Connect with us
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Technology

The Top 5 Brilliant things the Cloud Can Deliver – If You Get Your Security Right

Published

on

cloud

cloudDave Anderson, Director of Strategy, Voltage Security

Everyone has an opinion about the ‘Cloud’ and its effect on business – some believe it is dark and scary and fraught with unnecessary risk, while others would argue it’s silver lined and the path to greater business performance and cost savings. The truth is that the Cloud undeniably has the potential to open up a whole new dimension of opportunities to businesses – but only if data security is properly addressed.

First let’s dispel any misperceptions you might have about the Cloud. It’s nothing mystical, nothing whimsical, – nothing to be afraid of. Or is it? The reason many fear the Cloud is its reputation as a dangerous, or ‘risky’, place. And that is true. Anything beyond the physical perimeter of the organisation is also, theoretically, beyond the physical protection of the organisation. And let’s face it, there are dangers and risks out there, but that doesn’t mean you have to stay behind a locked door. Instead, by arming yourself with the right security you can stay clear of danger and fully tap into the Cloud’s potential.

The Cloud and security are intrinsically intertwined, and only when both work in symbiosis can a business truly grow. There are 5 main areas where security can team up with the Cloud to offer companies the greatest potential to thrive – and it isn’t hard to get it right:

Data Protection
Data is key and possibly the most important asset for organisations – a single breach or leak of sensitive data can cripple the entire business, so a data protection strategy must protect the data itself. The ability to move sensitive information into and throughout the Cloud is essential for businesses to function and collaborate efficiently, quickly and freely – but this ability must be supported by a comprehensive data protection strategy. The trick is to protect data at the moment of creation, before it moves out of the enterprise or even enters the Cloud. Only by doing that can you ensure that any data source is comprehensively protected, and the risk to potential exposure is minimised.

Regulatory Compliance and Data Residency Requirements
Sensitive data that is moved into and across Cloud infrastructures can easily introduce additional complexity and cost to regulatory compliance – potentially costing thousands in fines and damaging reputations. Companies that ensure sensitive data is comprehensively protected can greatly reduce cost, complexity and overall risk in meeting and maintaining regulatory compliance.

Scalability and Flexibility
The Cloud has opened up previously unseen opportunities for organisations to grow and expand quickly, smoothly and with ease. With information immediately and easily available anywhere, anytime, regardless their own infrastructure the Cloud offers the flexibility and scalability that in the past was an insurmountable obstacle for businesses restricted by their on-site resources. The key to successfully harnessing this opportunity is a flexible data security architecture that is extensible and adaptable across multiple applications and systems, while not adversely impacting the user experience. Failure to put a comprehensive, data-centric protection program can cause Cloud initiatives to be delayed or fraught with hidden security issues.

Cost Efficiencies
This element is two-fold. Reap the powerful cost savings, by only paying for what you use, so there’s the capital, and operating, expenditure benefits. The second element is that most cloud computing platforms provide the means to capture, monitor, and control usage information for accurate billing. A single, comprehensive data protection platform can eliminate the threat of risky fines from compliance breaches or data loss while also reducing the need to invest into multiple security tools.

Acess to Data Anytime, Anywhere
When harnessed correctly, cloud-computing capabilities offer numerous opportunities to drive business innovation. Rather than having to provide remote access to your infrastructure, it is available 24/7 for the workforce to access. No longer will you arrive for a meeting only to find the materials on your USB stick are a previous version. Instead you access the original file wherever you happen to be. Sales teams can check stock levels in real time. An employee stuck at home waiting for a delivery, or in an airport waiting for an ‘ash cloud’ to disperse, can still work as effectively as in the office. By employing a security strategy that protects and travels with all data, anywhere, anytime businesses can confidently tap into this invaluable resource.

With so many key business benefits of the Cloud directly affected by and depending on security one would easily be mislead into thinking that a plethora of security measures has to be adhered to in order to address potential issues. Truth is, it all comes back to the data. A single framework that comprehensively protects all enterprise data from point of creation and throughout its life cycle can eliminate practically all potential security hazards that could threaten the Cloud.

