Connect with us

Technology

Are we due an “Austerity Program” in IT Security Management?

Published

on

Graeme Nash

By Graeme Nash, Director of Strategic Solutions, Fortinet

Growing operational costs; squeezed budgets; more potent and varied Internet threats; the need for greater visibility and control − these are all symptoms of an IT security management system urgently needing an austerity program, in other words: IT Security RationalisationGraeme Nash

Many of today’s nations are under severe financial pressure to reduce public spending, redress fiscal deficits and ultimately relieve sovereign debt. In doing so, they are forced to impose unwelcome structural reforms to businesses and individuals alike. The term ‘Austerity’ embodies this situation.

Similarly, the ‘eco-system’ of IT security is suffering under opposite pressures. What are these pressure points? How do they impact IT Security Management (ITSM) and business objectives? Answering these questions will help determine whether or not an austerity program in IT is already overdue.

Key Symptoms and ‘Eco-System Indicators’   

Growing Operational Costs
It is commonly accepted that ITSM operational costs grow ‘naturally’, as control and protection mechanisms get layered on top of each other. Reality is that security equipment and related processes often remain in operations far longer than their sell-by-date and new ‘urgent’ IT requirements tend to get built on top of legacy infrastructure, thus layering on additional opex.

Squeezed Budgets
As enterprises feel the strain on their balance sheets, many departmental budgets come under scrutiny. Security is particularly vulnerable as it is still commonly perceived as a sunk expense rather than a business enabler.

Expanded Threat Profile
Security reports show a growing capability gap between the sophistication of data theft and defensive mechanisms and resilience strategies in place in the enterprise. In addition, with social media and BYOD (Bring Your Own Device) entering the workplace, corporate data is now accessed via a plethora of personal and often vulnerable platforms that IT is often not prepared or equipped to securely manage.

Predicting Growth Requirements
Moore’s law of CPU processing power evolution equally applies to storage, content delivery volume and network bandwidth. And with the transition to fibre and IPv6 addressing in corporate networks, IT must quickly adopt its security with high-performance solutions. Accurately mapping from business growth plans into IT and IT security is a difficult exercise, but it is a key metric of a well-managed IT system.

The Drive to Cloud
When costs grow too high, infrastructure too complex and skills too hard to find, the cloud may be seen as the get-out-of-jail option. However, cloud computing certainly isn’t a panacea for all IT evils and comes with its own challenges, particularly in terms of security provision.

Project Prioritization
As budgets tighten and skilled engineers become scarce, it becomes even more critical to be ruthlessly efficient with the resources at hand.  IT security decision-makers must focus on  measurable projects where they can prove maximum benefit on security provision for their enterprise.

Austerity’s Three Pillars

The definition of a nation’s  austerity program can be based on three pillars. Let’s see how they apply to ITSM.

Raising Taxes
Countries often resort to raising taxes to help redress budget deficits. Most organisations simply don’t have that luxury. It is still rare to see IT security being run as an internal cost centre charging out to operational units for its services.

Spending Cuts
Public spending cuts are typically the other instrument of austerity. The trick here is to cut budgets where there is excess rather than going after critical services. How to cut IT security expenditure without impacting the safety of the enterprise? This brings us onto the third pillar.

Efficiency Gains and Structural Reform
The most effective, but ultimately most difficult and longest way to offset spending cuts is to introduce efficiency gains.  Those may demand parallel structural reform to squeeze more economic output from capital, equipment and labour. While this option is rife with unsavoury pitfalls for any government due to its long-term effect, it is the best one to pursue in ITSM.

The Manifesto for Painless ITSM Austerity: IT Security Rationalisation

IT security professionals have the opportunity to achieve real efficiency gains and even structural reforms if the broader business strategy of their organization warrants it. Let’s review the components of an austerity program for IT security management, without the pain.

Enhancing IT Risk Management
Risk management has been part of business operations for some time. IT-related risks are generally treated as being operational in nature, driving business continuity and backup plans  However, the increasing impact of threats on enterprise business requires risk assessment of external threats to be incorporated into the enterprise risk management process. IT security risk management should thus include the definition of the main vulnerabilities of the organization against those threats and their prevalence and impact.

