Why it’s time for your broker-dealer firm to update its data management infrastructure

By Horizon’s Chief Information Officer Peter Hall & Vanessa Malone

Current data management landscape

With the world’s sudden and forced transition to remote offices due to the COVID-19 pandemic, it has never been more timely to re-approach how your firm is managing and protecting its data infrastructure.

While many modern workplaces have undergone significant changes to create flexible data infrastructures and innovative work environments, those in heavily regulated environments, such as those which govern financial institutions like broker-dealer firms, have been slow to adopt this new approach.

Instead, in an attempt to meet demanding security vigilance, regulatory obligations, insider risk concerns, and protect against public data breaches; many broker-dealer firms continue to rely on old technology stacks and supervisory procedures. This could in turn expose them to more sophisticated cybersecurity threats and regulatory enforcement risks.

How?

  • Knowledge of a threat comes only from the local implementation of an information system. According to IBM’s 2019 Data Breach Report, the average time to identify a breach in 2019 was 206 days.²
  • The current techniques and tools in use were built to address information security vulnerabilities known at the time of design and implementation. Attack vectors evolve over time as do the tools and techniques to combat them.
  • Financial institutions are subject to compliance regulations and guidelines from the Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA), the Federal Financial Institutions Examination Council (FFIEC) and the Commodity Future Trading Commission (CFTC). In addition, they are also subject to laws such as Dodd-Frank and the Sarbanes-Oxley Act of 2002.

In today’s climate, broker-dealer firms can not afford — literally or figuratively — a weak data management infrastructure.

A few sobering statistics

  • 43% of breach victims were small businesses (Verizon 2019 Data Breach Report).³
  • 60% of small businesses that suffer a cyber attack go out of business within half a year (U.S. National Cyber Security Alliance).⁴

Regulatory demands

In FINRA’s 2019 Report on Examination Findings and Observations, they identified digital communications and cybersecurity as key areas where firms encounter challenges complying with supervision and record-keeping requirements.⁵

Specifically, these include areas of governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness.

The above is merely a brief overview of the types of rules and regulations broker-dealer firms and other financial institutions must take into consideration when building out their data management platform.

A paradigm shift surrounding data protection

The old model was to place all of an institution’s data, identities and infrastructure into an environment that was protected at the perimeter by investing into firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS).

As the network perimeter expanded and information became more distributed, the nature of attacks changed. Increasingly, malware-less attacks have become normal. These take the form of phishing, password-spraying, social engineering and the grabbing of credentials.

The consensus was that information within the modern enterprise perimeter could no longer be secured at a network level but instead must be secured at the resource level. This ensures that the information is protected no matter where the data is or how it is being used or accessed. For example, a document opened at a physical office could be opened securely on an employee’s phone or laptop from home.

Again, this is incredibly significant in today’s climate of remote working which has been expedited by the pandemic and will leave an everlasting impact on how companies operate moving forward.

How to address your data management infrastructure

We know this first-hand, as Horizon’s securities and trading software suite was built with a compliance-focused approach. In developing our trading platform technology, Open Order Book, we realized we would have to address the information management problem head-on.

We took careful consideration for the configuration and deployment of collaboration tools and security controls, including:

  • Risk assessment of common organizational collaboration and business process scenarios
  • Information protection and data governance requirements
  • Cybersecurity and insider threats
  • Regulatory compliance requirements

In doing this we realized the value our team of Wall Street and software pioneers with 25+ years of experience could add to other firms facing the same dilemma.

What we produced was Hosting Compliance, a risk-based data management and protection platform consisting of processes, procedures and cloud hosted products built to protect your firm’s sensitive data wherever it may go​.

Our cloud-first infrastructure was constructed to meet and exceed the requirements of SEC and FINRA rules on information security. Further, our governance structure is based upon the National Institute of Standards and Technology (NIST)​ framework.

In conclusion

Either way, the protection of data, identities, devices and applications is not only critical to a businesses functionality, it’s required and heavily regulated to ensure your data management infrastructure is up to par.

We’ve seen how our data management infrastructure has thrived in these trying times, and are proud to say that our team has transitioned to remote working with no cost in productivity or reduced data protections. We would love to share what we’ve learned with your broker-dealer or financial institution.

To learn more, please visit https://hostingcompliance.com/. To request a demo or if you have any questions, please email us at horizon@hostingcompliance.com.

Sources:

¹FINRA

² IBM 2019 Data Breach Report

³ Verizon 2019 Data Breach Report

National Cyber Security Alliance

2019 Report on FINRA Examination Findings and Observations

Horizon licenses and operates global securities exchanges.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store