Below are 5 tips for a security framework that will allow you to fully harness the Cloud’s business benefits:

Leverage Data-Centric Encryption
By encrypting data, regardless of type or source, at capture and protecting it throughout the entire lifecycle, wherever it resides and wherever it moves, data can be protected, used and moved across the enterprise and into the cloud without the need to encrypt and decrypt the data as it enters or leaves different IT environments.

Maintain Referential Integrity
Format-preserving encryption (FPE) retains the initial structure and format of the data set, encrypting the data while ensuring the structure fits into existing schemas without requiring changes in IT infrastructure or underlying systems in order to store and manage the data. FPE also preserves ‘referential integrity’ of the data, which allows the data to be analysed in a protected state, without having to de-crypt it first.

Ensure High Performance Processing
High performance encryption results from eliminating manual and constant encryption and decryption processes as data moves through the enterprise, which removes database performance bottlenecks and enables linear scalability. A data protection strategy that includes encryption and tokenisation which can be performed locally at the application, database, or webserver level allows an organisation to dynamically protect terabytes of data on demand, without having to introduce complex procedures, additional technology or interrupt current business process.

Policy Controls
By giving users or applications permission to decrypt or de-tokenize directly, linking directly to enterprise data access rules and policies, the extension of enterprise controls into the Cloud can be enabled and user management is simplified.

“Stateless” Tokenisation
Tokenisation is a way of substituting sensitive data with non-sensitive values, and is one of the prescribed data protection methods recommended under industry regulations, including PCI DSS. Stateless tokenisation eliminates the token database and any need to store sensitive data as well as the keys that map the tokens to the initial sensitive data. This allows organisations to efficiently address national and international data residency and privacy requirements, as sensitive data can be maintained in a valid jurisdiction with only a representation of the data being moved. In-scope data can be securely moved and stored across Cloud environments, and only decrypted and used within jurisdictions where it is specifically permitted.

When harnessed correctly, cloud-computing capabilities offer numerous opportunities to drive business innovation. Recent technology and social connectivity trends have created a perfect storm of opportunity for companies to embrace the power of cloud to optimise, innovate and disrupt their existing business models. Could you join them?
www.voltage.com

 

 

 

 

Technology

Creating a culture of cybersecurity in Financial Services

Published

on

Creating a culture of cybersecurity in Financial Services 1

By Martin Landless, Vice President for Europe at LogRhythm

As the financial services sector increasingly moves online and reaps the benefits of the modern digital economy, the sector has become an even more tantalising target for cybercriminals.  Financial data is among the most lucrative data types for cybercriminals, going for high prices on the Dark Web or used to access accounts, copy payment cards and make fraudulent purchases.

For any business which suffers a successful cyberattack, the consequences can be severe. A halting of business processes whilst the business gets up and running again can impact the bottom line, negative media attention can dent customer confidence, and the potential for a large General Data Protection Regulation (GDPR) fine can derail existing plans for business growth.

These consequences will be front of mind for financial services leaders now, as the sector has found itself in the crosshairs even more so during the current pandemic. Recent data from VMWare indicates that cyberattacks against the financial sector increased by 238 per cent from February to April 2020, with cybercriminals looking to take advantage of the tumult to steal valuable data.

Although financial services institutions find themselves under attack more frequently than ever, it is still possible to remain at the forefront of the digitalisation of the industry and remain secure. Doing so relies on a three-pronged approach, with people, processes and technology all working in concert towards ensuring cybersecurity. Through a holistic approach, a culture of cybersecurity can be created that protects institutions.

Security maturity

Given the sensitivity of the data they manage, financial services organisations must have a mature security operation model in place to deal with threat actors. Security operations maturity is measured based on two variables: mean time to detect (MTTD) threats and mean time to respond (MTTR) to them.