IT Security Asset Reassessment
The primary purpose of asset reassessment is to lessen the impact of constrained budgets towards operational costs.

The collection of disparate solutions deployed over time across the organisation – such as those addressing firewall, antivirus, VPN, and more recently DDoS or IPv6 support – often imposes a disproportionate cost in operations and maintenance against the value they provide. An IT security asset re-assessment looks to:
•    Inventory these security assets and determine their specific function and value,
•    Determine current and 3-year projected security provision needs and if the current assets will support these needs,
•    Evaluate the original solution cost, the projected annual costs of maintenance & operations, and compare these costs against newer generation products delivering the same function,
•    Determine annualized transition costs.

Deploy Scalable Platforms
Because forecasting growth requirements is hard to achieve, IT organisations often compensate by  over-sizing their requirements, which, of course, comes at a cost. It is more cost-effective to simply deploy a scalable platform − which can be upgraded without any major change in technology or skills requirements − from the start.

Rebalance the In-House vs. Cloud Equation
Cloud computing may be seen as a central tenet of austerity. However, the main issue preventing a widespread cloud takeover is security, and with good reason. Consequently, there is a balance that needs to be struck between the economic and operational advantages of the cloud and its lack of security and audit capability. Within an IT austerity program, the in-house versus cloud equation needs to be rebalanced. In-house IT management for all but routine functions might prove to be a more secure and flexible option.

Technology Consolidation and Vendor Rationalisation
Evaluation of a vendor should look at vision, technology and process – with an objective of austerity. Technology-wise, consolidating security functions onto one platform helps improve performance and manageability. Where those security functions cannot be deployed on a single appliance, then having a consistent user interface and workflow paradigm helps drive costs down. Add enterprise-wide centralized management and reporting, and further operational savings can be gleaned.

In addition, security functions should cover all domains of IT, from fixed/wireless networks and assets to databases, web applications and mail systems. Equally, they should enable the maximum number of core IT security management processes.

Vendor rationalisation aims at enabling the maximum number of domains and key ITSM processes from a minimum of technology vendors. To meet future requirements while keeping costs low, vendors and partners must also be able to properly implement and support an enterprise’s global operations.

In conclusion, even though the pressure on ITSM is yet to reach its apex, the key symptoms and ‘eco-system indicators’ of IT security are undoubtedly driving the need for implementing an IT security rationalisation program today, in order to avoid the pain of austerity. This manifesto provides a way forward.

Technology

Wireless Connectivity Lights the Path to Bank Branch Innovation

Published

on

Wireless Connectivity Lights the Path to Bank Branch Innovation 1

By Graham Brooks, Strategic Account Director, Cradlepoint EMEA

As consumers cautiously return to the UK high street in the past few weeks, banks can expect customer footfall in branch to rise accordingly. But whether it’s checking in for a mortgage appointment or cashing in a cheque, awareness of the ongoing potential health risks must be top of mind.

At the same time, the pandemic has forced a transition to the future bank branch. This means that there will be less people and more machines – digital signs, contactless devices, and new cash deposit systems.

To ensure they continue to provide a service that attracts new customers, banks must digitise their branches. And wireless technology is going to form the underlying infrastructure that makes that possible.

Wireless WAN providing reliability

Traditional banks now face their biggest challenge in history: digital-only banking. Over two-thirds of participants in a 2020 study planned to transition to a digital-only bank in the future. It’s therefore vital that traditional banks running physical branches update in-branch customer experience to compete with the new pack on the prairie. Reliability plays a big part. So does trust.

The future of in-branch experience lies in technologies such as IoT, VR/AR, and AI, all of which are highly data-intensive. Reliable connectivity is therefore critical, and banks should be shooting for zero-downtime connectivity, allowing no room for gaps in service.

To do this, banks can deploy Gigabit-class 4G LTE (LTE Advanced) or 5G adapters that bridge to a traditional ethernet connection, providing a wireless option to the wired-line router. Then, in the rare scenario where wireless connectivity is down, at least one of the WAN connections is always guaranteed to be live. The router has the autonomy to determine when failover is necessary.

