Connect with us

Business

ECB compliance is driving security policy automation

Published

on

ECB compliance is driving security policy automation

By Nick Lowe, VP EMEA at Tufin

The pace of digital transformation and explosion in new apps within the banking sector has brought  huge challenges.  For security teams tasked with managing security policies from the network down to the application level, lack of visibility can cause significant security and compliance issues. The fundamental issue of what can talk to what, across the network, is one that many would struggle to comprehensively answer.

Yet this is the issue which banks must get on top of in order to comply with ECB regulations as published in its assessment guide for the security of internet payments. These requirements cover a range of security measures including: evidence access to applications and workloads are limited to those who need to do so for their job; certification of proper implementation and a full, tamper-proof audit trail covering the entire time period under review.

Collating and presenting this information manually to auditors presents several significant challenges for banks and many of those that attempt to do so by hand are likely to fail due to the complexity and resource demands of the task, compounded by the requirement for an audit trail.

However, these challenges can all be met through automation. With a comprehensive, automated security policy discovery, provisioning and verification system that integrates into permission and access workflows, banks will be able to present accurate, timely information regarding the business justification of security policies, and how all assets are complying and have remained compliant throughout the given timeframe.

The race for tech

Nick Lowe

Nick Lowe

The C-level executives of traditional banks are now clambering to innovate using technology. They see banking moving from a point of sale, personal contact, brick and mortar model to one that is highly agile and always available to customers by deploying fintech solutions. These older institutions want to be able to better compete with those digital challenger banks that don’t have huge amounts of money and resources locked up in running branches or even large offices. The result is that these smaller banks can provide all the same services to customers at a fraction of the cost of their older, more established rivals.

Yet the more complex traditional banks’ network topologies become as they move towards more technology-based models, the greater the risk that their systems will be exposed to and compromised by threat actors. This is the very reason that the ECB has decided to conduct these audits.

The penalties for not complying with such audits is not yet clear. However, where an audit finds applications that are not running safely, the auditors could give the organisation time to fix the issue or demand that the application is decommissioned until the issue is resolved. This latter option could have severe consequences on the business if the application provides a key function. No bank will want to have to risk losing functionality due to an audit failure.

Compliance without automation is a struggle

While the requirement for the IT security of banks to be audited only started this year, the ECB has been consulting on the process since before 2014. While they may have had time to plan, many have underestimated the complexity of the task.

These banks thought that if they had a defined list of policies controlling network connectivity to their apps and who was authorized to access them, this would then satisfy the ECB. But what has happened is that the banks have discovered that controlling access has become complex. To be compliant banks must undertake multiple different actions, including maintaining documentation of every access request, its justification, its business owner and whether it was approved.

Each access request must also be connected to its firewall or device rule. These rules must also have a defined business owner, and all must be confirmed to be compliant against the firm’s standards.

There must also be a high level of control over access rights by both human users and application. Apps that have been changed or decommissioned should have access removed in a timely fashion, while user rights should be governed by a least privilege approach – users should only have access to resources required by their job role.

Finally, there must be separation of duties (the person requesting a change should not be the one who approves or provisions it), and a tamper-proof audit trail must be implemented to capture all changes made over a defined time period.

This is compounded by the fact that hundreds or even thousands of policies that define access are nested and are being changed constantly by other users within the organisation.

In effect, banks have created a giant hair ball of hundreds of interconnected policies and applications, where if one element is changed it could have a knock-on effect elsewhere in the system. For audit purposes, this needs to be untangled and presented in a way that can be readily understood to demonstrate compliance.

Initially, some banks thought this could be managed through spreadsheets, while others believed it would be possible to manage the process with data management tools, such as Splunk. However, these need to be continually maintained and only provide a snapshot for audit purposes. Not only that, but this work can take a significant number of employee hours each year to complete. As such, the hoped for streamlining through introducing tech is dramatically curtailed.

How automation can help

Most banks now recognise that automation is the key to completing these audits successfully. Automated solutions will instantaneously review a change request against relevant standards to see if they are compliant. This will instantly create a ticket that will indicate if the change is low risk, enabling the security team to act upon it. In the case where the action is benign, these can be approved straight away. There will be exceptions that will require additional analysis before they can be approved. Finally, in the instances where there is a major conflict or high-risk access request the security team will be able to prevent this action from happening and ask the user to reconsider and find another option.

