FINANCIAL SERVICES ORGANISATIONS ADOPT OPEN SOURCE AS A VALUABLE TOOL FOR CYBER DEFENCE

By Leon Ward, Product Manager, Advanced Malware Protection: Network, Cisco Security Group

The financial services industry has embraced the adoption and use of open source software and according to software and consulting firm Black Duck, up to 75% of the code supporting a UK investment bank’s trading application is commonly based on free and open-source software. Only 18% of the code is proprietary, it says. And analysts say that adoption in financial services is poised to increase further as cost pressures grow.

In turning to open source, the financial services sector is following a path trodden by other regulated industries – healthcare and government IT, for example – which are attracted to open software development models by promises of cost control and increased innovation.

The origins of Open Source can be traced back to the software developer community that evolved around the Artificial Intelligence Laboratory at the Massachusetts Institute of Technology (MIT) during the 1960s and 1970s. In those early days, all software was shared freely amongst the academics and enthusiasts who wanted to build great software to address new challenges.  As technology adoption spread in the 90s, interest in the ‘open’ approach continued to grow as users also recognised the value side of the equation. Not only were they gaining access to software that had the benefit of a community of engaged and interested minds working together to continuously improve it, but open source saved costs by opening the market for support and maintenance of the code. As corporate networks expanded another benefit emerged. Open source enabled agility.  Organisations could more easily integrate complementary applications and services into their environments to respond to new business imperatives and expand capabilities for their users.

More recently, in the context of cyber security, open source is a very effective way to solve complex problems because it creates real collaboration and trust between vendors and the experts that are tasked with addressing advanced and aggressive IT security threats.

Modern corporate networks extend beyond the traditional perimeter to include data centres, endpoints, virtual, mobile and the cloud. These networks and their components constantly evolve and spawn new attack vectors including: mobile devices, web-enabled and mobile applications, hypervisors, social media, web browsers and home computers. Attackers are taking advantage of gaps in protection to accomplish their mission. They also go to great lengths to remain undetected, using technologies and methods that result in nearly imperceptible indicators of compromise.

Open source is a valuable tool for defenders as they work to close these gaps and to gather greater intelligence about potential threats to make better decisions and take action. Let’s take a closer look at the role of open source in these two areas.

Closing security gaps. Reducing the attack surface is essential as organisations strive to protect against the latest sophisticated threats. Waiting for updates from vendors to close vulnerabilities isn’t realistic when high-value assets are at stake and attacks are relentless. For organisations creating their own custom applications, the ability to detect and protect these applications is even more challenging. An open approach can help organisations close security gaps faster with the ability to create protections on their own or apply shared best practices and tools.

Gaining greater intelligence. To deal with dynamic environments organisations need access to global intelligence, with the right context, to identify vulnerabilities and take immediate action. An open architecture facilitates the sharing of real-time threat intelligence and protections across a vast community of users for collective immunity. It also streamlines integration with other layers of security defences added as IT environments and business requirements change, thus enabling more effective, coordinated protection.

In the realm of technology, open source has a long history and its applications and benefits will continue to evolve and grow.  The findings of the 2013 Future of Open Source Survey state that increasingly enterprises across the board see open source as leading innovation, delivering higher quality and business driving growth. Based on the tenets of community, collaboration and trust, it is an approach that delivers stronger solutions, addresses complex problems and demonstrates technical excellence, innovation and dependability.