Insights Success introduces “The 10 Most Trusted Risk Management Solution Providers, 2019” which is a constantly-changing global risk-management landscape.

1. Vol 10|Issue 05| 2019
EDGILEModern Approach towards Protecting
Enterprises
The 10 Most Trusted Risk Management Solution Providers 2019
Don Elledge
CEO
+

4. Building a Culture
of Risk Management
Solution Provider
Risk is intrinsic to every business and managing
risk is an increasingly important business driver.
Risk concerns in the world of business have
always been the most important aspect. Be it Information
Technology or Healthcare Industry, enterprises today are
on the crisp of the risk crisis.
Today, companies have to deal with multiple forms of
digital change simultaneously, mostly increasing cloud
adoption, but also increasingly mobile, IoT, robotic
process automation, and advanced AI efforts. With each
passing day, attacks on the unsecured digital world are
on the rise, driving up risks in every industry sector
around the globe.
Partners, employees, and customers increasingly
communicate with the digital medium which creates
more risk and jeopardizes compliance. Gartner predicts
that, by 2020, there will be more than 20 billion internet-
connected devices in use, with Internet of Things (IoT)
connecting everything from jet engines and commercial
vehicles to manufacturing equipment & office equipment
to personal cars and consumer electronics.
Educating enterprises about risks and security is one of
the biggest challenges. Most companies see the
productivity gains that can come from technology and
jump – but they don't always understand the risks. Or,
even if they do, they don't understand the urgency.
Protecting private and corporate customers from such
risks is a major challenge for all companies.
What are the best chances to reduce risk? This is where
Risk Management Solution Experts provide a full range
of fraud prevention services to help you effectively
manage ongoing threats. They are here to help. And, that
is why enterprises today critically need trusted Risk and
compliance partners to manage the digital risk.
Editor’s Desk
“Ensuring Enterprises know
their Risks, & easily Detect
and Locate with Risk-
Management Providers”.

5. What’s unique about Risk Management Solution
Providers? They advise customers on business and
technology challenges in risk management & fraud
prevention. These industries provide real-time
visibility and identify all devices on the network in
real-time. Such organizations identify, analyze, and
evaluate risks that may impact your business.
From global consumer retailers to regional
manufacturing companies, the need to strengthen
compliance management programs, and develop
strong risk culture is paramount. That is the reason
Insights Success introduces “The 10 Most Trusted
Risk Management Solution Providers, 2019”
which is a constantly-changing global risk-
management landscape.
Featuring the Cover Story is is a leader inEdgile
building IRM/GRC programs for highly-regulated
companies, both large and small. A big advantage of
the company's approach is that it allows tailoring
environments to the enterprise's needs while
avoiding true customization that can create
problems down the road. For almost two decades,
Edgile has helped Fortune 500 companies deal with
risk and compliance issues, by tackling the
intersection of the four areas where enterprise GRC
efforts generally fail.
Also, makes sure to scroll through the articles
written by our in-house editorial team and CXO
standpoints of some of the leading industry experts
to have a brief knowledge of the sector.
Kaustav Roy

6. Editor’s Pick
Data Center Security:
Controlling Possible
Threats
Industry Trends
Key POS Trends
Reshaping the Reatil
ARTICLES
38
20
Cover Story
Edgile
Modern Approach
towards Protecting
Enterprises
08

7. CFM Partners
Strategic Technology for Modern
Compliance Professionals
Corlytics
Empowering Clients to
Make Informed Choices
18 28
Closing the IoT Security Gap
Matrix-IFS
The Modern Day Crime Fighters.
Protecting Financial Institutions from
Hackers, Fraudsters & Money Launderers.
34 40Great Bay Software
Expert’s Thoughts
What GDPR Forgets
The Physical Security
Industry Intel
Allowing Regulated
Entitiesto Connect and
Structure their Data
Interpreting Risks
Minimizing the
Adverse Effects of
Risks
4232
24

9. sales@insightssuccess.com
October, 2019
Editor-in-Chief
Senior Sales Manager Business Development Manager
Marketing Manager
Technical Head
Technical Specialist Digital Marketing Manager
Research Analyst
Database Management Technology Consultant
Pooja M. Bansal
Managing Editor
Anish Miller
Executive Editor
Rohit Chaturvedi
Assistant Editors
Jenny Fernandes
Hitesh Dhamani
Visualizer
David King
Art & Design Director
Amol Kamble
Associate Designer
Kushagra Gupta
Kshitij S Philip Walker
John Matthew
Sales Executives
David, Kevin, Andy, Maneesh
Business Development Executives
Steve, Joe, Alan, AnupJacob Smile
Aditya Marry D'Souza
SME-SMO Executive
Prashant Chevale Frank Adams
Circulation Manager
Robert Brown Stella Andrew David Stokes
Karan Gaikwad
Co-designer
Copyright © 2019 Insights Success, All rights reserved. The content and images used in this magazine should not be reproduced or transmitted in any
form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission from Insights Success.
Reprint rights remain solely with Insights Success.
Follow us on : www.facebook.com/insightssuccess/ www.twitter.com/insightssuccess
We are also available on :

10. Don Elledge
CEO

11. EdgileModern Approach towards Protecting Enterprises
COVER STORY
Building a culture of
quality and devotion to
service within a
challenging, rewarding
and exciting work
environment.
“
The
Trusted

13. Fortune 500 enterprises today are engulfed in a tidal wave of digital
changes, which in turn creates hurdles for IT, legal, privacy,
compliance, information security, and the business. Even worse,
these companies are having to deal with multiple forms of digital change
simultaneously, mostly increasing cloud adoption, but also increasingly
mobile, IoT, robotic process automation, and advanced AI efforts.
Employees, partners, and customers are increasingly trying to
communicate digitally, which would be a wonderful advancement- were it
not for those pesky GRC efforts. By its very definition, digital
transformation creates more risk and jeopardizes compliance. That is why
enterprises today critically need trusted risk and compliance partners to
manage the digital risk. But compliance is hardly a static situation. It is a
mix of often-contradictory-- and constantly changing-- rules from state,
federal, global and industry-specific compliance and regulatory
requirements, including PCI, SOX, NIST, NY DFS, FFIEC, HIPPA and a
myriad of state privacy mandates. That’s where Edgile comes in.
Edgile is a leader in building IRM/GRC programs for highly-regulated
companies, both large and small. A big advantage of the company’s
approach is that it allows to tailor environments to the enterprise’s needs
while avoiding true customization that can create problems down the road.
For almost two decades, Edgile has helped Fortune 500 companies deal
with risk and compliance issues, by tackling the intersection of the four
areas where enterprise GRC efforts generally fail. These areas consist of
the constantly-changing global compliance landscape; the evolving threat-
technology landscape; mismatches in roles and responsibilities between
the enterprise and their vendors (e.g., Saas, IaaS) the related nuances of
cloud security compliance; and the almost-limitless configuration and
related product options being offered by the major GRC vendors.
An Organization of GRC implications
Enterprises today face an avalanche of GRC choices. How to migrate to an
earlier platform? What configuration choices make the best sense for that
We secure
the modern
enterprise.
“
“