Better still, the reliability of modern Gigabit 4G LTE and 5G connectivity now means that failover is often unnecessary. A branch can, therefore, run its network independent of a wired-line connection and benefit from the security and agility of a resilient wireless network, while still providing enterprise-grade connectivity.

Branch network reliability, in this way, will support the bank’s reliability as a whole. In turn, this will fuel the higher standards of customer experience needed to compete with more agile digital-only banks.

The new reality of IoT

The first organised response to stop the spread of the virus around the world was social distancing. While transparent screens can be used to block transmission, the overarching effect of these measures has been a loss of communication capabilities. This will affect banks like it has everywhere else, if not more as a space where interaction is so important.

IoT technology will be core to overcoming these barriers. Digital signage, kiosks, and surveillance cameras will all contribute to improved communication and security, and a better customer banking experience. But to enable such extensive use of IoT devices operating on a single network, banks must ensure they can accommodate such high levels of data transfer. Using Gigabit 4G LTE connectivity to extend its services beyond traditional network infrastructure, banks will achieve the required levels of bandwidth.

Hybrid connections managed in the cloud

With high volumes of data being transferred across the network, security and availability should be at the top of the agenda when digitising bank branches. But these are not always easy to implement, especially in an environment with several complex networks of endpoints.

Graham Brooks

Graham Brooks

For example, marketing teams need to push personalised content to customers on digital signs and IT teams need to set visitors up on a guest WiFi network. These operations require the guarantee of security and availability, with trust and the customer experience at the core.

Wireless networks excel in this aspect as they can employ the benefits of a cloud-based management system. Cloud-based systems make it easier for bank staff working from home, who can access the same assets and applications from their sofa as they would otherwise have in-branch. The service is the same.

Cloud management systems also provide improved network visibility, giving IT teams endpoint information from across the network as it happens. With security patches being updated on devices simultaneously, leaving reduced time for opportunistic attacks to exploit known vulnerabilities.

Equally, by using a hybrid Gigabit 4G LTE network in tandem with a wired connection, businesses can achieve simplicity from an otherwise complex challenge. The primary wired network can be used to transmit any sensitive information securely, while a separate network using the Gigabit 4G LTE connection runs other in-branch operations.

The branch’s network, in this way, is ‘air-gapped’. The secure data being processed by the operations team runs on an essentially separate network to that of the marketing team’s content. The network will also increase its ability to process more information, with its workload spread out.

The simplest solutions are often the best. In this case, exploiting a hybrid network can address the complexities of security and availability when employing enterprise-grade connectivity.

Invest now for future 5G rewards

As banks continue to adapt their branches over the course of the pandemic, they should invest in business-wide digitisation to secure a sustainable pathway to the future. To achieve this, banks must ensure their network solution enables carrier-class connectivity. It should make use of the full spectrum of connectivity – 4G LTE to 5G – and offer the full spectrum of 5G bandwidth. Branches aren’t going anywhere soon. They must ensure that their services are optimal now, and in ten years’ time.

Fortune favours the bold, and those who chose to adopt revolutionary and innovative technology early are already on their journey. Learning from this, banks that invest now to improve their future infrastructure will thrive once 5G does arrive. Good things do not come to those who ‘wait’. They come to those who prepare well in advance.

Continue Reading

Technology

Financial Regulations: How do they impact your cloud strategy?

Published

on

Financial Regulations: How do they impact your cloud strategy? 2

By Michael Chalmers, MD EMEA at Contino

How exactly do financial regulations affect your cloud strategy? It’s a question many of our customers have been scratching their heads about. Some solutions are costly and over-complex – but by asking the right questions, the wrong solutions can be avoided.

Following the Financial Conduct Authority’s (FCA) 2020 review, it’s clear that highly regulated enterprises must work harder than ever to stay within various limits which protect customers during an economically strenuous pandemic. Below, I address three questions we’re hearing from customers about how to optimise the cloud whilst sticking to FCA regulations.

  1. What regulations must you consider before outsourcing to a cloud provider?

If you have an application or workload that you’re looking to put into the cloud, you will have various service levels that you’ve defined for that particular stack. When you’re looking at the cloud provider and asking yourself what services to use, you’ll need to consider how that aligns to your service levels. How do I architect it to make sure that it’s aligned and that it can tolerate failure?

