Key to any financial institution is the identification and management of risk. IT compliance certainly fits inside this category, where the implementation of controls to meet compliance also has an awful lot to do with common sense and best security practice.
Financial institutions need to keep information confidential and protect the assets of their customers, both intellectual and capital. More than ever today it is about being lean, using products and services that are focused on the agreed task and its delivery.
Many IT solutions and products suffer from bloatware, where the product contains many unnecessary features which the IT department ends up paying for and has to manage. So, how should you focus on IT compliance?
This is where focused services can make a positive impact on financial institutions, especially Compliance-as-a-Service (CaaS). Think of CaaS as the service you can order to your specification, without the bloatware options that many products have by default.
Compliance-as-a-Service contains all the consultative and externally serviced elements that allow the company to achieve and maintain compliance. CaaS should begin with a consultative phase that analyses the client estate and identifies the events that needs
to be monitored, ticketed, alerted on and of course responded to. Whilst the logging aspect is important a service should also deliver patch and vulnerability scanning, build validation and configuration checking, all key to maintaining compliance.
Maintaining compliance should also be seen as security best practice. A compliance event is often a security event so it is crucial that once an event is detected, CaaS escalates to the relevant IT or Risk Manager, anything from log and ticket only for
the auditors, to call me with 15 minutes 24x7 if the event is serious and requires immediate attention. Is someone logging on at 2AM local time suspicious or just normal profiled behaviour for a global financial institution?
Financial institutions need to focus on efficiencies, not just cost reductions. So, evaluate CAAS suppliers, look them in the eye and ask to see their operation. Get rid of the bloatware, focus on the supplier who gives you the correct tool for the job
and you will have the partner to achieve your compliance mandate.