Shoring up defences to take advantage of the cloud
By Dave Waterson, CEO, SentryBay
The banking industry is embracing all the benefits that the cloud offers and slowly but surely moving its infrastructure over. The motivations for migrating include greater control of costs, access to reliable, constantly updated and optimised technology and an ability to build competitive advantage.
Alongside this, however, is the risk of exposure to cyberattacks.
The dynamic environment of the cloud removes organisations from total control of their network operations. In many cases, the cloud service provider takes responsibility for, at least, some of the systems and policies which ordinarily would be monitored by the company. Shifting data from secure on-premises networks into the cloud opens opportunities for cyber attackers and makes it easier for data to be leaked, which is why according to IBM nearly half of all data breaches happen in the cloud.
There is also the issue of compliance. A cloud environment typically enables large scale user access, but meeting with regulations such as GDPR, PCI DSS and HIPAA necessitates strict access control. If banks and financial services companies cannot demonstrate full adherence with regulations they are at risk, not just of a data breach, but of hefty fines for non-compliance.
The key to a successful cloud migration is strategic planning. Having a clear picture of the vulnerabilities that may occur as a result of moving data, applications and platforms into the cloud allows banking organisations to put defence mechanisms in position.
Perhaps the most obvious place to start is with the devices that will be used to access cloud-based systems. Laptops, corporate PCs, home PCs and smartphones are vulnerable. It takes just one keylogging attempt on an unmanaged laptop that is logging remotely into an online bank account to put that employee at risk of personal theft. It can equally take one malicious screen capture incident to grab the log-in details for the bank’s network and allow a bad actor access to the data of thousands of customers’ bank accounts. These are just two examples of common malware that frequently attack systems that are unprotected.
The rapid shift to remote working followed by hybrid models that allow employees to work in offices or from home have provided greater flexibility for workforces. For banks and financial services organisations however, this has created a huge headache when it comes to managing security. IT teams whose job previously was to monitor and log activity within a secure controlled location, are now expected to monitor the same activity, but across app virtualisation services such as Azure Virtual Desktop and SaaS applications like w365 with no direct visibility of the devices that are being used.
So, for a cloud migration to be successful and risk free, banks must recognise these vulnerabilities and start from that perspective.
Never trust, always verify
In a cloud environment even more than on-premises, the traditional approach to security which presumes that cyber attackers are always on the untrusted side of the network, and trusted users are always on the trusted side, should be put aside in favour of adopting a zero trust approach. This is a model that trusts nobody and assumes that all devices are untrustworthy. It means that access to the system is denied completely until the employee and their device have been verified.
The risk of an attack is now so great, and the belief in zero trust so strong, that the Spiceworks Ziff Davis 2022 State of IT report, carried out among over 1000 technology buyers in North America and Europe, found that 65 percent of companies in Europe were implementing, or planning to implement zero trust security solutions within two years.
The importance of wrapping data & applications
With zero trust in place, banks should turn their attention to building a layered approach to cybersecurity. Internet security, anti-virus software and securing the wireless network with virtual private networking (VPNs) still have an important role to play, but what is needed now as the threat landscape becomes more complex, is dedicated solutions that containerise data and applications securely, so they are wrapped against the threat of cyberattacks particularly from keyloggers, screen capture malware and other forms of cyberattack.
This type of security solution, which protects data entry on all devices, but particularly those that are used to remotely access cloud-based apps is essential to a layered approach and works without needing to identify the malware. It is also scalable, allowing banks and financial services companies to approach security as a continuous process. This is particularly important when it comes to compliance and is fully in line with regulations such as PCI DSS which requires continual reassessment and remediation of problems when personal and payment data is being handled.
Cyber threats have evolved to take advantage of weaknesses in the cloud, and the solutions that organisations use to tackle this pervasive problem also need to evolve. Delivering a mechanism that prevents an attack and which is easy for employees to deploy, wherever they happen to be working, and on whatever device, is a significant way of meeting the challenge.
The message, therefore, for the financial industry as it manages its migration to the cloud is to ensure a layered, integrated suite of security is in place as part of a zero trust approach. This will mitigate attacks and shore up defensive walls enabling them to fully maximise all the advantages that the cloud can bring.
How to identify the signs that your IT department need restructuring
Eric Lefebvre, Chief Technology Officer at Sovos
For firms to execute transformations and meet their overall vision, it is crucial that their CIOs are able to recognise the signs that their department is in need of some internal change. In the current economic climate, CIOs working to fulfil their organisation’s priorities and meet business goals might hesitate to acknowledge that their IT department needs restructuring, never mind be able to identify the signs.
However, these problems rarely fix themselves and organisational restructuring requires conviction and determination from leadership for it to occur successfully. So, what are some of the key signs that CIOs should look out for?
Struggling to keep up with industry demands
CIOs unsurprisingly are working in an extremely demanding environment at the moment. Meeting these evolving demands is crucial for companies. When demands are not met and not handled properly, this can have a lasting impact on organisational goals and objectives, and even impact the way in which transformations are put into effect.