Automation allows the security team at any time to show the auditors the current state of their policy management. What could take several weeks or months to achieve manually, can now be done in a matter of minutes. This will create a list of access requests that are compliant, approved or are an exception.

If the prime objective of banks for moving over to a more technology-based model is to become more agile and streamlined, it makes sense that their auditing processes help meet this objective.  The benefits will extend beyond audit to productivity, associated cost savings, and improved security posture. Greater use of network security policy orchestration and automation technologies allows banks to complete ECB audits at the push of a button.

Business

How fintech companies can facilitate continued growth

Published

on

Fintech M&A: the terrible teens?

By Jackson Lee, VP Corporate Development from Colt Data Centre Services

The fintech industry is rapidly growing and, in the first half of 2020, fintechs have secured more than $25 billion in investment globally, despite the huge uncertainty caused by COVID-19. As fintechs and their customer base expand, it is important to recognise that the success of these companies is predicated on the ability to use data effectively in providing a personalised experience to their customers.

To ensure these companies do not become victim of their own success, they must ensure they have the ability to scale up their operations and data storage as quickly and cost-efficiently as possible, especially in these challenging times.

So what must fintech companies do if they are to facilitate this growth without bursting at the seams?

Big fish in a small pond

Fintech companies are growing exponentially, and for many, even the current uncertainty around the pandemic has not decelerated the pace of their growth. However, having started small – with only having access to limited tools at the beginning of their journey, many fintech companies can’t keep up with their own rapid growth. When it comes to data infrastructures, they are facing a real risk of becoming a big fish in a small pond.

In order to achieve widespread innovation, and to keep their advantage over traditional financial institutions, fintech companies need the necessary playground space to experiment in.

When the pandemic and its consequent disruptions started to take hold, most businesses weren’t prepared for the types of challenges that they would have to face. Although the suggestion of investing in data infrastructure might seem counter intuitive at the moment, a lifeline for fintech companies going forward will be flexibility and the ability to scale.

Risky business? 

As the uncertainty around the pandemic continues, fintech companies, like other industries are finding it difficult to commit to long-term business plans. Despite their continued growth, fintech companies continue to be cautious to invest in expanding their operations during an unpredictable economic climate, especially when they are doing well enough as it is.

Even before the pandemic, fintech companies exhibited slower rates of the adoption of digitalisation and advanced IT infrastructures than other industries. It’s clear the future is digital and for fintechs to effectively compete in today’s volatile market, they need to be proactive and invest in the value of data and digital transformation.

One area that fintech companies must be proactive in is their IT infrastructure, especially their data storage and connectivity, in order to allow them to act faster than big, established competitors.

Limitless scalability

Due to the continuous growth of fintech companies, with no sign for it to slow down, these companies will have to continually scale their operations up to manage increased demand. Ordinarily, this would have very high costs as they would have to continually alter their IT infrastructure and solutions.

When it comes to flexibility, data is a crucial aspect for fintechs. In today’s world, companies store masses of data, and its amount is growing fast. This makes the storing of the data a juggling act, and the costs keep growing with it. In periods of economic uncertainty, such as the one we are experiencing now, this constant increase in data can quickly turn into a challenge. Therefore, fintechs must ensure that scalability is at the heart of everything they do. When it comes to scalability, however, the key factor is not just growth or the ability to scale up. A vital, but often overlooked opportunity in scalability lies in scaling down, when needed. For fintechs aiming at this level of scalability, hyperscale is the only way forward.

The answer is hyperscale

Hyperscale data centres provide businesses with a one-stop shop for all their data and capacity requirements. These centres, which are built in a campus-style design, allow companies to build out further data centres quickly within the same location, or if needed, downsize. In an environment of ever-fluctuating demand, hyperscale enables scalability of data and storage swiftly. This presents many benefits. The sheer size of these facilities allows for large-scale cloud adoption, which is more streamlined, flexible and cost-effective than ever before. This will help fintechs to get a better handle on their data and reduce costs as much as possible.

