Connect with us

Business

ECB compliance is driving security policy automation

Published

on

ECB compliance is driving security policy automation

By Nick Lowe, VP EMEA at Tufin

The pace of digital transformation and explosion in new apps within the banking sector has brought  huge challenges.  For security teams tasked with managing security policies from the network down to the application level, lack of visibility can cause significant security and compliance issues. The fundamental issue of what can talk to what, across the network, is one that many would struggle to comprehensively answer.

Yet this is the issue which banks must get on top of in order to comply with ECB regulations as published in its assessment guide for the security of internet payments. These requirements cover a range of security measures including: evidence access to applications and workloads are limited to those who need to do so for their job; certification of proper implementation and a full, tamper-proof audit trail covering the entire time period under review.

Collating and presenting this information manually to auditors presents several significant challenges for banks and many of those that attempt to do so by hand are likely to fail due to the complexity and resource demands of the task, compounded by the requirement for an audit trail.

However, these challenges can all be met through automation. With a comprehensive, automated security policy discovery, provisioning and verification system that integrates into permission and access workflows, banks will be able to present accurate, timely information regarding the business justification of security policies, and how all assets are complying and have remained compliant throughout the given timeframe.

The race for tech

Nick Lowe

Nick Lowe

The C-level executives of traditional banks are now clambering to innovate using technology. They see banking moving from a point of sale, personal contact, brick and mortar model to one that is highly agile and always available to customers by deploying fintech solutions. These older institutions want to be able to better compete with those digital challenger banks that don’t have huge amounts of money and resources locked up in running branches or even large offices. The result is that these smaller banks can provide all the same services to customers at a fraction of the cost of their older, more established rivals.

Yet the more complex traditional banks’ network topologies become as they move towards more technology-based models, the greater the risk that their systems will be exposed to and compromised by threat actors. This is the very reason that the ECB has decided to conduct these audits.

The penalties for not complying with such audits is not yet clear. However, where an audit finds applications that are not running safely, the auditors could give the organisation time to fix the issue or demand that the application is decommissioned until the issue is resolved. This latter option could have severe consequences on the business if the application provides a key function. No bank will want to have to risk losing functionality due to an audit failure.

Compliance without automation is a struggle

While the requirement for the IT security of banks to be audited only started this year, the ECB has been consulting on the process since before 2014. While they may have had time to plan, many have underestimated the complexity of the task.

These banks thought that if they had a defined list of policies controlling network connectivity to their apps and who was authorized to access them, this would then satisfy the ECB. But what has happened is that the banks have discovered that controlling access has become complex. To be compliant banks must undertake multiple different actions, including maintaining documentation of every access request, its justification, its business owner and whether it was approved.

Each access request must also be connected to its firewall or device rule. These rules must also have a defined business owner, and all must be confirmed to be compliant against the firm’s standards.

There must also be a high level of control over access rights by both human users and application. Apps that have been changed or decommissioned should have access removed in a timely fashion, while user rights should be governed by a least privilege approach – users should only have access to resources required by their job role.

Finally, there must be separation of duties (the person requesting a change should not be the one who approves or provisions it), and a tamper-proof audit trail must be implemented to capture all changes made over a defined time period.

This is compounded by the fact that hundreds or even thousands of policies that define access are nested and are being changed constantly by other users within the organisation.

In effect, banks have created a giant hair ball of hundreds of interconnected policies and applications, where if one element is changed it could have a knock-on effect elsewhere in the system. For audit purposes, this needs to be untangled and presented in a way that can be readily understood to demonstrate compliance.

Initially, some banks thought this could be managed through spreadsheets, while others believed it would be possible to manage the process with data management tools, such as Splunk. However, these need to be continually maintained and only provide a snapshot for audit purposes. Not only that, but this work can take a significant number of employee hours each year to complete. As such, the hoped for streamlining through introducing tech is dramatically curtailed.

How automation can help

Most banks now recognise that automation is the key to completing these audits successfully. Automated solutions will instantaneously review a change request against relevant standards to see if they are compliant. This will instantly create a ticket that will indicate if the change is low risk, enabling the security team to act upon it. In the case where the action is benign, these can be approved straight away. There will be exceptions that will require additional analysis before they can be approved. Finally, in the instances where there is a major conflict or high-risk access request the security team will be able to prevent this action from happening and ask the user to reconsider and find another option.

Automation allows the security team at any time to show the auditors the current state of their policy management. What could take several weeks or months to achieve manually, can now be done in a matter of minutes. This will create a list of access requests that are compliant, approved or are an exception.

