FOCUS: MITIGATING COMPANY RISK WITH WEB ACCESS CONTROL MANAGERGovernance and Best Practices for Controlling Access and Reporting to Critical Systems

WHO HAS ACCESS TO YOUR CRITICAL INFORMATION SYSTEMS?
YOU’D BE SURPRISED.

Controlling and having full transparency of business users and systems access to books and records of a firm is a central tenant to mitigating company risk, cost, and business continuity.

There are two critical processes that market data teams and business CISO’s need to manage in order to ensure their firm’s trading partners are not exposed to unauthorized access and compliance risk. First, the manual process of updating the monthly entitlement changes to trading venue usage eliminating the risk of users who left the firm accessing business critical trading venues. Second, the manual effort to reconcile between the vendors supplied monthly entitlements report with the client entitlement database.

West Highland’s Web Access Control Manager solves this by providing technical controls and automation to trading venues, ensuring protection of the books and records of a firm as well as the transaction services that drive their business.

Technology Risk Management groups apply this solution to adhere to vendor, market, governmental, and international governance. The service drives best practice protocols to ensure service integrity, resilience, and reliability.

ACCESS CONTROL MANAGER BENEFITS CONTROLLING AND PROTECTING TRADING SYSTEMS BY:
  • Eliminating compliance exposure by ensuring users and systems are properly approved when connecting to trading systems
  • Providing full transparency and reporting to users, trading venues systems usage
  • Providing full audit trail and reporting of user access and venue conectivity

Access Control Manager facilitates trading venue access while fostering market integrity and protection.  If a firm’s trading systems or the external trading venues they use experience outages, particularly if the outage or input error is the result of technology and access control not being managed effectively, confidence and market integrity can be negatively impacted.




WACM solves a key problem – ensuring that anyone who is using financial trading systems has the correct access to those systems and anyone that leaves the firm or moves into a new group, that their entitlement should be removed as quickly as possible.



Access Control Manager covers a broad range of risk factors, which can be exacerbated in today’s electronic trading environment. These risks necessitate the development of policies and procedures that West Highland Access Control Manager provides to manage venue access and change management.

They are:

  • Human error
  • Legal/compliance/reputational risk
  • IT malfunctions and system/network failures internally or with the vendor
ACCESS CONTROL MANAGER AUTOMATES AND SIMPLIFIES:

GOVERNANCE AND BEST PRACTICES

  • Correctly and compliantly onboard and off board users and entitlements per service accordingly, by asset class, security, and region
  • Reconcile access requests to external trading venue with internal system control processes to support business criteria and technology risk management
  • Automating removals, adds and changes to users and trading venue access
  • Create and manage a definitions database for the on-boarding process and mapping between users, trading venue and what markets and security types accessed



WACM mitigates trading risk that exposes the firm to users having access to key systems when they shouldn’t.



SINGLE SIGN-ON (SSO)

Access Control Manager also facilitates West Highland’s and client’s single sign-on authentication scheme that allows users to access multiple trading venue systems and websites.

SSO BENEFITS

Mitigate access risk to 3rd-party sites via West Highland’s abstraction authentication methodology, ensuring passwords are not stored, and managed in a central location:

  • Reduce user password fatiguedue to too many username and password combinations
  • Reduce time spent re-entering passwords for the same identity
  • Reduce IT costs due to lower number of IT help deskcalls and manual corrective interventions

West Highland’s SSO process uses a centralized, secure server cluster which users authenticate once to access all their trading venues.



For more information about West Highland Support Services‘ Access Control Manager supporting your Trading Venue Management and Reporting please contact us at sales@westhighland.net for a no obligation conversation at your convenience.