Compliance Calls for Active Application Management

Posted by Steve Berry

Aug 1, 2019 12:47:54 PM

You’ve heard that the only thing that never changes is change itself. Another constant is the need to be compliant. That’s why application management must be active.

Continuously maintaining a financial ecosystem so it stays compliant can be even more challenging than making it compliant in the first place. One reason: when you focus on something — like compliance on the day you started using your current financial suite — it will most likely happen. A second reason is about managing change. Your state of compliance, whether on the day of application go-live or just after a compliance audit, is only a static snapshot in time. So, what happens when change enters the picture? The need to manage compliance is constant because change is also a constant. That means someone must continually refresh that compliance snapshot — especially on those days when there is a real need to focus on something else besides compliance — in other words, on most days.

Which is why compliance is only possible within active application management. Otherwise, the compliance metrics and measures currently in place will inevitably fail to keep pace with change. At any given moment events can happen that may impact compliance. User roles and privileges can change (and conflict). Software patch levels can change. Errors will appear in log files. Backups may partially or completely fail, and so on. And that is just at the application level. Compliance obviously also concerns the operating system and infrastructure (e.g., cloud services). For example, what about remote user or application access? Or changes to file share privileges and security settings? Have changes to virtual servers or server specs occurred? Unless such events are actively monitored for and managed there is no way to trust that your financial ecosystem will remain compliant, and no way to know when it is not.

What Is Active Application Management?

Like its name suggests, active application management is the continuous proactive delivery of a financial IT ecosystem aligned with business objectives and industry best practices. An example is Strafford Managed Application Hosting (MAH) Service that combines Hyperion functionality and specific managed services with a private cloud hosting environment on Amazon. Services include:

  • Application upgrades and patches
  • Network monitoring
  • Helpdesk and support
  • Secure, reliable connectivity
  • Disaster recovery
  • Active Directory integration
  • Data restoration
  • Data integration
  • Financial ecosystem health checks

Among the reasons clients subscribe to Strafford’s MAH Service are: to reduce total cost of ownership, ensure security and compliance, achieve high reliability, and apply upgrades and patches automatically. Clients can therefore focus on their core business without the distraction and risks of operating and maintaining a complex financial ecosystem on their own.

How Active Application Management Maintains Compliance

With respect to compliance, active application management includes six key features. It is continuous, dedicated, near real-time, comprehensive, expert, and collaborative.

Continuous. This is what active in active application management means. As already discussed, compliance is an ongoing challenge, which means that metrics and measures designed to assure compliance must continually be updated in sync with what is happening in the ecosystem.

Dedicated. Also as discussed, the issue of focus needs to be addressed. In order that compliance actions are taken as needed, there must be dedicated focus so that something bad doesn’t happen while someone’s attention is turned elsewhere.

Near real-time. The point of being continuous and dedicated is that active application management can also be near real-time. Otherwise, compliance situational awareness and remediation efforts will lag events that may take the ecosystem out of compliance.

Comprehensive. The number of events that can cause a financial ecosystem to become non-compliant is virtually unlimited — and it only takes one. Therefore, active management must be full scope as well as full time. That includes coverage of the complete IT stack — application, operating system, and infrastructure — since events at all three levels can impact overall financial ecosystem compliance.

Expert. It goes without saying that specialized IT expertise would be essential to active management of a financial IT ecosystem. But other areas of expertise are also required — some residing in the specialized tools used to monitor, automate, and remediate compliance; some residing in the humans responsible. Those areas include legal and regulatory expertise, financial accounting expertise, and business strategy expertise. That is because not only must compliance be achieved, but also compliance aligned with business objectives.

Collaborative. Finally, active application management — like any successful management — requires collaboration, especially between business stakeholders and IT support. Greater collaboration itself is also a compliance goal since clear roles and accountability are fundamental to both collaboration and compliance.

As we said, compliance is not a one-and-done affair. Neither is active application management — whose benefits go well beyond compliance to the very reason you have a financial ecosystem in the first place: higher profitability at lower risk.

Topics: Technology Insights, Risk and Compliance, Finance Best Practices, Finance Operations, Managed Application Services (MAH)