Infrastructure

09:30 PM
Seth Payne, Skytap, & Danial Faizullabhoy, NUARI
Seth Payne, Skytap, & Danial Faizullabhoy, NUARI
Commentary
50%
50%

Does Cloud Computing Make The Capital Markets More Secure?

Recent simulated tests have shown that cloud-based systems can make critical tests more realistic and include more industry participants.

Securing capital markets, which have become almost wholly dependent on technology, is in the national interest of every developed country. Disruptions to the market can cause serious problems for world economies and have a devastating impact on individual countries and their citizens—take for example hurricane Sandy that resulted in a two-day market shutdown even with extensive backup solutions and emergency preparedness planning in place. And a more recent NASDAQ IT glitch that shut down the exchange for several hours on August 22.

Seth Payne, Skytap
Seth Payne, Skytap
Danial Faizullabhoy, NUARI
Danial Faizullabhoy, NUARI

While technology enables and drives capital markets, it also represents one of the market’s biggest vulnerabilities. As such, it is essential that all market participants be prepared for any number of market disruptions including cyber-attacks and other catastrophic events.

In the past, individual brokers, exchanges, and other market participants ran vulnerability tests and simulations for their own organizations. While these firm- or agency-specific tests are absolutely essential, they fail to provide a picture of how the market, as a whole, would respond to specific malicious activity. The need for market-wide assessments of attack readiness have become vitally important as market participants, as well as the global markets, become increasingly interdependent.

In July of this year, the Norwich University Applied Research Institutes (NUARI) teamed up with key players in the US financial sector to simulate a range of cyber-attacks and events that could potentially impact not only individual market participants, but also the market as a whole. 500 individual participants took part in the simulation. The event was called Quantum Dawn 2 and received considerable coverage in popular media.

Simulation participants represented exchanges, broker-dealers, banks, SEC, Treasury, Department of Homeland Security, and others. 

In order to create a realistic experience for participants, NUARI designed and deployed an isolated simulation system that allowed participants to react to market disruptions caused by a wide range of attacks and events. Individual participants accessed the NUARI system from their own locations, in part, to assess their organization’s response to cyber-attacks and the policies surrounding IT security.

The NUARI system is an incredibly realistic simulator of equity market dynamics. Participants were able to respond to market changes just as they would during a real-world attack or catastrophic event.

Given the large number of participants in the simulation, NUARI faced two significant challenges. First was the challenge of granting application access to participants at disparate locations. It was essential that participants all be within the closed-loop simulation in order to keep the exercise as realistic as possible. Second was the challenge of giving access to participants at firms who, naturally, have extremely tight IT security policies.

The use of virtual desktops allowed for tight control of the simulation environment, thus eliminating the need to support disparate and diverse systems. The use of virtual desktops, and the ease with which these desktops could be shared, enabled broad participation in the Quantum Dawn 2 simulation ensuring that both the exercise itself and the various responses to simulated attacks was as realistic and meaningful as possible.

Cloud computing has vastly improved our ability to rapidly create complex computing environments and collaborate with others quickly, safely, and effectively -- and Quantum Dawn 2 is proof that cloud computing is a solid resource in supporting the security of capital markets.

About The Authors : Seth Payne is a senior product manager at Skytap, an enterprise cloud computing provider, where he's responsible for defining cloud computing capabilities for enterprises. Prior to Skytap, Payne spent several years working on Wall Street in technology at both Gravitas and the New York Stock Exchange.

Danial Faizullabhoy, senior advisor, NUARI

Danial Faizullabhoy is a senior advisor to NUARI and most recently was the President and CEO of BroadLogic. He has over 20 years of venture capital investment, management, technical and marketing experience, specializing in the software and communications industries.

Comment  | 
Print  | 
More Insights
More Commentary
What Will the Financial Back Office of Tomorrow Look Like?
Asset managers are increasingly looking to automate their manual back office workflows. Confluence calls it the "back office revolution."
Bankrolling Technical Debt: A Financierís Guide
Technical debt represents the effort required to fix source code or application problems that put the business at risk.
Staying Ahead of the Game With Continuous Delivery
The need to develop better software faster is leading financial organizations to continuous delivery (CD), a practice pioneered by SaaS companies like Salesforce.
Shore Up Cyber Security Now
Knowing that a data breach can and will happen at some point, asset management firms can manage new operational and regulatory risk with a layered approach to cyber security.
Is Big Data a Problem or an Opportunity?
When it comes to data, financial services firms are, as a rule, quite circumspect. They fear cyberattacks, data theft, data loss, security breaches, data privacy, and human error.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.
Video
7 Unusual Behaviors That Indicate Security Breaches
7 Unusual Behaviors That Indicate Security Breaches
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.