Many businesses accept the axiom that regulatory compliance requires ever-tighter constraints on end-user activities. New services, innovative use of technology, and employee productivity often take a back seat to security mechanisms designed to block, prohibit, exclude, and forbid - particularly in heavily regulated industries such as banking.
However, the experience of Jefferies - an independent investment bank in the US - points to a new possibility: security can also be empowering. Using Blue Coat Business Assurance Technology, Jefferies has been able to meet increasingly complex compliance requirements, strengthen cyber security, offer new internal technology services, improve enforcement of corporate policies, and give its IT staff something they never expected from a security solution: peace of mind.
Meeting compliance goals was just the beginning
It's no secret that for financial institutions, compliance requirements have been growing and evolving rapidly over the past few years. There are financial reporting and disclosure mandates such as Sarbanes-Oxley, privacy requirements such as the Gramm-Leach-Bliley Act, data security standards specified by non-US data protection regulations; the list goes on.
To help meet the increasing compliance burden, Jefferies selected the Blue Coat ProxySG appliance, an integral part of the Blue Coat Security and Policy Enforcement Center, in 2009.
Howard Berkis, VP, IT at Jefferies, says: "Initially, we were interested in getting better control over all website channels with written communications - from emails to blogs to instant messages. To be in line with regulatory requirements we needed to record all of the data safely and securely. Blue Coat has provided us the ability to selectively filter and, where necessary, block channels that are not archived and captured as per regulatory requirements. Blue Coat certainly met our needs in that area."
The Blue Coat solution was thought to be more comprehensive than other products in its capabilities, providing the needed data protection through sophisticated web filtering, visibility into SSL-encrypted traffic, web traffic inspection, content caching, bandwidth management, stream- splitting and more.
From Compliance to Enablement
"As time marched on, we saw that our compliance requirements were only increasing," explains Berkis, "and we saw that more security measures sometimes translated to lower productivity. So we were at a crossroads: we needed to satisfy our internal and external requirements and meet compliance mandates, but we needed to do so in a way that did not constrain our employees or our clients."