Connect with us
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Technology

BeyondTrust Survey Reveals Five Keys to Secure DevOps, Cloud, and IoT Adoption

Published

on

Kx technology powers R5-SHCH Connect, a new high-speed link between China and the London FX market

82 percent of respondents say that privileged access management facilitates the move to next-generation technologies

BeyondTrust, the leading cybersecurity company dedicated to preventing privilege misuse and stopping unauthorized access, today announced the results of the 2018 Implications of Using Privileged Access Management to Enable Next-Generation Technology Survey. The survey shows that 90 percent of enterprises are engaged with at least one next-generation technology (NGT), such as cloud, IoT, or AI. Yet, while enterprises are optimistic about the business benefits these technologies can bring, they also have concerns about the risks, with 78 percent citing the security risks of NGTs as somewhat to extremely large. One in five respondents experienced five or more breaches related to NGTs. Excessive user privileges were implicated in 52 percent of breaches.

It is an exciting time for IT. Next-generation, transformative technologies such as AI/Machine Learning and IoT, and business processes like DevOps are leading the way to a bright future full of operational efficiencies, greater business agility, and cost savings. Yet, there is also a dark side to these NGTs: security vulnerabilities.

To better understand how security issues, such as privileged access management (PAM), affect the adoption of NGTs, BeyondTrust – the leader in PAM – surveyed 612 IT professionals. The results are a wake-up call for anyone looking to leverage these NGTs.

DevOps has Reached Mainstream; AI and IoT Not Far Behind

Morey Haber, CTO, BeyondTrust

Morey Haber, CTO, BeyondTrust

The survey found broad interest in NGTs, with the most common being DigitalTransformation (DX), DevOps and IoT.  IT reports these NGTs are important for organizations, with 63 percent saying Digital Transformation (DX) will have a somewhat to extremely large impact on their organization, followed by DevOps (50 percent), AI (42 percent), and IoT (40 percent).

Significant Movement Toward the Cloud

The survey also found that cloud transformation is accelerating.  Respondents indicate that today, 62 percent of workloads are on-premises, with 15 percent in a public cloud, 11 percent in private clouds, and 8 percent in SaaS applications. Over the next three years, that is projected to dramatically change—on-premises drops to 44 percent, public cloud jumps to 26 percent, private cloud increases to 15 percent, and SaaS increases to 12 percent.

One in Five Respondents Experienced Five or More Breaches Related to NGTs

Security issues, as a result of NGTs, happen at an alarming rate. Eighteen percent of respondents indicated they had a breach related to NGTs in the last 24 months that resulted in data loss, 20 percent experienced a breach that resulted in an outage, and 25 percent saw breaches over that time period that triggered a compliance event. One in five survey respondents experienced 5 or more breaches.

Too Much Privilege Results in Breaches

The study shows that, more than half the time, these breaches occur due to trusted users doing inappropriate things for innocent reasons, with 13 percent of respondents indicating it happens “often” or “all the time.” In 18 percent of the cases, it’s trusted insiders going rogue, and in 15 percent of the cases, its outsiders gaining privileged access to steal credentials. In each case, excessive privileges are to blame.

There are real business costs that result from breaches. The top costs are lost productivity, loss of reputation, monetary damages, and compliance penalties.

Privileged Access Management Can Facilitate the Move to NGTs

Respondents overwhelmingly indicate that PAM-related capabilities can improve security and facilitate a move to NGTs. Top practices include controlling and governing privileged and other shared accounts (60 percent, 59 percent, respectively), enforcing appropriate credential usage (59 percent), and creating and enforcing rigorous password policies (55 percent). In fact, 100 percent of the survey respondents say they are employing at least one PAM-related best practice to avoid NGT problems with privileged access.

How Privileged Access Management Can Enable the Transformation to Next-Generation Technologies

To improve security while reaping the transformative benefits that NGTs offer, organizations should implement five privileged access management (PAM) best practices that address use cases from on-prem to cloud.