A reduction of both MTTD and MTTR is crucial to ensuring cyberattacks are halted earlier in the threat lifecycle, and is reliant on technological solutions which allow for the automation of workflows. This frees up vital time for security teams to focus their attention where it is most needed. Indeed, a recent survey of security professionals and executives found that 47 per cent[1] of those surveyed felt that they needed increased security teams, so anything that can maximise the effective time of existing cybersecurity personnel is a huge benefit. Visibility across networks and systems is also key, as cybersecurity teams must be able to immediately see shifts in behaviour in the network to recognise imminent threats as they arise.

Although technological innovation in security response is a strong foundation for an effective culture of cybersecurity, this must be complemented with processes and security training for employees.

Ensuring cybersecurity is a board-level issue

It is the responsibility of the CISO and the security team which works under them to ensure that security is front of mind for all employees. A chain is only as strong as its weakest link, and it only takes one employee falling victim to a phishing email to compromise a business. CISOs may be senior figures in a business, but they need the support of the rest of the C-suite to fulfil their goals. At the board level, CISOs must ensure that executives are aware and fully understand the challenges security teams encounter day to day and the longer term[2].

Martin Landless

Martin Landless

This then becomes a matter of communication rather than technology. One potential means of communicating security posture to the board is by focusing on the benefits and return on investment an effective security posture can entail. Additionally, a CISO can furnish a high trust environment through partnering a member of the board with the security team.

This partner can articulate perspective to the team from a purely business standpoint, allowing the team to produce intelligence to the board that exhibits the business value of the security operation centre’s (SOC’s) methods and goals. This collaborative approach will encourage the understanding security teams have for business goals and the board’s understanding of security necessity.

Growing security alongside the business

One area of understanding between security team and leaders that should be nurtured is the impact of business growth on security. Although business growth indicates that a business is in robust health, it also facilitates multiple avenues through which a company can come under cyberattack.

Firstly, don’t assume cybercriminals aren’t keeping an eye on the markets and on the business pages. They’ll be aware of a company’s raised profile and whether they’re now a more lucrative target – or not. Positive business events like mergers and acquisitions can also present opportunities for cybercriminals. On a tech level network and security systems of different companies may be in the process of being migrated and integrated, and on a more human level, new staff, as yet unaware of the security protocols of the company they’re joining, can be targets.

It’s important then that security teams ensure each new employee is vetted, safely added to the system and trained on appropriate security protocol. In the case of acquisitions, security teams must effectively monitor new structures that are added to the network, and third-party connections with whom they are not yet familiar. A Gartner study earlier this year identified third-party cybersecurity risk as a key concern for half of legal and compliance leaders.

This is all easier said than done however, and key to this issue is security budget, and it is here board-level support is important. Security budgets are often determined in advance and follow two common pricing models used by security vendors: the user-based model and capacity-based model. In the face of growth, both are fixed, and may leave security teams making difficult decisions as to where they safeguard their organisations.

Executives should instead look for security vendors which offer a subscription-based model. This offers the guarantee of scalable security at a determined rate, which will greatly alleviate the stress felt by security teams in what often should be an exciting time for an entire organisation.

Changing security budgets to better facilitate the work of SOCs represents a culture of cybersecurity being put into practice. Technological solutions are provided based on an understanding between security teams and the board on what is needed, allowing for better performance in MTTR and MTTD.

Security posture needs to be fixed now

Covid-19 has heightened the risks faced by cybersecurity teams and financial services organisations, and now, more so than ever, is it vital to foster a culture of cybersecurity. The benefits of digitalisation for financial services are too great to ignore, and failure to embrace digitalisation in the name of security will hamper financial services’ growth. Instead, a holistic approach encompassing people, process and technology will be vital to forging a secure path forward in the financial services industry.