With this level of scalability, companies can operate like an elastic band, expanding or retracting when necessary and at a moment’s notice. For example, imagine this year’s Christmas. With the uncertainty of the pandemic and constantly changing restrictions, people’s online activity will be even higher than in previous years. Fintechs will have to scale up their operations to cope with the high demand of online services. Meanwhile, when demand goes down in January, it might be beneficial to scale down and reduce costs until demand increases again.

Hyperscale will also help fintech companies to future-proof their operations, which has become a key consideration as the economy looks to recover from the pandemic. By having the level of flexibility that hyperscale provides, businesses will always have the ability to lean or expand. Being able to adjust quickly within the hyperscale environment, with no added costs, makes fintechs more resilient and flexible to disruptions.

While cutting costs will continue to be a priority in today’s business environment, it is important that fintech companies look beyond this and focus on innovation and technology. The issues that the pandemic unearthed already existed and needed to be addressed by businesses. Therefore, they need to take the current situation as an opportunity to reconsider and improve their business models. Flexibility, scalability and cost efficiency must be top priorities in this new era. Hyperscale can provide this trinity of success.

Continue Reading

Business

2021 Predictions: Operational Resilience Takes Center Stage

Published

on

Managing Operational Resilience And Safeguarding Data Are Core To Sustainable Digital Financial Services

Breaking down barriers between Risk and Business Continuity

By Brian Molk, Fusion Risk Management

What a year! Simply put, the global shocks of 2020 were unmatched by any time in recent history. Not only did the COVID-19 pandemic reach a scale and longevity that rippled through the way organizations operate, communicate, and safeguard against future disruptions, we simultaneously experienced civil unrest, wildfires, hurricanes and more. This unprecedented time exposed weaknesses in organizations and demonstrated that historically siloed approaches to resiliency put organizations in grave danger. No one had a plan robust enough for 2020. Those that emerged from this year stronger were those that took an agile, collaborative, and, above all, data-led approach to resilience.

Driven by these changes, the industry will see several trends in 2021:  operational resilience that blurs the lines between multiple disciplines, real-time decision-making based on data instead of plans,  industry collaboration and product suites,  a new executive buyer, often in the C-suite, and  regulators taking greater interest in resilience across critical industries.

Operational Resilience Goes Multi-Disciplinary

2020 prompted volatile and unpredictable market conditions. The pandemic not only demonstrated the interdependence of multiple areas of risk, but showed organizations that they must be hyper vigilant about all disciplines simultaneously and holistically. Organizations recognized they had resources and processes siloed, and that communication and coordination cross-organization is necessary to prove resilience to leadership, regulators and stakeholders. This demonstrated that solution areas (business continuity, risk management, disaster recovery, and more) with their specific expertise and training each have a role to play – and a strength to bring – in an operational resilience strategy.

As organizations recognize the importance of multiple-discipline focus, the barriers between these practices will break down and come together under operational resilience. Operational resilience will become the overarching school of thought in the industry. As a result, products and services will evolve to serve this need.

Data Instead of Plans

If 2020 demonstrated one thing, it’s that organizations simply cannot plan for everything – and instead must be ready to resolve problems as they arise. However, those that emerged most successful from disruption were those with good data at their fingertips, ensuring that leaders can make informed decisions quickly.

Gone are the days in which meticulous planning and tabletop exercises were the best approaches to resilience. In 2021, organizations will recognize the value of identifying their data and dependencies, maintaining them in software and leaning on the technology to simulate the multitude of outcomes possible. When unplanned events do arise, organizations will depend on technology to play out the plans, understand where they will fail and propose the right changes proactively.

Brian Molk

Brian Molk

Industry Collaboration and Product Suites

Industry collaboration is already underway and will continue into next year. As resilience continues to become a highly visible and critical business operation, the industry will realize the benefit of products that span disciplines to better deliver on organizations’ needs. As organizations break down silos between business continuity, incident and crisis management, disaster recovery and various risk disciplines to become one broader resilience practice, industry players will consolidate their respective offerings and increasingly integrate product suites for greater collaboration – and ultimately, greater resilience.