At the very start of that journey, before you even start putting your workloads into the cloud, you need to set the standards that you will need to adhere to. The Shared Responsibility Model is a key asset in understanding where your responsibility lies.

There are a number of things that you need to make sure are in your contract with the cloud provider. Unless you specifically sign a contract addendum with them, you can’t guarantee that useful and knowledgeable assistance is included.

While the guidelines are very clear on a number of clauses that you need to put in your contract with the cloud provider, these regulations apply to outsourcing in general. Cloud providers are very mature, so they will come with pre-packed addendums to the standard contract they offer that are customised to comply with FCA regulations. However, if you start outsourcing IT functions in a different way, e.g. if you start using a Software-as-a-Service (SaaS) provider which is delivered using the cloud, the new provider will need to be vetted to make sure that you have the right clauses in your contract with them. While cloud providers are very mature on this, most SaaS tools are not.

  1. How can you control or restrict where data in the cloud moves?

When it comes to data security, there are various options available on Amazon Web Services (AWS). For example, you can securely lock particular regions into an account on AWS. It’s also worth looking at your account structure policy. If you have accounts where data can’t reside outside the EU, you can put the workloads into that bundle and you can lock it down at policy level. There is an element of trust with the provider here as well.

While AWS offers prescribed controls to block certain regions, other cloud providers have different strategies. In the case of Google Cloud (GCP), you can specify service controls so that, even for managed services such as Big Query, you can lock your data in not just one region, but within your virtual private cloud. In other words, not only can you block specific regions or allow specific regions, you can specify that only things within a region can assess data within a region as a general policy.

  1. What does the regulator need to see to approve your exit strategy?

In terms of documentation, it’s not a case of “show me your policies and test plan” but rather “show me how you exercise it”.

Most of the time it’s a months-long process and it comes down to personal relationships: you build trust over time with the regulator as you build your exit plan. You should be able to discuss what else they would like to see in there.  While there used to be a template for an exit plan in the European Banking Authority (EBA) regulations in a previous version, this has since been removed.

Regulators don’t tend to look at test reports. However, they do post a lot of information on audit reports and auditors. These auditors are there to check you’re doing what you say you’re doing. At the end of the day you are responsible for demonstrating your exit plan – it has to be coherent, consistent and compelling.

Final Thoughts

The truth is, most of the time, regulators are just trying to encourage you to do what works. That being said, sometimes their outlook doesn’t quite match with your view, or sometimes there’s an artificial difference that can be smoothed over or finessed. Occasionally you have to remember that we had 2008. What if in 2020 we have a massive AWS outage?

Multi-cloud is a natural strategy. There’s a number of high-level, cloud-native services that can be leveraged to simplify the implementation of multi-cloud in large financial institutions. Adhering to the multitude of guidelines can be complex and time-consuming, but forging the right path through the regulations will ensure that your multi-cloud is optimised to provide the most streamlined and efficient service possible to your business.

Continue Reading

Technology

Post-COVID Mortgage Processing: Ripe for Intelligent Automation to Boost Organisational Resiliency

Published

on

Post-COVID Mortgage Processing: Ripe for Intelligent Automation to Boost Organisational Resiliency 3

By Asheesh Mehra, Group CEO and Co-founder, AntWorks

As seen in many other countries, the COVID-19 pandemic sent a shockwave through the UK housing market, bringing the entire sector to a virtual standstill. As lockdown restrictions  ease, we are now witnessing a housing boom like no other, as thousands have entered the market looking to capitalise on the UK government’s new stamp duty relief on properties priced up to £500,000. At the same time, however, the economic fallout from this financial crisis has resulted in almost 750,000 people losing their jobs and countless more being furloughed, leading to an increase in property remortgaging requests and payment holidays.

As a result, banks and mortgage companies now find themselves inundated with new mortgage applications, refinancing and forbearance applications. To support this, there is now a drastic need for increased manpower to manually process the plethora of mortgage enquiries in a more efficient manner. That being said, the uncertainty of future pandemic impact and restrictions being imposed at a local or global level is leaving the industry under severe pressure to deal with the demand as quickly and effectively as possible.