[1]https://gallery.logrhythm.com/white-papers-and-e-books/uk-the-state-of-the-security-team-research-report.pdf

[2]https://gallery.logrhythm.com/white-papers-and-e-books/uk-gain-board-level-support-for-your-security-program-e-book.pdf

Continue Reading

Technology

VP Bank Selects AxiomSL to Meet Multi-Jurisdictional Risk and Regulatory Reporting Requirements

Published

on

VP Bank Selects AxiomSL to Meet Multi-Jurisdictional Risk and Regulatory Reporting Requirements 2

Consolidates bank’s reporting on a single platform for financial/statistical, AnaCredit, and CRR2/Basel-driven mandates including ICAAP and ILAAP, and provides foundation for strategic expansion

AxiomSL,  the industry’s leading provider of risk and regulatory reporting solutions, today announces that VP Bank, one of the largest banks in Liechtenstein,  has selected AxiomSL’s ControllerView® data integrity and control platform, as a foundation for its risk and regulatory compliance across Liechtenstein, Luxembourg, Singapore and Switzerland, – encompassing financial and statistical reporting such as CSSF,  FINMA, AnaCredit for EBA, MAS 610 for Singapore, and CRR2- and BCBS-driven requirements including ICAAP and ILAAP for FMA.

The high-performance, fully integrated, data-driven platform will enable VP Bank to manage an array of risk and regulatory mandates on a single platform, with full transparency across all processes from ingestion, calculation, reconciliation, and validation to submission. VP Bank will use the platform strategically to further data harmonization, streamline processes, enhance automation, bolster internal controls, and strengthen risk and regulatory reporting across the enterprise.

“Selecting AxiomSL will enhance the value of our investment in regulatory technology, optimize efficiency, and deliver business insights,” stated Robert Kilga, Head of Group Financial Management & Reporting, VP Bank. “With AxiomSL’s single platform, we can ingest data in its native format from multiple sources thus creating synergies between capital, liquidity, and other business functions enterprise-wide,” he continued. “AxiomSL’s system provides intuitive, hands-on transparency into all processes from inception to filing, enhancing our confidence in the data integrity and auditability of our reporting, and enabling us to meet ever-changing regulatory requirements”.

“We are thrilled that VP Bank, such a well-respected institution, has joined our esteemed user community in the DACH region and globally,” said Claudia Thurner, EMEA General Manager, AxiomSL. “In these times of global uncertainty, complying with a wide range of regulatory and risk requirements across jurisdictions is more complex, data intensive, and time sensitive than ever. Financial institutions require a reliable technology partner who can provide global coverage while understanding the intricacies of local and regional regulatory demands,” Thurner continued. “Our industry and technical expertise will enable VP Bank to streamline their processes, scale faster, and adapt swiftly and confidently to change. We look forward to a strong and strategic collaboration with VP Bank in support of their vision and growth journey”.

With the upcoming Basel IV-driven expansion, financial institutions like VP Bank are faced with the next generation of capital requirements that can easily overwhelm systems if they lack the data transparency, proper methodologies and controls to perform calculations accurately across all risk types. These calculations may have a profound effect on the banks’ portfolio management and even the entire business model.

To address these challenges, AxiomSL’s Basel Capital Solution incorporates a flexible data dictionary architecture, seamless calculation updates, full drilldown to data and processes, transparency into model calculations, and dynamic data lineage. In addition, AxiomSL’s regulatory experts provide VP Bank with a highly efficient change-management mechanism that enables them to be current with all Basel-driven changes.

Continue Reading

Technology

Uncertain Times for the Financial Sector… Is Open Source the Solution?

Published

on

Uncertain Times for the Financial Sector… Is Open Source the Solution? 3

By Kris Sharma, Finance Sector Lead, Canonical

Financial services are an important part of the economy and play a wider role in providing liquidity and capital across the globe. But ongoing political uncertainty and the consequences of the COVID-19 crisis have deep implications for the UK’s financial services sector.

In a post-Brexit world, the industry is facing regulatory uncertainty at a whole different scale, with banking executives having to understand the implications of different scenarios, including no-deal. To reduce the risk of significant disruption, financial services firms require the right technology infrastructure to be agile and responsive to potential changes.

