Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
July 31 - August 5, 2021
Las Vegas, NV, USA
SecTor
November 4 - October 30, 2021
Toronto, ON, Canada
Black Hat Europe
November 8-11, 2021
Virtual Event
10/25/2016
02:00 PM
Darron Gibbard CISM, CISSP, Chief Technical Security Officer , EMEA, Qualys
Darron Gibbard CISM, CISSP, Chief Technical Security Officer , EMEA, Qualys
Event Updates
50%
50%

Black Hat Europe 2016:
Introducing ‘RegTech:’ Cloud-based Tools For Regulatory Compliance

As regulatory requirements grow in volume and complexity in Europe and globally, cloud computing is emerging as a key tool to help companies manage compliance processes.

For many years, the security of the cloud was viewed with distrust and apprehension. Today acceptance of cloud computing among enterprises has been growing steadily; as executives have grown more comfortable with its risks they have also learned to value its considerable benefits.

Probably the best known benefit of cloud computing has historically been cost savings. Now we have one more: organizations are turning to the cloud to help them with the ever-growing demands of regulatory compliance.

How Cloud Can Automate Compliance

Regulations increasingly demand that organizations collect, store and analyze enormous amounts of data related to their business.  In 2015 alone, more than 20,000 new regulatory requirements were created, while there will be an expected 300+ million pages of regulations by 2020, according to IBM.

And let’s not forget the less frequent but seismic shifts like Brexit, which, when they happen, send tremors throughout the regulatory landscape, increasing uncertainty, complexity, and confusion. Keeping up with regulatory compliance requires an ever bigger chunk of enterprises’ operational budgets, as well as significant staff resources.

From an IT perspective, this means continuous upgrades of software, hardware computing power and storage capacity. Naturally, organizations who have opted to host their regulatory compliance systems in house are struggling with the rising IT complexity and cost. As a result, many are turning towards SaaS, IaaS and PaaS providers that can offer computing environments with these levels of scalability, flexibility, sophistication and availability. This is especially true of companies in highly-regulated industries like finance and healthcare, whose compliance burdens are particularly heavy.

What are these companies finding in cloud computing providers catering to regulatory compliance automation that they can’t replicate in house?

  • Robust big data analysis engines
  • State-of-the-art security for stored and in-transit data
  • Massive storage capacity
  • Specialized and continually updated compliance software that uses the latest machine learning and artificial intelligence algorithmic advances. 

Say Hello to ‘RegTech’

Cloud computing is the anchor for a set of technologies and products collectively known as ‘RegTech' because they’re used to automate regulatory compliance processes.  According to a recent Deloitte report, a “defining feature” of RegTech is that most products are cloud-based, with benefits including:

  • Remote storage
  • Management and backup of data
  • Pay per usage
  • Strong end-to-end encryption
  • Flexibility to add or remove software features

RegTech products are designed to automate regulatory compliance processes, and in recent months, they’ve started going from niche to mainstream. In late September, IBM acquired Promontory Financial Group, a regulatory compliance consulting firm, to transfer its expertise to the Watson cognitive system and give it RegTech capabilities. Financial technology newswire Finextra called this deal “the biggest example yet of the coming age of RegTech, in which technology is applied to the unravelling of regulatory red tape.” 

Meanwhile, American Banker declared that “RegTech is Real” in a September article, and wrote: “IBM's deal to buy Promontory Financial Group portends a dramatic change in the roles computers and humans play in regulatory compliance.” According to the Institute of International Finance (IIF), compliance process areas RegTech can significantly impact include risk data aggregation, modeling and real-time transactions monitoring, and it can free up capital that banks could use in other parts of their operations. 

Long term, RegTech “will empower compliance functions to make informed risk choices based on data provided insight about the compliance risks it faces and how it mitigates and manages those risks,” Sean Smith, a Deloitte partner, is quoted as saying in the report, titled “RegTech Is The New FinTech.” Meanwhile, a Business Insider report published in August states that RegTech products will help in many areas of compliance beyond automating legacy processes, such as interpreting legislation, designing new compliance processes, and managing and processing data.

Europe is seeing its share of emerging RegTech vendors including Vizor in Ireland and FundApps in London. In October, U.K. RegTech firm ComplyAdvantage closed a funding round in which it raised $8.2 million.

Regulation Trends

The trend towards increasing the volume and complexity of regulations is intensifying in Europe and elsewhere. For example, the EU’s wide ranging and severe General Data Protection Regulation (GDPR), adopted this year, will take effect in 2018. If your organization is attempting to deal with this manually, and with on premises systems, it will place a big financial, technological and operational burden on its shoulders, and risk failure.

All major cloud computing platform providers -- Google, Amazon and Microsoft -- have boosted their efforts in Europe in the past year, expanding their data center footprints in the continent and tailoring their offerings for the region and for key individual markets and industries. With cloud computing and related technologies like machine learning and RegTech software, organizations can shrink this gargantuan effort to at least a manageable scope.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-35210
PUBLISHED: 2021-06-23
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
CVE-2021-27649
PUBLISHED: 2021-06-23
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2021-29084
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29085
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29086
PUBLISHED: 2021-06-23
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.