Connect with us

Technology

Global Survey shows companies are using more automation in cybersecurity, but still have work to do

Published

on

Global Survey shows companies are using more automation in cybersecurity, but still have work to do

Even much-hyped technologies like artificial intelligence and machine learning are nascent, with minimal adoption globally

Skybox® Security, a global leader in cybersecurity management, has released the results of a global survey conducted by Osterman Research, Understanding Security Processes and the Need to Automate.

The survey, which includes responses from 465 senior security leaders at large enterprises in the U.S., EMEA and APAC,reveals trends in the use of security automation, as well as artificial intelligence (AI) and machine learning (ML). Survey questions focused on workflows in firewall and security policy management and vulnerability management.

Key findings included some surprises. For example, according to the results, APAC is ahead of the U.S. and EMEA in terms of automation for processes involved in the management of firewall rules and security policy — the automation of these processes is least common in EMEA. And despite being hyped at shows and in the media, technologies such as artificial intelligence and machine learning are still in early days, with few organizations using AI/ML in production — just four percent of respondents in EMEA, nine percent in the U.S. and 27 percent in APAC.

In general, the report reveals that companies worldwide are continuing to struggle with network security management, especially as those networks are growing more complex and increasing in size. Surprisingly, most are only partially automating workflows and processes to help overcome these challenges — but they do see the value and are looking to automate more in the future.

“Many organizations have significant deficiencies with regard to their firewall and security management,” said Michael Osterman, principal analyst of Osterman Research. “Most realize that they need to improve the way they manage security and policy, and they also realize that automating workflows and processes is key to these improvements.”

Additional insights from the report include the following:

  • Cutting costs, making better use of skilled employees and network size/ complexityare top drivers for automation — but that varies by region. In EMEA, 61 percent of respondents said cost was the number one driver; 43 percent said it was in the U.S. Surprisingly, only 35 percent in APAC ranked costs as the key driver for automation. They instead ranked the difficulty of managing the size and complexity of their network as the primary reason (43 percent), as well as being able to move skilled staff off mundane activities to higher value/skill security tasks (40 percent).  The U.S. and EMEA also cited the challenges of managing network size and complexity as a heavy driver (42 percent and 38 percent respectively).
  • Better visibility and context are still needed. Organizations are still deficient in understanding network context and having visibility of firewall and security policy, including why firewall rules exist: 37 percent in the U.S., 61 percent in EMEA and 47 percent in APAC said they had only “minimal or some understanding.” Even more surprising, respondents said they have only minimal or some understanding of how security changes impact their business: 49 percent in the U.S., 63 percent in EMEA and 39 percent in APAC. And it appears that identifying vulnerabilities continues to be a challenge, with 53 percent in the U.S., 63 percent in EMEA and 42 percent in APAC having only minimal or some understanding of what vulnerabilities exist on network devices.
  • Security staff are bogged down with incident response processes, compliance management and making changes to the security infrastructure. The top things respondents said they spend a “substantial” amount of time on are: incident response triage/prioritization and compliance management for the U.S.;firewall configurations and out-of-process changes for EMEA; compliance management and security changes for APAC.
  • Security teams need help, with most organizations admitting they need to make major improvements in how they manage security and policy. The biggest improvements are needed in how organizations decommission applications: 72 percent of respondents in the U.S., 67 percent in EMEA and 54 percent in APAC say they do it “poorly or moderately.” Security teams also need help pruning firewall rules so that rulesets do not become bloated, with 67 percent in the U.S., 78 percent in EMEA and 48 percent in APAC saying they do it “poorly or moderately.” Ironically, these are areas where automation can make a huge impact.
  • Automation is an impetus for cloud migration. It’s no surprise that for many companies, migration to the cloud is having a significant impact on the automation of security policy changes. This is most notable in APAC where 43 percent of organizations said cloud is impacting the automation of security policy changes. Survey results also show that the vast majority of organizations are working on initiatives focused on security automation to support cloud environments.

“The good news: security leaders have started on their automation journey,” said Skybox Director of Product Marketing, Sean Keef. “However, the results of this survey show us that many companies have a long way to go. It seems security leaders are still trying to understand where they’re going to get the most value out of automation, while also ensuring they’re not putting the organization at risk. There are many areas, however, where it is absolutely essential to implement automation — and, in fact, where the automation reduces risk. For example, collecting/gathering data for attack surface visibility and modeling, network change management and rule life cycle management. Networks are simply becoming too large and complex to manage manually. If you’re not already working with a vendor in these areas, you should start looking for one.”

Click here to download the full report and to register for the September 18 webinar with Michael Osterman, click here. Michael will discuss further details of the survey and answer questions. Skybox will also present a short overview on how the Skybox® Security Suite can automate core security management workflows.

Technology

The Coming AI Revolution

Published

on

The Coming AI Revolution 1

By H.P Bunaes, CEO and founder of AI Powered Banking.

There is a revolution in AI coming and it’s going to render legacy data and model governance practices obsolete.

The revolution will manifest in three ways:

  • Automated machine learning platforms like DataRobot, H2O.ai, Dataiku, and rapidminer are making data scientists more productive. A lot more productive. One company told me that they were seeing 7x as many models from their data science group shortly after the implementation of a leading autoML platform. The increase in model output will quickly reveal bottlenecks in model validation, production implementation, and model operation and management.
  • The increasing popularity of tools aimed at “citizen data scientists”, local data literate subject matter experts in the business without formal data science training who nevertheless know a good model and a good use case when they see it, will turn a large percentage of technically savvy business people into model developers. Models developed by citizen data scientists will quickly dwarf the volume of models created by formal data science organizations adding further strain on existing procedures and revealing gaps in governance.
  • Availability of nearly unlimited capacity on demand for both data storage and computing power from cloud providers will lead to the proliferation of sophisticated predictive models that can learn from broad swaths of data; structured (your existing databases, for example), semi-structured (your documents), and even unstructured (such as images), sniffing out the data that is relevant to any one particular prediction or population. Demand for more, and different kinds of data for modeling, and the need to integrate model results into downstream dataflows and IT applications, will make data platforms and data flows significantly more complex, harder to manage, and increase points of failure.

What this all adds up to is an explosion in the volume of predictive models and of the data in motion in your organization. Where there were no models, there will suddenly be many. Where there was one model, you may find there are now hundreds. And the pipes providing data into and delivering results out of these models are going to proliferate. Operational and reputational risk from model failure will rise significantly as companies outgrow their existing data and model governance frameworks and legacy procedures.

Making this worse, many banks are starting from a weak position. The demand for more and better models (descriptive and predictive) has already led to a thicket of overlapping, partially inconsistent data flows to a multitude of models. Model outputs themselves have become part of the data flow to downstream data marts, BI, apps and even to other models as inputs. It is the rare organization that knows where all that data is coming from, where it is going, how it is being used, and can identify the potential impacts of changes to data and to the models that consume it.

Certainly there has been much improvement in recent years in data governance at most large organizations. Data quality, data standards, data integration, and data accessibility on robust platforms (increasingly cloud based) have all gotten better. And most organizations now have robust model risk management practices in place, to test and validate models before they go into production use.

But these worlds are about to collide. Data and analytics, once distinct and manageable separately are going to become inextricably intertwined. As brilliantly explained in a paper by several smart people at Google (“The Hidden Technical Debt in Machine Learning Systems”),​ we will rapidly reach the point where “changing anything changes everything.”

Take a simple example, what differentiates data on a client from a CRM system from data on a client created by a predictive model? The answer: nothing. Yet they are managed today by different groups. The former is typically managed by Data Governance, which is usually led by the Chief Data Officer. The latter is usually the province of Model Risk Management often found in the Corporate Risk Management organization.

But when model outputs become inputs to reports, to business processes, to critical operational or client facing systems, or to other models, they need to be governed just like any other data.

The perfect illustration of this challenge is in change management. Often you will find data change management in the chief data officer’s organization and model change management in the model risk organization. But changes in the data can, and often do, effect models in sometimes unpredictable fashion. And changes to models can change outputs and have major impacts to downstream consumers of those results if they are not prepared for the coming changes.

Managing them separately and distinctly will therefore no longer be sufficient. How to tackle this?

  • First and foremost, you must have a complete catalog of all models including metadata describing model inputs and their source and model outputs along with their destination and uses. There are a number of solutions now coming on the market for this purpose including Verta.ai, ModelOp, and Algorithmia.
  • Second, data management needs to expand to include not only source data but also all the results (predictions, descriptions) produced by models.
  • Third, model management too needs to expand its remit, not just focusing on model testing and validation prior to model implementation but also monitoring model performance and managing model changes after the fact​ ​.
  • Fourth there must be formal procedures for keeping model management and data management mutually informed and closely coordinated. Data cannot change without assessing model impact, and models cannot change without assessing data impact.

Organizationally, it may be infeasible to combine legacy organizations across traditional lines of responsibility. And it may be better to leverage existing expertise across model management, data engineering, data management, and IT. But a new partnership model, new tools, and new procedures will be needed.

