Periodically, the CIO Media Group at TechTarget features an emerging technology and discusses its potential impact for CIOs and their organizations. In this installment of Future State, SearchCompliance site editor Ben Cole looks at the emerging use of application performance monitoring as a tool for regulatory compliance.
Under the Dodd-Frank Act, financial institutions are subject to business conduct standards designed to lower risk and promote market integrity. These include strict recordkeeping and reporting requirements during trading activities.
These Dodd-Frank Act rules emphasize that financial institutions monitor systemic activities and require real time monitoring of trading information because the slightest variation in trading activities can cause compliance violations. Now, some compliance experts say application performance monitoring (APM) tools can help with these compliance processes.
Staying compliant with the Dodd-Frank Act requires close monitoring of information management. For example, even when a third-party entity is used to report a transaction, a swap dealer remains fully responsible for adhering to Dodd-Frank regulations. It's important for compliance departments to view and monitor transactions to validate key elements such as the presence of its Unique Swap Identifier (USI).
APM tools could be used to track transactions and define rules that immediately notify users of any anomalies. By design, APM tools are used to make sure software application programs perform as expected, but they also provide administrators with the data they need to quickly discover, isolate and solve any issues that negatively impact an application's performance.
What you have with APM is the capability to get all of this information into some level of relevance that points you in the right direction.
Application performance monitoring tools' ability to quickly track transactions, map them and identify potential breaches provides bottom-line benefits to the business, said Forrester Research Inc. vice president and principal analyst Jean-Pierre Garbani.
"What you have with APM is the capability to get all of this information into some level of relevance that points you in the right direction," Garbani said. "You are saving money on the business side because you are shortening the time to repair, and you are saving money on the IT side because you don't need to have ten people on the bridge trying to solve the problem."
APM tools also help administrators monitor application servers so that they comply with service-level agreements (SLAs). Business rules can be set to alert an administrator when there is a contract violation, assuring that business-critical applications and functions are given priority.
These features are perfect for the swaps dealer requirements under Dodd-Frank, experts said. For example, swaps dealers are required to meet strict recordkeeping and reporting requirements so regulators can police the markets and reduce risk. Dodd-Frank requires swap transaction and pricing data to be reported to a registered swap data repository "as soon as technologically practicable" after execution of a publicly reportable swap transaction.
When there is a discrepancy in this reported data, identifying and rectifying it quickly is of utmost importance. Application performance monitoring tools can be a huge help to staying regulatory compliant because they provide this visibility, along with analytics to help resolve these performance and compliance issues, Garbani said.
APM tools adapt to new requirements
Process visibility and analytics are proving to be a huge part of overall business strategy in the big data era. Budget concerns, mobility, consumerization -- they're all are putting huge pressure on IT and its ability to monitor applications that run business processes.
The application performance monitoring tool market is evolving to adapt to these trend, as companies such as Nastel Technologies Inc. and Riverbed Technology release application performance monitoring tools that promise to monitor across networks and devices. Application performance monitoring is about ensuring applications are available and delivering timely, accurate and compliant transactions, said Charles Rich, vice president, product management and marketing at Nastel.
APM tools are designed to identify any anomalies, as well as the causes of these discrepancies, so IT practitioners can handle them in a timely manner, Rich added. New application performance monitoring tools can provide visibility to reduce false alarms and identify information management issues before they become a legal or compliance concern.
This provides "visibility, proactive prevention of problems, and reduction," Rich said. "You're monitoring what matters, and it's a way of aligning IT with the goals of the business."
More from Future State
Are consumer tools the future of bring-your-own-device security?
Will 3-D holograms replace some flesh-and-blood employees?
There remain concerns in the viability of the APM market, however. The 2013 Application Performance Management Spectrum Study released by Trac Research found that APM is a fast-growing IT management market. Vendors, however, often come from vastly different markets despite categorizing themselves under the application performance monitoring umbrella.
This has made the application performance management tool market diluted, and companies often must turn to multiple solutions from an assortment of different vendors to meet their needs, the Trac Research study found.
It's also important to remember that no APM tool will replace the human element when it comes to regulatory compliance. These tools must be designed specifically to cater to compliance and legal mandates and to correctly identify anomalies. Put in the wrong visibility requirements, and the tool does no good from a GRC standpoint.
What do you think? Is application performance monitoring beneficial to maintaining compliance, or is it too nascent a tool to trust with important data monitoring? Voice your opinion in the comments, we'd love to hear from you.
This was first published in December 2013