In the beginning of February, days of volatile trading slowed down apps and led to website outages at major brokerage firms and investment banks. While people speculated about whether this heralded the start of another financial crisis, I reflected on how much the online world has changed since the last crash just a decade ago. If a little turbulence is already causing apps and sites to fail, how will today’s web architecture cope with the next crisis?
The wild west of tech and finance
Looking back over the last decade and the rapid, unpredictable development of technology that has unfolded and started not just to enable business but to drive it, it should not be surprising that companies have been constantly under pressure to adapt. The pace of growth and volatility of change in technology, and more specifically of the web and what possibilities it creates, has mirrored closely the wild, unbridled nature of financial markets. The number of internet users worldwide has grown from 23.5 percent in 2008 to 51.8 percent in 2017. The GSMA counted four billion global mobile connections in 2008. By 2016 this number had grown to a whopping 7.9 billion connections.
In 2008, mobile accounted for just a tiny part of web traffic. Fast forward eight years and in 2016 global mobile traffic had already surpassed desktop traffic. By 2017 there were 2.2 million apps available on the App store and Google Play Store hit the three million apps mark. How could this not change everything?
But web and app traffic aren’t just human; there are also machines/bots with which to contend. More than half the traffic coming in today is from bots, which adds more unpredictability to the mix, given how exponentially fast the number of requests can come from an automated bot.
It’s like the untamed wild west in some ways, which again parallels the movements of the financial markets.
For brokerage and investment firms this means that during the February 2018 “turbulence” their web architectures needed to cope with many more visitors and channels than a decade ago. It’s therefore no surprise that some industry watchers hold the proliferation of apps largely responsible for the recent crash of several brokerage sites.
Today’s web pages eat bandwidth
It’s not just that the amount of web traffic and number of channels has increased, however. The average web page size has grown significantly, which is eating bandwidth. Data from HTTP Archive shows how average page size grew more than 5x from 702 KB in November 2010 to 3804 KB in February 2018. Video is a key factor here, increasing from zero to 1099 KB. The same for images that grew more than 4x time from 416 KB to 1824 KB, scripts that increased 4.5x times to 508 KB and finally fonts that grew 60 x times to 119 KB.
Five ways to cope with wild trading times
Given how important websites and apps are to the world of investment, brokerage firms must urgently evaluate whether their online channels are fit to cope in the present environment (as well as the inevitable fluctuations of the future). For example, can apps and websites scale and maintain a stable load speed, even when multiple people access them simultaneously? The good news is that web architecture technology has evolved significantly over the last decade to overcome these challenges. Let’s have a look at some of these new technologies and examine how they can help to avoid crashes or slowdowns of apps and sites.
- Caching to the rescue
One of the basic elements of today’s stable architectures is a web cache, also known as a reverse caching proxy. Think of it as a temporary storage area that mirrors a site or application’s content. The web cache serves a visitors’ request to a site or application, eliminating the need for the server to fetch the requested content from the backend. Consequently, server overload, the most common cause for slow load times and website caches, is removed. As such, a web cache can serve up tens of thousands of consecutive requests per second, speeding up website performance at least several hundred times over while reducing server load.
- A safety net for CDN performance
Many brokerage firms use external content delivery networks (CDNs), distributed systems of so-called edge servers across many data centres, with an origin server at the centre. If a user visits a site or an app, he or she will be directed to the closest edge server. If one server is down or slow, the visitor will be redirected to the next. By doing so, the CDN provides a protective layer, shielding the origin from attacks or overloads. One of the technologies used at the edge is caching. Most of the CDN providers also offer solutions for mobile websites or mobile apps.
However, CDN providers tend to locate their servers in the same major cities. Consequently, during high traffic periods they share the same peering relationships, which can cause significant delays. To prevent this, companies have recently started to embrace a hybrid model where the CDN is complemented with a private content delivery architecture in the cloud. In high-traffic scenarios, this setup allows data to be dynamically redirected from the CDN to the private cloud CDN.