  • Best Practice #1: Discover and inventory all privileged accounts and assets. Organizations should perform continuous discovery and inventory of everything from privileged accounts to container instances and libraries across physical, virtual, and cloud environments.
  • Best Practice #2: Scan for vulnerabilities and configuration compliance. For DevOps and cloud use cases, organizations should scan both online and offline container instances and libraries for image integrity.
  • Best Practice #3: Manage shared secrets and hard-coded passwords. Governing and controlling shared and other privileged accounts represents one of the most important tactics organizations can employ to limit the effects of data breaches resulting from NGTs.
  • Best Practice #4: Enforce least privilege and appropriate credential usage. Organizations should only grant required permissions to appropriate build machines and images through least privilege enforcement.
  • Best Practice #5: Segment networks. Especially important in DevOps, lateral movement protection should be zone-based and needs to cover the movement between development, QA, and production systems.

“It is encouraging to see that organizations understand the benefits that Privileged Access Management can deliver in protecting next-generation technologies, but there are more best practices to employ,” said Morey Haber, Chief Technology Officer at BeyondTrust. “The survey affirms that security should be at the forefront of new technology initiatives, otherwise, organizations can experience serious financial, compliance, and technological ramifications later on.” 

Photo Caption: Morey Haber, CTO, BeyondTrust 

Top of Form 1About BeyondTrust

BeyondTrust is a global information security software company that helps organizations prevent cyber attacks and unauthorized data access due to privilege abuse. Our solutions give you the visibility to confidently reduce risks and the control to take proactive, informed action against data breach threats. And because threats can come from anywhere, we built a platform that unifies the most effective technologies for addressing both internal and external risk: Privileged Access Management and Vulnerability Management. Our solutions grow with your needs, making sure you maintain control no matter where your company goes. BeyondTrust’s security solutions are trusted by over 4,000 customers worldwide, including half of the Fortune 100. To learn more about BeyondTrust, please visit www.beyondtrust.com.

Follow BeyondTrust

PowerBroker for Networks Datasheet

Twitter: http://twitter.com/beyondtrust
Blog: www.beyondtrust.com/blog
LinkedIn: http://www.linkedin.com/companies/beyondtrust
Facebook: http://www.facebook.com/beyondtrust

Technology

Creating a culture of cybersecurity in Financial Services

Published

on

Creating a culture of cybersecurity in Financial Services 1

By Martin Landless, Vice President for Europe at LogRhythm

As the financial services sector increasingly moves online and reaps the benefits of the modern digital economy, the sector has become an even more tantalising target for cybercriminals.  Financial data is among the most lucrative data types for cybercriminals, going for high prices on the Dark Web or used to access accounts, copy payment cards and make fraudulent purchases.

For any business which suffers a successful cyberattack, the consequences can be severe. A halting of business processes whilst the business gets up and running again can impact the bottom line, negative media attention can dent customer confidence, and the potential for a large General Data Protection Regulation (GDPR) fine can derail existing plans for business growth.

These consequences will be front of mind for financial services leaders now, as the sector has found itself in the crosshairs even more so during the current pandemic. Recent data from VMWare indicates that cyberattacks against the financial sector increased by 238 per cent from February to April 2020, with cybercriminals looking to take advantage of the tumult to steal valuable data.

Although financial services institutions find themselves under attack more frequently than ever, it is still possible to remain at the forefront of the digitalisation of the industry and remain secure. Doing so relies on a three-pronged approach, with people, processes and technology all working in concert towards ensuring cybersecurity. Through a holistic approach, a culture of cybersecurity can be created that protects institutions.

Security maturity

Given the sensitivity of the data they manage, financial services organisations must have a mature security operation model in place to deal with threat actors. Security operations maturity is measured based on two variables: mean time to detect (MTTD) threats and mean time to respond (MTTR) to them.

