Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
August 1-6, 2020
Las Vegas, NV, USA
Black Hat Asia
September 29 - October 2, 2020
Singapore
Black Hat Europe
December 7-10, 2020
Virtual Event
10/25/2016
02:00 PM
Darron Gibbard CISM, CISSP, Chief Technical Security Officer , EMEA, Qualys
Darron Gibbard CISM, CISSP, Chief Technical Security Officer , EMEA, Qualys
Event Updates
50%
50%

Black Hat Europe 2016:
Introducing ‘RegTech:’ Cloud-based Tools For Regulatory Compliance

As regulatory requirements grow in volume and complexity in Europe and globally, cloud computing is emerging as a key tool to help companies manage compliance processes.

For many years, the security of the cloud was viewed with distrust and apprehension. Today acceptance of cloud computing among enterprises has been growing steadily; as executives have grown more comfortable with its risks they have also learned to value its considerable benefits.

Probably the best known benefit of cloud computing has historically been cost savings. Now we have one more: organizations are turning to the cloud to help them with the ever-growing demands of regulatory compliance.

How Cloud Can Automate Compliance

Regulations increasingly demand that organizations collect, store and analyze enormous amounts of data related to their business.  In 2015 alone, more than 20,000 new regulatory requirements were created, while there will be an expected 300+ million pages of regulations by 2020, according to IBM.

And let’s not forget the less frequent but seismic shifts like Brexit, which, when they happen, send tremors throughout the regulatory landscape, increasing uncertainty, complexity, and confusion. Keeping up with regulatory compliance requires an ever bigger chunk of enterprises’ operational budgets, as well as significant staff resources.

From an IT perspective, this means continuous upgrades of software, hardware computing power and storage capacity. Naturally, organizations who have opted to host their regulatory compliance systems in house are struggling with the rising IT complexity and cost. As a result, many are turning towards SaaS, IaaS and PaaS providers that can offer computing environments with these levels of scalability, flexibility, sophistication and availability. This is especially true of companies in highly-regulated industries like finance and healthcare, whose compliance burdens are particularly heavy.

What are these companies finding in cloud computing providers catering to regulatory compliance automation that they can’t replicate in house?

  • Robust big data analysis engines
  • State-of-the-art security for stored and in-transit data
  • Massive storage capacity
  • Specialized and continually updated compliance software that uses the latest machine learning and artificial intelligence algorithmic advances. 

Say Hello to ‘RegTech’

Cloud computing is the anchor for a set of technologies and products collectively known as ‘RegTech' because they’re used to automate regulatory compliance processes.  According to a recent Deloitte report, a “defining feature” of RegTech is that most products are cloud-based, with benefits including:

  • Remote storage
  • Management and backup of data
  • Pay per usage
  • Strong end-to-end encryption
  • Flexibility to add or remove software features

RegTech products are designed to automate regulatory compliance processes, and in recent months, they’ve started going from niche to mainstream. In late September, IBM acquired Promontory Financial Group, a regulatory compliance consulting firm, to transfer its expertise to the Watson cognitive system and give it RegTech capabilities. Financial technology newswire Finextra called this deal “the biggest example yet of the coming age of RegTech, in which technology is applied to the unravelling of regulatory red tape.” 

Meanwhile, American Banker declared that “RegTech is Real” in a September article, and wrote: “IBM's deal to buy Promontory Financial Group portends a dramatic change in the roles computers and humans play in regulatory compliance.” According to the Institute of International Finance (IIF), compliance process areas RegTech can significantly impact include risk data aggregation, modeling and real-time transactions monitoring, and it can free up capital that banks could use in other parts of their operations. 

Long term, RegTech “will empower compliance functions to make informed risk choices based on data provided insight about the compliance risks it faces and how it mitigates and manages those risks,” Sean Smith, a Deloitte partner, is quoted as saying in the report, titled “RegTech Is The New FinTech.” Meanwhile, a Business Insider report published in August states that RegTech products will help in many areas of compliance beyond automating legacy processes, such as interpreting legislation, designing new compliance processes, and managing and processing data.

Europe is seeing its share of emerging RegTech vendors including Vizor in Ireland and FundApps in London. In October, U.K. RegTech firm ComplyAdvantage closed a funding round in which it raised $8.2 million.

Regulation Trends

The trend towards increasing the volume and complexity of regulations is intensifying in Europe and elsewhere. For example, the EU’s wide ranging and severe General Data Protection Regulation (GDPR), adopted this year, will take effect in 2018. If your organization is attempting to deal with this manually, and with on premises systems, it will place a big financial, technological and operational burden on its shoulders, and risk failure.

All major cloud computing platform providers -- Google, Amazon and Microsoft -- have boosted their efforts in Europe in the past year, expanding their data center footprints in the continent and tailoring their offerings for the region and for key individual markets and industries. With cloud computing and related technologies like machine learning and RegTech software, organizations can shrink this gargantuan effort to at least a manageable scope.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We need more votes, check the obituaries.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21275
PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
CVE-2021-21272
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting