The data protection landscape is changing. The rapid adoption of cloud and software as a service (SaaS) greatly affects the financial industry, where many institutions rely on SaaS vendors for data protection previously implemented in-house. Moody’s Analytics relies on cloud service providers (CSPs) to adequately protect its data, showcasing the need for scalability, industry cost controls, and flexibility.
An Introduction to Moody’s Analytics
Since 2008, Moody’s Analytics has been the global leader in financial intelligence, providing analytical tools and unparalleled insight into evolving markets. As financial risk and regulation grow increasingly complex, Moody’s Analytics assists businesses make informed decisions, navigate evolving markets, and build successful strategies through a trusted outlook on today’s changing landscapes.
Today’s Landscape
Current industry standards encrypt data at rest and in motion, securing their data centers and maintaining strict user management. Moody’s and their CSP have a key that unencrypts the data for authorized and protected usage.
The current process, however, doesn’t prevent data leakage or the breaches that follow. To evolve and improve data security, Moody’s and other organizations want complete control over their sensitive data instead of the CSP being able to unencrypt it. Enter tokenization.
Moody’s has partnered with Protegrity to pseudonymize its Customer Identifying Data (CID) in its Banking Cloud app via tokenization so it retains complete control over the data. Tokenization converts data into random strings that are only reversible by the data owner. The data can still have actions performed on it by third parties, as the value remains preserved. In Moody’s case, the SaaS applications run financial data calculations without viewing the tokenized data. Moody’s believes that Protegrity’s data pseudonymization features enhance its existing security capabilities.
In 2023, the General Court of the European Union ruled if a data recipient cannot re-identify the data subjects, as with tokenized data, that data does not qualify as personal data. As a result, organizations can improve their security by sharing pseudonymized data with third parties while complying with regulations like GDPR.
This ruling comes as a serendipitous nod to Moody’s partnership with Protegrity, allowing financial institutions to use Protegrity to tokenize data and provide it to Moody’s SaaS solutions.
Contact us today to learn more about the Protegrity Data Protection Platform and how you can use Protegrity data protection methods like tokenization and pseudonymization to protect your data and achieve regulatory resilience.