4 minute read
Control over compliance: Navigating regulations in the finance
Control over compliance: Navigating regulations in the finance industry
Among other sectors, the finance industry is typically subject to a range of new regulations on a regular basis, and the pace of introductions can leave organisations fighting to keep up, despite an obligation to ensure compliance. It’s a constant carousel that can leave IT teams and regulatory professionals feeling lost and rushing to implement quick fixes to ensure they don’t receive hefty fines, but rapid implementations can create issues of their own.
In the finance space, many companies need to complete audits on a regular basis to prove that their data and services are sufficiently secured and remain private. While it’s also true that cost savings can be achieved from keeping pace with changes, a solution is simply mandatory to ensure business stability. This is even more urgent due to the fact that regulations are only becoming stricter and penalties are rising in severity.
Challenges in the finance industry
The finance industry in particular is subject to a range of significant regulations. The SOX act for example was devised to protect both shareholders and the general public from any fraudulent practices or accounting errors. In both a financial and IT sense, all public companies in the US and non-US with a presence in the country must now comply with the regulation, or otherwise face fines of up to $5 million.
With PCI DSS, any size merchant that accepts credit cards must be in compliance with the regulation. It’s critical that organisations ensure their systems are secure to enable trust with customers when it comes to securing their payment card information. In the banking landscape, regulations such as Basel II provide recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision. It’s a tricky path to navigate, but one that financial businesses need to successfully tread, or otherwise potentially risk a ceasing in operations if a solution isn’t found. The key to enabling compliance is by carefully controlling change, which includes tracking any deviations through development, validation via engineering and then testing any new integration. The biggest issue with ensuring compliance however is the overhead required to both test systems and ensure that the results are recorded in a meaningful way, but the correct technology integration can remove this challenge.
Tracking change
The first stage to achieving control over regulatory compliance is by being able to monitor configuration across the plethora of IT suite devices in the organisation. With the right technology in place from a specialist vendor, the current configuration can be ascertained before having visibility of how a device may have changed over time, which is vital data in understanding where a fix needs to be applied to ensure that regulatory standards are met.
Depending on the public standards that the finance organisation needs to adhere to, the controls can be applied based on what they interpret to best suit their operations. This could for example be a particular setting that means only certain users have permission to access customer data, or a firewall that should only allow a certain type of information through. A monitoring tool can then be used to continually check and identify any change that deviates from those controls, ensuring that any potential future issue can be picked up before it becomes a problem.
With devices able to be controlled from one location, IT professionals benefit from the removal of time-consuming manual processes that would have previously been necessary with a wide range of disparate devices. This could for example have included server provisioning, a desktop or laptop system, network devices, storage and potentially even a different solution for each of their applications. By adopting a strategy where a heterogeneous monitoring tool is used, it’s all in one place and any non-compliant devices won’t slip through the net, reducing the chance of configuration drift.
Being in all places at the same time
Before the proliferation and widespread expansion of IoT devices, it used to be the case that IT professionals could keep control of regulatory developments by simply monitoring one device in the organisation at a time. Now, the sheer number of complex devices makes this an almost impossible task, with this situation set to worsen as IoT expansion shows no signs of slowing.
While IT professionals can’t physically be in several places at the same time in order to maintain control over their IT suite, the omnipresence of technology enables oversight that previously couldn’t be facilitated. With a monitoring tool in place, financial organisations are able to keep control over a diverse technology set and their current level of compliance, easing the working day of professionals in the business and enabling smoother processes.
Mat Clothier, CEO Cloudhouse
Source:
1 2 3
https://digitalguardian.com/blog/what-sox-compliance https://www.pcisecuritystandards.org/ https://www.bis.org/publ/bcbsca.htm