14. company, given its size, geography and vertical? What are the GRC
implications as the enterprise moves more and more deeply into the
cloud? For that matter, those answers change depending on which cloud
provider is being leveraged. What GRC tool to implement? Which
implementation partner? Then there are the complexities that happen with
every business unit sale and especially every acquisition, with new
software licenses and homegrown legacy apps forced into the enterprise
technology equation.
The experienced Edgile team members have an average of more than ten
years of experience in a wide range of GRC programs, from functional to
technical engineering. This is rare and difficult to find because other
companies tend to focus on just one of these areas, such as solely dealing
with security or just compliance. But without factoring in all of these
considerations-- the enterprises current and future operations, current and
future compliance changes, partner new or changed capabilities, changes
in the enterprise’s operating environment, such as new cyberthief tactics--
it’s impossible to truly help an enterprise with its complex and ongoing
GRC efforts.
Edgile’s experience in delivering this comprehensive and holistic strategy
has allowed it to create a precise methodology that allows enterprise
executives to understand their GRC environment and to deal with it at
their own chosen pace. Indeed, This methodology doesn’t simply make
efforts easier for IT, Security, Compliance, Auditing, and other traditional
GRC operating units, but it also helps articulate to the CEO, CFO, and
board members that their security dollars are being used shrewdly.
Life Made Easier by Managing Risk
Edgile’s expertise extends beyond its 16 industry verticals, delving deeply
into managing the risk of an enterprise’s entire digital transformation. The
cloud itself, for example, is typically far more naunced and complicated
than most executives assume because of hybrid cloud environments,
where the company is neither fully in the cloud nor fully on-prem but it is
doing both – to varying degrees as it slowly transitions to an eventual all-
cloud environmental. That painstaking slow process must be managed
delicately, as those changes can have non-obvious impacts on both risk
and compliance. And as enterprise shift more of their resources, data,
tools, and other applications to the cloud, the number of elements that are
suddenly – and sometimes invisibly - beyond their control soars.
Edgile offers proven services to help solve
complex security challenges across many
industries including healthcare, financial
services, energy, retail, et al.
“

15. Mr.Brian Rizman

16. Another critical area for Edgile is
regulatory change management.
Although it starts with a team of
compliance experts that are tracking
global, federal, state, municipal, and
industry laws, regulations and other
requirements every day, the most
powerful element is applying those
changes-and the anticipated near-term
compliance changes – to the specifics
of each enterprise. How does it impact
that company’s policies and
operations? What are the best changes
to both improve compliance and
reduce risk? That’s what Edgile
delivers.
Approach and Advantage
Edgile has seen a rapid rise in
organizations making the IRM /GRC
move to ServiceNow. This isn’t
surprising as:
ServiceNow is a Gartner Magic
Quadrant Leader in the GRC space
ServiceNow is the authoritative source
for much of what needs to be managed
via GRC so having native access
without API integration is a huge
benefit.
ServiceNow platform enables
synergies across the three lines of
defense
ServiceNow offers the first real
opportunity to achieve continuous
monitoring & automate early warnings
via KPI/KRI sustainably and cost-
effectively.
Unique Client Risk Programs
What’s unique about Edgile is their
focus on building client risk programs,
using their proven 5-pass methodology
and automated access they provide to
the rapidly changing regulatory
environment. Edgile’s ArC, Automated
Regulatory Compliance Managed
Content Service has a team that tracks
so much easier to share information.
“When our auditors come and ask for
specific information around our IT
general controls, we can point them
into ServiceNow rather than having to
send them Zip files or give them access
to SharePoint that would require them
to then have VPN access, etc.,”
Liebergen said.
Committed and Determined Leader
A professional leader with a wealth of
experience has the ability to
understand how businesses operate and
applying his positive enthusiasm,
motivates teams into producing results.
Don Elledge, the CEO is one such
committed and determined leader who
founded Edgile in 2001. Don holds an
undergraduate degree in finance from
the University of Texas, and an MBA
from the University of Washington
with a focus on economics.
Prior to founding Edgile, Don was a
partner at Deloitte, where he
established a national security practice
focused on e-business security. He also
spent four years in New York working
at First Boston in the financial industry.
He advises clients on security and risk
issues by the rapidly changing
technology environment, and his
forward-thinking view has positioned
the company as a trusted, strategic
partner. Don is responsible for growing
the company into a leading security
and risk services organization serving
Fortune 500 companies.
more than 500 states, federal, global &
industry-specific compliance and
regulatory requirements every day.
Edgile’s ArC coupled with its
Regulatory Change Management
Solution allows the company to help
clients’ pinpoint control and policy
changes necessary to achieve
compliance.
Critically, Edgile works closely with
Fortune 500 executives, to understand
not only where they operate today but
to try and focus on where they expect
to be in 6-18 months and where they
are heading strategically in the long-
term. The team then collaborates with
both technology and the business
leaders to frame a roadmap.
Better Services with ServiceNow
One enterprise that both Edgile and
ServiceNow have helped is Banner
Health, which owns 20 hospitals across
six states. “Taking all of those
materials and shifting it into a platform
allowed us to maintain data, to see the
audit trails of who did what when we
just continued referencing it while
putting that data continuously in the
customers’hands,” said Banner Health
IS Governance Director Greg
Liebergen. He also says “I don’t
believe that we did any customization
at all. It’s taking the ServiceNow tool
and using its out-of-box capabilities,
the workflows, the different aspects of
the module that exist and configuring
them so that they use the language that
we use internally the terminology. It
was a big thing for us not to have to
use customization, just to make it
overall easier to use the tool on a day-
to-day basis. But also, when the time
came for platform upgrades, that we’re
not struggling, trying to take our
unique item and fit them into
ServiceNow’s upgraded platform to
provide more capabilities.”
Another advantage of not having to
customize the coding is that it makes it

19. Address :
Country :City : State : Zip :
Date :Name :
Telephone :
Email :
Che should be drawn in favor of:que INSIGHTS SUCCESS MEDIA TECH LLC
Global Subscription
1 Year.......... $250.00(12 Issues) .... 6 Months ..... (06 Issues) ..... $130.00
3 Months ... (03 Issues) .... $70.00 1 Month ...... (01 Issue) ..... $25.00
SUBSCRIBE TODAY

20. CFM Partners
Strategic Technology for Modern
Compliance Professionals
High-risk employee behaviors that make headlines,
combined with ever-changing government
regulations, heightened public awareness of
corporate responsibility, and rising risk-related costs have
prompted compliance executives to seek solutions that will
help them manage Governance, Risk, and Compliance
(GRC) efficiently and effectively.
Based in Washington, D.C., CFM Partners has been on the
frontlines of GRC management for over 20 years, offering
knowledge-based solutions to help companies proactively
manage their risk, turn compliance into performance, and
develop effective governance strategies.
The Company that “Gets It”
Employee misconduct often originates from gaps in
communication and adoption of policies among groups,
departments, and individuals -- gaps that the team at CFM
Partners works to bridge through its expertise and
technology.
Businesses spend a tremendous amount of time and effort
carefully developing policies, procedures, and educational
materials to guide employees and management in how to do
their jobs well and minimize the risk of negative incidents.
However, it can be a struggle to implement them in a way
that encourages a culture of compliance, where each
member of the organization understands their role and
responsibilities.
CFM’s flagship solution, Access Compliance™, promotes
cultures of compliance by helping companies modernize
their approach to policy and procedure management
through easily-accessible, relevant, and understandable
training, as well as systematic communication that lets
nothing slip through the cracks.
Access Compliance™
Access Compliance delivers policies, procedures, and other
important information that are directly relevant to the role,
responsibilities, and environment of every user, when and
where they need that information, thereby enhancing
employee productivity while embedding compliance into
day-to-day business practices.
It aligns corporate, business group, and country-specific
policies – at the end-user level – to ensure users don’t have
to sift through volumes of irrelevant information. They see
only the policies they need to do their jobs, stay compliant,
and stay productive. The platform makes role-appropriate
information and education easily searchable and accessible.
Beth Murphy
Founder, President
& CEO
www.insightssuccess.com18 2019|October

