Infrastructure

09:30 PM
Seth Payne, Skytap, & Danial Faizullabhoy, NUARI
Seth Payne, Skytap, & Danial Faizullabhoy, NUARI
Commentary
50%
50%

Does Cloud Computing Make The Capital Markets More Secure?

Recent simulated tests have shown that cloud-based systems can make critical tests more realistic and include more industry participants.

Securing capital markets, which have become almost wholly dependent on technology, is in the national interest of every developed country. Disruptions to the market can cause serious problems for world economies and have a devastating impact on individual countries and their citizens—take for example hurricane Sandy that resulted in a two-day market shutdown even with extensive backup solutions and emergency preparedness planning in place. And a more recent NASDAQ IT glitch that shut down the exchange for several hours on August 22.

Seth Payne, Skytap
Seth Payne, Skytap
Danial Faizullabhoy, NUARI
Danial Faizullabhoy, NUARI

While technology enables and drives capital markets, it also represents one of the market’s biggest vulnerabilities. As such, it is essential that all market participants be prepared for any number of market disruptions including cyber-attacks and other catastrophic events.

In the past, individual brokers, exchanges, and other market participants ran vulnerability tests and simulations for their own organizations. While these firm- or agency-specific tests are absolutely essential, they fail to provide a picture of how the market, as a whole, would respond to specific malicious activity. The need for market-wide assessments of attack readiness have become vitally important as market participants, as well as the global markets, become increasingly interdependent.

In July of this year, the Norwich University Applied Research Institutes (NUARI) teamed up with key players in the US financial sector to simulate a range of cyber-attacks and events that could potentially impact not only individual market participants, but also the market as a whole. 500 individual participants took part in the simulation. The event was called Quantum Dawn 2 and received considerable coverage in popular media.

Simulation participants represented exchanges, broker-dealers, banks, SEC, Treasury, Department of Homeland Security, and others. 

In order to create a realistic experience for participants, NUARI designed and deployed an isolated simulation system that allowed participants to react to market disruptions caused by a wide range of attacks and events. Individual participants accessed the NUARI system from their own locations, in part, to assess their organization’s response to cyber-attacks and the policies surrounding IT security.

The NUARI system is an incredibly realistic simulator of equity market dynamics. Participants were able to respond to market changes just as they would during a real-world attack or catastrophic event.

Given the large number of participants in the simulation, NUARI faced two significant challenges. First was the challenge of granting application access to participants at disparate locations. It was essential that participants all be within the closed-loop simulation in order to keep the exercise as realistic as possible. Second was the challenge of giving access to participants at firms who, naturally, have extremely tight IT security policies.

The use of virtual desktops allowed for tight control of the simulation environment, thus eliminating the need to support disparate and diverse systems. The use of virtual desktops, and the ease with which these desktops could be shared, enabled broad participation in the Quantum Dawn 2 simulation ensuring that both the exercise itself and the various responses to simulated attacks was as realistic and meaningful as possible.

Cloud computing has vastly improved our ability to rapidly create complex computing environments and collaborate with others quickly, safely, and effectively -- and Quantum Dawn 2 is proof that cloud computing is a solid resource in supporting the security of capital markets.

About The Authors : Seth Payne is a senior product manager at Skytap, an enterprise cloud computing provider, where he's responsible for defining cloud computing capabilities for enterprises. Prior to Skytap, Payne spent several years working on Wall Street in technology at both Gravitas and the New York Stock Exchange.

Danial Faizullabhoy, senior advisor, NUARI

Danial Faizullabhoy is a senior advisor to NUARI and most recently was the President and CEO of BroadLogic. He has over 20 years of venture capital investment, management, technical and marketing experience, specializing in the software and communications industries.

Comment  | 
Print  | 
More Insights
More Commentary
Moving the Trader Closer to the Investment Process
The sell side can demonstrate more value by applying analytics to pre- and post-trading, and by educating buy-side clients about broker segmentation, trading behavior and algorithm shortcomings, and more.
Wirehouses May See More Independent BDs as Retention Packages Expire
Retention bonuses are expiring, leaving brokerages vulnerable to attrition. Is access to technology making it easier for brokers to go independent?
SCI: A Whale of a Regulation
The SEC's Reg SCI weights in at a whopping 742 pages. Here is what you need to know about the oversized regulation.
One Size Fits Nobody in End User Services
How building profiles from employees' roles and behaviors can help optimize your end user services.
'Enlightened' Non-IT Execs More Likely To Run Secure Organization
Do senior executives understand their role in data security? On the whole, unsurprisingly, no.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video
7 Unusual Behaviors That Indicate Security Breaches
7 Unusual Behaviors That Indicate Security Breaches
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.