Financial Firms Turn To VARs For Compliance Help
When it comes to financial institutions, the past decade has brought stepped-up scrutiny by auditors, a growing need to safeguard against security breaches and a mandate to protect customer information. Coupled with the ever-increasing deluge of compliance acronymns—the Gramm-Leach-Bliley Act, Sarbanes-Oxley Act and Fair and Accurate Credit Transactions Act—companies large and small are scrambling to keep up to speed.
"I think [compliance requirements] are probably heavier than ever," said Aaron Shilts, vice president of professional services at FishNet Security, a Kansas City, Mo.-based security solution provider. "[But] I think our customers are understanding the compliance requirements a little better."
Many customers are beginning to understand that these mandates are must-haves and are looking to solution providers to stay on top of these constantly evolving rules, according to Shilts. "Compliance is driving this because it's required and the customer has no other options," he said.
One product that enables VARs to implement solutions as well as act as much-needed advisers is RSA Security's enVision. EnVision provides everything for compliance operations, from access control to user monitoring and log management, according to Chris Clinton, director of worldwide channels at RSA, the security division of EMC.
"There is an enormous amount of professional services that are going to enable our VARs to truly be the trusted partner within those end-user accounts, [which will] ensure very high customer satisfaction," Clinton said.
What RSA and partners cite as unique about enVision is its scalability and the fact that it can collect all of a network's data because it combines two markets: security event management and security information management, said John Worrall, vice president of information and event management at RSA, Bedford, Mass.
"Half of [the pre-existing solutions on the market] came at it from event management, and half came at it from information management," Worrall said. "What's happening is [these two approaches] have merged because there is so much commonality in the systems.
"EnVision was really built on the foundation of compliance that you need to have all the data, you need to be able to keep that data, maintain that data, and manage that information over the life cycle of its natural life. That pretty much means from the time you collect the event information to the time you delete it out of your system, this solution lets you manage the information along the way," Worrall said.
"The secret sauce of enVision is its analytic engine," FishNet Security's Shilts said. "We can bring information in all day long, but [enVision] makes an intelligent decision about [that information]."
Deployed in the world's top five banks all the way down to regional players, enVision's architecture makes its deployment fast enough for the big guys, but inexpensive enough for the smaller ones, according to Worrall.
"Large rollouts can be done faster, and because we have so many preconfigured compliance reports for various regulations, the time from the customer deploying, collecting all this information and getting reports out of it is very, very fast," he said.
The pricing structure, which is based on the number of events per second collected and the number of devices the events are collected from, guarantees its affordability for all markets.
And although enVision does not meet all regulatory objectives, it does give system administrators better visibility into the network, which gives solution providers the opportunity to take more of the adviser role, Shilts said. "[Clients are] getting hit from a lot of directions with a lot of features and functionalities, so we advise and clear the water."
Worrell summed up enVision's advantages this way: "It's less complex, much more simple, easier to deploy, much faster, and customers really appreciate that benefit."