21. Integrated throughout Access Compliance are features that
allow administrators to designate who sees what and when,
via CFM’s exclusive Push-by-Profile™ distribution and
customized audience assignments. This feature has helped
the company secure a well-differentiated position among
regtech providers by ensuring the right information is at the
fingertips of the right people at the right time.
“Risk is substantially mitigated by consistently making
people aware of how a particular policy, procedure, or
regulation applies to them and their job,” said CEO Beth
Murphy. “We determined early-on that our solutions need to
be configurable to deliver information that is relevant to
each user to be truly effective.”
CFM Partners also led the field in delivering solutions in
the cloud. Leveraging cloud-computing technology, Access
Compliance hosts a suite of solutions and tools that are
modular, integrated, configurable, and customizable.
Applications and content are swiftly deployed across
different regions to specific, appropriate audiences –
providing clients with round-the-clock access to the
information they need to do their jobs well. Modular design
also makes it possible for organizations to acquire as much,
or as little, functionality as they need.
“When we see an opportunity to enhance our solutions in
ways that matter to our clients, we readily pursue those
enhancements and make them a reality. It’s kept us ahead of
the market repeatedly over the years,” Murphy notes.
Streamlined for Managers
The easier it is to administer a solution, the more effective it
will be. Access Compliance includes tools and templates
that make it easy for clients to map policies to groups that
need them.
“We’ve worked to centralize and streamline the
management of policies and procedures, as well as
distribute them through a single interface,” Murphy
explains. "Features provide a way to standardize policy and
procedure development by clearly indicating who owns the
content, when it was last updated, where it impacts the
organization, and more.”
Access Compliance also provides a single access point
where managers can see when, where, and by whom
policies are reviewed. These tracking features are ideal for
managers who understand the importance of monitoring for
red flags that may indicate additional communication or
employee training is needed.
Beyond monitoring, Access Compliance generates reports
that document when policies have been reviewed or training
programs completed. Data is archived for future reference
and regulatory compliance.
Education Is Key
“Simply put, companies that know better, do better,”
Murphy observes.
Effective compliance education starts with a corporation’s
policies and procedures and is supplemented with training
to fully educate employees on complex or critical issues.
Access Compliance’s education and training module
features a suite of online course libraries with topics
including Cybersecurity Awareness, Conflicts of Interest,
Anti-Bribery, Sexual Misconduct Prevention, and Use of
Social Media, to name only a few.
Its robust functionality provides easy course administration,
customizable and tailored content, review and monitoring
of employee progress, reporting, and updates.
Clients Come First
“Every client has its own distinctive needs,” Murphy
reflects. “We meet our clients where they are, and our
philosophy is to adapt our products and services to meet the
needs of each organization.”
Deep knowledge, innovative solutions, and an unwavering
commitment to client success are the keystones upon which
CFM Partners built its business.
When we see an opportunity
to enhance our solutions in
ways that matter to our
clients, we readily pursue
those enhancements and
make them a reality.
It’s kept us ahead of the
market repeatedly over the years.
The
Trusted
www.insightssuccess.com 2019| 19October

22. In recent times, the retail industry hasn’t seen a more
exciting invention since the invention of cash register.
With new and innovative technologies helping shape
both online and offline experiences for consumers, the
landscape is continuously changing in a way which was
unimaginable even few years back. The best part is that
there seems to be no end of the innovation, which only
influencing the purchase decision of the consumers.
Nowadays the main focus of retailers is to create a safe,
engaging, and unique shopping experience for its
consumers, it’s very important for the retailers to
understand the importance of Big Data and in-store
analytics and adapting to the cloud. With the retail industry
at the verge of massive transformation, we are listing out
few key trends that everyone needs to know to be
successful in the ecosystem that is transforming quickly.
Multi-system Integration
Multi-system integration with various applications gets the
utmost priority from top retailers. Most of the retailers list
out POS integration with other applications as a key priority
alongside the implementation of dynamic marketing content
through mobile devices. This is mostly due to the retailer’s
interest to store all the customer information and purchase
history in a database, which is completely centralized that
could be easily integrated with multiple applications.
However, in order to do that, a retailer needs to use an ERP
database that can handle all these.
Speed
People always look for quick solutions for everything. A
clock starts ticking the moment a customer enters, no matter
how good the product is, if the process is slow and the
attention to details are missing, then customers will leave
disappointed. As a retailer, one cannot please everyone, but
with a modern and efficient POS, the service can be
improved. A modern POS simplifies the communication
between various departments and can save a lot of time for
both the retailer and the customer respectively.
Managing Stocks
Keeping and managing inventory is a nightmare for most of
the retailers, and it’s quite natural. Managing inventory is a
never-ending task and takes a lot of effort, time, and
manpower. However, it is quite important to manage
inventories when it comes to long-time survival. An
efficient POS system always makes the process of
managing the inventory much easier. The best part of a POS
is, one can monitor the status of stocked items, shipped
products, and new orders anytime. This is a huge time saver
for a cumbersome and a tedious process, and eventually
helps retailers to focus on other important aspects of
running the business.
Customized Experience
With POS systems, retailers just need to provide
personalization that scoops out every shopper. Every
passing year, retailers are adapting to personalized
technology solutions that allow an interactive user
experience. Thanks to the emergence of all new mobile
POS technology, now retailers can offer its customers more
choices to accommodate their shopping habits by letting
them to complete transactions anywhere in the store. Now
with the invention of improved POS marketers and
customer service teams can contact the buyer at each point
of their purchase decision. With so much data retailers and
consumers can have better customer service, quicker
payment processes and access to better offers and real-time
personalization.
POS Trends
Reshaping
the Reatil Sector
www.insightssuccess.com20 2019|October

23. Promotions and Marketing at its Best
Nowadays with the advent of digital technology, marketing
involves maintaining a digital presence as well. A POS can
integrate all the advertised offers with transactions, making
it easier to keep track of all the campaigns. Additionally, it
can integrate with CRM and track customer behavior. When
an offer gets popular among the masses, then the retailer
will see it in his transaction data.
Usage of Big Data analytics
In order to compete with e-commerce, retailers are now
taking the help of Big-Data and in store analytics just to
have a better idea about what’s happening inside the store.
Big-Data analytics helps retailers to track how frequently a
specific item moves from shelf to shopping cart allows
retailers to know the trends that are dominant in the market.
Analytics helps the retail industry in a big way to better
understand consumer purchase pattern and behaviors.
Keeping Track of Employees
To run a business smoothly a retailer, need few people. A
POS system enables to manage them with great accuracy.
With a Point of Sale system in place, employees can sign on
or off easily and the system will automatically log their
work hours and break hours.
Security
Above all, a POS system offers great security protections
that help keeping customer data safe. Retail stores and
businesses are always prime targets for Cyber Criminals,
and a data breach is not good for a business. So, by using
standard encryption and firewall, businesses can be secured
from cyber-attacks and customers can swipe their cards
with a peace of mind.
So, here we have listed out few of the POS trends that will
shape the future of the retail industry. As we look ahead,
these trends will be on focus for both retailers and
customers. The main advantage of an advanced POS system
is greater efficiency and optimization, it links all the
departments together which eventually allows to have better
control over the inventory, better profitability, and to
manage processes in an efficient way.
Industry Trends
www.insightssuccess.com 2019| 21October

26. Gisle M. Eckhoff
CEO, DigiPlex
www.insightssuccess.com24 2019|October

27. The Physical Security
Gisle M. Eckhoff joined DigiPlex in August 2014 as Chief Execu ve Officer. He
brings nearly thirty years’ experience in senior posi ons in the IT industry in the
US, Sweden, UK and Denmark as well as at home in Norway. Gisle is the former
Senior Vice President and Managing Director of CGI’s opera on in Norway, and
has also held a number of senior management roles at both country and regional
levels in CSC Computer Sciences Corpora on.
The experience and knowledge gained from heading up the Financial Services
ver cal in the Nordic region, before becoming Vice President and Managing
Director of CSC in both Norway and Sweden, is of great value when
implemen ng DigiPlex’ growth strategy in the Nordic markets.
he EU’s GDPR legislature will have consequences for every company doing business in
TEurope, including American companies. The new directive promises sizeable fines to
anyone that does not take personal data seriously. Meanwhile, the data centre company
DigiPlex urges companies to focus on another important aspect: physical security.
The General Data Protection Regulation’s (GDPR) purpose is to harmonize legislation related to
personal information across the EU’s member states. It does however also create radical challenges
for American businesses holding information on EU customers. Come May 2018, when the
legislation enters into force, companies will have publicly disclosed how the data is used, in addition
to offering transparency for individuals seeking access to their data. The GDPR includes a sanction
mechanism, and the fines for non-compliance can reach 4 percent of a company’s annual revenue.
• Business will obviously change for everyone not taking personal information seriously. This will
clearly raise awareness regarding how the data is secured, but it’s also vital not to forget where the
information is located, says DigiPlex CEO, Gisle M. Eckhoff.
About the Author
www.insightssuccess.com 2019| 25October
Expert’s Thoughts

28. Moving data to safety
American computer security company, McAfee, published a study of over 800 company leaders from
different sectors. The report reveals that 50 percent of the respondents state that they would like to move
their data to a more secure location. A motivating factor is the new EU legislation. The report also
reveals that 74 percent of the business leaders specified that they thought protecting the data correctly
would attract new customers.
• Data security is not just about protecting yourself against hacking and other digital threats. The
overall security critically depends on where your data is stored. Companies who actively select a
secure data centre to host their data will gain a competitive advantage in the market as the
management of personal information is in the spotlight, says Eckhoff.
Physical security is forgotten
While EU-based companies are in the process of adapting to the GDPR, Gartner predicted only 50
percent of American firms will be ready for the strict regulation by the end of 2018. It’s primarily the
largest companies and public enterprises that are furthest along in the process of adaptation. According
to Eckhoff, they are usually the ones that are the most concerned with data security and where it is
stored. Fire and operational safety are two obvious challenges, but physical security also includes
securing yourself against theft.
• Several smaller businesses and organizations keep their data servers at their offices, and the physical
security in many of the smaller data centers is almost absent. If your data is stored in such a data
center, where someone easily could break in and physically remove the hardware containing your
information, then you are very vulnerable – both operationally and in relation to GDPR, says Eckhoff.
At DigiPlex’s data centers, several layers of security ensure the safety of the data and the personal
information that is stored there. Physical security is one of the most complicated and expensive features
when building or updating a data center. That is why newly established data centers have to reach
critical mass, allowing them to store enough data to compensate for the large security investment.
Adapting to GDPR
One consideration to take, as we are getting closer to the implementation date of GDPR, is where your
data center should be located. Several US based companies are already relocating their centers to the EU
in order to comply. Multiple database providers are helping non-EU companies organize and segregate
EU data from other personal information. The data center industry is well established in Europe, and
some of the most cost and climate efficient centers are located in the Nordic countries.
In the Nordics, the cool climate helps chill down vast amounts of hardware that otherwise would have
been cooled down solely by electricity. Additionally, the electricity that is required by data centers to run
their operations is supplied through easy access to affordable renewable energy.
• In recent years, we have seen political turbulence in larger parts of the world, Europe included. The
stabile political environment in the Nordic countries is also a climate to consider, as the establishment
of data centers is a long-term investment, says Eckhoff.
www.insightssuccess.com26 2019|October

30. Corlytics
Empowering Clients to Make
Informed Choices
ack in 2008, when the Lehman Brothers filed for
Bbankruptcy, it was done with fear and confusion,
following one of the worst economic meltdown
since 1920’s great depression. Up until then Lehman
Brothers survived the great depression, two world wars,
cash shortage, the Russian debt default of 1998 and the long
term capital management collapse. However, despite
surviving all these, the collapse of the housing market in the
US brought Lehman brothers to its knees.
Back in 2008, compliance was a nuisance function that
banks used to keep in the back office. Its importance wasn’t
fully appreciated, and there had been a complete lack of
investment in it. Fifteen years ago, banks may have paid
attention to the regulators, but they didn’t worry about them
the way they do today.
So, with the target of delivering world class regulatory risk
data and analytics, Corlytics empowers its partners to make
transformational, informed, and positive choices. It uses a
combination of artificial and human intelligence to
categorize and organize regulatory notices and when
required, internal firm data, into highly structured relevant
information. This allows regulated firms to protect
themselves from unexpected exposures and fines.
The Inception Story
Thanks to the global economic meltdown of 2008, banks
and other financial institutions have been confronted by an
intimidating stack of new regulations. However, the
founders of Corlytics found a business opportunity in the
landslide of 54,000 regulatory documents which was
published by 130 different agencies of the G20 countries.
The most shocking part of this financial meltdown was
Lehman Brother’s bankruptcy filing, since the great
depression of 1920s no major bank had failed. And
suddenly one of the top 10 investment banks was gone! Just
like that! This created a problem that was unseen before. In
fact, the biggest risk for the world’s top 20 banks today is
regulatory risk. Last year there were about $100 billion in
fines levied on banks for not complying with regulations. In
2008, before the big financial crisis, that was less than $1
billion.
When the Aim is to Solve Regulatory Risks
Corytics analyses the enforcement outcomes of each
regulator and regulatory categories, allowing banks and
financial institutions to understand the business impact.
Data is presented in a digestible, easy to action dashboard,
with heat-maps and financial impact predictions.
Corlytics’ technology includes:
Taxonomy Mapping: Corlytics’ regulatory taxonomy
John Byrne
CEO & Founder
Corlytics
www.insightssuccess.com28 2019|October

