A short piece in the Wall Street Journal the other day focused on the challenges that firms face with the introduction of new technology, and how these new gadgets can complicate an organization’s controls. The article highlights the difficulties faced by investment firms as there are specific regulations to capture all traffic relating to financial transactions. In the context of this mandate, the article raises the issue when employees purchase iPhones and other smartphones, and the resulting difficulty in meeting regulatory mandates.
This issue is not reserved only for financial firms, but is applicable to any firm. New technologies – such as smart phones, Instant Messenger, Peer to Peer, Torrents, and VOIP are all initially resisted by firms until an ROI and business case justifies the added management expense. Beyond the adoption of these technologies organizations that adhere to standards, such as PCI DSS, must be aware of the implications regarding these tools:
- Sensitive Data may be transferred to these devices increasing the scope of an audit
- Transmission, Storage, or processing of sensitive data through these newer technologies requires a re-evaluation of the risks, controls, and procedures
- Deployment and enhanced control environments are required as the technology expands the platform, geography, and dimension of the data itself
- Management direction must be re-evaluated to ensure that extended operations resulting from newer technologies are aligned and consistent with the strategic efforts of the organization
- Updates to policies and procedures are necessary
- Modifications to disaster recovery and backup systems must include these newly introduced technologies that emerge as part of the business processes.
Avoidance of technology leaps and enhancements can damage a firms competitiveness, but blind adoption can result in far greater financial and legal penalties.
Update: Book Release is now March 19th 2008!! Pre-Order Today