Like many other industries feeling the impact of the COVID-19 crisis, the mortgage sector needs to deploy digitisation in their operations in order to scale their business faster than before or risk being left behind. Artificial Intelligence, deployed in conjunction with intelligent automation, can help ease the burden on mortgage brokers and lenders by accelerating the mortgage loan process and reducing costly errors caused by manual input.

Achieving speed and scale through intelligent automation

Automation is a viable and logical  solution for mortgage lenders as approximately 60 – 70 per cent of tasks in mortgage processes across the value chain are, replicable and prep-based tasks that are suitable candidates for automation. Traditionally, mortgage companies frequently conduct borrowing assessments that require careful analysis and comparison of customer data. This includes checking and establishing customer credit history as well as affordability by manually processing data from income documentation such as bank statements and payslips. This is a tedious but highly necessary process known (rather un-fondly) in the industry as the “stare and compare” stage of mortgage processing

These tasks require a huge amount of paperwork and form filling, which is not only time-consuming but also prone to human error. Furthermore, in their day-to-day routine, mortgage processors are required to literally unpackage and organise documents that are often in paper formats. This is a laborious process especially when executed across multiple mortgage applications at the same time.

This is where intelligent automation steps in to help mortgage companies take on and complete far more work, at a much faster rate and with higher accuracy. Automation can relieve mortgage workers from repetitive tasks such as manually populating the loan origination systems. This means that customers can get loans approved quickly and efficiently. In fact, a global mortgage provider leveraged the power of automation to increase the speed at which mortgage documents were being generated by up to 90 per cent without compromising the integrity of its review process. What’s more, they also managed to improve the turnaround time for the more complex documents by 100 per cent.

Cognitive Machine Reading (CMR) based solutions are the answer for companies looking to achieve straight-through processing for all their mortgage documents. CMR enables mortgage companies to overcome the challenges of digitising unstructured data and achieve faster ROI with higher accuracy with data certainty. Additionally, it can help mortgage companies to cut down on loan processing costs by up to two-thirds and mortgage origination time by 50 per cent.

The (fractal) science behind CMR is that it uses integrated AI capabilities to process highly complex unstructured data along with the more basic data formats. This data can then easily flow through the entire organisation via an end-to-end process achieved with little to no human interference.

Inevitably, all business data needs to be digitised so that it can feed analytics, drive automation, and provide those much-needed customer insights. CMR can play a part to eliminate repetitive and error-prone stare-and-compare tasks that are often a commonplace in mortgage processing. It is able to identify and process the context of data and validate it against existing information elsewhere. As a result, this speeds up the overall processing time for new mortgage and refinancing requests.

Avoiding common automation mistakes

Before kickstarting any digital transformation journey or automation projects, it is imperative that businesses look into avoiding the pitfalls of adopting the wrong automation tools. For example, utilising traditional Optical Character Recognition (OCR) technology for business processes can lead to significant data challenges which will slow down and impede automation goals. OCR is a simple data ingestion tool that is limited to only processing and automating structured data that comes in the form of fixed-field text. Given that 80 per cent of the data within most organisations is unstructured or does not have a predefined format (e.g. emails, images, signatures, social media feeds), OCR technology cannot ingest the vast majority of data trapped inside a mortgage process (or any other business process). In order to overcome this and improve its business process outcomes, one leading Insurance provider managed to process large volumes of unstructured data via CMR automation to achieve 75 per cent reduction in the manual data extraction of handwritten documents. Additionally, the company also achieved more than 92 per cent accuracy in identifying and processing handwritten content.

Critical, everyday business data contained in multiple formats such as emails, images, and handwritten material make up a large part of unstructured data. This is why businesses need to put greater emphasis on researching and identifying intelligent automation solutions that can unlock this date to achieve their business goals. CMR enables mortgage companies to significantly accelerate the course of identifying and classifying all types of documents by cutting down the reduction time for processing mortgage claims by 90 per cent with a substantial level of accuracy (75%). What’s more, it enables any organisation to automate at scale, bringing true automation as a company-wide approach rather than a segregated one.