If the prime objective of banks for moving over to a more technology-based model is to become more agile and streamlined, it makes sense that their auditing processes help meet this objective.  The benefits will extend beyond audit to productivity, associated cost savings, and improved security posture. Greater use of network security policy orchestration and automation technologies allows banks to complete ECB audits at the push of a button.

Business

Research exposes the £68.8 billion opportunity for UK retailers

Published

on

Research exposes the £68.8 billion opportunity for UK retailers 1
  • Modelling shows increasing the proportion of online sales by 5 percentage points would have significantly boosted retailers’ revenues during the first lockdown
  • 72% of Brits want retailers who started an online service during the pandemic to continue operating it full time

New data released today by global payments platform Adyen, outlines the economic gains that could be accessed by getting more UK retailers online.

Economic modelling conducted by Cebr for Adyen indicates that if the retail sector increased the proportion of turnover stemming from online channels by 5 percentage points, £68.8 billion would have been added to the economy during the first lockdown.

While retail turnover stemming from online sales has grown significantly during 2020 – from 19% to 28%[1], there is still considerable room for growth.

Myles Dawson, UK Managing Director of Adyen comments: “The UK retail sector is facing an incredibly tough quarter, so creating the link between physical stores and online channels is more important than ever. With the festive period approaching and many shoppers unable, or uncomfortable leaving their homes, establishing and maintaining a positive online experience is a billion-pound opportunity for retailers.”

The research[2] of 2,000 UK consumers found that 31% are less likely to shop in physical stores now because of positive experiences shopping online during the pandemic. Furthermore, 72% of these consumers want retailers who started an online service during the pandemic to continue operating it in the long term.

However, making the process of shopping online as frictionless as possible will be key to unlocking the opportunity presented by online channels. 70% of Brits say that when shopping online, the ease of use is as important as the quality of the product, and 72% won’t shop with a retailer whose website or app is difficult to navigate.

Myles Dawson concludes: “Many retailers did amazing things during the pandemic in terms of adapting and creating new experiences – it’s a testimony to their agility that 57% of Brits said their expectations of the retail sector has improved during the pandemic. The challenge now is to consistently meet these expectations going forward. With local lockdowns in place, online channels will be key to serving many consumers in the short term. However, retailers need to see the shift to unified commerce as a long-term trend. The sooner they can demonstrate agility and jump on board, the longer they’ll reap the rewards.”

[1] https://www.ons.gov.uk/businessindustryandtrade/retailindustry/bulletins/retailsales/august2020

2 Research conducted by Opinium Research LLP

Continue Reading

Business

Want to serve your customers better? An effective online strategy is what financial institutions need 

Published

on

Want to serve your customers better? An effective online strategy is what financial institutions need  2

By Anna Willems, Marketing Director, Mention

A strong online presence matters.

Having a strong online presence, that involves social media is now a crucial part of all business strategies. Whether they are retail brands, sports teams, libraries or even restaurants, most companies are investing more and more in developing their digital brand image and online presence – financial institutions are no exception.

When it comes to market trends and innovation, financial institutions are first on the line. After all, we — people and companies — trust them to manage our money to the best of their abilities. And even more so than any other market, we demand secure, trustworthy, fast and user-friendly services.

Reaching such high expectations is not a given. To this point, banks and other financial institutions have no other choice but to have a perfect understanding of their market, their audience, and their needs. What they need to get there is a fail-proof online strategy.

Gaining a deep understanding of your market

One of the best things about using social media to learn about your audience is that people give unsolicited opinions. They speak their mind and share their thoughts candidly.

This is the key to help any business to learn about themselves. They get to analyze their audience’s challenges and aspirations without having to ask them directly or serve them time-consuming surveys and polls.

UK-based Asto, a company that is part of the Santander Group, is committed to helping small businesses have access to financial and non-financial tools. Asto was looking for something that could help them discover what their target audience was talking about and find opportunities to add to the conversation. Mention enabled Asto to keep on top of reviews and customer comments, which has helped us provide a better service for our customers.

Which platform suits your offering the best?

There’s no point choosing to create campaigns on TikTok if your customers don’t use it – you need to think about who they are and work back from there.

You do this by automating the process using a social listening tool. A social listening tool will help you to view your market as a whole and identify where the key conversations are happening — and, therefore, where you should be. What’s more, you will never miss any relevant mention of your institutions, products, services, or competitors.

Handling a crisis

Financial institutions need to watch carefully for negative press – social media is the first place people will go to if they feel they’re not getting the service they need. In theory, rogue employees or unhappy clients can post anything they like online to try and hurt your brand. And if their messages gain traction, you’ve gone from one person saying bad things, to thousands.

