Alliance Data’s Vigilance and Continued Commitment to Cybersecurity

By Rob Boutell, Chief Information Security Officer, Alliance Data Card Services
Oct 17, 2019 9:15 AM ET

Every October, Alliance Data recognizes National Cybersecurity Awareness Month as an opportunity to remind our associates of cybersecurity best practices and reflect on our own security framework, protocols and governance. 

Alliance Data’s distinction in delivering data-driven loyalty marketing solutions is grounded in our approach to the secure and responsible use of data. As innovations and breakthroughs in technology, along with an increase in cyber incidents, continue to reshape the marketplace and consumer expectations, data governance and protection become an even more vital concern for businesses. At Alliance Data, our associates play a critical role as our first line of defense against cyberattacks. Through annual trainings and awareness campaigns, our associates are well-versed in how to do their part to make sure we remain cybersecure. 

Alliance Data also recognizes the need for transparency and credibility when it comes to reporting on our cybersecurity approach. In 2017, we voluntarily adopted the National Institute of Standards and Technology (NIST) cybersecurity framework which requires all of our cybersecurity efforts to be planned, structured, tested, measured and reported in accordance with NIST’s requirements. The core of the NIST cybersecurity framework consists of five functions: 

  • Identify: assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data and capabilities 

  • Protect: outlines appropriate safeguards to ensure delivery of critical infrastructure services

  • Detect: defines the appropriate activities to identify the occurrence of a cybersecurity event, enabling timely discovery of cybersecurity incidents 

  • Respond: includes appropriate activities to take regarding a detected cybersecurity incident 

  • Recover: identifies the appropriate activities to maintain resilience and to restore any capabilities or services impaired due to a cybersecurity incident 

We regularly report to our Board with an in-depth view of cybersecurity metrics and areas in which our security teams are monitoring based on the NIST framework. Due to the success of implementing this framework in our security practices, our Information Security team met with NIST, representatives of the U.S. Department of Commerce and industry peers to lead discussions on development of a similar framework to guide data privacy protocols. 

Our commitment to good data governance and protection in everything we do is foundational to our day-to-day operations, our reputation, and in our ability to assure our clients that safeguarding customer data is of utmost importance. Although we recognize cybersecurity awareness month in October, at Alliance Data we remain vigilant and committed 365 days a year and on the search for constant improvements in our security protocols at all times.