Depending on the organisation’s structure, the way in which being unable to keep up with demands manifests itself can differ. Despite double digit reductions across the industry, the search for talent across the tech world continues, project costs continue to rise as the cost of labour has increased and schedules have been disrupted by significant attrition. Many companies will also find business costs, such as that of third-party software, are higher than planned and technology debt continues to pile up faster than it can be sunset.
Whilst leadership teams might dedicate their department’s attention on the factors discussed above, they may find that their team will fall short when it comes to timely deliverables and helping maintain your organisation’s tech stack and guide its business transformations. Looking beyond the immediate problems of high costs and considering an internal reshuffle may be the solution for many IT departments.
Internal conflict within the team
Organisational designs with underlying issues can cause constant friction, especially when they go unacknowledged. An IT department that lives in conflict will certainly be reflected in results and less than successful tech transformations. CIOs will find that by adopting an organisational design which works through staffing issues, will better innovate, especially if they can all work together.
Department leads should have a strong understanding of their team’s work environment and guide them through any long-term or potential problems. When an individual is working in a demanding or complex industry, working well with your team shouldn’t be the main impediment to innovation. By acting quickly to eliminate internal conflict, CIOs can better lead and ensure their team’s focus is entirely on producing more optimal outcomes.
Delays are commonplace
When a large amount of your team’s time is spent setting objectives, budgets and timelines for the projects they are working on, it is vital that they are met. When delays are coming from the IT department, they will inevitably hinder the development of any business transformation, especially if it prompts teams to spend excessive amounts of time rearranging budgets and timelines and therefore hindering innovation.
IT departments are a crucial aspect in many different parts of a company’s transformations, so remaining on track when it comes to timelines and innovation is critical to operational plans. If delays have become commonplace in an IT team, and external factors are impacting projects, CIOs should look at restructuring an IT department to solve these issues.
The strongest team relationships do not happen by accident and are the result of good planning, strong leadership and a motivated team. CIOs can ensure this by providing vision and long-term strategy with clear goals and objectives to produce high levels of quality output.
When internal issues are noticed in an IT department, and are noticeably impacting team morale or productivity, this should indicate the need for departmental restructuring. Be that due to an inability to meet market demands, issues with productivity and meeting deadlines or internal conflict, these issues all risk a department’s functionality and an organisation’s ability to achieve its goals. In short, don’t overlook the warning signs!
Top banking trends of 2023 and global outlook of banking and fintech for the year ahead
Author: Professor Marco Mongiello, Pro Vice-Chancellor, The University of Law Business School
You’d be forgiven for assuming that the global outlook for banking and fintech will be dominated by the usual suspects:
Artificial Intelligence – AI plays an increasingly prominent role in banking and fintech by enabling personalised services, fraud detection, predictive analytics, use of chatbots and robo-advisors.
Blockchain and Cryptocurrency – the secure, decentralised and swift system for financial transactions that blockchain has brought to the fore a few years ago, is now becoming ubiquitous. An increasing number of transactions are recorded through blockchains technology, primarily in the cryptocurrency market.
Digital Banking and fintech – accelerated by COVID-19 pandemic, the adoption of digital banking is a trend that will persist as customers have become accustomed to the convenience and efficiency of digital banking. Moreover, fintech enables access to financial services for previously underserved populations in developing countries or less affluent social groups in more affluent societies. This includes mobile banking services, peer-to-peer lending platforms, and microfinance solutions.
Open Banking – another global trend is the use of open APIs (Application Programming Interfaces) that allow third-party developers to build apps to facilitate customers’ access to financial data and services from banks.
Nonetheless, the challenges posed by these rapid changes are reminders that banking, an industry that by its very nature needs to be conservative, risk averse and solid, wobbles on the unchartered grounds of fast and turbulent innovation, where entrepreneurship instead thrives. The underlying rationales of banking and fast digital innovation are not incompatible but do need solid operations and thought-through decision-making to avoid causing catastrophic collapses.
The recent examples of Silicon Valley Bank, Silvergate, FTX and Wirecard are stark reminders that digital entrepreneurship applied to banking doesn’t just bring to customers the visible transformation of valuable new services, but also dents (perhaps as an unexpected consequence) the rationale itself of the role of banks in the global economy. Moreover, the central banks’ ability to contain the effects of single banks’ defaults is no longer a certainty, as experienced just over a decade ago and more recently. The markets’ sentiments are hardly reassured by the commitments of even the most coveted players, such as the European Central Bank, the Federal Reserve, and the President of the United States himself.
Regulators are lagging behind and their attempts to catch up may cause further seismic shocks to the global banking system. For example, another trend that is emerging is one of artificial intelligence decision-centres (i.e., decentralised offices of banks which take autonomous decisions on behalf of investors) outside the most stringent regulatory environments, enabling banks to operate globally more efficiently and more competitively. And we can expect that regulators will close the gap either abruptly, as it is currently happening in China, where private banks are subject to an escalation of regulatory and monitoring restrictions, or more gradually as it is happening in Europe and in the US.