The role of open source

Historically, banks have been hesitant to adopt open source software. But over the course of the last few years, that thinking has begun to change. Organisations like the Open Bank Project and Fintech Open Source Foundation (FINOS) have come about with the aim of pioneering open source adoption by highlighting the benefits of collaboration within the sector. Recent acquisitions of open source companies by large and established corporate technology vendors signal that the technology is maturing into mainstream enterprise play. Banking leaders are adopting open innovation strategies to lower costs and reduce time-to-market for products and services.

Banks must prepare to rapidly implement changes to IT systems in order to comply with new regulations, which may be a costly task if firms are solely relying on traditional commercial applications. Changes to proprietary software and application platforms at short notice often have hidden costs for existing contractual arrangements due to complex licensing. Open source technology and platforms could play a crucial role in helping financial institutions manage the consequences of Brexit and the COVID-19 crisis for their IT and digital functions.

Open source software gives customers the ability to spin up instances far more quickly and respond to rapidly changing scenarios effectively. Container technology has brought about a step-change in virtualisation technology, providing almost equivalent levels of resource isolation as a traditional hypervisor. This in turn offers considerable opportunities to improve agility, efficiency, speed, and manageability within IT environments. In a survey conducted by 451 Research, almost a third of financial services firms see containers and container management as a priority they plan to begin using within the next year.

Containerisation also enables rapid deployment and updating of applications. Kubernetes, or K8s for short, is an open-source container-orchestration system for deploying, monitoring and managing apps and services across clouds. It was originally designed by Google and is now maintained by the Cloud Native Computing Foundation (CNCF). Kubernetes is a shining example of open source, developed by a major tech company, but now maintained by the community for all, including financial institutions, to adopt.

The data dilemma

Kris Sharma

Kris Sharma

The use cases for data and analytics in financial services are endless and offer tangible solutions to the consequences of uncertainty. Massive data assets mean that financial institutions can more accurately gauge the risk of offering a loan to a customer. Banks are already using data analytics to improve efficiency and increase productivity, and going forward, will be able to use their data to train machine learning algorithms that can automate many of their processes.

For data analytics initiatives, banks now have the option of leveraging the best of open source technologies. Databases today can deliver insights and handle any new sources of data. With models flexible enough for rich modern data, a distributed architecture built for cloud scale, and a robust ecosystem of tools, open source platforms can help banks break free from data silos and enable them to scale their innovation.

Open source databases can be deployed and integrated in the environment of choice, whether public or private cloud, on-premise or containers, based on business requirements. These database platforms can be cost effective; projects can begin as prototypes and develop quickly into production deployments. As a result of political uncertainty, financial firms will need to be much more agile. And with no vendor lock-in, they will be able to choose the provider that is best for them at any point in time, enabling this agility while avoiding expensive licensing.

As with any application running at scale, production databases and analytics applications require constant monitoring and maintenance. Engaging enterprise support for open source production databases minimises risk for business and can optimise internal efficiency.

Additionally, AI solutions have the potential to transform how banks deal with regulatory compliance issues, financial fraud and cybercrime. However, banks need to get better at using customer data for greater personalisation, enabling them to offer products and services tailored to individual consumers in real time. As yet, most financial institutions are unsure whether a post-Brexit world will focus on gaining more overseas or UK-based customers. With a data-driven approach, banks can see where the opportunities lie and how best to harness them. The opportunities are vast and, on the journey to deliver cognitive banking, financial institutions have only just scratched the surface of data analytics. But as the consequences of COVID-19 continue and Brexit uncertainty once again moves up the agenda, moving to data-first will become less of a choice and more of a necessity.

The number of data sets and the diversity of data is increasing across financial services, making data integration tasks ever more complex. The cloud offers a huge opportunity to synchronise the enterprise, breaking down operational and data silos across risk, finance, regulatory, customer support and more. Once massive data sets are combined in one place, the organisation can apply advanced analytics for integrated insights.

Uncertainty on the road ahead

Open source technology today is an agile and responsive alternative to traditional technology systems that provides financial institutions with the ability to deal with uncertainty and adapt to a range of potential outcomes.

