How Cyera Helped a Mortgage Lender Secure and Manage Sensitive Data

This leading financial services firm in the United States dedicates itself to helping Americans achieve their aspirations of owning their own home. They are committed to creating long-term relationships with their borrowers, partners, and other stakeholders. Cyera enabled the mortgage provider and servicer to increase visibility into their cloud data stores, identify excessive permissions to sensitive customer data, and meet the compliance requirements of the Gramm-Leach-Bliley Act (GLBA).

The publicly traded financial services organization is a leading mortgage lender and services provider committed to strong corporate governance and compliance with GLBA. The company uses a highly scalable mortgage platform to manage data for millions of homeowners, therefore the leadership team is committed to corporate governance, compliance, and risk management. To process and manage mortgage applications and ongoing accounts, the organization must manage vast stores of consumer data, including social security numbers, bank account numbers, loan information, credit history, and other sensitive data.

As a financial services organization, the company must comply with GLBA, which requires the Federal Trade Commission (FTC) and other government agencies that regulate financial institutions to implement regulations to carry out the Act's financial privacy provisions. The Act requires financial institutions (such as companies that offer financial products or services to consumers, including loans, financial or investment advice, or insurance) “to explain their information-sharing practices to their customers and to safeguard sensitive data.”

Sensitive data collection is critical to making lending decisions, which is one reason the organization gathers and stores increasing amounts of consumer data. Further adding to the complexity and quantity of data is the servicing aspect of the organization, which necessitates that they maintain visibility and control over the data generated by millions of loans. Unfortunately, the company’s existing tools have required time-consuming manual discovery that was inaccurate and incomplete. With a wealth of consumer financial data to protect, the security team must have continuous visibility into constantly changing sensitive data stores and apply robust classification rules to that data. This creates new challenges for the financial service organization’s security teams to govern data access and minimize the risk of data exposure and regulatory fines.

The mortgage lender and servicer engaged Cyera as an integral part of its efforts to manage risk and ensure compliance with GLBA. Cyera deployed in minutes, instantly discovering 3000+ diverse datastores containing sensitive data, such as social security numbers, bank account numbers, loan information, credit history, and much more. This information empowered the organization to uncover critical issues related to excessive permissions, sensitive data exposure, and data drift — and resolve them quickly and efficiently.

The security team serves as advisors and collaborators with other teams within the organization, which they can now more easily accomplish with the insight Cyera provides. They can define data security policies and implement controls that help the company manage sensitive data risk and meet GLBA requirements.

Today, the organization integrates with Informatica and other solutions to create a master data management, governance, and security apparatus to meet customer privacy needs and assure compliance with GLBA.

Using Cyera, the CISO was able quickly find and resolve critical issues and enable his security team to ensure that:

• Sensitive data across the cloud environment is identified quickly and continuously to guarantee ongoing visibility
• Sensitive data is classified to provide context on the risk it represents to the company and its responsibilities under GLBA
• The company is identifying and eliminating overly permissive access
• The company now has the information needed to manage, govern, and secure data‍

Data discovery and classification‍

The first step of every security program is to know what you have. Cyera enables the CISO to have a comprehensive inventory of all sensitive cloud data. The FinServ organization uses Cyera to create a single source of truth for the company’s data security program. This provides the company the information it needs to not only follow the requirements of GLBA to safeguard customer information but also stand solidly behind its mission to enable homeownership and put customers first.‍

Data protection‍

With a vast amount of sensitive data stored in cloud environments, it is critical to ensure that sensitive data is not exposed to the internet. The organization must also apply encryption and tokenization to sensitive data to follow privacy regulations, which is now easier, faster, and more reliable with Cyera. The organization has also been able to reduce risk in test and development environments by eliminating data drift from production into other environments. The completeness of the data inventory further helps the CISO understand and reduce the blast radius for a data breach based on what data could be leaked or exfiltrated in each environment.‍

Data democratization

‍Data democratization makes data resources available to all employees across the enterprise so they can use the data they hold to make better decisions, comply with regulations, increase operational efficiency, improve customer satisfaction, and generate revenue — all of which can provide a competitive advantage to the business. To realize those benefits, the organization uses Cyera to support a master data management project (including data modeling and governance) by integrating with Informatica to make sure the data is normalized to reduce the amount of mapping they need to do to move data between diverse groups.