31. solution enables categorization, mapping and routing of
regulatory content to a firm’s view of compliance risk,
business lines, and controls. Corlytics makes sense of
regulatory notices for departments, teams and individuals so
that only relevant information is highlighted for action. The
solution has also been used to create the world’s first
‘searchable’ intelligent handbook, through taxonomy
mapping.
Monitoring global regulators: Corlytics’ bots scan all
notices from regulators for all types of regulatory content. It
collates this information to a single cloud-based repository,
which can be used for analysis and risk weighting.
®
Risk insights: RiskFusion highlights regulatory concerns
for risk, audit and compliance teams to assist in the
planning and allocation of regulatory compliance
investments. Corlytics collects and categorizes regulatory
data. Relevant data sets are then analyzed and summarized
®
by Corlytics regulatory and legal analysts. RiskFusion risk
models are applied to the curated data to illustrate the
highest risk jurisdictions, regulations, regulatory topics and
provisions.
Corlytics RED app: This app scans regulators in near real-
time for all types of regulatory developments. These include
regulatory notices, speeches, press releases, consultations,
enforcements and penalties. Users can choose five global
regulators to appear in their feed and RED (regulatory
enforcement data) alerts on content relevant to them.
The Trendsetter
John Byrne is the CEO and founder of Corlytics. When it
comes to setting the company’s vision and strategy, John is
the go to guy. He is a serial entrepreneur in the financial
technology sector, and has built and sold multiple global
technology based enterprises. He also founded one of the
first campus companies in Ireland back in 1985 in the
energy sector. That’s not all; he also built Information
Mosaic in 1997, a global player in the securities software
industry which was later sold to Markit in 2015.
Since the introduction of global regulations for the financial
markets in 2009, John realized that there was complete lack
of intelligence and predictive analytics in order to help the
banks, regulators and their advisers to make informed
decisions.
Picking up Invisible Trends
Corlytics has developed a global taxonomy that structures
all regulatory notices, enabling businesses to look across
jurisdictions for common trends and patterns. This global
intelligence means the company can pick out emerging
trends that are otherwise invisible. In 2017, Corlytics
helped develop the world’s first intelligent regulatory
handbook for the UK’s regulator the Financial Conduct
Authority (FCA). The FCA handbook is used by thousands
of regulated financial institutions and their advisors daily. It
contains binding regulatory obligations and guidance for
firms.
Corlytics has worked with the team at the FCA to apply a
central, common taxonomy to all regulations. Having put
this in place, the existing material in the handbook can be
tagged and machine read. This allows for a much more
user-friendly search and navigation experience.
When Expansion is on the Cards
Corlytics continues to generate promising unsolicited
inward leads and referrals which reflect the strength of its
value proposition and suite of compliance risk applications.
The company’s sales and successes to date with early
adopters including global regulators, large global banks and
financial institutions illustrate substantial validation of its
product.
According to the company, it will continue to pursue its
sales channels in core markets such as Europe and the US.
A strategic partnership with a global bank, advisory practice
or consultancy firm may be considered to accelerate growth
and market approval in new territories.
This year, Corlytics is planning on expanding its core
product offer in terms of strategic geographical and
regulatory coverage to include other jurisdictions. In terms
of market segmentation, it sees significant potential for
sustained growth across asset management, brokerage and
insurance.
We are now at the very fore
of regulatory intelligence
revolution. Our forensic
analysis and forecasting of
regulatory risk and
sentencing globally by four
different professions sees
Corlytics deliver 360-
degree intelligence.
www.insightssuccess.com 2019|October
The
Trusted

34. W
hat are the latest trends in business world? An
impressive raise in regulatory, compliance and
risk management requirements together with
an exponential growth of data that corporations struggle to
manage. The idea behind Governance.com is a spot-on
observation and vision of our founders, Bert (CEO) and
Rob Boerman (CTO) to allow regulated entities to connect
and structure their data.
As a Regtech, our purpose is to allow our clients to
structure and simplify their data and control their business
by building their workflows, checklists and activities
around it. Governance.com is a totally flexible and
customizable central system which can be interfaced with
legacy and external systems of our clients. All their data
and operational flows are centrally linked and easily
accessible via our platform. This explains our continuous
growth and recognition among the industry (winning
Fintech of the year Award in 2016 in LU, included on
Fintech 50 2018 and Global 100 Regtech in 2017).
We all know that a revolutionary vision and performant
system do not guarantee commercial success. Regtech is a
relatively young concept which has to show all its potential
and concrete value to traditional companies. I truly believe
that the key for a successful collaboration lies on an open
and transparent communication. The biggest concern and
pain point of Regtech companies is the lengthy decision and
procurement process of the companies. There is no point to get
frustrated on this as we have no control on this process. I
believe the optimal way to build long-lasting relationships is
to focus on the challenges, needs and culture of our clients. An
intensive risk assessment, a multi-layer decision taking and
procurement process is part of the DNA of the regulated
companies we are talking to. So, either deal with it or stay
aside for Regtech CCOs.
This is one of the first strategic decisions I have taken as
Commercial Director: rather than beginning to talk how
marvelous and innovative our solution is (and I truly believe
Governance.com is an awesome platform) we always begin
discussions by asking our contacts:
Ÿ How do you manage your business?
Ÿ What would you like to achieve with it?
Ÿ What are you biggest pains?
st
Ÿ Who are the users? What is the 1 thing they will do on
Governance.com?
Based on their feedback, second step is to show the features
and functionalities of our platform adapted to their needs.
During the advanced negotiations phase, we aim to underline
our concrete support and value:
Allowing
Regulated Entities
to Connect and Structure
their Data
Industry Intel
www.insightssuccess.com32 2019|October

35. About the Author
Olus Kayacan, CCO of Governance.com, has over 20
years of experience in Financial Markets including
prime brokerage and asset management with a
substantial network of Institutional Investors, Retail
and Private Banks, Brokers, Asset managers, Family
Offices and Corporates. His career has allowed him
to meet extremely exciting, interesting and
professional individuals every single day. He has
successfully participated to the launch &
development of several businesses and
overachieved commercial targets on each of
them.
Ÿ Define together the Return on Investment of the project:
our aim is to achieve 600% ROI within 3 years
Ÿ Focus on Simplicity of our platform: our motto is that a
system is useful and will be used massively if it is
simple to use
Ÿ Propose Agile and timely Implementation: tech means a
quick, easy and efficient deployment
Ÿ Close follow-up of their activity: our Business Support
experts are easily accessible during the entire process
and afterwards to assist our clients in case of need
This approach is the key for the strong and long-term
relationships.
It is also vital to integrate the decision-making and
procurement variables very early in the process. Regtech is
a new concept and Senior Management and Decision-
Makers are sometimes informed of the procurement process
once they have decided to use our platform. A pro-active
and continuous support is the key to be able to work with
them quicker and help them throughout the process.
This, I believe, is the reason of our success and our
shortened relationships activation compared to our industry
standards. We are all so proud to be part of this exciting
adventure, which allowed us to grow from 2 to 17 FTE with
offices in Luxembourg and the Netherlands.
We have many exciting challenges for the upcoming year:
Ÿ Continue our international expansion by partnering with
high-quality organizations and direct presence via local
offices. We plan to be present in the UK during 2018
and extend to US and Asia during 2019 to get closer to
our clients worldwide.
Ÿ Ensure continuous enhancement of our functionalities
by listening to our clients
Ÿ Implement Machine Learning and AI functionalities we
are working on our platform
Financial Regulation and Compliance costs around 780 BN
$/year: 1% of Worldwide GDP! This is why it is so exciting
for me to work within tech and being able to participate to a
sustainable economy by providing a cost-efficient, safer and
user-friendly solution!
Olus Kayacan
CCO
Governance.com
www.insightssuccess.com 2019| 33October

