Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
July 31 - August 5, 2021
Las Vegas, NV, USA
SecTor
November 4 - October 30, 2021
Toronto, ON, Canada
Black Hat Europe
November 8-11, 2021
Virtual Event
10/25/2016
02:00 PM
Darron Gibbard CISM, CISSP, Chief Technical Security Officer , EMEA, Qualys
Darron Gibbard CISM, CISSP, Chief Technical Security Officer , EMEA, Qualys
Event Updates
50%
50%

Black Hat Europe 2016:
Introducing ‘RegTech:’ Cloud-based Tools For Regulatory Compliance

As regulatory requirements grow in volume and complexity in Europe and globally, cloud computing is emerging as a key tool to help companies manage compliance processes.

For many years, the security of the cloud was viewed with distrust and apprehension. Today acceptance of cloud computing among enterprises has been growing steadily; as executives have grown more comfortable with its risks they have also learned to value its considerable benefits.

Probably the best known benefit of cloud computing has historically been cost savings. Now we have one more: organizations are turning to the cloud to help them with the ever-growing demands of regulatory compliance.

How Cloud Can Automate Compliance

Regulations increasingly demand that organizations collect, store and analyze enormous amounts of data related to their business.  In 2015 alone, more than 20,000 new regulatory requirements were created, while there will be an expected 300+ million pages of regulations by 2020, according to IBM.

And let’s not forget the less frequent but seismic shifts like Brexit, which, when they happen, send tremors throughout the regulatory landscape, increasing uncertainty, complexity, and confusion. Keeping up with regulatory compliance requires an ever bigger chunk of enterprises’ operational budgets, as well as significant staff resources.

From an IT perspective, this means continuous upgrades of software, hardware computing power and storage capacity. Naturally, organizations who have opted to host their regulatory compliance systems in house are struggling with the rising IT complexity and cost. As a result, many are turning towards SaaS, IaaS and PaaS providers that can offer computing environments with these levels of scalability, flexibility, sophistication and availability. This is especially true of companies in highly-regulated industries like finance and healthcare, whose compliance burdens are particularly heavy.

What are these companies finding in cloud computing providers catering to regulatory compliance automation that they can’t replicate in house?

  • Robust big data analysis engines
  • State-of-the-art security for stored and in-transit data
  • Massive storage capacity
  • Specialized and continually updated compliance software that uses the latest machine learning and artificial intelligence algorithmic advances. 

Say Hello to ‘RegTech’

Cloud computing is the anchor for a set of technologies and products collectively known as ‘RegTech' because they’re used to automate regulatory compliance processes.  According to a recent Deloitte report, a “defining feature” of RegTech is that most products are cloud-based, with benefits including:

  • Remote storage
  • Management and backup of data
  • Pay per usage
  • Strong end-to-end encryption
  • Flexibility to add or remove software features

RegTech products are designed to automate regulatory compliance processes, and in recent months, they’ve started going from niche to mainstream. In late September, IBM acquired Promontory Financial Group, a regulatory compliance consulting firm, to transfer its expertise to the Watson cognitive system and give it RegTech capabilities. Financial technology newswire Finextra called this deal “the biggest example yet of the coming age of RegTech, in which technology is applied to the unravelling of regulatory red tape.” 

Meanwhile, American Banker declared that “RegTech is Real” in a September article, and wrote: “IBM's deal to buy Promontory Financial Group portends a dramatic change in the roles computers and humans play in regulatory compliance.” According to the Institute of International Finance (IIF), compliance process areas RegTech can significantly impact include risk data aggregation, modeling and real-time transactions monitoring, and it can free up capital that banks could use in other parts of their operations. 

Long term, RegTech “will empower compliance functions to make informed risk choices based on data provided insight about the compliance risks it faces and how it mitigates and manages those risks,” Sean Smith, a Deloitte partner, is quoted as saying in the report, titled “RegTech Is The New FinTech.” Meanwhile, a Business Insider report published in August states that RegTech products will help in many areas of compliance beyond automating legacy processes, such as interpreting legislation, designing new compliance processes, and managing and processing data.

Europe is seeing its share of emerging RegTech vendors including Vizor in Ireland and FundApps in London. In October, U.K. RegTech firm ComplyAdvantage closed a funding round in which it raised $8.2 million.

Regulation Trends

The trend towards increasing the volume and complexity of regulations is intensifying in Europe and elsewhere. For example, the EU’s wide ranging and severe General Data Protection Regulation (GDPR), adopted this year, will take effect in 2018. If your organization is attempting to deal with this manually, and with on premises systems, it will place a big financial, technological and operational burden on its shoulders, and risk failure.

All major cloud computing platform providers -- Google, Amazon and Microsoft -- have boosted their efforts in Europe in the past year, expanding their data center footprints in the continent and tailoring their offerings for the region and for key individual markets and industries. With cloud computing and related technologies like machine learning and RegTech software, organizations can shrink this gargantuan effort to at least a manageable scope.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42740
PUBLISHED: 2021-10-21
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attack...
CVE-2021-35512
PUBLISHED: 2021-10-21
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.
CVE-2021-41790
PUBLISHED: 2021-10-21
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment.
CVE-2021-41791
PUBLISHED: 2021-10-21
An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker (given that he has privileges on t...
CVE-2021-41792
PUBLISHED: 2021-10-21
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to th...