By Lalitendu Mohanty, Global Lead, Cloud Solutions at Infosys Finacle
The cloud’s numerous advantages, such as low total cost of ownership, extreme scalability, high agility and support for innovation, make a compelling value proposition for banking enterprises. By leveraging the cloud, banks can take more new products to market more quickly, improve customer experience, respond faster to external stimuli and even accelerate digital transformation. But before that, they must ensure that their data and applications will be absolutely secure once they migrate to the cloud; this is not only necessary for regulatory compliance but also for user adoption.
A framework for cybersecurity
A six-step security framework based on certain fundamental principles enables enterprises to safeguard their cloud assets. Here is a brief description:
- Incorporating an enterprise-wide risk management framework: As a first step, a banking security framework must craft a comprehensive and robust policy.
- Defining best practices: The various risk elements and controls must be defined, and the best practices to implement these controls should be laid out.
- Establishing standards for technical and information security: There must be clear standards for each and every element in a security process, from user identification and authentication to access control and privileges. It is equally important to specify standards for the security tools and information security measures that banks may use to ward off potential cyber risks. Most banks follow the recommendations of NIST (National Institute of Standards and Technology), which has defined 255 controls in different areas of cybersecurity; however, it is up to the individual banks to decide which controls to activate – too many controls would increase the number of alerts and impact day to day productivity; too few would expose the organization to risk.
- Spreading awareness among staff: A 2019 report based on nearly 44,000 security incidents and data breaches from 86 countries found that one-third of the events in 2018 were caused by internal agents. Some of these events arose from sheer negligence, as in the case of a North American healthcare products and solutions provider, whose failure to protect equipment and encrypt information resulted in several cases of theft of personal information. Building security awareness among employees can go a long way in preventing breaches caused by thoughtless behavior – for instance, downloading attachments from unverified sources. Therefore, the framework must provide guidelines for educating staff about the bank’s security policies and norms of secure behavior; employees must be trained to be alert to potential security events and also trained on how to respond in case of a breach.
- Collaborating with the industry: All banks in a region are bound by the same security and regulatory compliance mandates. Also, security must be a collective endeavor to succeed, because a single weak link can compromise many others around it. Hence apart from controls, technical standards and staff training, a bank’s security framework should address industry-wide collaboration to improve awareness and implementation of best practices, share information on new threats, pool solutions etc. One example of industry collaboration is an initiative driven by the Bank Policy Institute, which co-developed a cybersecurity assessment tool called “Financial Services Sector Cybersecurity Profile” along with the American Bankers Association and experts from more than 150 financial institutions around the world.
- Practicing cross-border cooperation: The impact of a cybersecurity breach may be felt far and wide in the globalized banking world. This is why it is imperative for banks to collaborate on security outside their borders. Also, a regulatory supervisory approach transcending national boundaries can help to share knowledge and best practices and thereby mitigate the impact of cyber attack.
A cloud security framework provides a list of key functions necessary to manage cybersecurity-related risks in a cloud-based environment. This includes referencing security standards and guidelines based on best practices and industry standards and adopting specific controls when identifying and responding to threats.
This framework has six critical pillars:
- Identify: Understand organizational requirements and complete security risk assessments.
- Protect: Implement safeguards to ensure the infrastructure is self-sufficient during an attack.
- Detect: Deploy solutions to monitor network breach and identify security-related events.
- Respond: Launch countermeasures to combat potential or active threats to business security.
- Recover: Develop and activate the necessary procedures to restore system capabilities and network services in the event of a disruption.
- Report: Provide a consolidated view of the breaches that occurred, and alerts with preventive actions on how it resolved the crisis.
Each of these individual pillars helps define actionable areas of cloud security that an organization should prioritize, and provides a solid foundation for their cloud security architecture. In connection with a cloud security framework, the architecture gives a model with visual references on how to properly configure secure cloud development, deployment and operations.
Organizations follow a structured security framework to address the monitoring of incident management along with using centrally managed security logs and monitoring solutions. This ensures patch and anti-virus management, and does a regular system vulnerability assessment to ensure seamless business continuity. The security control provided in the cloud is aligned to ISO 27001.
