The recent announcement that CA acquired Orchestria to extend its identity and access management portfolio to include data loss prevention raises some key questions about exactly what problems CA hopes to solve. While DCIG sees the value in companies acquiring and merging with other companies to solve specific strategic problems, this one left us scratching our heads a bit. After all, wasn’t it Bear Stearns who back in 2005 selected Orchestria to oversee its electronic communications? But now, in the light of day, really how much benefit did its implementation of Orchestria provide Bear Stearns in light of Bear Stearn’s recent public failure?
So what benefits did Orchestria provide Bear Stearns? Well, we’re pretty sure it was one of the products that that the SEC used to gather evidence against Bear Stearns when the SEC brought charges against two Bear Stearns Asset Management portfolio managers for fraudulently misleading investors about the state of the firm’s two largest hedge funds. Interesting to note, the use of email communication is one of the primary means that is being used to prosecute these managers.
So if we for a moment forget about the stupidity of Bear Stearns’ managers in leaving behind a trail of evidence for the SEC to find, it is also obvious that Orchestria’s software suite really was not much help in preventing this from occurring in the first place. All it did was help investigators piece some of the puzzle back together after the damage was already done which, as we are finding out now, was too little, too late.
What is done is done but what DCIG sees as a problem with CA’s acquisition of Orchestria and its product suite is that it does nothing to fill this gap of proactively helping organizations connect the dots before a situation like Bear Stearns escalates out of control. Sure, products like Orchestria protect information (which, in its defense, is all it claims to do) but with billions of dollars already lost by investors and the SEC coming after a company that is just a shell of its former self and no likelihood of ever recovering the money, what good is it?
But on a larger scale deficiencies like this are beginning to illustrate that organizations need to move beyond looking backward and adopt an entirely new model that identifies these activities before they escalate to the point where world markets are roiling because of them. It is DCIG’s opinion that the government will be less satisfied going forward to come in after a debacle has already occurred. Instead, DCIG expects just the opposite. Businesses will be questioned incessantly about their internal operations, especially those that have recently received government funds.
There is already evidence of this based upon recent comments made by Mary Schapiro, the newly sworn in Chairman of the SEC. She recently said, “We will be committed to reinvigorating a financial regulatory system that must protect investors and vigorously enforce the rules. We will work to deepen the SEC’s commitment to transparency, accountability, and disclosure while always keeping the needs and concerns of investors front and center.” Translation: Schapiro is clearly warning that the SEC is very much focused on regulations and significantly increasing the number of enforcement actions.
Bear Sterns is just one case but other companies that are just now or have in the past implemented solutions in anticipation of these new regulations so they can appropriately react to inquiries may not be as well positioned as they first thought. This new proactive stance by the SEC may put a new twist on enforcement as the SEC looks to prevent incidents before they ever occur. What this may mean is that the SEC will expect organizations to connect the dots across all of their data repositories and proactively identify suspicious activities before it blows up.
What organizations should expect this initial scrutiny from the SEC? We think a good bet is the 200+ entities that have already received government money. While these institutions accepted the money in order to save themselves, it comes with a whole new level of scrutiny that could potentially result in them being dragged before Congress to explain where every piece of money went. After that, who knows? These changes could likely be pushed down the throats of other institutions and then if they can’t comply or produce the required information, God help them.
While transparency and visibility into some of these organizations is probably needed, these are complex organizations. To gain access to all of an organization’s available information and then take the right action to support litigation and compliance is already tough. But what is coming down the path introduces a whole new level of complexity that organizations need to prepare themselves for. Even in the case of Bear Sterns, all the information was probably there but nobody was available to put the whole story together until after the fact. In this new climate, regulators will want organizations to explain what they are doing and why they are doing it while they are doing it.
The level of transparency needed, and that is being suggested by the SEC, to safeguard government and taxpayer monies will now be rooted in understanding how all of an organization’s information interrelates, regardless of where that information is coming from. This calls for an approach that pulls information from all of these repositories so organizations have a single, consistent view into their data across their environment.
As organizations move into this new environment, they are advised to look at solutions like Autonomy’s IDOL platform. It brings together multiple forms of information by reaching into multiple data repositories and providing deep analytics so companies can extract relevant information and produce the explanations that help them explain what they are doing so they can meet regulator’s requests. As companies start to look ahead, they will find that solutions that solved yesterday’s problems are less relevant for the new challenges that they are about to face. It is only by obtaining an understanding of what content they have and where their risks and liabilities lie now that they can quickly build a strategy and respond to whatever new demands that this new regulatory environment presents.