This Risk Alert highlights risks associated with the storage of electronic customer records and information by broker dealers and investment advisers in the cloud and on other types of network storage solutions.
During recent examinations, the Office of Compliance Inspections and Examinations (“OCIE”) identified security risks associated with the storage of electronic customer records and information by broker-dealers and investment advisers in various network storage solutions, including those leveraging cloud-based storage.
Although the majority of these network storage solutions offered encryption, password protection, and other security features designed to prevent unauthorized access, examiners observed that firms did not always use the available security features. Weak or misconfigured security settings on a network storage device could result in unauthorized access to information stored on the device.