A reduction of both MTTD and MTTR is crucial to ensuring cyberattacks are halted earlier in the threat lifecycle, and is reliant on technological solutions which allow for the automation of workflows. This frees up vital time for security teams to focus their attention where it is most needed. Indeed, a recent survey of security professionals and executives found that 47 per cent[1] of those surveyed felt that they needed increased security teams, so anything that can maximise the effective time of existing cybersecurity personnel is a huge benefit. Visibility across networks and systems is also key, as cybersecurity teams must be able to immediately see shifts in behaviour in the network to recognise imminent threats as they arise.

Although technological innovation in security response is a strong foundation for an effective culture of cybersecurity, this must be complemented with processes and security training for employees.

Ensuring cybersecurity is a board-level issue

It is the responsibility of the CISO and the security team which works under them to ensure that security is front of mind for all employees. A chain is only as strong as its weakest link, and it only takes one employee falling victim to a phishing email to compromise a business. CISOs may be senior figures in a business, but they need the support of the rest of the C-suite to fulfil their goals. At the board level, CISOs must ensure that executives are aware and fully understand the challenges security teams encounter day to day and the longer term[2].

Martin Landless

Martin Landless

This then becomes a matter of communication rather than technology. One potential means of communicating security posture to the board is by focusing on the benefits and return on investment an effective security posture can entail. Additionally, a CISO can furnish a high trust environment through partnering a member of the board with the security team.

This partner can articulate perspective to the team from a purely business standpoint, allowing the team to produce intelligence to the board that exhibits the business value of the security operation centre’s (SOC’s) methods and goals. This collaborative approach will encourage the understanding security teams have for business goals and the board’s understanding of security necessity.

Growing security alongside the business

One area of understanding between security team and leaders that should be nurtured is the impact of business growth on security. Although business growth indicates that a business is in robust health, it also facilitates multiple avenues through which a company can come under cyberattack.

Firstly, don’t assume cybercriminals aren’t keeping an eye on the markets and on the business pages. They’ll be aware of a company’s raised profile and whether they’re now a more lucrative target – or not. Positive business events like mergers and acquisitions can also present opportunities for cybercriminals. On a tech level network and security systems of different companies may be in the process of being migrated and integrated, and on a more human level, new staff, as yet unaware of the security protocols of the company they’re joining, can be targets.

It’s important then that security teams ensure each new employee is vetted, safely added to the system and trained on appropriate security protocol. In the case of acquisitions, security teams must effectively monitor new structures that are added to the network, and third-party connections with whom they are not yet familiar. A Gartner study earlier this year identified third-party cybersecurity risk as a key concern for half of legal and compliance leaders.

This is all easier said than done however, and key to this issue is security budget, and it is here board-level support is important. Security budgets are often determined in advance and follow two common pricing models used by security vendors: the user-based model and capacity-based model. In the face of growth, both are fixed, and may leave security teams making difficult decisions as to where they safeguard their organisations.

Executives should instead look for security vendors which offer a subscription-based model. This offers the guarantee of scalable security at a determined rate, which will greatly alleviate the stress felt by security teams in what often should be an exciting time for an entire organisation.

Changing security budgets to better facilitate the work of SOCs represents a culture of cybersecurity being put into practice. Technological solutions are provided based on an understanding between security teams and the board on what is needed, allowing for better performance in MTTR and MTTD.

Security posture needs to be fixed now

Covid-19 has heightened the risks faced by cybersecurity teams and financial services organisations, and now, more so than ever, is it vital to foster a culture of cybersecurity. The benefits of digitalisation for financial services are too great to ignore, and failure to embrace digitalisation in the name of security will hamper financial services’ growth. Instead, a holistic approach encompassing people, process and technology will be vital to forging a secure path forward in the financial services industry.