- Coping with fast-changing content
Brokerage and investment firms need to continuously update huge amounts of information on investment offerings across different channels. When website content changes, the content stored in the web cache needs to be ‘invalidated’ or deleted so visitors don’t wind up seeing old information. Where multiple systems and data centres are involved this can prove to be a challenge. And during times of wild trading this can become near unmanageable.
Cache invalidation might sound simple, but it’s so tricky that internet veteran Phil Karlton declared it to be one of two ‘hard things’ in computer science. Modern caching tools make it simple to send invalidation requests to multiple caches at once, even when they are in different locations. This allows site content to be updated simultaneously in a controlled, automated and fast way – even during wild trading conditions. This is important as the entire market must receive the same information, almost to the millisecond or the financial company risks losing their permit to operate.
- Accelerating mobile page load
Brokerage firms increasingly use personalisation to fine-tune the content they display to individual users based on factors such as behaviour, previous investments and location. When content is updated, the cache contents need to change as well and all sites containing the new content must be reloaded. Established tools like Edge Side Includes (ESI) automates this process, but the updates occur sequentially, which can slow down content delivery.
A new approach called parallel ESI loads changed content elements – as the name indicates – in parallel, which significantly speeds up the process.
- An insider’s tip – encryption
A little known fact is that using TLS encryption helps to increase performance for mobile visitors. Apparently cellular network providers queue up and put through TLS encrypted traffic. It’s a small performance gain, but sometimes it can be enough to make a big impact.
Crashes are no longer an option – scaling is key
These are just five ways in which new technologies can help brokerage and investment firms to enhance their web architectures to withstand the traffic and bandwidth challenges associated with wild trading times. I would encourage any CTO and CIO to evaluate them because uncertainty and high traffic peaks, though nothing new, are increasingly the new normal and website crashes are no longer acceptable.
Author: Lars Larsson, CEO of Varnish Software
Track and Trace and Other Lost Data
By Ian Smith, General Manager and Finance Director at Invu
You, like me, were probably amazed by the now infamous loss of the over 16,000 positive test results in the track and trace system due to an Excel spreadsheet error.
You, like me, probably wondered how the Government could get something so important so wrong?
But perhaps we should aks are standing in a greenhouse launching stones?
Data risks from software
Today we are spoilt with software offerings that help us with both our personal and our work lives.
Microsoft Excel is a powerful application and offers many functions now that required moderately complex macro writing in the past, seducing all of us into submitting more data for it to analyse. In finance, we tend to solve all those problems our applications cannot address using Excel.
In finance, we also know the risks of formula errors, and if we have relied on it enough, we will have our own war stories to go with these risks. Yet, we often continue to use the tool for operations that make those folks with an information technology background shake their heads.
These Excel files nowadays may find themselves resident on a local file server or one of the many file servers in the cloud (like those from the big three, DropBox, Google Drive and Microsoft OneDrive or other less well-known file sharing applications). Many of us use these in multiple ways.
Beyond finance and Excel, there are now many applications that we run our data through and leave data stored in the form of documents, comments and notes.
The long-standing example is email. We today receive many documents via email, with content in the body often providing context. Email systems then become the store for that data. While this works from a personal point of view, for a business working at scale, the information stored this way can be lost to the rest of the business. Just like data falling off a spreadsheet when there are not enough rows to capture the results.
More recently, we have seen easy to consume applications develop in many areas like chat and productivity. Take for example task management apps, my own preference being Monday.com (I am sparing you the long list of these). The result of the task and how we got there, in the form of attachments or comments, are often stored in the application. Each application we touch encourages us to leave a bit of data behind in its store.
Many of these applications can have a personal use and an initial personal dalliance is what sparks up the motivation to apply the application to a business purpose. Just like the “Track and Trace System”, they can often find themselves being used in an environment where the scale of the operation overwhelms their intended use.
In our business lives, combining the use of applications in this way by liberally sprinkling our data across multiple systems often stored in documents (be they Microsoft Word, email, scans or comments and notes) puts us on the pathway to trouble.