The average number of yearly breaches in financial services organizations tripled from 40 in 2012 to 125 in 2017. A sound security framework will protect a bank, but will not eliminate breaches altogether. When a bank faces the inevitable, it must quickly identify the problem and the application that has been impacted, then find the vulnerability, assess the organization’s security infrastructure and resolve the problem. Here, the services of an ethical hacker for identifying the issue, resolving it, and conducting penetration testing before reporting and closing the case, can be very useful. The report must be audited quarterly/ yearly and signed off by the Board, as a corporate governance best practice.
Around the world, banks are taking to the cloud. While the cloud provider takes care of securing the infrastructure, it is the banks’ responsibility to protect their cloud-based data and applications. This can be particularly challenging when applications are built in parts, across distributed locations, using Agile principles. Setting up a robust security framework is an important move towards protecting applications and information, but it is only the beginning. The framework must be part of a continuous, evolving and iterative process of threat monitoring, identification, analysis, resolution and reporting in order to be effective.
The case for AI technology adoption in financial back-office roles to improve efficiency
By Tomas Gogar, AI CEO, Rossum
In this era, digital transformation isn’t anything new. Nonetheless, it can still cause a lot of confusion and resistance for some companies, many of which are often slow, unwilling or unable to implement the necessary changes to embrace technology. As a result, entire industries are barely scratching the surface when it comes to shifting to the digital world, and many, from the insurance industry to logistics and delivery are still catching up on the digital transformation.
The banking and financial sector have been notoriously slow in adapting to the online world. They paid the high price for it, giving way to a flurry of incredibly successful new disruptive players, built on cutting edge tech from the ground up. From Transferwise, Revolut or Venmo, to GoCardless, this new generation of fintech companies addressed consumers changing expectations in a way that traditional retails banks simply couldn’t.
To catch up, incumbent players have prioritised the user interfaces, giving the appearance of a digital offering, and oftentimes leaving the back end infrastructure untouched, and hence the processing power, accuracy and speed unaffected. Back-office functions, although they are essential to the smooth running of a business, have seen very little change and as a result, too many people in these functions are still tied up typing information into spreadsheets and software forms – in fact, manual data entry is a prime example of how much resources the offline legacy wastes. Take Accounts Payable for example, invoice data entry in this sector is estimated to eat up roughly 100 human lives worth of time every single day.
With the significant increase in the number of employees working from home due to the global COVID-19 pandemic, the back-office challenges have suddenly come to light, and finally, companies that got away with minimal changes so far, are realising that they need a structural digital overhaul, and fast. We believe the solution to this is artificial intelligence backed software solutions.
Previous technology based solutions essentially did half the job, heavily depending on human fact checking. Consequently, these solutions were actually quite cumbersome and time consuming and costly to implement and maintain, and offered only incremental improvements. Now with AI, automises data processing completely removing the need for human fact checking (and human error!). Additionally, deployment is massively simplified with an average setup time of one week, compared to about 6 months for previous technologies. AI solutions are also highly adaptable to new formats and scenarios, allowing businesses to test them in say one department and to quickly roll out a single unified solution across all functions of the business. Data can be extracted from any invoice layout with no template or rule set-up, saving significant and effort. Rather than trying to change and standardise a highly fragmented environment (there are about as many invoice formats as there are businesses), AI can work with it, and optimise the overall process and offer a unified answer to a fragmented ecosystem.
Taking Accounts Payable as an example again, this is a sector that has relied by and large on Optical Character Recognition (OCR) software solutions in an attempt to remove some of the manual labour involved in reading processing and filing invoices. Although OCR did improve the processes to a certain degree, ultimately these types of solutions still required a long and expensive set up processes and a lot of manual labour to actually capture the data accurately with templates and manual data entry. Now, with AI software, like the one we have created, this is a solution that makes data extraction simple and easy, saving time and man power, as well as building on existing infrastructure. It has the ability to transform this industry.