The explosion in AI is upon us. To use AI safely and effectively you need to get your data and analytics house in order and make sure the right mechanisms are in place to keep it so. Regulators have taken note of the risks of poorly managed AI, and it is only a matter of time before they dictate minimum standards. Combining, or at least tightly coupling, data and model governance is where to start.

Continue Reading

Technology

How financial services organisations are using data to underpin future growth

Published

on

How financial services organisations are using data to underpin future growth 2

By John O’Keeffe, Director of Looker EMEA at Google Cloud

In addition to the turmoil caused by the COVID-19 pandemic, a significant decline in venture capital investment has left many financial services organisations feeling deflated, with others struggling to survive. According to figures from trade body Innovate Finance, investment in UK fintech organisations fell 30% in Q2 of this year, with smaller challenger firms and start-ups being the most profoundly hit by our current economic problems.

As a result, both challenger banks and more established players have had to pivot their strategies in order to maintain relevance and market share. Nonetheless, the outlook for fintech in the UK and further afield looks promising for the future. The reality of spending much of our time at home, and out of reach of brick and mortar services, means that many of us are becoming even more accustomed to digital banking for example. Recent analysis of finance application usage from Adjust, found that the average sessions in investment apps surged 88% globally, while payment and banking app sessions increased by 49% and 26%, respectively, during the COVID-19 pandemic.

However, the fact remains that investment in the sector is currently hard to come by. To help regain momentum, a review into the UK’s fintech industry was launched to identify opportunities to support growth across the industry. Data has – and will continue to – play a key role in this push for innovation, helping organisations spot gaps in the market, predict customer behaviours and ensure that the decisions they make are based on real insights. At such a critical time, enabling a data-led approach will help organisations ascertain exactly what is required to accelerate change and ensure the sustainability of the industry.

The financial services industry is a data-rich environment, giving organisations a potential goldmine of customer interactions, product performance and market trends. However, the difficulty often lies in bringing this into a coherent whole, and extracting the business insights required for long-term success. This is as much about strategy and accessibility as it is about technology. Fostering a true “data culture” where employees across the business, whether data experts or not, can access real-time intelligence that informs their day-to-day decision making in a positive way, is crucial. This may mean tweaking your onboarding and training programmes, identifying data evangelists that can catalyse others, or simply making data engaging and relatable for those who are new to the practice.

For many organisations, data is often stored within traditional business intelligence tools, third-party SQL clients or even just a simple spreadsheet, meaning that valuable data insights are siloed and often hindered by a bottleneck between a stretched analytics team and the rest of the business. There is also the all-important General Data Protection Regulation (GDPR) to consider, so data governance and having a clear view of where data is being housed, and for what purpose, is particularly pivotal.

With this in mind, it is crucial to have a “single source of truth” to bring various data streams together and enable real-time, self-serve insights to your whole employee base. As an example of this in practice, data is a great way to understand your existing clients more intimately and nip any problems in the bud early. By building a custom data dashboard incorporating, for example, number of support tickets issued, change in ticket sentiment and number of days to renewal, you can build up an accurate picture of account health and how this has changed over time. In combination with real-time metrics on which products and features are being used and how, sales teams can have more meaningful and accurate conversations with their customers, converting at-risk accounts into potential growth opportunities.

Given the dip in VC investment mentioned earlier, it is more important than ever for startups and scale-ups to do more with less and set a strategic roadmap that supports rapid growth. By using data to measure and action customer feedback, these organisations can be more agile in taking new products to market and making sure these are useful and address specific pain points.

Whether a fintech scale-up or an established name, it has never been more important to shift your operations to a more data-led strategy. With an uncertain outlook ahead for business across all sectors, making data the “single source of truth” can help to navigate market trends, identify new growth opportunities and simply make an organisation’s decision-making smarter and more efficient. Through data-driven innovation and growth, one of Britain’s most valuable industries can continue to thrive in the future.

Continue Reading

Technology

The Bank of England partners with Appvia to assist in the design, construction and assurance of a new cloud environment

Published

on

The Bank of England partners with Appvia to assist in the design, construction and assurance of a new cloud environment 3

The Bank of England has appointed self-service cloud-native delivery platform Appvia to support the creation of a new cloud environment.

The announcement follows a public procurement process which commenced in January 2020. The Bank of England will work with Appvia on design, construction and assurance of a modern, fit for purpose cloud environment.