Imagine how Matt Hancock felt explaining to Parliament that the world-class track and trace system depended on a spreadsheet.
Can you imagine a similar situation in your business life? Say, for example, that documents or data in some form was lost because of the use of disparate systems and/or applications that were not really designed for the task you assigned to them.
Who would be your Parliament?
Now you can see yourself in the greenhouse, you may not want to reach for that metaphorical stone.
If these observations create some concerns for you, you may want to consider the information management strategy at your business. You have a strategy, even if it is not addressed specifically in documents, plans or thought processes.
These steps may help figure out where you are and where you want to go.
- Assess your current environment.
Are you a centraliser, with all the information collected in one place? Or is all your data spread across multiple stores, as identified above? Are you storing your key business information on paper documents, or digitally or a mix of both.
- Assess your current processes.
Do your processes run on a limited number of software applications? Or do you enable staff to pick their own tools to get things done? The answer to this question is often a mix of both where staff bridge the gaps in those applications using tools like MS excel. A key application to think about is how the data in email, particularly the attachments, is made available to the business.
- Design a pathway for change and implement it.
Start with the end in mind. I suggest the goal is to enable the right people to have the right access to the information they require to do their job in real-time. I believe the way to effectively do this is to go digital. The fork in the road is then whether to centralise your information store or adopt a decentralised approach.
My own preferred route is to centralise using document management software that enables all your documents to be stored in one place. Applications like email can be integrated with it, significantly reducing the workload required to file and store the data. The data can then be used in business applications using workflows. Thinking these workflows through will help you assess the gaps between your key business applications and consider whether tools like excel are being stretched too far.
NICE Unveils ENLIGHTEN Fraud Prevention Powered by AI and Voice Biometrics to Empower Contact Centers in Safeguarding Consumers
Using AI-enabled interpretive and predictive models and advanced voice biometrics, the new solution continuously scans millions of calls to proactively identify fraudulent behavior and protect brand reputation
NICE (Nasdaq: NICE) today unveiled ENLIGHTEN Fraud Prevention, an innovative new solution for automatic and continuous fraudster detection and exposure. Bringing together NICE ENLIGHTEN’s comprehensive Customer Engagement AI platform with the company’s voice biometrics capabilities, the solution continuously scans millions of calls to accurately pinpoint suspicious behavior and uncover previously unidentified fraudsters. Adopting a proactive approach, NICE ENLIGHTEN Fraud Prevention significantly reduces fraud losses and handling time while protecting consumers and improving their experience.
“Contact center fraud is growing in frequency, breadth and sophistication,” observes Dan Miller, Lead Analyst at Opus Research. “NICE ENLIGHTEN Fraud Prevention stands out as an integrated, pre-emptive AI-based Fraud Prevention solution that actively prevents malicious activities with minimum additional effort from customers.”
Unlike most technologies that focus on a single call, NICE ENLIGHTEN Fraud Prevention includes powerful AI interpretive and predictive models that scan millions of voice interactions over time to detect abnormal, risky behavior including requests to change addresses or authentication methods without relying on agents to manually capture dispositions. NICE’s Proactive Fraudster Exposure voice biometrics capability included within the solution is then used to expose perpetrators and create a ranked and prioritized list of suspected fraudsters. Importantly, the solution is self-training, constantly learning from identified behaviors, continuously updating its AI models and thus consistently improving results. With this novel solution, organizations can protect customers from account takeover and prevent exposure of personally identifiable information, reduce fraud losses, optimize fraud analyst team efficiency and safeguard brand loyalty.
“We are proud to bring yet another market-first offering with NICE ENLIGHTEN Fraud Prevention,” Barry Cooper, President, NICE Enterprise Group, said. “NICE ENLIGHTEN is NICE’s AI platform with models specific to the Customer Engagement domain. A number of solutions across our portfolio are being infused with AI from NICE ENLIGHTEN including our Proactive Fraudster Exposure solution. NICE ENLIGHTEN Fraud Prevention ensures that fraudsters are rapidly and proactively stopped in their tracks so organizations can protect their customers and their brand. We believe that by bringing AI to Fraud Prevention we provide organizations with the agility that makes it even more difficult for the fraudsters to win.”
