Skip to main content

Industry Insights: Regulating failure (Reg SCI)

When examining the complexity in today’s applications and environments, and why APM technologies are becoming more critical by the day, those responsible for an application’s lifecycle must understand what an application does. Aside from providing application visibility, APM tools help troubleshoot issues. The failure to see and troubleshoot is a constant struggle for those supporting applications. When I speak publicly I’m always able to point to specific instances of failure which affect each of us; this month the hot button items were travel issues regarding airline IT systems, stock market failures, and others.
Within the securities market, the SEC has adopted regulations that attempt to improve US securities markets’ ability to handle systems compliance and maintain integrity. To that effect, on November 19th, 2014, the SEC approved the adoption of the Regulation Systems Compliance and Integrity (Reg SCI) under the Securities Exchange Act of 1934. The regulation requires compliance by November 2015, in a few short months. This new regulation was specifically created to prevent or better handle issues and incidents related to flash traffic crashing exchanges, security breaches, and other areas of system resilience. The financial markets are increasingly interconnected, making cascading issues a reality. These regulated entities include FINRA, trading systems, plan processors, and clearing houses. The requirements of Reg SCI include creating procedures, executing testing, monitoring effectively and reporting data and status to the SEC. The reporting must be done on a regular basis, and when major systems changes occur. The entities covered by the new reg SCI mandates must also perform annual reviews including the testing of disaster recovery procedures of secondary sites, and their ability to handle the same volume of transactions with the same responsiveness as the primary sites. The focus is primarily on production systems, but also includes development and testing processes.
When outages do occur, there are specific provisions as to what must be reported, including the root cause of these outages. This helps share the reason for issues which affect the technology that powers the financial markets.
In regards to what APM focuses on, the regulation requires that capacity planning must be accomplished, but interestingly the capacity planning must be focused on transaction accuracy and timeliness to ensure market integrity. Most IT Operations professionals focus on infrastructure capacity planning, but this regulation clearly shifts that focus to the application layer. Stress testing must also be accomplished with major changes, once again requiring measurements. Reg SCI specifically notes that the monitoring of any 3rd party provided software or services, and how those systems perform is a requirement. Capabilities around monitoring availability and performance of these services is an APM technology capability, as 3rd party performance often affects application performance and proper execution.
AppDynamics is a trusted APM provider in many of the world’s largest banks and exchanges, and many more globally. We are also used within several companies which fall under Reg SCI. As a result, many of our customers are reaching out to us in order to comply with this new regulation. We’re pleased to discuss how we can help, and how AppDynamics is evolving to handle new types of capacity planning models in the future.

Comments

Popular posts from this blog

Dynatrace Growth Misinformation

For my valued readers: I wanted to point out some issues I’ve recently seen in the public domain. As a Gartner analyst, I heard many claims about 200% growth, and all kind of data points which have little basis in fact. When those vendors are asked what actual numbers they are basing those growth claims on, often the questions are dodged. Dynatrace, recently used the Gartner name and brand in a press release. In Its First Year as an Independent Company, Gartner Ranks Dynatrace #1 in APM Market http://www.prweb.com/releases/2015/06/prweb12773790.htm I want to clarify the issues in their statements based on the actual Gartner facts published by Gartner in its Market Share data: Dynatrace says in their press release: “expand globally with more than three times the revenue of other new generation APM vendors” First, let’s look at how new the various technologies are: Dynatrace Data Center RUM (DCRUM) is based on the Adlex technology acquired in 2005, but was cr...

Misunderstanding "Open Tracing" for the Enterprise

When first hearing of the OpenTracing project in 2016 there was excitement, finally an open standard for tracing. First, what is a trace? A trace is following a transaction from different services to build an end to end picture. The latency of each transaction segment is captured to determine which is slow, or causing performance issues. The trace may also include metadata such as metrics and logs, more on that later. Great, so if this is open this will solve all interoperability issues we have, and allow me to use multiple APM and tracing tools at once? It will help avoid vendor or project lock-in, unlock cloud services which are opaque or invisible? Nope! Why not? Today there are so many different implementations of tracing providing end to end transaction monitoring, and the reason why is that each project or vendor has different capabilities and use cases for the traces. Most tool users don't need to know the implementation details, but when manually instrumenting wi...

IBM Pulse 2008 - Review

I spent Monday-Wednesday at IBM Pulse in Orlando. It was a good show, but quite a few of the sessions were full when I arrived. It was frustrating because they didn't offer them more than once. The morning sessions were mostly pie in the sky, and not very useful to me. I got to spend a lot of time with senior people in engineering, architecture, and acquisitions/strategy. I also got to meet people I knew from online or other dealings with IBM. Overall, the show was a good use of my time, and I found it enjoyable. Here are some of my highlights: ITM 6.2.1 improvements including agentless capabilities and such. New reporting framework based on BIRT which will be rolling forward. New UI which is being pushed and was on display from TBSM 4.2. Hearing about what other customers are up to (mostly bad decisions from what I've seen). Affirmation of ITNM (Precision) as a best of breed tool, with a excellent roadmap. Some things which are bad and make no sense: Focus on manufactur...