How to Keep up With Compliance

By Ross Maurer

Financial institutions have to obey a large range of regulatory requirements relating to capturing, securing and retaining key data. But the actual logistics of complying can often be a challenge as hardware and software upgrades introduce new features and functionality into a rapidly changing and increasingly cloud-based IT environment. While the regulatory “letter of the law” can be a simple statement, following that law can require ongoing development and remediation tracking as companies adopt new technologies to gain a competitive advantage -- and then have to catch up on the compliance side.

Compliance starts with ensuring that data generated by the business meets the appropriate rules and regulations. It’s a lot simpler when the IT systems that run the business also support regulations and requirements. But any IT monitoring platform not only needs to meet today’s requirements, it also needs to meet today’s budget.

A Game Plan for Adapting to Change
To support quickly changing financial regulations, your network and application performance monitoring system needs three capabilities:

• Rapid discovery and certification of new or updated data sources, such as new network devices or servers, or a new cloud-based application
• Secure, definable access roles, allowing network admins to restrict assets to reported data
• Raw statistical data retention for one year without aggregation or roll-up, with the ability to expand that capacity as needed

Being able to quickly find, recognize and certify new data sources means there won’t be a gap in compliance reporting when a new device or application is deployed. Without this ability, you’re essentially blind to what’s going on with any new device or application from a performance, security and compliance perspective.

Consider the Cloud
The traditional approach of implementing a centralized database for statistical reporting is outdated and can lead to significant upfront expense. A system with a distributed appliance-based architecture lets you expand retention capacity without having to re-architect core components, so you won’t have to overprovision capacity for system deployment when the next regulatory change comes along.

Virtualization and cloud computing can increase flexibility and lower cost. In addition, many networks interface with third-party applications, databases and service providers. At the same time, the trend toward online banking requires high-speed, low-latency connectivity to back-end systems with secure mechanisms.

All these factors mean financial institutions must operate with increasingly dynamic IT environments. Any performance monitoring system must be ready to keep pace with this constant change and should be designed to track to the moving target.