In conclusion, for a sector that has been slow to adopt digital change, AI is THE technology answer that is finally fixing the invisible pain points that businesses had simply accepted as unremovable. AI applied in this way offers a viable way forward and businesses that were notoriously slow and resistant to embrace the digital transition, incentivised to make a change, may actually end up at the head of the pack. Skipping ‘older tech’ and jumping straight into AI solutions, the best scenario available by far, is indeed the smartest, fastest and most cost effective way to transition into the digital world.
InsurTech is helping to drive the digital evolution of the UK motor retail industry
By Alan Inskip, Tempcover CEO & Founder
If the last nine months have made anything clear, it is that the pandemic has fundamentally changed both buying and driving habits for UK motorists. The latest Tempcover research has revealed that online-only used car sales had increased fifteen-fold during the pandemic among 2,000 survey respondents.
Before lockdown, just 4% of used car sales were fully-digital. The vast majority of those surveyed opted for either a physical purchase (50%) or a digitally-assisted purchase (45%), relying on a combination of digital tools and an in person viewing or road test before buying.
While car sales overall are down on last year’s figures*, one in six (17%) of those surveyed had bought a used car during lockdown, with two thirds (64%) relying on a fully-digital purchase journey. Digitally-assisted purchases counted for one in five (20%) used car sales, while in person sales fell to just 15% – no surprise considering the ongoing social distancing measures.
And when it comes to arranging insurance for their recently-purchased vehicle, our survey participants displayed an equal balance between telephone and online as the preferred method (48% each). Nearly a third of those (28%) said they wait up to ten minutes for their policy to be confirmed, and a further 22% wait as long as 20 minutes to get cover.
The switch to digital insurance, driven by InsurTech
In the midst of rapid and significant market changes, many traditional insurers have lacked the agility and flexibility to adapt accordingly. InsurTech can provide immense value in bridging that gap, as the digital solutions are entirely scalable, with the flexibility to substantially increase in size and across multiple geographies, with minimal disruption.
The ongoing decline of physical transactions in the motor retail industry is a perfect example of how InsurTech is adding value. Several national blue-chip dealerships, with both physical and digital showroom floors, are already streamlining their online purchase process by offering temporary driveaway insurance policies to cover the vehicle for a fixed-term, usually between five to seven days, as part of the purchase journey.
The entirely online one-step user experience is the first of its kind in the traditionally outdated and inflexible driveaway insurance industry and it is dramatically simplifying the process of how insurance is purchased and consumed. Due to the flexibility and agility of the digital solution, each retailer has its own unique URL, where the customer can obtain a simple single-cost policy in just 90 seconds through an entirely digital process, which fits in line with the evolving consumer purchase trends.
For the dealers, this technology means more efficient stock clearance times and greater profitability. For the buyers, it takes the stress out of searching for annual insurance on the spot, and provides the driver with near instant cover so that they can immediately drive their new car, while giving them the opportunity to thoroughly research the best annual policy to suit their needs. An added benefit is there’s no risk to any existing No Claims Discount, as it’s a separate and standalone policy.
While there is a chance these trends will reverse to some extent post pandemic, it is clear that the consumer appetite for digital purchase and consumption is here to stay, and InsurTech will continue to lead the way in making motor insurance more easily-accessible across digital platforms, while offering consumers the best value for money.
Five ways enterprises are using the public cloud
By Michael Chalmers, MD EMEA at Contino
The public cloud is the most significant enabler in a generation. It’s causing a massive shift in how businesses are operating and tearing apart previous business models.
Amid challenging economic times, it’s inevitable that spending within IT is dropping. However, the cloud is the only segment that is still growing. The public cloud is increasingly becoming a central element of enterprise IT.
Contino asked 250 IT decision-makers at enterprise companies across Europe, USA and APAC within companies of over 5,000 employees about their views on the state of the public cloud within their organisation at the beginning of 2020. Nearly all of them (99%) saw a significant technical benefit compared with on-premises.
Here are some other ways public cloud is being used by enterprises:
- Widely, albeit not yet business wide.
A whopping 77% of enterprises are using the public cloud in some capacity. Overall, 50% of businesses are utilising a hybrid cloud, 22% single private cloud, 20% multi-cloud, 7% single public cloud and only 1% are using only on-premises.
