Infrastructure

09:30 PM
Seth Payne, Skytap, & Danial Faizullabhoy, NUARI
Seth Payne, Skytap, & Danial Faizullabhoy, NUARI
Commentary
50%
50%

Does Cloud Computing Make The Capital Markets More Secure?

Recent simulated tests have shown that cloud-based systems can make critical tests more realistic and include more industry participants.

Securing capital markets, which have become almost wholly dependent on technology, is in the national interest of every developed country. Disruptions to the market can cause serious problems for world economies and have a devastating impact on individual countries and their citizens—take for example hurricane Sandy that resulted in a two-day market shutdown even with extensive backup solutions and emergency preparedness planning in place. And a more recent NASDAQ IT glitch that shut down the exchange for several hours on August 22.

Seth Payne, Skytap
Seth Payne, Skytap
Danial Faizullabhoy, NUARI
Danial Faizullabhoy, NUARI

While technology enables and drives capital markets, it also represents one of the market’s biggest vulnerabilities. As such, it is essential that all market participants be prepared for any number of market disruptions including cyber-attacks and other catastrophic events.

In the past, individual brokers, exchanges, and other market participants ran vulnerability tests and simulations for their own organizations. While these firm- or agency-specific tests are absolutely essential, they fail to provide a picture of how the market, as a whole, would respond to specific malicious activity. The need for market-wide assessments of attack readiness have become vitally important as market participants, as well as the global markets, become increasingly interdependent.

In July of this year, the Norwich University Applied Research Institutes (NUARI) teamed up with key players in the US financial sector to simulate a range of cyber-attacks and events that could potentially impact not only individual market participants, but also the market as a whole. 500 individual participants took part in the simulation. The event was called Quantum Dawn 2 and received considerable coverage in popular media.

Simulation participants represented exchanges, broker-dealers, banks, SEC, Treasury, Department of Homeland Security, and others. 

In order to create a realistic experience for participants, NUARI designed and deployed an isolated simulation system that allowed participants to react to market disruptions caused by a wide range of attacks and events. Individual participants accessed the NUARI system from their own locations, in part, to assess their organization’s response to cyber-attacks and the policies surrounding IT security.

The NUARI system is an incredibly realistic simulator of equity market dynamics. Participants were able to respond to market changes just as they would during a real-world attack or catastrophic event.

Given the large number of participants in the simulation, NUARI faced two significant challenges. First was the challenge of granting application access to participants at disparate locations. It was essential that participants all be within the closed-loop simulation in order to keep the exercise as realistic as possible. Second was the challenge of giving access to participants at firms who, naturally, have extremely tight IT security policies.

The use of virtual desktops allowed for tight control of the simulation environment, thus eliminating the need to support disparate and diverse systems. The use of virtual desktops, and the ease with which these desktops could be shared, enabled broad participation in the Quantum Dawn 2 simulation ensuring that both the exercise itself and the various responses to simulated attacks was as realistic and meaningful as possible.

Cloud computing has vastly improved our ability to rapidly create complex computing environments and collaborate with others quickly, safely, and effectively -- and Quantum Dawn 2 is proof that cloud computing is a solid resource in supporting the security of capital markets.

About The Authors : Seth Payne is a senior product manager at Skytap, an enterprise cloud computing provider, where he's responsible for defining cloud computing capabilities for enterprises. Prior to Skytap, Payne spent several years working on Wall Street in technology at both Gravitas and the New York Stock Exchange.

Danial Faizullabhoy, senior advisor, NUARI

Danial Faizullabhoy is a senior advisor to NUARI and most recently was the President and CEO of BroadLogic. He has over 20 years of venture capital investment, management, technical and marketing experience, specializing in the software and communications industries.

Comment  | 
Print  | 
More Insights
More Commentary
Why Settle for Less in the Front Office?
Recent research shows that sell-side firms are less than satisfied with their order management system (OMS) technology. Many front offices, however, continue to make do with their current solutions. Are they selling themselves short?
BYOD Policy: Don't Reinvent the Wheel
Financial firms still feel overwhelmed by BYOD risks and challenges. But these can be addressed by a good policy, and the guidelines are already out there.
The BYOD Challenge
Having a policy in place to manage mobile devices used by employees for work purposes is necessary in this current day.
Getting Onboarding Right in the Age of the Customer
Disparate “Frankenstein” systems slow down the onboarding process and impede customer service, says Pegasystems.
Performance Monitoring Key to Smooth Infrastructure Modernization
As banks consider how to shift infrastructure and storage solutions, they can’t afford to lose visibility into performance.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.
Video
7 Unusual Behaviors That Indicate Security Breaches
7 Unusual Behaviors That Indicate Security Breaches
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.