During the two-year partnership, Appvia will be supporting development and project teams within the Bank in testing and deploying code in cloud environments, working with security teams to integrate the cloud into existing operational and security processes; and implementing information governance compliance so staff are able to collaborate safely and securely.

Oliver Tweedie, Head of Digital Platforms at the Bank of England, said, “We have selected Appvia as our Cloud Delivery Partner to help us realise the Bank’s cloud ambitions and unlock the potential of the Cloud. Appvia come with a great pedigree and a wealth of experience delivering Cloud services within government.  Working in collaboration with Bank Technology teams, Appvia will help us shape and build the future of Cloud services across our organisation – a key part of our Technology strategy.”

Jon Shanks, CEO and Co-Founder of Appvia, said, “This is an exciting opportunity to work with the Bank as it undergoes a step-change in its approach to the cloud. Harnessing innovative cloud solutions, such as containers and Kubernetes is a real business enabler for the Bank to streamline the software development lifecycle, ways of working and cloud operating model. We look forward to working with all stakeholders at the Bank of England to support its digital transformation journey.”

Appvia, which counts the Home Office among its major clients, is a self-service platform that enables organisations to scale their infrastructure quickly, securely and easily using services such as Kubernetes. In September, Appvia launched the world’s first developer-centric tool to enable teams to predict and control cloud costs.

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

The Coming AI Revolution 4 The Coming AI Revolution 5
Technology1 day ago

The Coming AI Revolution

By H.P Bunaes, CEO and founder of AI Powered Banking. There is a revolution in AI coming and it’s going...

Q&A with Joe Steele, Head of Workplace Technology at Starling Bank 6 Q&A with Joe Steele, Head of Workplace Technology at Starling Bank 7
Interviews1 day ago

Q&A with Joe Steele, Head of Workplace Technology at Starling Bank

In just under a year, many businesses had no choice but to go online and with digital transformation on the rise...

How financial services organisations are using data to underpin future growth 8 How financial services organisations are using data to underpin future growth 9
Technology1 day ago

How financial services organisations are using data to underpin future growth

By John O’Keeffe, Director of Looker EMEA at Google Cloud In addition to the turmoil caused by the COVID-19 pandemic, a...

Three questions the financial services industry must answer in 2021 10 Three questions the financial services industry must answer in 2021 11
Top Stories2 days ago

Three questions the financial services industry must answer in 2021

Xformative, a Mastercard Start Path recipient, shares what these questions mean for fintech partners and their innovations This year, fintechs...

A quarter of banking customers noted an improvement in customer service over lockdown, research shows 12 A quarter of banking customers noted an improvement in customer service over lockdown, research shows 13
Banking2 days ago

A quarter of banking customers noted an improvement in customer service over lockdown, research shows

SAS research reveals that banks offered an improved customer experience during lockdown A quarter (27%) of banking customers noted an...

Is Digital Transformation the Key to Business Survival in the New World? 14 Is Digital Transformation the Key to Business Survival in the New World? 15
Business2 days ago

Is Digital Transformation the Key to Business Survival in the New World?

After a turbulent year, enterprises are returning to the prospect of a new world following an unprecedented pandemic. Around the...

Virtual communications: How to handle difficult workplace conversations online 16 Virtual communications: How to handle difficult workplace conversations online 17
Business2 days ago

Virtual communications: How to handle difficult workplace conversations online

Have potentially difficult conversation at work, like discussing a pay rise, explaining deadline delays or going through performance reviews are...

Black Friday payment data reveals rapid growth of ‘pay later’ methods like Klarna 18 Black Friday payment data reveals rapid growth of ‘pay later’ methods like Klarna 19
Finance2 days ago

Black Friday payment data reveals rapid growth of ‘pay later’ methods like Klarna

Payment processor Mollie reveals the most popular payment methods for Black Friday Mollie, one of the fastest-growing payment service providers,...

Brand guidelines: the antidote to your business’ identity crisis 20 Brand guidelines: the antidote to your business’ identity crisis 21
Business2 days ago

Brand guidelines: the antidote to your business’ identity crisis

By Andrew Johnson, Creative Director and Co-Founder. How well do you really know your business? Do you know which derivative of your...

COVID-19 creates long and winding road for startups seeking investment 22 COVID-19 creates long and winding road for startups seeking investment 23
Investing2 days ago

COVID-19 creates long and winding road for startups seeking investment

By Jayne Chan, Head of StartmeupHK, Invest Hong Kong Countless technology and other companies describe themselves as innovators, disruptors or...

Newsletters with Secrets & Analysis. Subscribe Now