a compliance oriented it architecture for financial services organisations
TRANSCRIPT
-
8/3/2019 A compliance oriented IT architecture for financial services organisations
1/17
Clive Longbottom,
Service Director, Quocirca Ltd
A compliance oriented IT architecture forfinancial services organisations
Bob Tarzey
Analyst and Director, Quocirca Ltd
Dec 7th 2011
2011 Quocirca Ltd
-
8/3/2019 A compliance oriented IT architecture for financial services organisations
2/17
National
Eu
Global
Financial regulators
-
8/3/2019 A compliance oriented IT architecture for financial services organisations
3/17
Non-financial regulators
-
8/3/2019 A compliance oriented IT architecture for financial services organisations
4/17
PCI DSS V2.0 Requirement 8Assign a unique ID to each person
with computer access
ensures that each individual is
uniquely accountable for his or her
actions
UK DPAOnly allow your staff access to
the information they need to do
their job and dont let them share
passwords
-
8/3/2019 A compliance oriented IT architecture for financial services organisations
5/17
2 2.5 3 3.5
Health care
Financial transparency
Credit card handling
Securities trading
Environmental
International trading
EU
Industry specific
National security
Data privacy
National government
How do you see regulations in the following areasaffecting your organisation over the next 5 years?
Scale from 1 =
will decrease a
lot to 5 = will
increase a lot
Life is not going to get easier,
regulations are expected to
increase in all areas
Source, Quocirca
You sent what?,
2010
-
8/3/2019 A compliance oriented IT architecture for financial services organisations
6/17
Source:
Economist
Beyond the
PC
Oct 2011
-
8/3/2019 A compliance oriented IT architecture for financial services organisations
7/17
7
In terms of keeping your records safe, how trustworthy do youfeel the following organisations are?
The court of public opinion
Source:
-
8/3/2019 A compliance oriented IT architecture for financial services organisations
8/17
0% 20% 40% 60% 80%
Finance
Utility
Telecomms and Media
Public Sector
Retail
Industrial
HealthcareContractors Partners Suppliers Customers
Percentage saying external users areprovided access to internal systems
Source, Quocirca, The Distributed
Business Index, March 20088
-
8/3/2019 A compliance oriented IT architecture for financial services organisations
9/17
100 US and
UK enterprises
How many mission-critical applications does yourbusiness track? (average number of applications)
New Quocirca research sponsored by
Veracode (full report in Jan 2012)
-
8/3/2019 A compliance oriented IT architecture for financial services organisations
10/17
The IT burden in financial services Delivering financial services is all about data Much of the burden for providing the informationfor proving compliance falls on IT departments The need to be able to prove who has been doingwhat with data over time Includes:
Normal users Privileged users External users
-
8/3/2019 A compliance oriented IT architecture for financial services organisations
11/17
-
8/3/2019 A compliance oriented IT architecture for financial services organisations
12/17
2.3 2.8 3.3
They may take valuable orconfidential data
Their IT access rights have
been removed
A record exists of theremoval of access rights
Telecoms & Media Manufacturing
Government Finance
Axis: 5 = a great
concern to 1 = no
concern
When your employees leave your organisation, howmuch do the following concern you?
Source, Quocirca
You sent what?, 2010
-
8/3/2019 A compliance oriented IT architecture for financial services organisations
13/17
Has your organisation deployed a fullidentity management suite?
0% 20% 40% 60% 80% 100%
Manufacturing
Government
Finance
Telecoms &
Media
In place Planned for next 12 months
Delayed plans No plans/don't know
Source, Quocirca
You sent what?, 2010
-
8/3/2019 A compliance oriented IT architecture for financial services organisations
14/17
Use of IAM coloured by concern over managingaccess rights of departing employees
0% 20% 40% 60% 80% 100%
No IAM
Have IAM
1 - No concern 2 3 4 5 - great concern
....they shouldthe evidence is clear
IAM enables safe management of access rights
-
8/3/2019 A compliance oriented IT architecture for financial services organisations
15/17
-
8/3/2019 A compliance oriented IT architecture for financial services organisations
16/17
Standards provide a basis for building acompliance orientated architecture thatincludes identity and access managementbased on Active Directory
Identity Commandments
-
8/3/2019 A compliance oriented IT architecture for financial services organisations
17/17
THANKYOU
www.quocirca.com