Layered security is at the core of the new guidelines being offered by the FFIEC (the Federal Financial Institutions Examination Council), which defines the term as “the use of different controls at different points in a transaction process so that a weakness in one control is generally compensated for by the strength of a different control.” Layered security most often refers to IT solutions in place in the banking industry, but it is also a useful strategy for any business or organization that deals with financial matters. Since nearly every business and non-profit needs to both take and issue payments, this includes virtually every business in the United States.
Layered security includes a wide variety of strategies to try to keep data properly secured. Basic components of it include such things as typical user identification and password techniques, but also such things as device identification, the monitoring of both employee and customer behavior to identify anomalies that may indicate areas of security concern, and pattern analysis. Layered security means using at least two different devices to authenticate customer access and software solutions that will provide enhanced control levels over the ways in which customers use their own data.
Because layered security is complex and can encompass many different software tools as well as the way those tools interact with hardware devices, it is best implemented as part of a managed program approach to IT services. Businesses need the security of knowing that staff are coming in regularly to access the systems to be sure that all layers of security are still operating as intended.