Compliance is more than just cost
Compliance investments, which are basically treated only as a spending to align with compulsory regulations, when extended to all processes including privileged and super users, can build trust and competitive advantage for the organizations, according to IDC.
Not only banks, but all companies with complex IT systems must implement advanced controls to comply with regulations. Organizations and IT experts should look beyond the pressure for compliance and create added value by extending the existing investments with an activity and access management tool.
Well-managed IT will contribute greatly to improve organizations margins, quality, reputation, attractiveness, brand, and global results.
According to IDC, 2011 will see a return to growth for IT investment strategies in EMEA banking after two years of regressive or flat spend. This market has multiple growth drivers, but the key component is the sheer volume of new regulations that are being added by local and regional oversight organizations that compound an already highly regulated industry.
On average, European banks spend around 10% of their IT budget on compliance. In 2011, IDC expects this to increase to 15% to 20%, depending on the size of the organization.
“Compliance is a new task for many IT directors and Internal Security Experts. It calls for specific budgets and investments. Handling compliance efforts as an investment and utilizing them in value creation will become a new field in marketing competition. Organization must find a way to create value while spending on a compulsory basis.” – said Eric Domage, European Security Research and Consulting Director at IDC.
IT pervasion has transformed PCs, networks and servers into production tools that contribute to the value chain of any product or service. Once an automation gadget or task-easing tool, IT is now a pure tangible asset, a major contributor to added value. Therefore tight and agile management of assets is critical to the global organization. Within less than a decade, IT administrators who were once low value support resources became key to the generation of value.
Organizations should focus on improving access control on both the network and application layers, and not only for IT privileged users, but in many cases for specific users such as IT supports, executives, private bank operators, who also have access to the increasing volumes of transactional and customer data.
Key benefits of controlling advanced users:
Fraud prevention and detection: log and event analysis tools can help to replay events and distribute liability over fraudulent internal IT operations.
Employee clearance: in case of any incident, event and logging tools will build the real history of the IT actions and clear those who behaved correctly.
Organizational transparency: tools can demonstrate and prove what the organization did in a critical situation and helps to prove the compliant behavior.