[1]https://gallery.logrhythm.com/white-papers-and-e-books/uk-the-state-of-the-security-team-research-report.pdf

[2]https://gallery.logrhythm.com/white-papers-and-e-books/uk-gain-board-level-support-for-your-security-program-e-book.pdf

Continue Reading

Technology

VP Bank Selects AxiomSL to Meet Multi-Jurisdictional Risk and Regulatory Reporting Requirements

Published

on

VP Bank Selects AxiomSL to Meet Multi-Jurisdictional Risk and Regulatory Reporting Requirements 2

Consolidates bank’s reporting on a single platform for financial/statistical, AnaCredit, and CRR2/Basel-driven mandates including ICAAP and ILAAP, and provides foundation for strategic expansion

AxiomSL,  the industry’s leading provider of risk and regulatory reporting solutions, today announces that VP Bank, one of the largest banks in Liechtenstein,  has selected AxiomSL’s ControllerView® data integrity and control platform, as a foundation for its risk and regulatory compliance across Liechtenstein, Luxembourg, Singapore and Switzerland, – encompassing financial and statistical reporting such as CSSF,  FINMA, AnaCredit for EBA, MAS 610 for Singapore, and CRR2- and BCBS-driven requirements including ICAAP and ILAAP for FMA.

The high-performance, fully integrated, data-driven platform will enable VP Bank to manage an array of risk and regulatory mandates on a single platform, with full transparency across all processes from ingestion, calculation, reconciliation, and validation to submission. VP Bank will use the platform strategically to further data harmonization, streamline processes, enhance automation, bolster internal controls, and strengthen risk and regulatory reporting across the enterprise.

“Selecting AxiomSL will enhance the value of our investment in regulatory technology, optimize efficiency, and deliver business insights,” stated Robert Kilga, Head of Group Financial Management & Reporting, VP Bank. “With AxiomSL’s single platform, we can ingest data in its native format from multiple sources thus creating synergies between capital, liquidity, and other business functions enterprise-wide,” he continued. “AxiomSL’s system provides intuitive, hands-on transparency into all processes from inception to filing, enhancing our confidence in the data integrity and auditability of our reporting, and enabling us to meet ever-changing regulatory requirements”.

“We are thrilled that VP Bank, such a well-respected institution, has joined our esteemed user community in the DACH region and globally,” said Claudia Thurner, EMEA General Manager, AxiomSL. “In these times of global uncertainty, complying with a wide range of regulatory and risk requirements across jurisdictions is more complex, data intensive, and time sensitive than ever. Financial institutions require a reliable technology partner who can provide global coverage while understanding the intricacies of local and regional regulatory demands,” Thurner continued. “Our industry and technical expertise will enable VP Bank to streamline their processes, scale faster, and adapt swiftly and confidently to change. We look forward to a strong and strategic collaboration with VP Bank in support of their vision and growth journey”.

With the upcoming Basel IV-driven expansion, financial institutions like VP Bank are faced with the next generation of capital requirements that can easily overwhelm systems if they lack the data transparency, proper methodologies and controls to perform calculations accurately across all risk types. These calculations may have a profound effect on the banks’ portfolio management and even the entire business model.

To address these challenges, AxiomSL’s Basel Capital Solution incorporates a flexible data dictionary architecture, seamless calculation updates, full drilldown to data and processes, transparency into model calculations, and dynamic data lineage. In addition, AxiomSL’s regulatory experts provide VP Bank with a highly efficient change-management mechanism that enables them to be current with all Basel-driven changes.

Continue Reading

Technology

Uncertain Times for the Financial Sector… Is Open Source the Solution?

Published

on

Uncertain Times for the Financial Sector… Is Open Source the Solution? 3

By Kris Sharma, Finance Sector Lead, Canonical

Financial services are an important part of the economy and play a wider role in providing liquidity and capital across the globe. But ongoing political uncertainty and the consequences of the COVID-19 crisis have deep implications for the UK’s financial services sector.

In a post-Brexit world, the industry is facing regulatory uncertainty at a whole different scale, with banking executives having to understand the implications of different scenarios, including no-deal. To reduce the risk of significant disruption, financial services firms require the right technology infrastructure to be agile and responsive to potential changes.