C-Suite Involvement in Risk and Resilience

In 2021, we will see resilience become a priority at every level of an organization – especially with executive leadership. Prior to this year, many companies viewed resilience as an esoteric activity focused on placating leadership and regulators. They relied on a few employees to own all resilience programs, not intimately involving themselves or their operating executives with the details. 2020 took resilience out of the back room and placed it firmly into the boardroom.

The C-suite will be increasingly committed to knowing whether their organization is ready to tackle and recover from disruptions. This means a resilience program needs to span all the appropriate departments and disciplines, speak the language of business instead of practitioners and answer the highest-level questions of readiness in a single executive experience.

Operational Resilience in Every Critical Industry

Undoubtedly, operational resilience will begin to take center stage in all critical industries. Over the past several years, the Bank of England, the Fed, and the European Central Bank among others have begun a push for regulation not only in financial resilience but in the resilience of operations for financial services. These bodies recognized the critical impact that their industry has on the wellbeing of individuals, businesses, and the economy as a whole – and are taking seriously their role in making a more resilient economy.

Other critical industries, including energy, power, agriculture and others (possibly based on the 16 critical industries defined by the department of homeland security) are similarly positioned. We expect to see regulators taking a greater interest in the organizations in these spaces, to ensure our national and global systems are resilient enough to recover from future events.

2020 was a challenging year, and many people are likely relieved it’s over. But don’t rest on your laurels. Whether it’s climate change, political unrest or even pandemics, the world is more interdependent and more exposed than ever. Ensure your organization has learned the lessons of 2020 and is first to take advantage of these trends in 2021, before it’s too late.

Continue Reading

Business

Five Workplace Culture Trends of 2021

Published

on

Five Workplace Culture Trends of 2021 1

5 January 2021 – 2020 – a year like no other – is responsible for driving organisational change, especially workplace culture, which has witnessed considerable upheaval over the past 10 months. Workplace culture expert, O.C. Tanner Europe, foresees that the pandemic and its fallout will accelerate further changes on a scale never before witnessed. Here are its top five workplace culture trends of 2021:

  1. 2021 will see a big focus on organisational culture – COVID has altered priorities. Perhaps for the first time, the importance of a thriving workplace culture has been driven home, with leaders realising that culture isn’t just about the physical perks such as the table tennis table and massage chair, but is about connecting people to purpose, accomplishment and each other.  After months of remote working, furlough and general workplace flux which has caused mass anxiety and financial strain, many organisational cultures need healing and fixing. Leaders will need to find ways to bring people back together, even if it means doing this remotely , and some leaders may even need to strip everything back and re-build a more positive, connected and purpose-driven culture from the ground-up.
  2. How we work has changed for good – Research by the O.C. Tanner Institute found 77 per cent of employees say their workplace culture will never return to pre-Covid-19 normal. Remote working will continue well into 2021 and as employees have proven that remote working can be as efficient and productive as being in the office, many organisations will allow employees to work remotely permanently. On top of this,  with many organisations having had to adapt to virtual working, many normal work processes have changed for good. Companies have already adopted new recruiting and hiring processes, including virtual interviews and even the benefits that appeal to employees right now are shifting. Rather than unlimited holidays, paid parental leave has become important. There’s also a renewed focus on mental and emotional wellbeing.
  3. A greater emphasis on diversity and inclusion (D&I) – Organisations can no longer remain silent on social issues. Employees expect their companies to be vocal on issues of injustice and inequity and this includes a greater emphasis on D&I. And instead of focusing on how to avoid exclusion which is an approach initially driven by legal experts to avoid litigation, the key is to concentrate on inclusivity. This means companies should look past categories such as race, gender, or sexual orientation and nurture each person as an individual. With just 44 per cent of employees saying their company’s diversity and inclusion approach feels sincere, there is a huge opportunity for organisations to improve their efforts.
  4. Generation Z needs to be connected to purpose – Employees in this generation are entering the workplace and more than any previous generation, they are highly connected to social issues and want to make a difference in their jobs. This generation isn’t about climbing the corporate ladder but want to feel that they belong and that their company has an inspiring and relatable purpose. In order to attract and engage Gen Z employees, companies must connect their work to purpose, practice modern leadership and focus on wellbeing.
  5. Real digital transformation is happening – Covid-19 has forced true digital transformation that companies may have had on their ‘to do’ lists for years. Technology has been used to connect us together and keep us working during times of social distancing and remote working, and technological innovation is not stopping any time soon. Mobile tools are more important than ever, as well as strong data security and robust internet capabilities. We will continue to see more technological developments this year, with a focus on bringing people together despite many employees still working apart.

