Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk Management

12:30 PM
Dana Simberkoff
Dana Simberkoff
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

The Art of Leveraging Governance, Risk & Compliance Technology Tools

Eliminating compliance risk across information channels is a constantly transforming task. Ongoing auditing and auto-corrective technology can increase trust, accountability, and transparency.

Following the news media frenzy around the data breaches at Experian and complaince failures at Home Depot, organizations are facing heightened demand for data privacy and compliance regulation. In Grant Thornton LLP's survey of more than 400 chief audit executives from US organizations, 31% of respondents ranked compliance risks as their top concern, and 42% believe that data privacy has the most potential to impact company growth.

Despite these findings, only 29% of respondents are using a governance, risk, and compliance (GRC) technology tool, and only 22% believe their organization is leveraging GRC technology effectively. Why is there such disconnect between what is important and what is occurring? Businesses often create policies, practices, and controls without a true understanding of life on the ground in the company. Best practices for security -- especially when dealing with highly sensitive financial information -- traditionally have focused on building walls around the perimeter to keep people out and keep information in. However, when you build a 10-foot wall, your opponent brings an 11-foot ladder.

Though perimeter-based security is important, it is only one strategy in a layered approach. Financial organizations must also look at information as it is managed throughout their information gateways -- via file shares, the web, enterprise collaboration systems, communication systems, and social platforms. Thinking holistically about managing compliance and maintaining visibility, data classification, and control makes the walls less penetrable.

How can we close the gap between what is needed and what is available? To understand what capabilities are needed for ongoing operations, practitioners should conduct vulnerability assessments. These can be helpful when beginning an audit and are valuable in identifying what information requires heightened attention and what programs are used to store it -- including enterprise collaboration systems and interactive gateways, such as file shares, SharePoint portals, cloud platforms, social networks, and websites.

However, identifying these issues across thousands or millions of documents is impossible without automation. It is important to look beyond features that only check the boxes. Because information is constantly being created, vulnerability assessments must be ongoing to create a comprehensive lifecycle approach to risk mitigation. When choosing the technology, look for a solution that can do the following.

  • Discover data across multiple gateways to shed light on dark data and other potential risks. Sensitive information may not be obvious but can open up an organization to issues if leaked, especially when it concerns a customer's finances.
  • Scan content in motion or at rest against out-of-the-box or customized checks for a wide range of privacy, information assurance, operational security, sensitive security information, and accessibility requirements. Financial organizations often require heightened security based on government regulations, but security requirements can also be affected by subject matter and size. Select a technology with a solid framework that can be customized for your needs.
  • Drive enterprise classification and taxonomy with user-assisted and automated classification for all content.
  • Take corrective action automatically to secure, delete, move, quarantine, encrypt, or redact risk-defined content. These actions can reduce costs by eliminating the need for increased hiring to monitor information security initiatives.
  • Enhance incident tracking and management with an integrated incident management system, in addition to trend reports and historical analysis to measure improvements over time.
  • Monitor data and systems on an ongoing basis to demonstrate and report on conformance across your enterprisewide information gateways and systems.

Traditional approaches for return on investment include cost reductions and productivity increases, but smaller themes can also result in technology investment. For example, many companies now think of their data (particularly customer information) as an unrealized asset. However, much of that data may be lost in file shares or data silos. So what can be seen as a risk may also be viewed as an asset when accessed and protected appropriately.

Bridging the gap between current GRC use and desired use does not happen overnight. Organizations and their IT teams not only need to adopt the tools, but they must also successfully implement the technology and promote sustainable adoption. Despite the road ahead, GRC platforms and applications can foster safe, effective, and productive business environments at financial institutions. It's time that we take the steps to make GRC a staple in all businesses and better our relationships, not only with our customers, but also with our employees.

Dana Simberkoff is the Chief Compliance and Risk Management Officer at AvePoint, Inc. She is responsible for executive level consulting, research and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts and solutions for ... View Full Bio
More Commentary
A Wild Ride Comes to an End
Covering the financial services technology space for the past 15 years has been a thrilling ride with many ups as downs.
The End of an Era: Farewell to an Icon
After more than two decades of writing for Wall Street & Technology, I am leaving the media brand. It's time to reflect on our mutual history and the road ahead.
Beyond Bitcoin: Why Counterparty Has Won Support From Overstock's Chairman
The combined excitement over the currency and the Blockchain has kept the market capitalization above $4 billion for more than a year. This has attracted both imitators and innovators.
Asset Managers Set Sights on Defragmenting Back-Office Data
Defragmenting back-office data and technology will be a top focus for asset managers in 2015.
4 Mobile Security Predictions for 2015
As we look ahead, mobility is the perfect breeding ground for attacks in 2015.
More
Register for Wall Street & Technology Newsletters
Video
All Videos
Trading Floors
Slideshows
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.
More Trading Floors