The questions we face, as individual or trade customers of our high street banks, as direct investors or clients of managed funds, are whether banking will become more user-friendly yet, for our daily use but riskier, too, or is it simply becoming more efficient, transparent and also safer.
I’m afraid that the answer is by no means an obvious one. Therefore, caution, level-headed decision- making and critical thinking have never been as important as these days. Whether you are looking after your family savings or growing your pension reserve, the imperative is that you keep updated about the providers of the financial services you rely upon as well as about the general regulations that apply to your financial transactions. This is where, for example, you need to be familiar with your rights in case of cyber fraud, as well as learning how to minimise the risk of becoming a victim thereof. Also, taking additional steps to evaluate the credibility, solidity and reliability of the online provider of that app that was recommended by a trusted friend, may prove a very good move.
Similarly, whether you are the CFO of a medium or large company, or are a sole trader wrestling with your own business’s finances, you need to reflect on what you really want from your bank in the first place. That is before you started to be swayed by the whirlpool of offers of ‘opportunities’ to multiply your financial investments. Chances are that your initial approach to your bank was dictated by either a need for financing your working capital, as per your budget and strategic plans, or to find a safe place for your temporarily idle liquidity. Perhaps you were also after some basic treasury services such as swift payments and debt collection. Maybe some other financial services closely related to your business operations, e.g. factoring. The advice is to give very careful consideration to services that are more remote from your business, because the trend for the next years is that more and more of those will be offered to you. But many new services will disappoint those who, sadly, cannot afford financial mishaps as they look to run and grow their business.
Efficient Ways Construction Firms Can Bring Down Costs In 2023
Consistent, high-quality construction projects being underway is often a sign of a thriving economy. The future of the US is...
How to identify the signs that your IT department need restructuring
Eric Lefebvre, Chief Technology Officer at Sovos For firms to execute transformations and meet their overall vision, it is...
Top banking trends of 2023 and global outlook of banking and fintech for the year ahead
Author: Professor Marco Mongiello, Pro Vice-Chancellor, The University of Law Business School You’d be forgiven for assuming that the...
Sustainable transformation in the energy sector: econnext AG focuses on scale-ups
Scale-ups rather than start-ups: scaling market-ready technologies and companies for a sustainable transformation of the energy and technology sectors Profitable...
Budgeting the unknown, forecasting the uncertain
Tarka Duhalde, Vice President, Financial Controller, IRIS Software Group Volatility and uncertainty are still looming large. In late March...
Building resilience: How to create stability during uncertain times.
Jim Wilkinson, CEO of Zuto We live in uncertain times. Businesses have faced one challenge after another, and we’ve...
The need for simpler cross-border payments must be a priority for all banks
Mushegh Tovmasyan – Founder of Zenus Bank Despite the transformative changes we have seen in the banking sector over...
How app usage can help brands increase their online revenues and customer retention
Arunabh Madhur, Regional VP & Head Business EMEA at SHAREit Group Brands are continuing to invest heavily in the...
Will ‘Britcoin’ change the way we bank?
The Treasury and Bank of England recently announced a state-backed digital pound is likely to be launched in the UK...
In-Store, Online & In-App – Unifying Payment Authentication
Michel Roig, President of Payment and Access, Fingerprints Often, new technologies are lauded as the death of existing ones....
Why the future is phygital
By Eric Megret-Dorne, Head of Card Issuance Services and Service Operations at Giesecke + Devrient Digital banking has become...
Why Keeping Track of Cash Is Key to Economic Survival
By Joshua May, Consulting Manager EMEA, BlackLine Finance and Accounting (F&A) has always had a reputation for its calm...
Does the middle market have a financial edge?
Ilija Ugrinic, Commercial Solutions Director at Proactis Companies tend to look up the ladder when searching for ways to...
Hybrid Intelligence – The only way to face the problems of the future
Author: Prof. Dr. Iris Lorscheid, Vice-Rector Research and Professor of Digital Business and Data Science Computer Science at the University...
Consumer demand driving sustainable payments
Jenn Markey, VP Payments & Identity, Entrust Sustainability is a buzzword that seems to be at the forefront of...
Adyen drives conversion uplift with advanced authentication solution
The company’s expanded authentication offering optimizes authorization, security, and end revenue Adyen (AMS: ADYEN), the global financial technology platform...
It’s time for financial institutions to take personalization seriously
David Hetling, Global Marketing Director, Financial Services, RWS Financial institutions will always play a critical role in society, offering...
The Future of Capital Markets: Democratisation of Retail Investing
Nicky Maan, CEO of Spectrum Markets Over the past decades, global capital markets have undergone tremendous changes. There have...
5 Often-Overlooked Investment Options To Consider Exploring In 2023
When choosing what to invest in, many people will initially focus on the stock market which is considered a more...
New Open Banking platform Archie waves a timely hello to Britain’s beleaguered businesses
Archie is a game-changing payments and data platform that’s inherently human in its approach; a refreshing proposition in the jargon-heavy...