But only 13% of businesses have a fully-fledged public cloud program. The largest set of respondents (42%) have multiple apps/projects deployed in the cloud. 24% were still working on initial proofs-of-concept, and 18% were in the planning stages.
83% of respondents said they want to grow their cloud program. Almost half (48%) do wish to grow, but with caution, while 36% want to move as quickly as possible.
Only 4% plan to revert to on-premises but are in no rush to do so.
- To enhance security and compliance versus on-premises, although these are still also seen as barriers to adoption.
A massive 64% of respondents stated they find this more secure than on-premises, and only 7% see it to be less secure. 72% found it easier to stay compliant with business data in the cloud versus only 4% who found it harder. However, 48% cited that their biggest barrier for not using the cloud was security, and 37% stated the need to remain compliant was the most prevalent blocker.
Other challenges also posed a barrier: a lack of skills, the cost to purchase and cloud-native operating models not working with existing investments made up 29-32% of responses.
19% stated that lack of leadership buy-in is the biggest barrier, reflecting that a significant number of IT departments have a need for this solution but have not been provided with the support to do so. However, relatively speaking, this was one of the least-cited barriers.
- For improved efficiency, scalability and agility, but vendor lock-in is still a major concern.
The top three cited technical benefits of public cloud were better efficiency, agility and scalability versus on-premises. However, 63% of IT professionals were ‘somewhat’ or ‘very much’ afraid of the commitment that can come with investing in the cloud. This is another major barrier that is preventing businesses from migrating to the cloud.
Only 23% are not afraid of being locked in and a meagre 5% have no fear at all. However, the fact that 77% of businesses are using the cloud shows any risk of being locked in is outweighed by the benefits of the cloud.
- To align IT with the business.
This is by far the most cited business benefit of the public cloud. 100% of those surveyed witnessed varied business benefits versus on-premises. Other major benefits include the ability to focus on new revenues (43%), accelerated time-to-market (43%), and increased ROI (40%).
- To accelerate innovation and increases cost-effectiveness.
Innovating in the cloud was quicker for 81% of respondents. What’s more, not one person surveyed said the cloud slowed down their innovation. 79% have saved money with the cloud and only 5% have found it more of an expense than on-premises.
Beyond Transactions: The Payment Revolution
By Marwan Forzley, CEO of Veem The uninterrupted disruption brought on by the pandemic accelerated the need for robust, digital-first...
The UK’s hidden payments crisis: why businesses should rethink their payments strategy
By Edwin Abl, Chief Marketing Officer at Modulr. As the economic conditions imposed by the Coronavirus endure, businesses are facing a...
Investing into a more sustainable future: changing businesses from the inside out
By Shawn Welch, Vice President and General Manager of Hi-Cone Worldwide As industries across the world are facing unprecedented uncertainty...
Securing Information Throughout the Supply Chain – Preventing Supplier Vulnerabilities
By Adam Strange, Data Classification Specialist, HelpSystems The financial services sector is experiencing extreme disruption coupled with rapid innovation as...
RegTech 2020: The rise of Open Banking
This month on the RegTech 20:20 podcast, host Alex Ford is joined by industry experts Gavin Littlejohn, Chairman of The...
The case for AI technology adoption in financial back-office roles to improve efficiency
By Tomas Gogar, AI CEO, Rossum In this era, digital transformation isn’t anything new. Nonetheless, it can still cause a...
Gain financial regulation qualification online
Gain financial regulation qualification online Warwick Business School in partnership with the Bank of England are delighted to offer...
COVID-19: Dealing with fraudulent applications for the Bounce Back Loan Scheme
By Ed Lloyd, EVP Global Head of Sales, Encompass The COVID-19 pandemic is still having a devastating impact on businesses...
EU Commission sets out new intellectual property action plan affecting SEPs, patent pooling and EU design protection
By Andrew White, Partner and UK & European patent attorney at intellectual property firm, Mathys & Squire The EU Commission...
InsurTech is helping to drive the digital evolution of the UK motor retail industry
By Alan Inskip, Tempcover CEO & Founder If the last nine months have made anything clear, it is that the...