solution that allows you to see how an object changes over time, so you can pinpoint exactly the right backup to restore from.
Regulation-ready protection
While investing in digital strategies related to the customer experience is critical, financial services companies must also “digitize” when dealing with how data from those interactions is stored and accessed. Under SEC 17a-4, the permissible storage medium has evolved with technology, which now allows financial institutions to preserve records on electronic storage media, including CRM systems like nCino.
But like all companies in the industry, nCino customers are subject to strict audit and storage requirements that could confuse even the savviest IT and compliance professionals. These include SEC 17a-4, the Financial Industry Regulation Authority (FINRA), and the Sarbanes-Oxley Act (SOX).
Look for a solution that can help you meet compliance requirements for electronic storage, record-keeping, and integrity of your Ncino records.
Access management and permissions
Among relatively recent nCino and Salesforce adopters, 10-15% of the information fields in their orgs might be classified as high-risk. That percentage is typically greater among more mature users. Within many of these organizations, the number of employees who can easily access sensitive information is substantially higher than it should be.
Internal data breaches — whether malicious or accidental — constitute a real and growing threat to all organizations that collect and store customer data. Understanding which employees and partners have access to sensitive data is critical to risk mitigation, as is the adequate use of features like field change tracking and history retention.
Data retention policies
Most of the above mentioned regulations stipulate how long certain types of data should be kept. With records entering and leaving your cloud environments daily, having an official data retention policy on record is critical. Your data retention policy should look holistically at all the data entering your nCino environment and should define the data you're retaining, the data's sensitivity level, and which regulations specify minimum or maximum retention periods.
Streamline nCino data protection, governance, and compliance
Own keeps your critical nCino data safe through daily backups, fine-tuned recovery, regulation compliance support, and comprehensive data management and security capabilities.
- Find and fix incorrect permissions, misconfigurations, and other vulnerabilities
- Protect nCino data, metadata, and documents (such as Chatter and DocMan files) with comprehensive, automated backups and rapid, stress-free recovery.
- Propagate nCino’s data to sandboxes for faster innovation and ideal training environments.
- Enable customers to provide their own keys to encrypt and decrypt data within Own storage.
- Meet compliance and regulatory objectives for electronic storage, record keeping, and backup integrity of regulated nCino records with our flexible retention policies and our export capabilities.
Learn more about how Own can help you protect your nCino data and remain compliant.