12:25 PM
Mike Powell, Thomson Reuters
Mike Powell, Thomson Reuters

Safe haven: Why Managed Services are a Natural Fit for an Evolving Financial Industry

Despite the security concerns that get raised around managed services, bank CIOs, IT directors and market data managers would reveal a reassuring and possibly surprising picture, writes Mike Powell of Thomson Reuters.

A recent whitepaper by TABB Group has predicted that by 2016, 50 percent of financial institutions will be using managed services to outsource the management of their IT infrastructure. In addition, the Technology Services Industry Association’s (TSIA) annual survey states that spending for managed services continues to rise at a double-digit rate. So what are the realities of moving to a managed services environment and how are firms tackling fundamental issues such as security and control?

So far the upward trend in managed services adoption has largely been driven by financial concerns, with cost control, lower TCO and shifting IT spend from significant, up front capital investment, to more predictable monthly operational expense, being prime objectives. However TABB notes that it is accompanying benefits such as increased flexibility, agility and IT responsiveness, faster time-to-market for growth products and tighter security and GRC adherence that will see the model really move into the mainstream.

Market data management is becoming an increasingly complex environment, further exacerbated by the complexity of new derivatives and indexes as well as tighter regulations. Therefore the business case for transferring responsibility for system management to companies that specialize in this area is compelling. However, during a recent webinar hosted by TABB Group and Thomson Reuters, the audience of 100 were polled on what challenges and concerns would limit their transition to a managed service environment. 53 percent cited security as their biggest concern in this regard.

Clearly there remain a number of perceived risks around areas such as control and security. But what are the realities? And is there still a case to answer for managed service providers?

Managed service providers have made it their business to be on top of security concerns. Delivering a managed service is not about doing things cheaper, it is about removing from banks the complexity and headaches that come with managing sophisticated and constantly evolving infrastructures and this includes making security a non-issue. Without this covered, the model simply does not work. The opportunity for managed service providers is to manage systems at scale and drive the economies that then make the offering so compelling.

By looking under the surface of what managed providers have in place to manage security, bank CIOs, IT directors and market data managers would reveal a reassuring and possibly surprising picture.

Mike Powell, Thomson Reuters
Mike Powell, Thomson Reuters

Downtime and outages within market data systems can be costly, and have a significant impact on revenues. With built-in layers of redundancy and instantaneous recovery, managed service providers can develop offerings to ensure that downtime simply does not happen for the client. Should a problem occur with the system the customer would not even know it, as back-up systems take over instantly to ensure service is continuous.

Along with system uptime, ensuring secure and auditable access to data at the enterprise, group and individual level is crucial to organisations to protect their own intellectual property and ensure sensitive data is only accessed when and by who it should be. A common misconception is that managed services are ‘in the cloud’ and therefore not secure and that cost benefits are derived from sharing of resources and infrastructure. But this is not the case. For mission-critical managed services, each customer needs to have a completely dedicated environment that provides full separation from other customer deployments. This is so that no other customer within the data centre has any access to another customer’s environment. On top of this, a high level of tailoring is required, with providers working closely with customers to align to corporate policy and ensure that access to systems by employee groups and individuals are managed through secure authentication processes. This needs to be based on a strict information security framework that complements the physical security restrictions and provides key functionality such as access control, password management and strict data classification. It is also important that access across all of these layers is fully auditable by the administrator, offering full transparency to the customer.

External threats and attacks are another area of concern for all IT managers, with the potential to slow or, even worse, crash systems and lose data. Securing data traffic via a multi-layered security architecture including routers, firewalls and intrusion detection systems ensures such threats are also prevented, with systems able to proactively detect and block any internal or external malicious transactions, and secure the data traffic of any sensitive customer data. In addition, government security certifications such as FISMA (Federal Information Security Management Act) and FedRAMP (Federal Risk and Authorization Management Program) are offering more formal recognition of the high standards managed service providers must meet. They also provide standards for compliance controls to meet SSAE 16 (Statement on Standards for Attestation Engagement), a written assertion to auditors that systems and operating activities accurately perform the services they are designed to provide. The certification from regulators offers further reassurances that managed services can offer the most secure path to market data system management.

The competitive advantage that may have once existed for financial institutions building their own advanced proprietary systems is a thing of the past. Technology is now often out of date before it has been fully implemented and the cost of continuous innovation in an area that is not a core business is prohibitive. When experts in managing market data systems are building scalable offerings that are delivering the highest quality systems, at a lower total cost of ownership and with the highest levels of security, there is a natural fit with the market needs we see today. TABB predicts that by 2016 adoption of managed services will hit 50 percent, but the growth will not stop there. By outsourcing technology innovation to the companies that specialize in it, financial institutions can return to focus on the things they do best – creating market opportunities and making money.

—Mike Powell is head of enterprise services at Thomson Reuters.

More Commentary
A Wild Ride Comes to an End
Covering the financial services technology space for the past 15 years has been a thrilling ride with many ups as downs.
The End of an Era: Farewell to an Icon
After more than two decades of writing for Wall Street & Technology, I am leaving the media brand. It's time to reflect on our mutual history and the road ahead.
Beyond Bitcoin: Why Counterparty Has Won Support From Overstock's Chairman
The combined excitement over the currency and the Blockchain has kept the market capitalization above $4 billion for more than a year. This has attracted both imitators and innovators.
Asset Managers Set Sights on Defragmenting Back-Office Data
Defragmenting back-office data and technology will be a top focus for asset managers in 2015.
4 Mobile Security Predictions for 2015
As we look ahead, mobility is the perfect breeding ground for attacks in 2015.
Register for Wall Street & Technology Newsletters
7 Unusual Behaviors That Indicate Security Breaches
7 Unusual Behaviors That Indicate Security Breaches
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.