The role of open source

Historically, banks have been hesitant to adopt open source software. But over the course of the last few years, that thinking has begun to change. Organisations like the Open Bank Project and Fintech Open Source Foundation (FINOS) have come about with the aim of pioneering open source adoption by highlighting the benefits of collaboration within the sector. Recent acquisitions of open source companies by large and established corporate technology vendors signal that the technology is maturing into mainstream enterprise play. Banking leaders are adopting open innovation strategies to lower costs and reduce time-to-market for products and services.

Banks must prepare to rapidly implement changes to IT systems in order to comply with new regulations, which may be a costly task if firms are solely relying on traditional commercial applications. Changes to proprietary software and application platforms at short notice often have hidden costs for existing contractual arrangements due to complex licensing. Open source technology and platforms could play a crucial role in helping financial institutions manage the consequences of Brexit and the COVID-19 crisis for their IT and digital functions.

Open source software gives customers the ability to spin up instances far more quickly and respond to rapidly changing scenarios effectively. Container technology has brought about a step-change in virtualisation technology, providing almost equivalent levels of resource isolation as a traditional hypervisor. This in turn offers considerable opportunities to improve agility, efficiency, speed, and manageability within IT environments. In a survey conducted by 451 Research, almost a third of financial services firms see containers and container management as a priority they plan to begin using within the next year.

Containerisation also enables rapid deployment and updating of applications. Kubernetes, or K8s for short, is an open-source container-orchestration system for deploying, monitoring and managing apps and services across clouds. It was originally designed by Google and is now maintained by the Cloud Native Computing Foundation (CNCF). Kubernetes is a shining example of open source, developed by a major tech company, but now maintained by the community for all, including financial institutions, to adopt.

The data dilemma

Kris Sharma

Kris Sharma

The use cases for data and analytics in financial services are endless and offer tangible solutions to the consequences of uncertainty. Massive data assets mean that financial institutions can more accurately gauge the risk of offering a loan to a customer. Banks are already using data analytics to improve efficiency and increase productivity, and going forward, will be able to use their data to train machine learning algorithms that can automate many of their processes.

For data analytics initiatives, banks now have the option of leveraging the best of open source technologies. Databases today can deliver insights and handle any new sources of data. With models flexible enough for rich modern data, a distributed architecture built for cloud scale, and a robust ecosystem of tools, open source platforms can help banks break free from data silos and enable them to scale their innovation.

Open source databases can be deployed and integrated in the environment of choice, whether public or private cloud, on-premise or containers, based on business requirements. These database platforms can be cost effective; projects can begin as prototypes and develop quickly into production deployments. As a result of political uncertainty, financial firms will need to be much more agile. And with no vendor lock-in, they will be able to choose the provider that is best for them at any point in time, enabling this agility while avoiding expensive licensing.

As with any application running at scale, production databases and analytics applications require constant monitoring and maintenance. Engaging enterprise support for open source production databases minimises risk for business and can optimise internal efficiency.

Additionally, AI solutions have the potential to transform how banks deal with regulatory compliance issues, financial fraud and cybercrime. However, banks need to get better at using customer data for greater personalisation, enabling them to offer products and services tailored to individual consumers in real time. As yet, most financial institutions are unsure whether a post-Brexit world will focus on gaining more overseas or UK-based customers. With a data-driven approach, banks can see where the opportunities lie and how best to harness them. The opportunities are vast and, on the journey to deliver cognitive banking, financial institutions have only just scratched the surface of data analytics. But as the consequences of COVID-19 continue and Brexit uncertainty once again moves up the agenda, moving to data-first will become less of a choice and more of a necessity.

The number of data sets and the diversity of data is increasing across financial services, making data integration tasks ever more complex. The cloud offers a huge opportunity to synchronise the enterprise, breaking down operational and data silos across risk, finance, regulatory, customer support and more. Once massive data sets are combined in one place, the organisation can apply advanced analytics for integrated insights.

Uncertainty on the road ahead

Open source technology today is an agile and responsive alternative to traditional technology systems that provides financial institutions with the ability to deal with uncertainty and adapt to a range of potential outcomes.