Financial Services Sector Leads in Fixing Application Flaws, Lags in Time to Remediate
Veracode, the largest global provider of application security testing (AST) solutions, today released findings revealing that the financial services industry has the best flaw fix rate across six industries and leads a majority of industries in uncovering flaws within open source components. Fixing open source flaws is critical because the attack surface of applications is much larger than developers expect when open source libraries are included indirectly.
The findings came as a result of Veracode’s State of Software Security Volume 11, which analysed 130,000 applications from 2,500 companies. The research found that financial services organizations have the smallest proportion of applications with flaws and the second-lowest prevalence of severe flaws behind the manufacturing sector. It also has the highest fix rate among all industries, fixing 75% of flaws. Still, the research found that financial services firms require about six and a half months to resolve half of the flaws they find, indicating it is slower than other industries to remediate.
“Financial services firms have a median time to remediation of more than six months, despite having a high fix rate compared to other sectors,” said Chris Wysopal, Chief Technology Officer at Veracode. “However, developers in the financial services industry are often limited by the nature of the environments they are working in, as applications tend to be older, have a medium flaw density, and aren’t consistently following DevSecOps practices compared to other industries. With some additional training and sticking to best practices, they can quickly remediate issues and start to reduce security debt.”
Financial Services Specific Findings
Veracode’s research found compelling evidence that certain developer behaviours associated with DevSecOps yield substantial benefits to software security. The findings detail that financial services firms:
- Are a leading industry when it comes to fixing flaws in their open source software and establishing strong scan cadences.
- Fall to middle-of-the-road for scanning frequency and integrating security testing, and are not likely to be using dynamic analysis (DAST) scanning technology to uncover vulnerabilities.
- Outperform averages across all industries in dealing with issues related to cryptography, input validation, Cross-Site Scripting, and credentials management – all things related to protecting users of financial applications.
Predictions 2021: The Path To a New Normal Demands Increased Business Resilience and Cost Efficiency
By Jussi Karjalainen at Valtatech A global pandemic, wild bush fires, a stock market crash, a presidential impeachment, and presidential...
Is now a good time to consider art as an investment?
By Anita Choudhrie, Founder of Stellar International Art Foundation Back in April, as Covid-19 began to have a significant impact...
DAC 6 – D Day is imminent – Update of key elements
By Andrew Knight is managing partner of Harneys Luxembourg office and head of its Tax and Tax Regulatory team in...
5 steps for SMEs to budget properly for the coming year
By Fabio Comminot, Head of Dealing, Switzerland at Ebury, one of Europe’s largest Fintechs, has provided a five-step guide to...
Cash in the time of Covid-19: A tale of financial exclusion
By Matt Adam, company’s chief executive, We Are Digital Financial exclusion rates are on the rise thanks to Covid-19. But...
Track and Trace and Other Lost Data
By Ian Smith, General Manager and Finance Director at Invu You, like me, were probably amazed by the now infamous...
Why ID verification is no longer a barrier to global growth in banking
By Barley Laing, UK Managing Director at Melissa Issues related to effective identity (ID) verification have restricted the global growth...
Digital Finance: Unlocking New Capital in Disrupted Markets
By Krishnan Raghunathan, Head of Finance & Accounting Services at WNS, explores how a digitally transformed finance department can give enterprises...
Beyond the bottom line: why brands must show they care to connect with customers
By Vadim Grigoryan, Partner, Lunu Over the past few years, we’ve witnessed an ever-growing activism among consumers, with public opinion...
O-CITY enters Kenya to drive contactless payments across Matatu bus service
Up to 10,000 buses to become cashless with O-CITY’s M-Pesa-based ticketing solution O-CITY, the automated fare collection provider by BPC,...