Robert Ordever, Managing Director of O.C. Tanner Europe says, “Leaders and HR professionals need to be prepared for the challenges ahead as they tackle the fallout from the pandemic. There must be a concerted effort to heal broken and damaged workplace cultures while building on the positive developments as a result of COVID-19. Inclusive, connected and purpose-driven workplaces must be prioritised and it’s time to drive technological advancements to bring people together. 2021 needs to be a year of deliberate and positive transformation.”

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Latest Articles

FSS and India Post Payments Bank AePS Partnership Advances Financial Inclusion in India 2 FSS and India Post Payments Bank AePS Partnership Advances Financial Inclusion in India 3
Finance24 hours ago

FSS and India Post Payments Bank AePS Partnership Advances Financial Inclusion in India

New Delhi, January 12th,2020: FSS (Financial Software and Systems), a leading global payment processor and provider of integrated payment products,...

Seven lessons from 2020 4 Seven lessons from 2020 5
Top Stories1 day ago

Seven lessons from 2020

Rebeca Ehrnrooth, Equilibrium Capital and CEMS Alumni Association President   Attending a New Year’s luncheon on 31 December 2019, we...

Over a quarter of Brits now have an account with a digital-only bank 6 Over a quarter of Brits now have an account with a digital-only bank 7
Banking1 day ago

Over a quarter of Brits now have an account with a digital-only bank

The number of Brits with a digital-only bank account has gone up by a percentage increase of 16% Almost 1...

Fintech M&A: the terrible teens? Fintech M&A: the terrible teens?
Business2 days ago

How fintech companies can facilitate continued growth

By Jackson Lee, VP Corporate Development from Colt Data Centre Services The fintech industry is rapidly growing and, in the...

gbaf1news gbaf1news
Technology2 days ago

BNP Paribas joins forces with Orange Business Services to deploy SD-WAN for 1,800 retail sites in France

Co-construction approach ensures business continuity during deployment BNP Paribas has chosen Orange Business Services to deploy an SD-WAN solution in...

Managing Operational Resilience And Safeguarding Data Are Core To Sustainable Digital Financial Services Managing Operational Resilience And Safeguarding Data Are Core To Sustainable Digital Financial Services
Business2 days ago

2021 Predictions: Operational Resilience Takes Center Stage

Breaking down barriers between Risk and Business Continuity By Brian Molk, Fusion Risk Management What a year! Simply put, the global...

Five Workplace Culture Trends of 2021 12 Five Workplace Culture Trends of 2021 13
Business2 days ago

Five Workplace Culture Trends of 2021

5 January 2021 – 2020 – a year like no other – is responsible for driving organisational change, especially workplace...

The Impact of the Digital Economy on the Banking and Payments Sector 14 The Impact of the Digital Economy on the Banking and Payments Sector 15
Banking2 days ago

The Impact of the Digital Economy on the Banking and Payments Sector

By Gerhard Oosthuizen, CTO Entersekt. New banking regulations, digital consumers, the eradication of passwords, contactless technology – these are just...

Is COVID-19 an opportunity for banks to skyrocket their electronic payments Is COVID-19 an opportunity for banks to skyrocket their electronic payments
Finance3 days ago

Be Future-Ready: The Case for Payments as a Service (Paas)

By Barry Tarrant, Director, Product Solutions, Fiserv Over the years, financial institutions have faced a myriad of changes in regulations,...

How to answer interview questions How to answer interview questions
Interviews3 days ago

Mark Wright – No Longer an Apprentice

Just for context, you won The Apprentice and became Lord Sugar’s business partner in 2014 – you set up your...

Newsletters with Secrets & Analysis. Subscribe Now