Access governance and the cloud: Security and organisational insight are the bottom line

How does access governance apply to the cloud? Well, while the cloud has been established as a standard for many firms, access and governance to  manage such solutions has not yet become a standard solution. Access governance helps firms of all sizes, especially in financial services, ensuring that each employee has the correct access to the folders or systems that they need to perform their jobs while keeping the company’s data and network secure. Access governance specifically allows business leaders to easily manage accounts and access, and is put in place to ensure that access is correct. This works by setting up a model of precisely the access rights for each role in the firm, for every employee no matter where they may be based.

To provide a bit more detail on the meaning of this, access rights are created for specific roles in each relevant department. Access rights should be unique to the individual, not copied and pasted from another employee with a similar role or job function (this happens a lot in smaller firms where employees perform many and multiple roles with in that firm but should be avoided).

Checks and balances in access rights

Access governance means you can correct or populate access rights according to a model that you have established for your departments or teams. Again, individual access rights are important and an access matrix may prove to be a valuable tool to use when determining who needs access to which folder or systems when for which role. Verification is form of checking access and helps verify all information. A message is forwarded to manager for verification to ensure all users and their rights are accounted for and that that employee can access the   folder or system. The manager verifies access and either marks rights for deletion, immediate change or maintains current access. After examining all of the rights, the manager must give final approval for the proposed set of changes to ensure that everything is correct.

During the course of an employee’s employment, it is an extremely common occurrence for the employee to receive too many rights, or to acquire access rights while working on projects. But these rights are often never revoked once they have been assigned. Access is frequently overlooked or not considered important enough to take away. What if one of your employees have access to a folder with sensitive information about other employees or company information? The access governance concept allows you to provide and monitor access across the entire firm, from those using in-house solutions and those using cloud resources to access information. Firm access can be easily monitored through the use of access governance technology. Here’s why this is important: For those that employ access governance technology to monitor the goings on in their organisation, that process can look like this: Rules are created to review access rights of employees in each respective manager’s department. A review is conducted of who has what and why. Same goes for employees who are added to roles or newly hired to the organisation. Then, if access is no longer required following the access, the completion of a project or a change in roles, the manager or director can tag the access granted to be revoked and ensure that it is done automatically right away. This eliminates the need for a multi-level manual processes simply by the click of a button. All access for the employee to a specific folder, system, or all systems, can be revoked. That’s the added value of a security measure.

Why the cloud needs access governance

As the working environment isn’t defined by the office anymore, the number of users operating cloud applications has risen. Access governance strategies should be employed to secure these applications for the employees not working in the physical office. Employees may be based abroad, working from home, traveling or just working offsite, all of which can affect access governance and technology use and access across each of these situations. Organisational leaders who invest in the cloud and building their companies through it

may wish to add access governance technology to improve the security of their information while allowing their employees the opportunity to remain productive wherever they may be. Plus, and this is the bottom line of any security professional, you’ll be able to see who is doing what, when and where with your information, no matter where they happen to be.

For further advice and assistance about access governance and cloud management, contact  Storm IT Financial and find out more information on Hedge Fund, Asset Management, Private Equity & Alternative Investment cyber security & firewall solutions, security  education seminars, disaster recovery, back up, regulatory &  Compliant Solutions

Storm IT Financial FinTech News & Trends picks: Week 5th Mar – 9th Mar 2018

Bank of England’s Carney calls for more regulation around the‘speculative mania’ of cryptocurrencies

Governor Mark Carney says “The time has come to hold the crypto-asset ecosystem to the same standards as the rest of the financial system,”:

https://www.cnbc.com/2018/03/02/bank-of-england-mark-carney-cryptocurrency-regulation.html

FCA calls for feedback on RegTech reporting PoC

The UK’s Financial Conduct Authority has launched a call for input on the use of technology to achieve smarter regulatory reporting:

https://www.finextra.com/newsarticle/31703/fca-calls-for-feedback-on-regtech-reporting-poc/retail

Virtual currencies are commodities, U.S. judge rules

Virtual currencies like bitcoin can be regulated as commodities by the U.S. Commodity Futures Trading Commission, a federal judge rules:

https://uk.reuters.com/article/us-usa-cftc-bitcoin/virtual-currencies-are-commodities-u-s-judge-rules-idUKKCN1GI32C

MiFID implementers run head first into GDPR

Collect everything and store it for ever, or only collect some data and destroy it as soon as possible? That’s the MiFID II and GDPR question:

https://www.euromoney.com/article/b174htd7gc3tdq/mifid-imp lementers-run-head -first-into-gdpr  

MiFID II data to help FCA prosecute insider trading

New MiFID II regulations will help the FCA clamp down on insider dealing and market abuse, MPs were told :

https://www.moneymarketing.co.uk/mifid-ii-data-help-fca-prosecute-insider-trading/

AI Overtakes Blockchain as Top Capital Markets Tech

The capital markets industry is focused on Artificial Intelligence, both from a tech investment perspective and as a disruptor to the business:

http://bit.ly/2FrBtNL

All the Ways Regulators Plan to Tame Bitcoin

It took one of the wildest investment manias in history to jolt them into action, but governments are finally starting to regulate cryptocurrencies:

https://www.bloomberg.com/news/articles/2018-02-27/bitcoin-s-wildest-days-are-over-as-regulators-circle-quicktake

MIFID II: The story since January

The introduction of MiFID II on Jan 3rd was a watershed moment but has anything changed far for the buy-side?:

https://www.thetradenews.com/mifid-ii-story-far/

France says bitcoin and other cryptocurrency derivatives come under Mifid II regulation

France crack down on cryptocurrencies after deciding cryptocurrency derivatives “fall under EU regulation”:

http://bit.ly/2oWkgpJ

Citi wants fintech startups to disrupt institutional banking

Citi reckons fintech’s are missing out on disrupting institutional banking so invites entrepreneurs to do so:

http://tcrn.ch/2oScoFu

Here’s Why Data Is Not The New Oil

It’s a claim you’ve probably heard multiple times – “Data is the new oil!”. Lets Explore….:

http://bit.ly/2GdfE60

AWS: Your data is waiting for the internet to download it’ warning lights are now free

AWS suffered after a rash of data leaks caused by customers who had improperly configured their storage:

http://bit.ly/2FrzgSB