36. Great Bay Software
Closing the IoT Security Gap
hile “Internet of Things” security is the focus of
WGreat Bay Software today, its beginning
predates IoT. The company got its start in
2005, working with clients to help shore up their networks
with network authentication, and they identified a
significant gap in the market: Endpoint Visibility. They
created a product called Beacon, and this became the
flagship product of their new company, Great Bay Software.
With that launch, Beacon was suddenly on the map – it was
quickly OEMed by household names in Network Access
Control. But by 2014, Beacon had outgrown this OEM
status – by then, the product included features like
authentication and enforcement, and it also had the ability
to discover and profile the new world of IoT devices.
With the advent of the “Internet of Things” starting in the
mid to late 2000s, Great Bay knew that Network Security
would need to change. In these early days with Beacon, the
organization envisioned the next generation of IoT Network
Security – and that gave birth to its Network Intelligence
Platform. The company took the core of Beacon and its
agentless architecture and, after years of successfully
ingesting data from enterprise sources, it build out a robust
Open Platform designed for bidirectional integration. The
highly migratory and rapidly evolving nature of IoT
necessitates an elastic and responsive security framework,
in addition to the wisdom and context from the enterprise
environment.
Importance of Security
Security concerns around the “Internet of Things” have
been percolating for decades, but today’s enterprises are on
the cusp of the crisis. For years, an endless barrage of
under-secured gadgets was acquired by consumers at a
dizzying pace, and the tipping point of enterprises hit just a
few years ago– business investment in IoT was $215B in
2015 and is expected to grow as much as $832B by 2020.
Attacks on unsecured IoT are on the rise, driving up risk in
every industry sector around the globe. Gartner forecasts
that, by 2020, there will be more than 20 billion internet-
connected devices in use, with IoT connecting everything
form jet engines and commercial vehicles to manufacturing
equipment and office equipment to personal cars and
consumer electronics. This staggering number, along with
the range of device manufacturers, creates a vastly larger
and more complex environment for enterprises – and a
larger attack surface.
Great Bay Software was the first IoT Security solution on
the market to eliminate the cost and complexity of network
visibility and control with an agentless architecture that
automated the device discovery, threat detection and
defense – well before any other solutions on the market.
Today, the company is a leading provider of IoT Visibility
and Control, and its Network Intelligence Platform provides
organizations of all industries and sizes with unparalleled
visibility, scale, and control to address one of the most
prolific and challenging cybersecurity risks of today’s time:
IoT devices. The company’s vision is to arm every
company with the visibility, and control needed to harness
Ty Powers
Vice President
Technical Solutions
www.insightssuccess.com34 2019|October

37. the power of IoT – along with the means to protect their
organization, customers, partners and stakeholders at scale.
Risk Management Challenges
Educating enterprises about IoT risks and security is one of
the biggest challenges. Most companies see the productivity
gains that can come from IoT and jump – but they don’t
always understand the risks. Or, even if they do, they don’t
understand the urgency. There are numerous examples
where IoT enterprise threats are here now – and Great Bay
Software is in a place where CISOs and their teams cannot
de-prioritize this any longer. Often, the challenge is based
on budget or IT skills shortages - but the company can very
quickly show how its platform can save organizations’
valuable time. The ROI is there.
In addition, even when risks are understood, many
companies and industry leaders are focused on device
manufacturers – there is a deep desire to drive security
standards from the manufacturing side. While there have
been some improvements, that approach has a critical flaw:
the way IoT devices are manufactured is core to the
problem of security.
When looking at broad manufacturing processes for IoT
devices, there are several players. It starts with the chip
manufacturers, who compete based on price and have slim
profits margins, so there may be limited engineering focus
placed on security. Next, there are the system manufacturers
– they choose off-the-shelf silicon and OEM software,
manufacture the device, and maybe build in some tech
elements, but don’t often put their brand name on it. Finally,
the brand-name company packages and makes sure
everything works and ships the product. At that point,
maintaining the platform, firmware, and patching the OS
may not be a priority (or possible), and the software is often
times outdated even if the product is new to market. Who is
responsible for keeping everything up to date? It’s not clear,
so it doesn’t happen. The waters are even murkier if one of
the entities goes out of business or is acquired.
When evaluating regulated industries like healthcare,
Medical Device manufacturers face another conundrum:
device review and approvals can take as much as 5-7 years,
so the software is often times dated just as soon as the
device is approved for launch. And the device may have a
life span of as much as 15-20 years. This is a far cry from
the 3-5 years expected from most PCs, tablets and mobile
phones.
As such, while manufacturing; security is important, it is
only one control. So, Great Bay Software believes outside
governance is of utmost importance for security to be
delivered – it’s all about checks and balances.
Prompt and Thorough Leader
Ty Powers has been with Great Bay since the beginning –
but, back in 2005, this predated the advent of IoT. That said,
the company’s DNA is in endpoint visibility, security, and
networks. Great Bay Software has worked with CISOs and
CIOs from companies of all sizes and all industries – and
Ty had a front role seat to much of it. As a security analyst,
solution architect, systems engineer, technical product
manager... and now, Vice President Technical Solutions.
His role working alongside customers as they engage with
the company’s platform has been among the most
rewarding.
We ensure that
enterprises know their
real-time IoT risk and
can easily detect, locate
and mitigate device
threats as they emerge.
www.insightssuccess.com 2019| 35October
The
Trusted

38. Ty brings more than 20 years of network infrastructure and
security experience to Great Bay Software. He has
specialized in all phases of network security, from the
design, planning, and scaling of architectures to the
implementation, integration, and deployment of critical
network security solutions. Ty has held technical positions
at Aruba Networks, Blue Spruce Technologies, Enterasys
Networks, and Cabletron Systems.
Solutions Offered by Great Bay
The company’s Network Intelligence Platform is designed
to discover, profile, and monitor all network-attached
endpoints – in real-time without an agent. It is the first and
the only real-time visibility and enforcement solution
proved to deliver device discovery, robust profiling,
continuous behavior monitoring, and flexible remediation at
an enterprise scale. The company has secured more than 1.5
million devices in a single instance for an enterprise – this
is the largest known deployment in the industry. Great
Bay’s platform includes:
Ÿ Unmatched Visibility: Great Bay Software’s agentless
architecture ensures that it sees 100% of network-
attached devices – arming IT, security, compliance,
clinical and operations teams with a complete view of
all IoT devices. Presented in an intuitive interface, the
company enables professionals to obtain complete and
up-to-the-minute asset inventory, and enable them to
quickly detect, understand, and mitigate device risks
within 2-3 clicks.
Ÿ Real-time Behavior Monitoring & Risk Intelligence
Scoring: The Great Bay Network Intelligence Platform
analyzes the identity and behavioral attributes of
endpoints, identifying real-time events and, when
needed, automating a change to mitigate risk.
Leveraging and correlating multiple risk indicators, the
platform also calculates an enterprise risk score based
on each organizations’ unique environment and
priorities.
Ÿ Dynamic Network Segmentation and VLAN
Strategy: Network Segmentation is a best practice for
security and compliance that is increasingly impractical
to implement and maintain in large corporate
environments. Great Bay Software Network Intelligence
Platform is designed to help identify, devise & enforce
an optimal segmentation strategy – streamlining
operations, and strengthening security by dynamically
taking action to alert administrations when network
security policies are compromised.
Ÿ Bidirectional Integration and Workflow Automation:
The company’s Open Platform is designed to increase
the efficacy of the security architecture and asset
management systems through the sharing of endpoints
attribute data and context. Delivered through our rich
API or Great Bay Data Connector, the bidirectional
data-flows enables powerful feature delivery, such as
dynamic ticket generation, and also improved
infrastructure security and a higher return on
investment.
Innovative Future
Great Bay’s platform is among the first to address and solve
the enormous challenges around IoT device visibility and
control. Understanding of the threats in this market is still
emerging – and the company is poised to help organizations
of all walks and sizes tackle these issues head-on. The
company’s platform continues to evolve as IoT continues to
mature, and Ty is looking forward to announcing several
innovations in the not-too-distant future.
www.insightssuccess.com36 2019|October

