bankingciooutlook

Rivial Data Security: Streamlining Compliance in the Financial Industry

CIO VendorRandy Lindberg, Founder & CEO
The financial industry has undergone a seismic change, a rather positive one, after embarking on the journey of digital transformation. That said, the risk ecosystem in the industry has also grown in its complexity, bringing the spotlight on governance and standards. Cybersecurity management expert, Randy Lindberg—the founder and CEO of Rivial Data Security—well perceives the intricacies of the rapidly evolving compliance regulations and the emerging risks in the financial landscape. Lindberg is an astute information security specialist and possesses rich experience in information security that he has garnered over 18 years. In his previous stint at a regional bank, Lindberg discovered that banks often incur exorbitant expenses when it comes to security compliance services while receiving little or no value for money. Driven by his passion for building effective information security programs, Lindberg founded Rivial Data Security to deliver ingenious, custom-tailored, and cost-competitive IT security services for financial institutions.

Lindberg underscores Rivial’s symbiotic relationship with Quantivate, a Washington-based company offering industry-leading SaaS Governance, Risk, and Compliance (GRC) software solutions. The Quantivate software underpins all of Rivial’s IT security services, leveraging which Rivial brings immense value to clients at a fraction of the cost of their counterparts. Digressing from conventional risk assessment methods, wherein IT auditors perform an annual audit that entails a flurry of time-consuming activities from procuring documents to receiving recommendations from auditors, Rivial has essentially streamlined the entire process. “Leveraging the Quantivate software, Rivial has endorsed a managed services model whereby we have automated the auditing processes, sending reminders to clients to implement the required security controls and collect evidence. This enables our clients in staying compliant and keeping up their security, while not having to dread the annual IT audit,” states Lindberg. Rivial has carved its niche in the risk and compliance industry by successfully migrating from their IT audit plans to managed IT compliance, enabling clients to adhere to IT compliance throughout the year.
Rivial’s best-in-class risk assessment methodology is based on NIST 800-30 guide, the gold standard in the risk management field, amalgamating information security risk assessment, cybersecurity risk assessment, and number/data risk assessment in a single process. Tweaking the NIST framework, Rivial has developed a seamless method for operating a comprehensive risk analysis of a client’s environment. “Instead of considering all known threats and vulnerabilities individually to end up with a list of 300 or 400, we group threats into 17 categories for a more organized approach. We work with IT risk categories and corresponding security control categories,” explains Lindberg. For instance, one such category is inappropriate application access, wherein Rivial deals with the issue as a group and conducts a comprehensive risk evaluation using Quantivate’s software to attain an in-depth knowledge of the client’s application access environment. The clients are then provided with customized, efficient, and effective solutions along with a roadmap for building and improving their security programs. Moreover, Rivial has created a unique software tool that deploys advanced mathematical models, like the Monte Carlo simulation, to present risks concerning security dollars rather than generic measurements.

Leveraging the Quantivate software, Rivial has endorsed a managed services model whereby they have automated the auditing processes, sending reminders to clients to implement the required security controls and collecting evidences

Lindberg shares an instance wherein Rivial assisted a Credit Union that was struggling for several years to score a passing grade in their IT audit. Their exceedingly strict National Credit Union Association (NCUA) examiner further exacerbated the problem. Rivial performed their cutting-edge risk assessment, set the company up with the Quantivate software, conducted audits, and built a roadmap for their security program. After three years of their collaboration with Rivial, the client secured a Grade 1, which is virtually unheard of in the IT landscape.

Continuing the same streak of innovation, Rivial witnessed significant growth in the last year and is sprinting ahead in full stream. The company has recently launched their new website and new managed services earlier this year.