Why is IT protection so important in finance?
The importance of information and communications technology (IT or ICT) for credit institutions, banks, securities firms, payment service providers and insurance companies has increased dramatically over the past two decades. Almost all processes are now supported by IT or made possible in the first place: branch operations are just as dependent on data centers as online or mobile banking. IT systems are used for calculating key figures, risks, controlling, managing customer and business data, and for internal and external communications. Also, more and more financial transactions are taking place with the help of complicated algorithms or in the cloud. The trend is also increasingly toward blockchain technology and digital currency, as well as other innovations in the areas of FinTech, InsureTech and RegTech. In particular, cash supply, card-based and also conventional payment transactions, as well as clearing and settlement of investment transactions depend on the functionality of IT systems.
Banking and finance as critical infrastructure (KRITIS)
IT infrastructures of banks and financial service providers must be designed to be fail-safe and belong to the so-called "critical infrastructures" (KRITIS). As such, they are subject to special technological and regulatory framework conditions defined by the German Federal Office for Information Security (BSI). The BSI supplements the banking supervisory requirements for IT with requirements for the effective implementation of special measures that reduce the risks for the secure operation of critical infrastructures to a level appropriate to the KRITIS protection objective.
Further requirements for IT security in the banking and financial sector
In addition to the company's own requirements, the influences of legal security standards must increasingly be taken into account. These regulate the basic premises of IT infrastructure or data center planning through legal recommendations, but also specifications such as compliance guidelines, Basel III, BAIT (Bank Supervisory Requirements for IT), ZAIT (Payment Services Supervisory Requirements for IT), PCI SSC (PCI Security Standards Council) or MaRisk (Minimum Requirements for Risk Management). The BSI supplements the banking supervisory requirements for IT with requirements for the effective implementation of special measures that reduce the risks to the secure operation of critical infrastructures to a level appropriate to the protection objective of the CRITIS. To this end, the CRITIS operators as well as their IT service providers must be guided by the relevant standards and take into account concepts of high availability. In doing so, the state of the art should be observed.
The best for the end: Many of these measures are eligible for funding
When consulting and implementing measures in the area of IT security, it is possible to apply for government funding. The offers are diverse and, moreover, the programs and services are not infrequently incomprehensible. Often there is a lack of time and knowledge to apply for the subsidies. The Data Center Group supports you in the application process.
Our clients in the field of finance and insurance
Our consultants have years of experience
With the various funding programs, we are happy to help you determine the needs for your IT infrastructures.
Head of Project Sales
Data Center Group