That’s why listening needs to be part of any crisis management plan. Now, sometimes, there are crises you cannot prevent. And those usually hit pretty hard.

Power of influencers

For an influencer marketing campaign to work for your financial institution, partnering with nano content creators may well be the best way to go. They’re ability to play a part in how they shape your brand story can make a huge difference when it comes to engagement and reason to believe in your service.

Many financial institutions are already leveraging influencer marketing. It’s an efficient strategy to: Build trust and gain credibility, reach out to new audiences and share engaging stories.

The online review conundrum

94% of consumers check online reviews before they decide to buy something or subscribe to a service. They need what we call social proof. It says that the more people say they use your service, the more it will look like a good service. In short, you need to show how happy people are using your service. But not all online reviews are positive.

Having said that, we find that financial institutions shouldn’t ignore negative reviews. Instead, embrace them as an opportunity to rebuild trust in your brand. Less delicately put, take the bull by the horns and turn them to your advantage. Always respond to relevant complaints (and as fast as possible). Take responsibility for what happened. Be helpful.

And ignore trolls.

Learn from the competition

Over the last two decades, a marketer’s daily life has greatly evolved. Most importantly, we now can measure everything we do, including the consequences of our actions on our business. Having said that, you can’t evaluate how well you’re doing without comparing against

others.

Truth is that 77% of businesses rely on listening to keep an eye on their competitors. What this means is that 4 in 5 of your direct competitors are likely watching each and every single step you take. And you should do the same.

Setting the trend

From staying up to date with the latest industry trends and innovations, to keeping an eye on the competitors’ newest services, to being the first to know of potential brand crises – tracking relevant online conversations lets marketing and communication professionals working for financial institutions to stay one step ahead in an industry that is leading change and innovation.

Continue Reading

Business

Why the Boom is Long Overdue (and Here to Stay)

Published

on

Why the Boom is Long Overdue (and Here to Stay) 3

By Roger James Hamilton, CEO, Genius Group

Virtually every aspect of our lives has been taken over by tech, so why is it that our schools, that are educating the business leaders of tomorrow, are still operating in much the same format as they did 100 years ago?

The global pandemic put digital learning in the spotlight and an Edtech boom has ensued, with companies like Coursera, Quizlet and Udemy seeing unicorn style growth. And the market is not slowing down. The education technology (Edtech) boom will continue.

Resilience and Growth

Unicorns are defined by rapid growth. Traditionally, these companies are not overly concerned with early profitability, long-term sustainability or value creation as much as with putting their competitors out of business.

But something different is going on in the Edtech market. The unicorn has lost its appeal. When learning platform Quizlet achieved unicorn status this year, CEO Matthew Glotzbach was keen to play down the moniker reserved for start-ups valued at $1 billion or more, preferring to liken his company to a camel.

Unlike unicorns, camels are real, hardworking beasts. Respected for their adaptability to various climates, resilience, and abilities to survive for long periods without sustenance. These are all traits much better suited to weather the economic storms created by the pandemic.

Despite their considerable abilities to adapt to challenging conditions, the climate is looking particularly sunny for camels within the Edtech market. In fact, all creatures great and small have the potential to capitalise on unprecedented growth in this sector.

The nature of education makes it a traditionally slow-moving area, which renders it unattractive to some investors. Yet, the coronavirus outbreak and subsequent surge in remote learning this year triggered a flurry of uptake in e-learning platforms.

We’ve seen the adoption rate for new technologies be accelerated by events like this before. For example, the SARS crisis of 2003 contributed to the boom in China’s ecommerce industry, as quarantines lead consumers to shop online. Of course, this market trend did not slow down once quarantine restrictions were lifted. Ever since, global online sales have risen exponentially. The same is set to happen in the Edtech market.

Providing a Solution

As with ecommerce in 2003, the demand for Edtech in 2020 was already there. It has been there for years. For the past decade at least, there has been a notable need in recruitment for qualified talent in data science, coding and digital. Edtech can bridge the skills gap, not only within formal education but also for adult learners upskilling and reskilling for today’s digital world.

Similarly, the financial crash of 2008 had the effect of fast-tracking the rise of the gig economy, requiring millions more to learn entrepreneurial skills. The idea of a job for life is now a distant memory. The Edtech sector can deliver the tools to equip students of all ages with the skills necessary for creating their own opportunities, as well as exchanging knowledge and collaborating in a digital economy.

Rising unemployment, as well as competition for jobs and government furlough schemes has seen interest in digital learning courses for adults also soar during the past few months. Figures show that the corporate e-learning market is set to increase by as much as $3.09 billion between 2020 and 2024.