40. Data Center Security
The rise in cyber-crimes is one of the main causes of
Data center outages. As per the recent survey
conducted by industry insiders, cyber-crime caused
22 percent data center outages in 2015 opposed to 2 percent
outages in 2010. Adding to all these, now most of the data
centers are re-evaluating their security policies after the
recent WannaCry ransomware attack.
Data center outages cause companies to loss revenue in
many ways. However, the costliest loss is service
interruption and loss of IT productivity. So, the
organizations are now realizing that traditional security is
no longer secure enough to secure any data center. A recent
study has found that 83 percent of traffic travels east/west
within the data center, which stays undetected by the
perimeter security. In this environment, when an attacker
infiltrates the perimeter firewall, then can jump across the
system with ease, extract information and compromise
valuable data. Additionally, data centers can fail due to
trespassers or a terrorist attack or by natural calamities.
So, how can one secure a data center in the best way
possible from any kind of cyber threat? Don’t worry we’ve
got you covered, with the points below.
As the first step, one should Map the Data Center and flag
the hackers within the virtual and physical infrastructure.
The CSOs and CIOs with a system map of their systems
can react to any suspicious activity and take steps to stop
data breaches. Being able to visualize different traffic
patterns within a network helps to understand threats, that
eventually elevates the level of security.
Understanding and measurement of traffic flow within
the data center boundary are very important. In the case of
any interruption in traffic across east/west vs north/south,
protected vs unprotected one can get to know about a threat.
Additionally, vulnerable zones and unprotected traffic need
to be monitored for a better result.
Firewall rules need to be defined and implemented as per
requirements. Additionally, one should allow traffic only
after thorough verification and selectively allow
communication to ensure maximum protection. The key is
to identify, what is legal and secured and what can be
blocked to enhance security.
One needs to Build a Team with executives who
understand how traffic flows within the premises and can
access & secure information, take necessary measures to
secure important assets along with the implementation of
roadblocks for the attackers.
Security must move as fast as a data center’s technology
adoption and integration. Security Strategy Should
Change Alongside the Technology and it should not be
treated as an add-on option. Additionally, businesses also
should ensure that their virus protection, signatures other
protection features are up to date for better protection.
Businesses should Identify and Place Controls over high-
value assets, which will help to reduce risk. However, older
security solutions are completely blind to new threats, new
security companies have produced latest solutions that
protect data in the virtual world.
Access Restriction also needs to be imposed. Every
business should thoroughly check a person’s background
before giving the access to a prized possession. Access to
the main site and the loading bay must be limited,
Controlling Possible Threats
www.insightssuccess.com38 2019|October

41. additionally, two-factor authentications and fortified interiors with security guards and roving patrols would help to
safeguard the employees and the data center.
Installing Surveillance Cameras around the data center, alongside removing signs which may provide clues to its function
helps to locate an intruder. A buffer zone between the data center and all the entry points will limit unlawful trespassing to a
great extent. Additionally, the data center needs to be far away from the main road and it should not have any windows other
than administrative purposes for better security.
A data center should Check Test Back-Up Systems regularly as prescribed by the manufacturer. It should also ensure to
make a list and of Do’s and Don’ts in the event of an attack. Recovery plans and security plans also need to be checked
thoroughly.
Data centers are always a Soft Target for The Terrorists, as an attack on them can disrupt and damage major business and
communication infrastructure. So, security needs to be taken seriously and to do that proactive steps should be taken to limit
the impact of a terrorist attack.
Trained Security Guards needs to be posted inside a data center and they should be well trained. Security officers must
undergo strict site-specific training to monitor surveillance footage. Depending on the size of data center and the number of
security cameras multiple security officers may be required on duty. Security officers dedicated to inspecting surveillance
footage helps when it comes to securing a data center.
Disaster Recovery is very much important, that must be in place. If the data center stops functioning after an attack or
natural calamity, it must have a way to restore operations as soon as possible. To be ready for a disaster and to evaluate the
disaster recovery plan, it’s necessary to train staffs well and experience simulated disasters.
To avoid these obstacles, one needs a fair bit of knowledge of new security systems, solid plans, and comprehensive
visibility. The more work a data center can do up front in the above-mentioned areas the better the chances of success with
lesser outages.
www.insightssuccess.com 2019| 39October
Editor’s Pick

42. Matrix-IFS
The Modern Day Crime Fighters.
Protecting Financial Institutions from
Hackers, Fraudsters & Money Launderers.
ith millions of accounts containing people’s
Wlife savings, security has always been one of
the largest concerns for financial institutions
and their customers. As cybercriminals become more
sophisticated in their hacking techniques, so should a
company’s cybersecurity and fraud prevention systems.
Although new technologies provide more advanced
security options, knowing which ones to use and how to
implementitis achallengemanyinstitutionsfacetoday.
Aa a global leader in financial crime and compliance
consulting and services, Matrix International Financial
Services (Matrix-IFS) places the safety, privacy, and
security of financial institutions and their customers above
all. Led by Chief Executive Officer, Renan Levy, the
company provides bespoke solutions to the financial sector
thataddress emergingthreats.
About Matrix-IFS
Matrix-IFS was founded in 2006, due to the growing need
for tailor-made, cost-effective services in financial crime
domains - risk management, Anti-money Laundering
(AML) andfraudprevention.
“For the past thirteen years, the IT financial crime space
has been exploding as regulations become more
demanding, and technologies such as artificial
intelligence (AI) and Machine Learning continue to
improve. The risk of being a target of illegal activities is
only increasing, requiring the banks and other financial
institutions to adopt various solutions to protect
themselves from different types of attacks. Matrix-IFS was
founded for this particular reason: to help our clients
address these issues by providing domain and IT expertise
of highly qualified and experienced financial crime
specialists.”,Renan commented on the landscape of
financialcrime.
Havingthe Customers’Best Interests at Heart
Renan adds, “As a leading advisory firm, we strive to
deliver only the best-suited solutions for our clients. We
develop customized solutions jointly after a careful
examination of the companies’ requirements, existing
technologies,and processes. One shoe does notfitall.”
Since Matrix-IFS is vendor agnostic, it can offer its
customers “best of breed” solutions, meaning that the
Renan Levy
CEO
www.insightssuccess.com40 2019|October

