Reduce Cyber Risk with Align's New and Improved Data Discovery & Vulnerability Scanning Platform, Risk CSR-DM, Powered by Cavelo
Align partners with Cavelo to launch its “Risk CSR-DM” solution, designed to specifically help its clients meet the current regulatory requirements surrounding both: (i) data classification and discovery; and (ii) identifying and remediating vulnerabilities.
For investment managers, the regulatory landscape regarding cybersecurity risk management is changing continuously – especially now, in the distributed workforce era. In fact, according to Malwarebytes, remote workers have caused security breaches in 20% of organizations since the onset of the pandemic. Shifting from the office to the virtual network has also shifted workloads and workflows to a digital, automated format, which in turn puts more burden on the underlying IT environment. This raises new cybersecurity concerns, particularly those relating to identifying, classifying, mapping, tracking and ultimately, protecting the critical data sets employed by investment management firms.
Historically, the prevailing security principles presumed a focus only on protecting what resided within the proverbial castle walls. In fact, it was the ‘traditional’ perimeter that relied on firewalls, A/V solutions and SIEM (Security Information and Event Monitoring) for primary defense. That perimeter has largely disappeared and today, modern security frameworks focus more on real-time threat detection and identity protection across applications, users, machines and endpoints. No perimeter is the new perimeter; digital identities and the sensitive data associated with them are the assets. Put another way, the security must follow the identities and data flows, not the (centralized) network.
Industry wide, investment advisory firms must manage and secure countless identities and endpoints, all with sensitive data attached to them. The exercise of tracking and managing all these data in accordance with the current regulatory requirements is in of itself, a challenging task. However, if a firm cannot demonstrate what data lives on its network, where it resides and how it’s used, then the challenging becomes the impossible.
For years, global, regional and industry regulators have promulgated rules designed to coexist alongside the prevailing cybersecurity compliance frameworks and numerous, discordant industry standards and best practices, all in an effort to protect network data and hold firms accountable for their role as data custodians. Ever-increasing threat vectors and more cunning vulnerabilities, like the recently revealed Log4j vulnerability, are pushing regulatory reporting to new high-water marks, as most recently demonstrated by the new proposed SEC rules. Today, non-compliance and failed audits can cost managers irreparable harm, both to their AUM and their reputations.
Investment managers must meet specific cybersecurity standards, set by the Securities and Exchange Commission (the “Commission”), FINRA and other federal and state agencies and/or self-regulatory organizations. More specifically, the Commission has set forth seven (7) categorical control groups, or “domains” (the “Cyber 7") and investment managers must consider each of these seven domains in designing a model cybersecurity program. Align and Cavelo have collaborated tirelessly to ensure the Risk CSR-DM solution can assist managers in new and dynamic ways, across each of the seven domains, as follows:
Cyber Seven Domains Required by the SEC
- Governance
- Risk CSR-DM assists investment managers in understanding their general data security risk profile generally and in developing a data classification methodology.
- Data Loss Prevention
- Risk CSR-DM informs and facilitates the protection of critical and sensitive data sets against new and emerging vulnerabilities.
- Access Rights and Controls
- Risk CSR-DM directly assists the process of managing access rights by providing transparency to all critical data sets and how they are accessed.
- Mobile Security
- Risk CSR-DM enables data mapping and vulnerability scanning of all endpoints on the network, anytime, anywhere.
- Incident Response and Resiliency
- Prioritize incident response processes, to focus remediation around the most critical data pool
- Vendor Management
- Risk CSR-DM provides visibility to an investment manager’s entire data universe, enabling data mapping exercises relative to data pools that reside both natively and within the extended networks of such manager’s third party service providers.
- Training and Awareness
- Risk CSR-DM demonstrates and executes the application of data mapping and vulnerability management, two fundamental tenants of cybersecurity awareness training.
- Risk CSR-DM demonstrates and executes the application of data mapping and vulnerability management, two fundamental tenants of cybersecurity awareness training.
At Align, we understand that investment management firms are all unique with different investment strategies, operational workflows and other attributes and idiosyncrasies and thus, cybersecurity risk management does not lend itself to a one-size-fits-all solution, a black-box technology or even a single hire, which is why our multidisciplinary team of unique subject matter experts work closely with each of our clients to build a bespoke and appropriately scaled program. And through our partnership with the SaaS-based data compliance risk management solution Cavelo, we make the daunting tasks of managing vulnerabilities and data governance easier. The Cavelo platform uses machine learning to process your company’s data and grow in tandem with your business. Combine this powerful platform with Align’s team of knowledgeable professionals and you can rest assured that your data will be secure and your cybersecurity plans compliant with even the most rigorous regulatory standards and practices.
To learn more about Align's Managed IT and Cyber services, visit here.