Roger James Hamilton

Roger James Hamilton

The Edtech boom kickstarted by the pandemic is just the beginning in a paradigm shift in how we view education and work.

Over the next 10 years, with the rise of artificial intelligence, automated technology, and augmented reality, traditional, manual and customer service based roles will diminish and there will be less need for a large workforce when computers and machines can do the role equally well.

The need for a truly 21st century education system that reflects the needs of the job market is long overdue. Edtech companies are offering solutions to many of these issues that have troubled the economy for the past decade or more.

A Different Animal

Enter the zebra (back to our animal analogies). These types of Edtech businesses will be the ones to watch within the sector. With zebra companies, there’s a sense of community and collaboration, rather than competition. They understand that there’s room for more than one superstar in a market. Zebras are herd animals after all. The zebra believes that competition is healthy for everyone involved—something to watch and use for motivation and growth. It closely observes consumer trends and continually strives to solve new and developing problems for those consumers.

For zebra companies, profit margin is vital because it is necessary for steady growth and sustainability. Revenues hover between $5M and $50M, it serves customers within a specific niche, requires annual growth capital of $100K to $1M, and generally has more than four streams of revenue.

Zebras are both black with white stripes and white with black stripes – they have a fluidity in their approach and are camouflaged at the same time. This creates a double bottom line: Zebras want to conduct real business, by solving a pressing problem in a sustainable way, whilst reacting to contemporary challenges. This too could be said of the Edtech industry as a whole.

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

Research exposes the £68.8 billion opportunity for UK retailers 4 Research exposes the £68.8 billion opportunity for UK retailers 5
Business2 days ago

Research exposes the £68.8 billion opportunity for UK retailers

Modelling shows increasing the proportion of online sales by 5 percentage points would have significantly boosted retailers’ revenues during the...

Want to serve your customers better? An effective online strategy is what financial institutions need  6 Want to serve your customers better? An effective online strategy is what financial institutions need  7
Business2 days ago

Want to serve your customers better? An effective online strategy is what financial institutions need 

By Anna Willems, Marketing Director, Mention A strong online presence matters. Having a strong online presence, that involves social media...

The rise of AI in compliance management 8 The rise of AI in compliance management 9
Technology2 days ago

The rise of AI in compliance management

By Martin Ellingham, director, product management compliance at Aptean, looks at the increasing role of AI in compliance management and just...

Simplifying the Sector: How low code can aid digital transformation in financial services 10 Simplifying the Sector: How low code can aid digital transformation in financial services 11
Technology2 days ago

Simplifying the Sector: How low code can aid digital transformation in financial services

By Nick Ford Chief Technology Evangelist, Mendix From online banking to contactless payments and Apple Pay, it has been well...

Why the Boom is Long Overdue (and Here to Stay) 12 Why the Boom is Long Overdue (and Here to Stay) 13
Business2 days ago

Why the Boom is Long Overdue (and Here to Stay)

By Roger James Hamilton, CEO, Genius Group Virtually every aspect of our lives has been taken over by tech, so...

5 Sustainability Lessons That Are Crucial For Business Success 14 5 Sustainability Lessons That Are Crucial For Business Success 15
Business2 days ago

5 Sustainability Lessons That Are Crucial For Business Success

By Michael Stausholm, founder of Sprout World (sproutworld.com) Sprout World is the eco-company behind the world’s only plantable pencil, with...

Why financial brands need to understand consumer vitality 16 Why financial brands need to understand consumer vitality 17
Business2 days ago

Why financial brands need to understand consumer vitality

By Carolyn Corda, CMO at data consortium ADARA Our day to day lives have been turned upside down. Office workers have...

Why and how a modern marketing strategy should put customer experience first 18 Why and how a modern marketing strategy should put customer experience first 19
Business3 days ago

Why and how a modern marketing strategy should put customer experience first

By Jim Preston, VP EMEA, Showpad In 2004, the Leading Edge Forum coined the term ‘consumerisation of IT’, defining a...

Leading from the front - why decision makers must embrace automation 20 Leading from the front - why decision makers must embrace automation 21
Technology3 days ago

Leading from the front – why decision makers must embrace automation

By Jeppe Rindom, Co-founder & CEO, Pleo Ask any decision maker at a business about admin and you’re likely to...

Business first, not compliance only is the future for accountants 22 Business first, not compliance only is the future for accountants 23
Business3 days ago

Business first, not compliance only is the future for accountants

By Peter Bracey, MD at Bracey’s Accountants.  The past few months have underlined the need for better business insight to reduce...

Newsletters with Secrets & Analysis. Subscribe Now