43. 2019| 41Octoberwww.insightssuccess.com
company’s experts combine different technologies to offer
the most efficient financial crime ecosystem. For example,
whereas some vendors have strong AML systems, they
maylackagood dataqualityor fraudpreventionsolution.
When asked about implementing cutting-edge
technologies, Levy responded, “A robust AML or fraud
prevention program requires a deep understanding of the
data, relevant analytics, and the effective application of
innovative technologies and processes, to name a few:
Machine Learning, AI, and Robotic Process Automation
(RPA).
Renan also states that one of the main challenges faced by
the market today is addressing high volumes of false-
positive alerts generated by transaction monitoring
systems. This inherently wastes a great deal of time and
money due to inaccurate results that can lead to missing
bonafide alerts and causing high rates of customer
frustration. Matrix-IFS’ experts have developed
methodologies to optimizeAML/fraud prevention systems
and models to reduce the false-positive ratio, freeing up
investigators’ time to handle real threats. One method of
making the process more efficient and cost-effective is
through RPA, which automates manual and repetitive
tasks, reducingoverheadandincreasingaccuracy.
Addressing ClientVulnerabilities
Many vendors in the market try to address the issues of
fraud and cybersecurity. Most address 80% to 85% of the
client’s security issues. Matrix-IFS uses penetration
testing to assess the institution’s vulnerability. This
methodology takes a bird’s-eye view, looking at the whole
pictureratherthanonlythemainstream.
Stepping into the Shoes of the Leader
Boasting a proven track record of building and running
several successful companies in the fields of technology,
banking, business, and consumer services, six years ago
Renan took on the role of Matrix-IFS’CEO. Since then, he
has grown the company’s footprint from a single office in
NJ to include a global network of offices. Under his
leadership, the company’s offerings have expanded while
notcompromisingonqualityandinnovation.
AStepAhead of the Competition
According to Renan, “What sets Matrix-IFS apart from
other consulting firms is our domain and technology
expertise, which derive from years of experience providing
risk management and financial crime prevention solutions
solely to the financial sector and, by doing so, honing our
craft. No one is as focused or has as many successful
advisory and implementations projects in the fraud
preventionandAMLspaceunder theirbeltsas wedo.”
He continued to say, “Our number-one value is the client’s
success; it drives the company forward to deliver tangible,
measurable results. This kind of customer-centric culture
across the entire company is what drives us. There is
nothing more rewarding than seeing our clients return to
us timeand timeagainoverthespaceoftwodecades.”
AGlimpseatMatrix-IFS’s Future
Renan aspires to bring even more value to his clients by
developing impenetrable new services, including
cybersecurity offerings, top-of-the-line cloud services, and
trustworthy data quality solutions. He envisions for the
company’s future expansion into new territories -growing
Matrix-IFS’offeringswithinthefinancialsector
andbeyond.
Our number-one value is
the client’s success; it drives
the company forward to
deliver tangible, measurable
results. There is nothing more
rewarding than seeing our
clients return to us time and
time again over the space of
two decades.
The
Trusted

44. Has the number of security issues you deal with on a
routine basis ever made you feel a bit like Atlas carrying
the world on your shoulders? I can’t tell you the number
of conversations I’ve had with discontented security practitioners
who lament to me the woes of trying to speak with management
about the latest Heartbleed or Spectre/Meltdown vulnerabilities and
‘management just doesn’t understand’. Even worse, when
management inevitably turns a blind eye to the issue, the security
practitioner worries that they’ll be searching for a new job if
the vulnerability is ever exploited. As the Information
Security Program Owner at National Instruments for over
eight years, I frequently find myself offering up the
following bit of advice to my compatriots who are
struggling with what to do in this situation.
When I first started the security program at National
Instruments, I had these same feelings of anxiety. The
tools that I was using to scan our networks, systems,
and applications were coming up with vulnerabilities
left and right, but there were few things that I had the
ability to fix. I had to go to another team, explain what
had been found, and then I had to somehow try and
convince them that they needed to fix it. In some cases
they humored me, but in many cases the result was that
my vulnerabilities were just another bug that they’d get
Minimizing the
Adverse
Effects
of Risks
Josh Sokol
Creator & CEO
SimpleRisk
www.insightssuccess.com42 2019|October

45. to when they had time. The weight of all of these
unmitigated issues was crushing me. I knew that if I
didn’t find a better way to do things, then I wouldn’t last
long in that role.
I quickly came to realize that my role as a security
practitioner never was to fix the vulnerabilities that I
found. That was the function of the application
administrators. Nor could I control the resources and
roadmaps which determine the prioritizations of the
various mitigations. That role belongs to members of the
business. My primary function as a security practitioner
was to assist in identifying the issues, advise on how to
mitigate them, and ensure that the right stakeholders are
aware and educated so that they could make the most
informed decision possible for the business. In short, my
role was that of a risk manager and my job was to drive
visibility and accountability of the risks the organization
is accepting to the stakeholders who are accepting them.
To formalize the processes around my newly found risk
management role, I did quite a bit of research around
what others were doing. Eventually, I stumbled across
the NIST SP 800-30, a Risk Management Guide for
Information Technology Systems. I’ll admit that it
wasn’t the most titillating document I’ve ever read, but
the content really helped to solidify what our risk
management process needed to look like.
To start with, I needed a way to track all of the risks that
we were collecting through various assessment processes
in our environment. This system, typically referred to as
a risk registry, would become the aggregation of risks
found in our organization through vulnerability
assessment, auditing, interviews, vendor notifications
and many other sources. In order to be successful, I
needed a system that everyone could access quickly and
come across a risk in their environment and a system that
allowed them to enter a minimal amount of data about
the risk so that they could get right back into what they
were doing when they identified the risk. I would then
use that information to later populate the details myself
or to schedule time on their calendar to fill me in. My
system also needed a way for me to understand the
prioritization, or risk level, of the risks I was capturing.
Once the risk had been recorded, I needed a way to track
how we were going to handle the risk. Possible options
ranged from accepting the risk because the likelihood
and impact were within what we considered to be a
tolerable range to planning some sort of mitigation for
the risk. I needed a way to understand the level of effort
involved so we could balance those costs against the risk
level.
If my ultimate goal was to drive visibility and
accountability up the chain of management, my last step
was to have a process for who would perform a review
of the risks. I decided to use a combination of the team a
risk is assigned to and the risk score. Since risk
management is designed to be a cyclical process with
risks re-evaluated on a routine basis, I also used the score
to determine how often the risk would be reviewed.
Most of the organizations I speak with these days about
risk management start out using complicated formulas on
excel spreadsheets, but there are tools called
‘Governance Risk and Compliance’ (GRC) that can help
you with this endeavor. There range options from open
source tools like ‘SimpleRisk’ to more expensive options
like ‘Archer’. It depends on how complicated you need
your workflows to be and how many resources you can
afford to spend to run the program.
I started this discussion with the person telling me that
‘management just doesn’t understand’. The fact of the
matter is that management doesn’t understand because
they weren’t speaking the same language. Your business
understands risk because they use it every day to make
calculated decisions about the investments it is making.
Risk is the language of business and shifting the focus of
your conversations to risk will ensure that everyone is on
the same page and that you are not only viewed by
management as an excellent communicator, but also a
stellar security professional helping to guide the
organization in proper risk management. Not only that,
but you will sleep better at night after shedding that
weight off your shoulders and placing it back on the
solid risk management foundation on which it belongs.
www.insightssuccess.com 2019| 43October
Interpreting Risks