The COVID-19 pandemic has managed to speed up the need for businesses to embrace digital transformation. This may well be the catalyst for many mortgage organisations steeped in antiquated legacy-based ways of working to refine and streamline their business operations via straight-through processing. It is clear that companies can successfully automate entire business operations to not only improve their operational efficiency but also achieve organisational resilience in a long run. And the faster mortgage lenders can tackle their processes right now, the better for the sooner they can pass those efficiencies and savings onto customers to help rebuild the economy and bolster the housing market in the UK and elsewhere.

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

Risk assessment: How to plan and execute a security audit as a small business 4 Risk assessment: How to plan and execute a security audit as a small business 5
Business13 mins ago

Risk assessment: How to plan and execute a security audit as a small business

By Izzy Schulman, Director at Keys 4 U Despite the current global coronavirus pandemic and the uncertainty it has placed...

Buying enterprise professional services: Five considerations for business leaders in turbulent times 6 Buying enterprise professional services: Five considerations for business leaders in turbulent times 7
Business58 mins ago

Buying enterprise professional services: Five considerations for business leaders in turbulent times

By James Sandoval, Founder and CEO,  MeasureMatch  The platformization of professional services provides businesses with direct, seamless access to the skills...

Wireless Connectivity Lights the Path to Bank Branch Innovation 8 Wireless Connectivity Lights the Path to Bank Branch Innovation 9
Technology2 hours ago

Wireless Connectivity Lights the Path to Bank Branch Innovation

By Graham Brooks, Strategic Account Director, Cradlepoint EMEA As consumers cautiously return to the UK high street in the past...

Financial Regulations: How do they impact your cloud strategy? 10 Financial Regulations: How do they impact your cloud strategy? 11
Technology2 hours ago

Financial Regulations: How do they impact your cloud strategy?

By Michael Chalmers, MD EMEA at Contino How exactly do financial regulations affect your cloud strategy? It’s a question many of...

Is It The Right Time To Invest In Gold? 12 Is It The Right Time To Invest In Gold? 13
Investing2 hours ago

Is It The Right Time To Invest In Gold?

By Zoe Lyons, Hatton Garden Metals The current climate is one of uncertainty, so it can be difficult to know...

Private public investment is more inter-dependant than ever 14 Private public investment is more inter-dependant than ever 15
Investing2 hours ago

Private public investment is more inter-dependant than ever

By Konstantin Sidorov, CEO and Founder of London Technology Club Today, one thing unites the majority of governments around the...

Post-COVID Mortgage Processing: Ripe for Intelligent Automation to Boost Organisational Resiliency 16 Post-COVID Mortgage Processing: Ripe for Intelligent Automation to Boost Organisational Resiliency 17
Technology2 hours ago

Post-COVID Mortgage Processing: Ripe for Intelligent Automation to Boost Organisational Resiliency

By Asheesh Mehra, Group CEO and Co-founder, AntWorks As seen in many other countries, the COVID-19 pandemic sent a shockwave through...

Understanding the Corporate Insolvency and Governance Act 2020 18 Understanding the Corporate Insolvency and Governance Act 2020 19
Business2 hours ago

Understanding the Corporate Insolvency and Governance Act 2020

By Katya Batchelor is a banking and finance lawyer at leading South East law firm Thomson Snell & Passmore  The...

Reuters Events Free Webinar – The Impact of The Pandemic On Executive Compensation 20 Reuters Events Free Webinar – The Impact of The Pandemic On Executive Compensation 21
Events4 hours ago

Reuters Events Free Webinar – The Impact of The Pandemic On Executive Compensation

Glass Lewis, CGLytics and the Council of Institutional Investors Identify Equity Portfolio Exposure to Governance Risks Join Reuters Events free...

Creating transparency and understanding between C-suite and F&A teams 23 Creating transparency and understanding between C-suite and F&A teams 24
Technology6 hours ago

Creating transparency and understanding between C-suite and F&A teams

By David Brightman, Director of Product Marketing at BlackLine There’s a stark disconnect between the promise of the cloud connected,...

Newsletters with Secrets & Analysis. Subscribe Now