Blog article
See all stories ยป

Do you have bloatware or Compliance-as-a-Service?

Key to any financial institution is the identification and management of risk.  IT compliance certainly fits inside this category, where the implementation of controls to meet  compliance also has an awful lot to do with common sense and best security practice.  Financial institutions need to keep information confidential and protect the assets of their customers, both intellectual and capital.  More than ever today it is about being lean, using products and services that are focused on the agreed task and its delivery.  Many IT solutions and products suffer from bloatware, where the product contains many unnecessary features which the  IT department ends up paying for and has to manage.  So, how should you focus on IT compliance?


This is where focused services can make a positive impact on financial institutions, especially Compliance-as-a-Service (CaaS).  Think of CaaS as the service you can order to your specification, without the bloatware options that many products have by default.  Compliance-as-a-Service contains all the consultative and externally serviced elements that allow the company to achieve and maintain compliance.  CaaS should begin with a consultative phase that analyses the client estate and identifies the events that needs to be monitored, ticketed, alerted on and of course responded to.  Whilst the logging aspect is important a service should also deliver patch and vulnerability scanning, build validation and configuration checking, all key to maintaining compliance. 


Maintaining compliance should also be seen as security best practice.  A compliance event is often a security event so it is crucial that once an event is detected,  CaaS escalates to the relevant IT or Risk Manager, anything from log and ticket only for the auditors, to call me with 15 minutes 24x7 if the event is serious and requires immediate attention.  Is someone logging on at 2AM local time suspicious or just normal profiled behaviour for a global financial institution?


Financial institutions  need to focus on efficiencies, not just cost reductions.  So, evaluate CAAS suppliers, look them in the eye and ask to see their operation.  Get rid of the bloatware, focus on the supplier who gives you the correct tool for the job and you will have the partner to achieve your compliance mandate. 


3518

Comments: (0)

Retired Member

Member since

19 Mar 2009

Location

Blog posts

5,372

Comments

5,784

More from Retired

This post is from a series of posts in the group:

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.


See all