A recent whitepaper by TABB Group has predicted that by 2016, 50 percent of financial institutions will be using managed services to outsource the management of their IT infrastructure. In addition, the Technology Services Industry Association’s (TSIA) annual survey states that spending for managed services continues to rise at a double-digit rate. So what are the realities of moving to a managed services environment and how are firms tackling fundamental issues such as security and control?
So far the upward trend in managed services adoption has largely been driven by financial concerns, with cost control, lower TCO and shifting IT spend from significant, up front capital investment, to more predictable monthly operational expense, being prime objectives. However TABB notes that it is accompanying benefits such as increased flexibility, agility and IT responsiveness, faster time-to-market for growth products and tighter security and GRC adherence that will see the model really move into the mainstream.
Market data management is becoming an increasingly complex environment, further exacerbated by the complexity of new derivatives and indexes as well as tighter regulations. Therefore the business case for transferring responsibility for system management to companies that specialize in this area is compelling. However, during a recent webinar hosted by TABB Group and Thomson Reuters, the audience of 100 were polled on what challenges and concerns would limit their transition to a managed service environment. 53 percent cited security as their biggest concern in this regard.
Clearly there remain a number of perceived risks around areas such as control and security. But what are the realities? And is there still a case to answer for managed service providers?
Managed service providers have made it their business to be on top of security concerns. Delivering a managed service is not about doing things cheaper, it is about removing from banks the complexity and headaches that come with managing sophisticated and constantly evolving infrastructures and this includes making security a non-issue. Without this covered, the model simply does not work. The opportunity for managed service providers is to manage systems at scale and drive the economies that then make the offering so compelling.
By looking under the surface of what managed providers have in place to manage security, bank CIOs, IT directors and market data managers would reveal a reassuring and possibly surprising picture.
Downtime and outages within market data systems can be costly, and have a significant impact on revenues. With built-in layers of redundancy and instantaneous recovery, managed service providers can develop offerings to ensure that downtime simply does not happen for the client. Should a problem occur with the system the customer would not even know it, as back-up systems take over instantly to ensure service is continuous.
Along with system uptime, ensuring secure and auditable access to data at the enterprise, group and individual level is crucial to organisations to protect their own intellectual property and ensure sensitive data is only accessed when and by who it should be. A common misconception is that managed services are ‘in the cloud’ and therefore not secure and that cost benefits are derived from sharing of resources and infrastructure. But this is not the case. For mission-critical managed services, each customer needs to have a completely dedicated environment that provides full separation from other customer deployments. This is so that no other customer within the data centre has any access to another customer’s environment. On top of this, a high level of tailoring is required, with providers working closely with customers to align to corporate policy and ensure that access to systems by employee groups and individuals are managed through secure authentication processes. This needs to be based on a strict information security framework that complements the physical security restrictions and provides key functionality such as access control, password management and strict data classification. It is also important that access across all of these layers is fully auditable by the administrator, offering full transparency to the customer.
External threats and attacks are another area of concern for all IT managers, with the potential to slow or, even worse, crash systems and lose data. Securing data traffic via a multi-layered security architecture including routers, firewalls and intrusion detection systems ensures such threats are also prevented, with systems able to proactively detect and block any internal or external malicious transactions, and secure the data traffic of any sensitive customer data. In addition, government security certifications such as FISMA (Federal Information Security Management Act) and FedRAMP (Federal Risk and Authorization Management Program) are offering more formal recognition of the high standards managed service providers must meet. They also provide standards for compliance controls to meet SSAE 16 (Statement on Standards for Attestation Engagement), a written assertion to auditors that systems and operating activities accurately perform the services they are designed to provide. The certification from regulators offers further reassurances that managed services can offer the most secure path to market data system management.
The competitive advantage that may have once existed for financial institutions building their own advanced proprietary systems is a thing of the past. Technology is now often out of date before it has been fully implemented and the cost of continuous innovation in an area that is not a core business is prohibitive. When experts in managing market data systems are building scalable offerings that are delivering the highest quality systems, at a lower total cost of ownership and with the highest levels of security, there is a natural fit with the market needs we see today. TABB predicts that by 2016 adoption of managed services will hit 50 percent, but the growth will not stop there. By outsourcing technology innovation to the companies that specialize in it, financial institutions can return to focus on the things they do best – creating market opportunities and making money.
—Mike Powell is head of enterprise services at Thomson Reuters.