In these unpredictable times, banking executives need to achieve agility and responsiveness while at the same time ensuring that IT systems are robust, reliable and managed effectively. And with the option to leverage the best of open source technologies, financial institutions can face whatever challenges lie ahead.

Continue Reading

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

Digital collaboration: Shaping the Future of Finance 4 Digital collaboration: Shaping the Future of Finance 5
Top Stories2 hours ago

Digital collaboration: Shaping the Future of Finance

By Ryan Lester, Senior Director of Customer Experience Technologies at LogMeIn With heightened economic uncertainty and increased customer expectation becoming...

The 2020 Outbound Email Data Breach Report Finds Growing Email Volumes and Stressed Employees are Causing Rising Breach Risk    6 The 2020 Outbound Email Data Breach Report Finds Growing Email Volumes and Stressed Employees are Causing Rising Breach Risk    7
Business2 hours ago

The 2020 Outbound Email Data Breach Report Finds Growing Email Volumes and Stressed Employees are Causing Rising Breach Risk   

Research by Egress reveals organisations suffer outbound email data breaches approximately every 12 working hours  Egress, the leading provider of human layer data security solutions, today released their 2020 Outbound Email Data...

Regulating innovation: the biggest challenge in payments 8 Regulating innovation: the biggest challenge in payments 9
Finance3 hours ago

Regulating innovation: the biggest challenge in payments

By Fady Abdel-Nour, Global Head of M&A and Investments, PayU Over the course of the last six months, the payments...

Investors remain worried about COVID, but positive towards stamp duty holiday 10 Investors remain worried about COVID, but positive towards stamp duty holiday 11
Investing3 hours ago

Investors remain worried about COVID, but positive towards stamp duty holiday

By Jamie Johnson, CEO of FJP Investment The journey back to economic normality will be strenuous. COVID-19 has imbued many...

Creating a culture of cybersecurity in Financial Services 12 Creating a culture of cybersecurity in Financial Services 13
Technology3 hours ago

Creating a culture of cybersecurity in Financial Services

By Martin Landless, Vice President for Europe at LogRhythm As the financial services sector increasingly moves online and reaps the...

How the financial sector can keep newly acquired customers returning time and time again 14 How the financial sector can keep newly acquired customers returning time and time again 15
Finance3 hours ago

How the financial sector can keep newly acquired customers returning time and time again

By Dicken Doe from Foolproof, a Zensar company Covid-19 has changed the financial lives of millions; what worked for people...

Creating an engaging email marketing campaign that avoids the junk folder 16 Creating an engaging email marketing campaign that avoids the junk folder 17
Business3 hours ago

Creating an engaging email marketing campaign that avoids the junk folder

By David Wharram, CEO of Coast Digital With more than 280 billion emails sent every day, email marketing is a...

Cloud in Banking: An Opportunity That Can’t be Ignored 18 Cloud in Banking: An Opportunity That Can’t be Ignored 19
Banking4 hours ago

Cloud in Banking: An Opportunity That Can’t be Ignored

By David Rimmer, Research Associate at Leading Edge Forum Originally offered as a better way to build IT systems, cloud...

Increased contactless spending could be linked to higher fraud and payment disputes, warns global risk expert 20 Increased contactless spending could be linked to higher fraud and payment disputes, warns global risk expert 21
Finance4 hours ago

Increased contactless spending could be linked to higher fraud and payment disputes, warns global risk expert

The rapid adoption of contactless payments during COVID-19 may be contributing to multiple strands of fraud Monica Eaton-Cardone, COO and...

Pay and Go, why seamless checkout is essential for the customer experience 22 Pay and Go, why seamless checkout is essential for the customer experience 23
Finance4 hours ago

Pay and Go, why seamless checkout is essential for the customer experience

By Ralf Gladis, CEO, Computop Shopping for many is therapy…until they reach the queue for the checkout. It’s easier online...

Newsletters with Secrets & Analysis. Subscribe Now