In these unpredictable times, banking executives need to achieve agility and responsiveness while at the same time ensuring that IT systems are robust, reliable and managed effectively. And with the option to leverage the best of open source technologies, financial institutions can face whatever challenges lie ahead.

Continue Reading

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

Digital collaboration: Shaping the Future of Finance 4 Digital collaboration: Shaping the Future of Finance 5
Top Stories21 hours ago

Digital collaboration: Shaping the Future of Finance

By Ryan Lester, Senior Director of Customer Experience Technologies at LogMeIn With heightened economic uncertainty and increased customer expectation becoming...

The 2020 Outbound Email Data Breach Report Finds Growing Email Volumes and Stressed Employees are Causing Rising Breach Risk    6 The 2020 Outbound Email Data Breach Report Finds Growing Email Volumes and Stressed Employees are Causing Rising Breach Risk    7
Business21 hours ago

The 2020 Outbound Email Data Breach Report Finds Growing Email Volumes and Stressed Employees are Causing Rising Breach Risk   

Research by Egress reveals organisations suffer outbound email data breaches approximately every 12 working hours  Egress, the leading provider of human layer data security solutions, today released their 2020 Outbound Email Data...

Regulating innovation: the biggest challenge in payments 8 Regulating innovation: the biggest challenge in payments 9
Finance22 hours ago

Regulating innovation: the biggest challenge in payments

By Fady Abdel-Nour, Global Head of M&A and Investments, PayU Over the course of the last six months, the payments...

Investors remain worried about COVID, but positive towards stamp duty holiday 10 Investors remain worried about COVID, but positive towards stamp duty holiday 11
Investing22 hours ago

Investors remain worried about COVID, but positive towards stamp duty holiday

By Jamie Johnson, CEO of FJP Investment The journey back to economic normality will be strenuous. COVID-19 has imbued many...

Creating a culture of cybersecurity in Financial Services 12 Creating a culture of cybersecurity in Financial Services 13
Technology22 hours ago

Creating a culture of cybersecurity in Financial Services

By Martin Landless, Vice President for Europe at LogRhythm As the financial services sector increasingly moves online and reaps the...

How the financial sector can keep newly acquired customers returning time and time again 14 How the financial sector can keep newly acquired customers returning time and time again 15
Finance22 hours ago

How the financial sector can keep newly acquired customers returning time and time again

By Dicken Doe from Foolproof, a Zensar company Covid-19 has changed the financial lives of millions; what worked for people...

Creating an engaging email marketing campaign that avoids the junk folder 16 Creating an engaging email marketing campaign that avoids the junk folder 17
Business22 hours ago

Creating an engaging email marketing campaign that avoids the junk folder

By David Wharram, CEO of Coast Digital With more than 280 billion emails sent every day, email marketing is a...

Cloud in Banking: An Opportunity That Can’t be Ignored 18 Cloud in Banking: An Opportunity That Can’t be Ignored 19
Banking23 hours ago

Cloud in Banking: An Opportunity That Can’t be Ignored

By David Rimmer, Research Associate at Leading Edge Forum Originally offered as a better way to build IT systems, cloud...

Increased contactless spending could be linked to higher fraud and payment disputes, warns global risk expert 21 Increased contactless spending could be linked to higher fraud and payment disputes, warns global risk expert 22
Finance23 hours ago

Increased contactless spending could be linked to higher fraud and payment disputes, warns global risk expert

The rapid adoption of contactless payments during COVID-19 may be contributing to multiple strands of fraud Monica Eaton-Cardone, COO and...

Pay and Go, why seamless checkout is essential for the customer experience 23 Pay and Go, why seamless checkout is essential for the customer experience 24
Finance23 hours ago

Pay and Go, why seamless checkout is essential for the customer experience

By Ralf Gladis, CEO, Computop Shopping for many is therapy…until they reach the queue for the checkout. It’s easier online...

Newsletters with Secrets & Analysis. Subscribe Now